Created attachment 6311 [details] crash test (gdb) run sh fuzzed.sh Starting program: /root/fuzzshell/busybox_unstripped sh fuzzed.sh fuzzed.sh: trap: line 1: 4846957808957: invalid signal specification *** Error in `/root/fuzzshell/busybox_unstripped': free(): invalid pointer: 0x08105364 *** Program received signal SIGABRT, Aborted. 0xb7fdcc38 in __kernel_vsyscall () (gdb) bt #0 0xb7fdcc38 in __kernel_vsyscall () #1 0xb7df0e17 in __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:55 #2 0xb7df23e9 in __GI_abort () at abort.c:89 #3 0xb7e2e43e in __libc_message (do_abort=1, fmt=0xb7f262f8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #4 0xb7e34007 in malloc_printerr (action=<optimized out>, str=0xb7f22490 "free(): invalid pointer", ptr=0x8105364) at malloc.c:4965 #5 0xb7e3475d in _int_free (av=0x696c2064, p=<optimized out>, have_lock=0) at malloc.c:3834 #6 0x0808bad4 in trapcmd () #7 0x00000001 in ?? () Valgrind reports ==30861== Invalid free() / delete / delete[] / realloc() ==30861== at 0x402C3B8: free (vg_replace_malloc.c:530) ==30861== by 0x808BAD3: trapcmd (in /root/fuzzshell/busybox_unstripped) ==30861== Address 0x333831 is not stack'd, malloc'd or (recently) free'd I'm unable to minimize my test cases since I can't get ASAN working on my build #8641
pretty sure it's just the same as bug 8661 *** This bug has been marked as a duplicate of bug 8661 ***