Package: libc6 Version: 2.36-9+deb12u1 Severity: important Dear Maintainer,
I noticed an issue with malloc() or free(). I only noticed this recently, with libc6 version 2.36-9+deb12u1; reverting to previous 2.36-9 did not seem to help. The issue: sending SIGHUP to the inetd process (from package openbsd-inetd version 0.20221205-1) should cause it to re-load its configuration, but instead it elicits free(): double free detected in tcache 2 and an abort. This is easiest seen (after "systemctl stop inetd") with root# inetd -d -i & sleep 1; kill -HUP $!; sleep 1; jobs [1] 2431 ADD: ident proto=tcp4, wait.max=1.256 user:group=identd:(default) builtin=0 server=/usr/sbin/identd free(): double free detected in tcache 2 [1]+ Aborted inetd -d -i root# I believe that this "double free" is spurious, as there are no errors (but inetd reloads as expected) when using e.g. root# LD_PRELOAD=libc_malloc_debug.so MALLOC_CHECK_=1 inetd -d -i & sleep 1; kill -HUP $!; sleep 1; jobs; kill $!; sleep 1; jobs [1] 2437 ADD: ident proto=tcp4, wait.max=1.256 user:group=identd:(default) builtin=0 server=/usr/sbin/identd REDO: ident proto=tcp4, wait.max=1.256 user:group=identd:(default) builtin=0 server=/usr/sbin/identd [1]+ Running LD_PRELOAD=libc_malloc_debug.so MALLOC_CHECK_=0 inetd -d -i & [1]+ Done LD_PRELOAD=libc_malloc_debug.so MALLOC_CHECK_=0 inetd -d -i root# No errors are shown with any value of MALLOC_CHECK_ from 0 to 20, or even without any MALLOC_CHECK_ but with just LD_PRELOAD so with root# LD_PRELOAD=libc_malloc_debug.so inetd -d -i & sleep 1; kill -HUP $!; sleep 1; jobs; kill $!; sleep 1; jobs Instead of LD_PRELOAD, some glibc tunables can also help to avoid the "double free" error. The settings that I found to help were: GLIBC_TUNABLES=glibc.malloc.tcache_count=0 GLIBC_TUNABLES=glibc.malloc.tcache_count=1 whereas none of the following helped: GLIBC_TUNABLES=glibc.malloc.tcache_count=2 # or 3, 4, ... GLIBC_TUNABLES=glibc.cpu.hwcaps=-avx GLIBC_TUNABLES=glibc.cpu.hwcaps=-sse GLIBC_TUNABLES=glibc.cpu.hwcap_mask=1099511627775 The issue is present on all of my machines that boot from "disk", with amd64 or i386 architectures (both using an amd64 kernel, custom-built from linux-source version 6.1.38-4); some of these are VMs inside VirtualBox. I hope that the issue can be reproduced elsewhere. Curiously, the issue does not seem present on same machines when booting PXE and then NFS-mounted root (similar to LTSP), though the contents of /usr/lib seem identical whether booting from disk or PXE; the PXE boot sequence uses sysvinit, not systemd. Thanks Aurelien for suggesting the glibc tunables (in bug #1041836). Did not try gdb since I am not proficient with it, would not know what to look for. Please suggest anything else I should try. Thanks, Paul -- Paul Szabo [email protected] www.maths.usyd.edu.au/u/psz School of Mathematics and Statistics University of Sydney Australia -- System Information: Debian Release: 12.1 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1+pk12.06 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages libc6 depends on: ii libgcc-s1 12.2.0-14 Versions of packages libc6 recommends: ii libidn2-0 2.3.3-1+b1 Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.82 ii glibc-doc 2.36-9+deb12u1 ii libc-l10n 2.36-9+deb12u1 ii libnss-nis 3.1-4 ii libnss-nisplus 1.3-4 ii locales 2.36-9+deb12u1 -- debconf information: glibc/restart-failed: * glibc/upgrade: true glibc/kernel-not-supported: glibc/disable-screensaver: * libraries/restart-without-asking: true glibc/kernel-too-old: glibc/restart-services:
