Michael McConville
Michael McConville
I haven't been able to trigger this, even with a very strict malloc.conf (`CFJSUG`). Still trying.
I was finally able to trigger this by running htop along with dpb. I'll share a backtrace and start debugging tomorrow.
First backtrace: ``` #0 0x0000045084c3e89a in thrkill () at :2 #1 0x0000045084c39f59 in *_libc_abort () at /usr/src/lib/libc/stdlib/abort.c:52 #2 0x0000044de211797f in CRT_handleSIGSEGV (sgn=Variable "sgn" is not available. ) at openbsd/OpenBSDCRT.c:20 #3...
Second backtrace: ``` #0 0x00000bdcfbe8b89a in *_libc_getenv (name=Variable "name" is not available. ) at /usr/src/lib/libc/stdlib/getenv.c:80 #1 0xffffffdf00000202 in ?? () #2 0x0f04d066c347eed3 in ?? () #3 0x00007f7ffffdeaa0 in ?? ()...
It's possible that the `basenameEnd` fix in #436 fixes some of this.
Another backtrace: ``` #0 0x00000c5054a5d87a in thrkill () at :2 #1 0x00000c5054a58f79 in *_libc_abort () at /usr/src/lib/libc/stdlib/abort.c:52 #2 0x00000c5054a3b379 in wrterror (d=0xc5069f05770, msg=0xc5054b643a1 "use after free", p=0xc510ff90a80) at /usr/src/lib/libc/stdlib/malloc.c:286 #3...
And another: ``` #0 0x00001aaddeef587a in thrkill () at :2 #1 0x00001aaddeef0f79 in *_libc_abort () at /usr/src/lib/libc/stdlib/abort.c:52 #2 0x00001aab2361cd8e in CRT_handleSIGSEGV (sgn=Could not find the frame base for "CRT_handleSIGSEGV". )...
As Hisham pointed out, these seem really disparate. They're reasonably hard to trigger, too.
By the way, I've run htop in Valgrind for hours when doing a bulk port build (which entails tons of resource use and short-lived processes) and couldn't find anything other...
Definitely possible. On the other hand, OpenBSD uses very strong memory sanitization, and most (or all?) of us are only seeing these bugs with particularly brutal sanitization settings. Even in...