[Bug 51438] New: Rust compiler crashes with "free(): double free detected in tcache 2" message
https://bugs.winehq.org/show_bug.cgi?id=51438 Bug ID: 51438 Summary: Rust compiler crashes with "free(): double free detected in tcache 2" message Product: Wine Version: 6.12 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: mikrutrafal(a)protonmail.com Distribution: --- When I installed on clear prefix rustc with cargo - https://static.rust-lang.org/dist/rust-1.53.0-x86_64-pc-windows-gnu.msi ``` wget https://static.rust-lang.org/dist/rust-1.53.0-x86_64-pc-windows-gnu.msi msiexec /i rust-1.53.0-x86_64-pc-windows-gnu.msi ``` then after running commands ``` echo "fn main() { println!(\"Hello World!\");}" > roman.rs rustc roman.rs ``` compiler crashes with this info(not sure if this is Wine or Rustc info) ``` free(): double free detected in tcache 2 ``` I think that this issue is very important to fix, because Rust allows to run tests via e.g. `cargo test` command which allows to execute tests inside repository. This probably will really help with testing Wine because tests are usually small and it will be easy to track issue down. There is a lot of rust repositories, but this two use directly windows API, so testing them should give easy info about crashes etc. https://github.com/microsoft/windows-samples-rs https://github.com/microsoft/windows-rs -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 Bernhard Übelacker <bernhardu(a)mailbox.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bernhardu(a)mailbox.org --- Comment #1 from Bernhard Übelacker <bernhardu(a)mailbox.org> --- Hello, I tried to run the instructions on top of a plain wine64 built from todays git (49cde09958). Unfortunately I could not reproduce the free error: $ echo "fn main() { println!(\"Hello World\");}" > roman.rs $ cat roman.rs fn main() { println!("Hello World");} $ wine rustc roman.rs $ wine roman.exe Hello World Do you use prebuilt wine packages? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 --- Comment #2 from Rafał Mikrut <mikrutrafal(a)protonmail.com> --- Hi, I completely forgot to mention that I used wine-staging 6.12(from official PPA on Ubuntu 21.04). I retested it with wine-devel 6.12 and seems that this is only wine-staging bug. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 Zebediah Figura <z.figura12(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Wine |Wine-staging Component|-unknown |-unknown CC| |leslie_alistair(a)hotmail.com | |, z.figura12(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 --- Comment #3 from Zebediah Figura <z.figura12(a)gmail.com> --- It could be an intermittent bug. Assuming it isn't, though, the most helpful thing would be to perform a bisect between upstream wine and wine-staging; see <https://wiki.winehq.org/Wine-Staging#Reporting_and_debugging_bugs_against_Staging> for some details. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 --- Comment #4 from Bernhard Übelacker <bernhardu(a)mailbox.org> --- Created attachment 70297 --> https://bugs.winehq.org/attachment.cgi?id=70297 51438_debugging.txt I experimented a little with rr and found this free happens inside wineserver. I did also the git bisect, which points to this commit: Author: Erich E. Hoover <erich.e.hoover(a)gmail.com> Date: Thu Jan 16 21:02:11 2014 -0700 server: Add support for deleting junction points with RemoveDirectory. https://github.com/wine-staging/wine-staging/blob/master/patches/ntdll-Junct... Attached file contains also a valgrind run (just of wineserver), that points it out clearly: Invalid free() / delete / delete[] / realloc() at 0x48399AB: free (in vgpreload_memcheck-amd64-linux.so) by 0x12EF62: inode_destroy (fd.c:1174) by 0x142910: release_object (object.c:441) ... Address 0x605c840 is 0 bytes inside a block of size 123 free'd at 0x48399AB: free (in vgpreload_memcheck-amd64-linux.so) by 0x132EB9: set_fd_name (fd.c:2829) by 0x133DE6: req_set_fd_name_info (fd.c:3165) ... Block was alloc'd at at 0x483877F: malloc (in vgpreload_memcheck-amd64-linux.so) by 0x491EE4A: strdup (strdup.c:42) by 0x130D64: dup_fd_name (fd.c:1863) by 0x131674: open_fd (fd.c:2098) ... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 Zebediah Figura <z.figura12(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |erich.e.hoover(a)gmail.com --- Comment #5 from Zebediah Figura <z.figura12(a)gmail.com> --- Erich, could you please take a look? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 --- Comment #6 from Erich E. Hoover <erich.e.hoover(a)gmail.com> --- (In reply to Zebediah Figura from comment #5)
Erich, could you please take a look?
Yup, it appears that there I lost something in a rebase: === @@ -2605,10 +2623,10 @@ static void set_fd_name( struct fd *fd, struct fd *root, const char *nameptr, da free( fd->nt_name ); fd->nt_name = dup_nt_name( root, nt_name, &fd->nt_namelen ); + free( fd->unlink_name ); free( fd->unix_name ); fd->closed->unix_name = fd->unix_name = realpath( name, NULL ); - free( name ); - if (!fd->unix_name) + if (!fd->unlink_name || !fd->unix_name) set_error( STATUS_NO_MEMORY ); return; === ^^ This should also have the line: fd->closed->unlink_name = fd->unlink_name = name; Rafał, would you mind adding this line and giving it a try? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 --- Comment #7 from Bernhard Übelacker <bernhardu(a)mailbox.org> --- I retried on tag wine-6.12 with patches applied from wine-staging of 163f74fe61851. There I added the line like this: --- a/server/fd.c +++ b/server/fd.c @@ -2828,6 +2828,7 @@ static void set_fd_name( struct fd *fd, ... ... free( fd->unix_name ); + fd->closed->unlink_name = fd->unlink_name = name; fd->closed->unix_name = fd->unix_name = realpath( name, NULL ); ... https://github.com/wine-staging/wine-staging/commit/750044c08c49c7a117fcc911... And the free fault is no longer visible and valgrind run shows nothing related to the free. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 --- Comment #8 from Erich E. Hoover <erich.e.hoover(a)gmail.com> --- (In reply to Bernhard Übelacker from comment #7)
... And the free fault is no longer visible and valgrind run shows nothing related to the free.
Wonderful, I'll try to get the fix for this and another bug put together this evening. Sorry about the inconvenience, it's definitely my fault (I remember doing a rebase to these lines myself). -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 Gijs Vermeulen <gijsvrm(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |https://web.archive.org/web | |/20210617185712/https://sta | |tic.rust-lang.org/dist/rust | |-1.53.0-x86_64-pc-windows-g | |nu.msi Ever confirmed|0 |1 Status|UNCONFIRMED |NEW --- Comment #9 from Gijs Vermeulen <gijsvrm(a)gmail.com> --- Confirming, adding 'download' keyword + stable download. $ sha1sum rust-1.53.0-x86_64-pc-windows-gnu.msi d1ac1b55fb397d98dcff069f85e6e1af9110d22e rust-1.53.0-x86_64-pc-windows-gnu.msi $ du -sh rust-1.53.0-x86_64-pc-windows-gnu.msi 248M rust-1.53.0-x86_64-pc-windows-gnu.msi -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 --- Comment #10 from Bernhard Übelacker <bernhardu(a)mailbox.org> --- Wine-Staging 6.14 now contains following line again: https://github.com/wine-staging/wine-staging/commit/c91c63a5da1ab7f885bdafb4... Rafał, do you still see the crash with Wine-Staging 6.14 ? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 --- Comment #11 from Rafał Mikrut <mikrutrafal(a)protonmail.com> --- Looks that now Rust can compile app without any crash -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 Erich E. Hoover <erich.e.hoover(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #12 from Erich E. Hoover <erich.e.hoover(a)gmail.com> --- Fixed by staging commit c91c63a5da1ab7f885bdafb4dbc0da5a49a8a3af. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51438 Erich E. Hoover <erich.e.hoover(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #13 from Erich E. Hoover <erich.e.hoover(a)gmail.com> --- Closing bug, fixed in wine-staging 6.14 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla