Menu
Search

Forums

Forum Index

Thread overview
free(): double free detected in tcache 2
Aug 13, 2021
workman
Aug 13, 2021
Johan
Aug 23, 2021
workman
Aug 23, 2021
Johan
Aug 23, 2021
max haughton
Aug 24, 2021
workman
Aug 24, 2021
Johan
Aug 25, 2021
workman
Aug 25, 2021
Johan
Aug 26, 2021
workman
August 13, 2021
Gravatar of workmanPosted by workmanReply
workman
Gravatar of workman


Reply

link with -flto=full from linux get this error:

free(): double free detected in tcache 2

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7ca5537 in __GI_abort () at abort.c:79
#2  0x00007ffff7cfe768 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7e0ce2d "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff7d05a5a in malloc_printerr (str=str@entry=0x7ffff7e0f170 "free(): double free detected in tcache 2") at malloc.c:5347
#4  0x00007ffff7d07055 in _int_free (av=0x7ffff7e3eb80 <main_arena>, p=0x54a360, have_lock=1) at malloc.c:4201
#5  0x00007ffff7d09995 in _int_realloc (av=av@entry=0x7ffff7e3eb80 <main_arena>, oldp=oldp@entry=0x54a360, oldsize=oldsize@entry=32, nb=88736032) at malloc.c:4618
#6  0x00007ffff7d0aab6 in __GI___libc_realloc (oldmem=0x54a370, bytes=88736016) at malloc.c:3226
#7  0x000000000046f604 in core.internal.container.common.xrealloc(void*, ulong) ()
#8  0x000000000046e3dd in core.internal.container.array.Array!(void[]).Array.length(ulong) ()
#9  0x000000000046f4f6 in core.internal.container.array.Array!(void[]).Array.insertBack!().insertBack(void[]) ()
#10 0x00000000004b078f in _d_dso_registry ()
#11 0x00000000004b3d72 in ldc.register_dso ()
#12 0x00007ffff7fe2373 in _dl_fini () at dl-fini.c:138
#13 0x00007ffff7cbe4d7 in __run_exit_handlers (status=0, listp=0x7ffff7e3e718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108
#14 0x00007ffff7cbe67a in __GI_exit (status=<optimized out>) at exit.c:139
#15 0x00007ffff7ca6d11 in __libc_start_main (main=0x4df1e0 <main>, argc=2, argv=0x7fffffffdec8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdeb8) at ../csu/libc-start.c:342
#16 0x00000000002f63fa in _start ()
August 13, 2021
Gravatar of JohanPosted by Johan
in reply to workman		Reply
Johan
Gravatar of Johan
Posted in reply to workman


Reply

On Friday, 13 August 2021 at 05:58:34 UTC, workman wrote:

>

link with -flto=full from linux get this error:

free(): double free detected in tcache 2

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7ca5537 in __GI_abort () at abort.c:79
#2  0x00007ffff7cfe768 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7e0ce2d "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff7d05a5a in malloc_printerr (str=str@entry=0x7ffff7e0f170 "free(): double free detected in tcache 2") at malloc.c:5347
#4  0x00007ffff7d07055 in _int_free (av=0x7ffff7e3eb80 <main_arena>, p=0x54a360, have_lock=1) at malloc.c:4201
#5  0x00007ffff7d09995 in _int_realloc (av=av@entry=0x7ffff7e3eb80 <main_arena>, oldp=oldp@entry=0x54a360, oldsize=oldsize@entry=32, nb=88736032) at malloc.c:4618
#6  0x00007ffff7d0aab6 in __GI___libc_realloc (oldmem=0x54a370, bytes=88736016) at malloc.c:3226
#7  0x000000000046f604 in core.internal.container.common.xrealloc(void*, ulong) ()
#8  0x000000000046e3dd in core.internal.container.array.Array!(void[]).Array.length(ulong) ()
#9  0x000000000046f4f6 in core.internal.container.array.Array!(void[]).Array.insertBack!().insertBack(void[]) ()
#10 0x00000000004b078f in _d_dso_registry ()
#11 0x00000000004b3d72 in ldc.register_dso ()
#12 0x00007ffff7fe2373 in _dl_fini () at dl-fini.c:138
#13 0x00007ffff7cbe4d7 in __run_exit_handlers (status=0, listp=0x7ffff7e3e718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108
#14 0x00007ffff7cbe67a in __GI_exit (status=<optimized out>) at exit.c:139
#15 0x00007ffff7ca6d11 in __libc_start_main (main=0x4df1e0 <main>, argc=2, argv=0x7fffffffdec8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdeb8) at ../csu/libc-start.c:342
#16 0x00000000002f63fa in _start ()

Can you check how often _d_dso_registry is called after __run_exit_handlers ?

August 23, 2021
Gravatar of workmanPosted by workman
in reply to Johan		Reply
workman
Gravatar of workman
Posted in reply to Johan


Reply

On Friday, 13 August 2021 at 11:01:00 UTC, Johan wrote:

>

On Friday, 13 August 2021 at 05:58:34 UTC, workman wrote:

>

[...]

Can you check how often _d_dso_registry is called after __run_exit_handlers ?

not sure how to do this.

August 23, 2021
Gravatar of JohanPosted by Johan
in reply to workman		Reply
Johan
Gravatar of Johan
Posted in reply to workman


Reply

On Monday, 23 August 2021 at 15:59:04 UTC, workman wrote:

>

On Friday, 13 August 2021 at 11:01:00 UTC, Johan wrote:

>

On Friday, 13 August 2021 at 05:58:34 UTC, workman wrote:

>

[...]

Can you check how often _d_dso_registry is called after __run_exit_handlers ?

not sure how to do this.

(not really sure if this will really help figure out the problem, but...)

You can break on it (probably smth like "break _d_dso_registry"), then continue when execution is stopped at the start of the function (probably "c"), and count how often the breakpoint is triggered (keep "c"), before the program exits.

-Johan

August 23, 2021
Gravatar of max haughtonPosted by max haughton
in reply to Johan		Reply
max haughton
Gravatar of max haughton
Posted in reply to Johan


Reply

On Monday, 23 August 2021 at 22:34:58 UTC, Johan wrote:

>

On Monday, 23 August 2021 at 15:59:04 UTC, workman wrote:

>

On Friday, 13 August 2021 at 11:01:00 UTC, Johan wrote:

>

On Friday, 13 August 2021 at 05:58:34 UTC, workman wrote:

>

[...]

Can you check how often _d_dso_registry is called after __run_exit_handlers ?

not sure how to do this.

(not really sure if this will really help figure out the problem, but...)

You can break on it (probably smth like "break _d_dso_registry"), then continue when execution is stopped at the start of the function (probably "c"), and count how often the breakpoint is triggered (keep "c"), before the program exits.

-Johan

You need to break, then set the ignore count, then info breakpoints (something like you that) will still give you the hit count for that breakpoint

August 24, 2021
Gravatar of workmanPosted by workman
in reply to max haughton		Reply
workman
Gravatar of workman
Posted in reply to max haughton


Reply

On Monday, 23 August 2021 at 23:25:19 UTC, max haughton wrote:

>

You need to break, then set the ignore count, then info breakpoints (something like you that) will still give you the hit count for that breakpoint

Thanks for the tips,

Num     Type           Disp Enb Address            What
1       breakpoint     keep y   0x00000000004b0f90 <_d_dso_registry>
	breakpoint already hit 3 times

without lto

Num     Type           Disp Enb Address            What
1       breakpoint     keep y   0x000000000052ece0 <_d_dso_registry>
	breakpoint already hit 2 times
August 24, 2021
Gravatar of JohanPosted by Johan
in reply to workman		Reply
Johan
Gravatar of Johan
Posted in reply to workman


Reply

On Tuesday, 24 August 2021 at 06:04:12 UTC, workman wrote:

>

On Monday, 23 August 2021 at 23:25:19 UTC, max haughton wrote:

>

You need to break, then set the ignore count, then info breakpoints (something like you that) will still give you the hit count for that breakpoint

Thanks for the tips,

Num     Type           Disp Enb Address            What
1       breakpoint     keep y   0x00000000004b0f90 <_d_dso_registry>
	breakpoint already hit 3 times

without lto

Num     Type           Disp Enb Address            What
1       breakpoint     keep y   0x000000000052ece0 <_d_dso_registry>
	breakpoint already hit 2 times

OK, so indeed it is what I thought: with LTO _d_dso_registry is called too often.
The function does initialization or deinit (it is a 'toggle' operation).

1st call: initialization
2nd call: deinitialization
3rd call: initialization, but here the struct passed probably contains something that triggers a second free call on a pointer that was not nulled maybe? Regardless, this third call should not happen.

Which linker is used in the LTO case? ld.bfd, ld.gold, ld.lld ?
(ldc2 -v ... one of the last lines is the C compiler invocation for linking; check for "-fuse-ld="; if it is not there then just ld is used, check ld --version)

Probably the same as this bug: https://github.com/ldc-developers/ldc/issues/3786

-Johan

August 25, 2021
Gravatar of workmanPosted by workman
in reply to Johan		Reply
workman
Gravatar of workman
Posted in reply to Johan


Reply

On Tuesday, 24 August 2021 at 11:10:47 UTC, Johan wrote:

>

OK, so indeed it is what I thought: with LTO _d_dso_registry is called too often.
The function does initialization or deinit (it is a 'toggle' operation).

1st call: initialization
2nd call: deinitialization
3rd call: initialization, but here the struct passed probably contains something that triggers a second free call on a pointer that was not nulled maybe? Regardless, this third call should not happen.

Which linker is used in the LTO case? ld.bfd, ld.gold, ld.lld ?
(ldc2 -v ... one of the last lines is the C compiler invocation for linking; check for "-fuse-ld="; if it is not there then just ld is used, check ld --version)

Probably the same as this bug: https://github.com/ldc-developers/ldc/issues/3786

-Johan

I use ld.ldd to do the link, try -flto=full and -flto=thin, has same problem: free(): double free detected in tcache 2

August 25, 2021
Gravatar of JohanPosted by Johan
in reply to workman		Reply
Johan
Gravatar of Johan
Posted in reply to workman


Reply

On Wednesday, 25 August 2021 at 06:55:40 UTC, workman wrote:

>

On Tuesday, 24 August 2021 at 11:10:47 UTC, Johan wrote:

>

Probably the same as this bug: https://github.com/ldc-developers/ldc/issues/3786

-Johan

I use ld.ldd to do the link, try -flto=full and -flto=thin, has same problem: free(): double free detected in tcache 2

Then it's the same bug as I mentioned.
If you have the option to try with other linkers, then please try. It should work with ld.gold.

-Johan

August 26, 2021
Gravatar of workmanPosted by workman
in reply to Johan		Reply
workman
Gravatar of workman
Posted in reply to Johan


Reply

On Wednesday, 25 August 2021 at 09:18:56 UTC, Johan wrote:

>

Then it's the same bug as I mentioned.
If you have the option to try with other linkers, then please try. It should work with ld.gold.

-Johan

Thanks for explain, I try use gold before and they are create a lot link error like this:

/usr/lib/gcc/x86_64-linux-gnu/10/../../../x86_64-linux-gnu/crt1.o:function _start: error: undefined reference to '__libc_csu_fini'
/usr/lib/gcc/x86_64-linux-gnu/10/../../../x86_64-linux-gnu/crt1.o:function _start: error: undefined reference to '__libc_csu_init'
/usr/bin/../lib/libphobos2-ldc.a(file.o):file.d:function _D3std4file8readImplFNeMAxaMPxamZAv: error: undefined reference to 'fstat64'
/usr/bin/../lib/libphobos2-ldc.a(file.o):file.d:function _D3std4file10existsImplFNbNiNePxaZb: error: undefined reference to 'lstat64'
/usr/bin/../lib/libphobos2-ldc.a(file.o):file.d:function _D3std4file12mkdirRecurseFNfMAxaZv: error: undefined reference to 'lstat64'
/usr/bin/../lib/libphobos2-ldc.a(file.o):file.d:function _D3std4file__T6existsTAxaZQmFNbNiNfQnZb: error: undefined reference to 'lstat64'
/usr/bin/../lib/libphobos2-ldc.a(file.o):file.d:function _D3std4file8DirEntry6__ctorMFNcNfAyaZSQBkQBjQBh: error: undefined reference to 'lstat64'
/usr/bin/../lib/libphobos2-ldc.a(file.o):file.d:function _D3std4file8DirEntry5isDirMFNdNfZb: error: undefined reference to 'stat64'
/usr/bin/../lib/libphobos2-ldc.a(file.o):file.d:function _D3std4file8DirEntry22_ensureStatOrLStatDoneMFNeZv: error: undefined reference to 'stat64'
/usr/bin/../lib/libphobos2-ldc.a(file.o):file.d:function _D3std4file8DirEntry6isFileMFNdNfZb: error: undefined reference to 'stat64'
/usr/bin/../lib/libphobos2-ldc.a(file.o):file.d:function _D3std4file8DirEntry15_ensureStatDoneMFNeZv: error: undefined reference to 'stat64'
/usr/bin/../lib/libphobos2-ldc.a(file.o):file.d:function _D3std4file8copyImplFNeMAxaMQeMPxaMQeEQBk8typecons__T4FlagVAyaa18_707265736572766541747472696275746573ZQByZv: error: undefined reference to 'fstat64'
/usr/bin/../lib/libphobos2-ldc.a(file.o):file.d:function _D3std4file8copyImplFNeMAxaMQeMPxaMQeEQBk8typecons__T4FlagVAyaa18_707265736572766541747472696275746573ZQByZv: error: undefined reference to 'fstat64'
/usr/bin/../lib/libphobos2-ldc.a(curl.o):curl.d:function _D3std3net4curl7CurlAPI7loadAPIFZPv: error: undefined reference to 'atexit'
/usr/bin/../lib/libphobos2-ldc.a(process.o):process.d:function _D3std7process17spawnProcessPosixFNeMAxAaSQBo5stdio4FileQpQrMxHAyaAyaSQCqQCp6ConfigMAxaZCQDjQDi3Pid: error: undefined reference to 'fstat64'
/usr/bin/../lib/libdruntime-ldc.a(gc.o):gc.d:function _D4core8internal2gc4impl12conservativeQw14ConservativeGC6__ctorMFZCQCnQClQCfQCfQCdQCoQBt: error: undefined reference to 'pthread_atfork'
/usr/bin/../lib/libdruntime-ldc.a(gc.o):gc.d:function _D4core8internal2gc4impl12conservativeQw3Gcx10initializeMFZv: error: undefined reference to 'pthread_atfork'

LLD work great if I use LDC betterC and LTO.