NetBSD Problem Report #56065

From tsutsui@ceres.dti.ne.jp  Sat Mar 20 15:18:42 2021
Return-Path: <tsutsui@ceres.dti.ne.jp>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id DA66B1A921F
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 20 Mar 2021 15:18:42 +0000 (UTC)
Message-Id: <202103201518.12KFIX1K023346@ceres.dti.ne.jp>
Date: Sun, 21 Mar 2021 00:18:33 +0900 (JST)
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
Reply-To: tsutsui@ceres.dti.ne.jp
To: gnats-bugs@NetBSD.org
Subject: Several old hppa binaries don't work on NetBSD 9.1
X-Send-Pr-Version: 3.95

>Number:         56065
>Category:       port-hppa
>Synopsis:       Several old hppa binaries don't work on NetBSD 9.1
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    port-hppa-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Mar 20 15:20:00 +0000 2021
>Last-Modified:  Sun Sep 05 16:10:01 +0000 2021
>Originator:     Izumi Tsutsui
>Release:        NetBSD 9.1
>Organization:
>Environment:
System: NetBSD challenger 9.1 NetBSD 9.1 (GENERIC) #0: Sun Oct 18 19:24:30 UTC 2020  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/hppa/compile/GENERIC hppa
Architecture: hppa
Machine: hppa
>Description:
On testing PR/52162, I noticed several old hppa binaries
didn't work and got SIGSEGV or SIGILL.

>How-To-Repeat:

% mkdir 5.0 && cd 5.0
% ftp http://archive.netbsd.org/pub/NetBSD-archive/NetBSD-5.0/hp700/binary/sets/base.tgz
% tar -zxvf base.tgz ./bin ./sbin ./usr/bin
% usr/bin/ftp
Illegal instruction (core dumped)
% gdb usr/bin/ftp
GNU gdb (GDB) 8.3

[...]

Reading symbols from usr/bin/ftp...
(No debugging symbols found in usr/bin/ftp)
(gdb) run
Starting program: /home/tsutsui/5.0/usr/bin/ftp 

Program received signal SIGILL, Illegal instruction.
0xaf5655dc in _nsyyparse () from /usr/lib/libc.so.12
(gdb) bt
#0  0xaf5655dc in _nsyyparse () from /usr/lib/libc.so.12
#1  0xaf568034 in ?? () from /usr/lib/libc.so.12
#2  0xaf568940 in nsdispatch () from /usr/lib/libc.so.12
#3  0xaf4aa3d4 in __getpwnam50 () from /usr/lib/libc.so.12
#4  0xaf48a5f0 in getpwnam () from /usr/lib/libc.so.12
#5  0x00025098 in main ()
(gdb) 

 [...]

% sbin/dmesg
[   1.0000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
[   1.0000000]     2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
[   1.0000000]     2018, 2019, 2020 The NetBSD Foundation, Inc.  All rights reserved.
[   1.0000000] Copyright (c) 1982, 1986, 1989, 1991, 1993
[   1.0000000]     The Regents of the University of California.  All rights reserved.

[   1.0000000] NetBSD 9.1 (GENERIC) #0: Sun Oct 18 19:24:30 UTC 2020
[   1.0000000] 	mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/hppa/compile/GENERIC
[   1.0000000] HP9000/712/60 (Gecko)
[   1.0000000] real mem = 128 MB (73728 reserved for PROM, 115 MB used by NetBSD)
[   1.0000000] avail mem = 113 MB
[   1.0000000] timecounter: Timecounters tick every 10.000 msec
[   1.0000000] Kernelized RAIDframe activated
[   1.0000000] userconf: configure system autoconfiguration:
[   1.0000000] uc> disable sti
[   1.0000000] [ 93] sti* disabled
[   1.0000000] [ 94] sti* disabled
[   1.0000000] [ 95] sti* disabled
[   1.0000000] [ 96] sti* disabled
[   1.0000000] uc> quit
[   1.0000000] Continuing...
[   1.0000000] mainbus0 (root) [flex fff80000]
[   1.0000000] pdc0 at mainbus0
[   1.0000000] power0 at mainbus0: DR25
[   1.0000000] cpu0 at mainbus0 hpa 0xfffbe000 path 8 irq 31: PA7100LC (Hummingbird) rev 6
[   1.0000000] cpu0: PCXL, PA-RISC 1.1c, lev 1, cat A, 60 MHz clk
[   1.0000000] cpu0: shadows, 32K/32K D/I caches, 64 shared TLB, 8 shared BTLB
[   1.0000000] cpu0: PCXL (CMOS-26B) floating point, rev 1
Illegal instruction (core dumped)
% gdb sbin/dmesg
GNU gdb (GDB) 8.3

[...]

(No debugging symbols found in sbin/dmesg)
(gdb) run
Starting program: /home/tsutsui/5.0/sbin/dmesg 
[   1.0000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,

[...]

[   1.0000000] cpu0: PCXL (CMOS-26B) floating point, rev 1

Program received signal SIGILL, Illegal instruction.
0xaf8c7608 in je_tcache_bin_flush_small () from /lib/libc.so.12
(gdb) bt
#0  0xaf8c7608 in je_tcache_bin_flush_small () from /lib/libc.so.12
#1  0xaf8c87f4 in je_tcache_event_hard () from /lib/libc.so.12
#2  0xaf921478 in calloc () from /lib/libc.so.12
#3  0xaf8b93c0 in ?? () from /lib/libc.so.12
#4  0xaf8ba550 in vis () from /lib/libc.so.12
#5  0x00010db4 in main ()
(gdb)

[...]

% sbin/ifconfig -a
Segmentation fault (core dumped)
% gdb sbin/ifconfig
GNU gdb (GDB) 8.3

[...]

Reading symbols from sbin/ifconfig...
(gdb) run -a
Starting program: /home/tsutsui/5.0/sbin/ifconfig -a

Program received signal SIGSEGV, Segmentation fault.
0xaf592e7c in rb_tree_insert_node () from /lib/libc.so.12
(gdb) bt
#0  0xaf592e7c in rb_tree_insert_node () from /lib/libc.so.12
#1  0xaf80b8f8 in prop_dictionary_set () from /lib/libprop.so.0
#2  0x0001b070 in match_setenv (im=<optimized out>, om=0x1d918, 
    key=0xafec6000 ". 020p", o=0xaf8217ec) (*)
    at /home/builds/ab/netbsd-5-0-RELEASE/src/sbin/ifconfig/parse.c:127
#3  0x0001b3b8 in pterm_match (p=0xaf821b00, im=0x0, om=0xb0001bc8, argidx=0, 
    arg=0x0)
    at /home/builds/ab/netbsd-5-0-RELEASE/src/sbin/ifconfig/parse.c:514
#4  0x0001b4bc in pbranch_match (p=0xafec3000, im=0xafec6008, om=0xb0001840, 
    argidx=-1350430040, arg=0xaf821b14 ".  020.") (*)
    at /home/builds/ab/netbsd-5-0-RELEASE/src/sbin/ifconfig/parse.c:594
#5  0x0001aef4 in parse (argc=0, argv=<optimized out>, p0=<optimized out>, 
    matches=0xb0001840, nmatch=0xb0001748, narg=0xb000174c)
    at /home/builds/ab/netbsd-5-0-RELEASE/src/sbin/ifconfig/parse.c:952
#6  0x00019970 in main (argc=2, argv=0xb0001038)
    at /home/builds/ab/netbsd-5-0-RELEASE/src/sbin/ifconfig/ifconfig.c:648
(gdb) 

(*) includes non-ascii chars

Also several local binaries got SIGSEGV

% /usr/local/bin/tcsh
Segmentation fault (core dumped)
% file /usr/local/bin/tcsh
/usr/local/bin/tcsh: ELF 32-bit MSB executable, PA-RISC, 1.1 version 1 (NetBSD), dynamically linked, interpreter /usr/libexec/ld.elf_so, for NetBSD 5.0, stripped
% /usr/local/bin/emacs
Segmentation fault (core dumped)
% file /usr/local/bin/emacs
/usr/local/bin/emacs: sticky ELF 32-bit MSB executable, PA-RISC, 1.1 version 1 (NetBSD), dynamically linked, interpreter /usr/libexec/ld.elf_so, for NetBSD 7.1, with debug_info, not stripped
% gdb /usr/local/bin/tcsh
GNU gdb (GDB) 8.3

[...]

(No debugging symbols found in /usr/local/bin/tcsh)
(gdb) run
Starting program: /usr/local/bin/tcsh 

Program received signal SIGSEGV, Segmentation fault.
0x000513e8 in malloc ()
(gdb) bt
#0  0x000513e8 in malloc ()
#1  0xaf599424 in pthread_atfork () from /usr/lib/libc.so.12
#2  0xaf51eff8 in ?? () from /usr/lib/libc.so.12
#3  0xaf59f0e0 in ?? () from /usr/lib/libc.so.12
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) 

[...]

% % gdb /usr/local/bin/emacs
GNU gdb (GDB) 8.3

[...]

Reading symbols from /usr/local/bin/emacs...
(gdb) run
Starting program: /usr/local/bin/emacs 

Program received signal SIGSEGV, Segmentation fault.
0x0006a8a8 in malloc (n=8) at malloc.c:441
warning: Source file is more recent than executable.
441
(gdb) bt
#0  0x0006a8a8 in malloc (n=8) at malloc.c:441
#1  0xaf199424 in pthread_atfork () from /usr/lib/libc.so.12
#2  0xaf11eff8 in ?? () from /usr/lib/libc.so.12
#3  0xaf19f0e0 in ?? () from /usr/lib/libc.so.12
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) 

---

>Fix:
Unknown.

---
Izumi Tsutsui

>Audit-Trail:
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: gnats-bugs@netbsd.org
Cc: tsutsui@ceres.dti.ne.jp
Subject: Re: port-hppa/56065: Several old hppa binaries don't work on NetBSD
	 9.1
Date: Sun, 21 Mar 2021 00:51:41 +0900

 > Also several local binaries got SIGSEGV
 > 
 > % /usr/local/bin/tcsh
 > Segmentation fault (core dumped)
 > % file /usr/local/bin/tcsh
 > /usr/local/bin/tcsh: ELF 32-bit MSB executable, PA-RISC, 1.1 version 1 (NetBSD), dynamically linked, interpreter /usr/libexec/ld.elf_so, for NetBSD 5.0, stripped
 > % /usr/local/bin/emacs
 > Segmentation fault (core dumped)
 > % file /usr/local/bin/emacs
 > /usr/local/bin/emacs: sticky ELF 32-bit MSB executable, PA-RISC, 1.1 version 1 (NetBSD), dynamically linked, interpreter /usr/libexec/ld.elf_so, for NetBSD 7.1, with debug_info, not stripped

 Note both these /usr/local/bin/tcsh and /usr/local/bin/emacs binaries
 worked fine on NetBSD/hppa 7.1.

 tcsh-6.22.02 binary built on NetBSD/hppa 9.1 also dumps core:
 ---
 # file tcsh
 tcsh: ELF 32-bit MSB executable, PA-RISC, 1.1 version 1 (NetBSD), dynamically linked, interpreter /usr/libexec/ld.elf_so, for NetBSD 9.1, with debug_info, not stripped
 # ./tcsh
 Segmentation fault (core dumped)
 # gdb tcsh
 GNU gdb (GDB) 8.3
 Copyright (C) 2019 Free Software Foundation, Inc.
 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.
 Type "show copying" and "show warranty" for details.
 This GDB was configured as "hppa--netbsd".
 Type "show configuration" for configuration details.
 For bug reporting instructions, please see:
 <http://www.gnu.org/software/gdb/bugs/>.
 Find the GDB manual and other documentation resources online at:
     <http://www.gnu.org/software/gdb/documentation/>.

 For help, type "help".
 Type "apropos word" to search for commands related to "word"...
 Reading symbols from tcsh...
 (gdb) run
 Starting program: /root/tcsh-6.22.02/tcsh

 Program received signal SIGSEGV, Segmentation fault.
 0x000548a4 in malloc (nbytes=24) at tc.alloc.c:211
 211         if (nextf[bucket] == NULL)
 (gdb) bt
 #0  0x000548a4 in malloc (nbytes=24) at tc.alloc.c:211
 #1  0xaf199424 in pthread_atfork () from /usr/lib/libc.so.12
 #2  0xaf11eff8 in ?? () from /usr/lib/libc.so.12
 #3  0xaf19f0e0 in ?? () from /usr/lib/libc.so.12
 Backtrace stopped: previous frame identical to this frame (corrupt stack?)
 (gdb)

 ---

 So there are something wrong in NetBSD/hppa 9.1 libc?

 ---
 Izumi Tsutsui

From: Nick Hudson <nick.hudson@gmx.co.uk>
To: gnats-bugs@netbsd.org, port-hppa-maintainer@netbsd.org,
 gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc: 
Subject: Re: port-hppa/56065: Several old hppa binaries don't work on NetBSD
 9.1
Date: Sun, 5 Sep 2021 09:02:15 +0100

 This is almost certainly because of

 https://mail-index.netbsd.org/source-changes/2014/03/06/msg052429.html

 Log Message:
 Move to a flat space register convention. %sr[4-7] are all now the space
 number allocated to the process.  gcc produces (slightly) better code
 with this convention.

 Retain backwards compatiblity.

 Welcome to 6.99.36


 compat hooks are probably required to use earlier libc

 Nick

From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: nick.hudson@gmx.co.uk
Cc: gnats-bugs@netbsd.org, tsutsui@ceres.dti.ne.jp
Subject: Re: port-hppa/56065: Several old hppa binaries don't work on NetBSD9.1
Date: Mon, 6 Sep 2021 01:05:06 +0900

 > This is almost certainly because of
 > 
 > https://mail-index.netbsd.org/source-changes/2014/03/06/msg052429.html
 > 
 > Log Message:
 > Move to a flat space register convention. %sr[4-7] are all now the space
 > number allocated to the process.  gcc produces (slightly) better code
 > with this convention.
 > 
 > Retain backwards compatiblity.
 > 
 > Welcome to 6.99.36

 Hmm.

 Maybe there are two independent problems?
 1) 5.0 binaries get SEGV in je_tcache_bin_flush_small() or
    rb_tree_insert_node()
 2) 7.1 binaries (at least tcsh and patched emacs 18.59) that have
    homegrown malloc() get SEGV in malloc() (maybe even on netbsd-9?)

 ---
 Izumi Tsutsui

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.