Bug#1041836: libc6 2.36-9+deb12u1 double free abort
Maybe related: seems that the default for "mcheck" or MALLOC_CHECK_ has
changed.
I observe an oddity. I only noticed this recently, with libc6 version
2.36-9+deb12u1; reverting to previous 2.36-9 did not seem to help.
The issue. Sending SIGHUP to the inetd(8) process should cause it to
re-load its configuration, but instead it elicits
free(): double free detected in tcache 2
and an abort. This is easiest seen (after "systemctl stop inetd") with
root# inetd -d -i & sleep 1; kill -HUP $!; sleep 1; jobs
[1] 2431
ADD: ident proto=tcp4, wait.max=1.256 user:group=identd:(default) builtin=0 server=/usr/sbin/identd
free(): double free detected in tcache 2
[1]+ Aborted inetd -d -i
root#
Sanity(?) is restored by using MALLOC_CHECK_=0 (needs LD_PRELOAD):
root# LD_PRELOAD=libc_malloc_debug.so MALLOC_CHECK_=0 inetd -d -i & sleep 1; kill -HUP $!; sleep 1; jobs; kill $!; sleep 1; jobs
[1] 2437
ADD: ident proto=tcp4, wait.max=1.256 user:group=identd:(default) builtin=0 server=/usr/sbin/identd
REDO: ident proto=tcp4, wait.max=1.256 user:group=identd:(default) builtin=0 server=/usr/sbin/identd
[1]+ Running LD_PRELOAD=libc_malloc_debug.so MALLOC_CHECK_=0 inetd -d -i &
[1]+ Done LD_PRELOAD=libc_malloc_debug.so MALLOC_CHECK_=0 inetd -d -i
root#
To compound the oddity, the value of MALLOC_CHECK_ or even its presence
seems ignored, just the LD_PRELOAD=libc_malloc_debug.so "fixes" the
issue.
Hope this helps to find the cause.
Cheers, Paul
References:
http://btorpey.github.io/blog/2019/07/14/memory-checking/
https://www.gnu.org/software/libc/manual/html_node/Heap-Consistency-Checking.html
--
Paul Szabo psz@maths.usyd.edu.au www.maths.usyd.edu.au/u/psz
School of Mathematics and Statistics University of Sydney Australia
Join the Union and fight for a better University: www.nteu.au/join
Reply to: