port-vax/48051: rxvt crashes when setting environment variables

To: port-vax-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: port-vax/48051: rxvt crashes when setting environment variables
From: martin%NetBSD.org@localhost
Date: Sat, 13 Jul 2013 16:25:00 +0000 (UTC)

>Number:         48051
>Category:       port-vax
>Synopsis:       rxvt crashes when setting environment variables
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-vax-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 13 16:25:00 +0000 2013
>Originator:     Martin Husemann
>Release:        NetBSD 6.99.23
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD dead-to-the-world.duskware.de 6.99.23 NetBSD 6.99.23 (DEAD) #28: 
Thu Jul 11 09:15:38 CEST 2013 
martin%night-porter.duskware.de@localhost:/usr/src/sys/arch/vax/compile/DEAD vax
Architecture: vax
Machine: vax
>Description:

After upgrading my machine to -current rxvt stopped working (rxvt binary is
unchanged since 2009).

I looked at the code generated by gcc and it looked fine to me - I suspect
either some (old?) memory corruption now triggers this due to other changes
rearanging memmory, or ld.elf_so is somehow broken. Gdb seems a bit confused
about the rb_tree_* symbols, or there are multiple copies of them, which nm
does not show: the addresses in the backtrace mapped to the rb_tree_* 
functions do not match the addresses used by gdb when setting a breakpoint
there upfront. So effectively this could be anything and I a not sure we
can trust gdb.

Anyway, a bit of info from gdb on the crash:

Program received signal SIGSEGV, Segmentation fault.
0x7f648021 in rb_tree_insert_node (2137755944, 2135015680)
   from /usr/lib/libc.so.12
(gdb) bt
#0  0x7f648021 in rb_tree_insert_node (2137755944, 2135015680)
   from /usr/lib/libc.so.12
#1  0x7f647a31 in __allocenvvar (23) from /usr/lib/libc.so.12
#2  0x7f62219d in setenv (2135024000, 2135024010, 1) from /usr/lib/libc.so.12
#3  0x7f6161cf in putenv (2135023968) from /usr/lib/libc.so.12
#4  0x7f7d44f6 in _rtld_bind_start (2135023968) from /usr/libexec/ld.elf_so
#5  0x000188f1 in rxvt_set_colorfgbg (2134905280)
#6  0x00018f15 in rxvt_change_font (2134905280, 1, 0)
#7  0x00022ebe in rxvt_Create_Windows (2134905280, 3, 2147478680)
#8  0x00019090 in rxvt_init (3, 2147478680)
#9  0x00013c0a in main (3, 2147478680, 2147478696)
(gdb) x/16i 0x7f648021
=> 0x7f648021 <rb_tree_insert_node+17>: movl (r8),r9
   0x7f648024 <rb_tree_insert_node+20>: addl3 r11,0x8(r8),r10
   0x7f648029 <rb_tree_insert_node+25>: movl (r0),r6
   0x7f64802c <rb_tree_insert_node+28>: 
    bneq 0x7f648031 <rb_tree_insert_node+33>
   0x7f64802e <rb_tree_insert_node+30>: 
    brw 0x7f64816b <rb_tree_insert_node+347>
[..]
(gdb) info reg
r0             0x7f6b9128       2137755944
r1             0xc0     192
r2             0x7f41c040       2135015488
r3             0xfffffff0       -16
r4             0x0      0
r5             0x7f41c000       2135015424
r6             0x7f41c100       2135015680
r7             0x17     23
r8             0x0      0
r9             0x0      0
[..]


looking at the source this seems to be the copying of rbto_compare_nodes from
the env_tree_ops, and those are statically initialized and not NULL. I'm 
puzzled.


>How-To-Repeat:
just run rxvt on vax

>Fix:
n/a

Prev by Date: Re: standards/47454: terminfo(5) does not have a capability for terminal/display character set
Next by Date: Re: kern/47419 (ifconfig on a gif(4) interface doesn't display the MTU)
Previous by Thread: Re: kern/47447 (udl(4): New device ID)
Next by Thread: Re: kern/47419 (ifconfig on a gif(4) interface doesn't display the MTU)
Indexes:

Home | Main Index | Thread Index | Old Index