https://bugs.winehq.org/show_bug.cgi?id=51438
Bug ID: 51438 Summary: Rust compiler crashes with "free(): double free detected in tcache 2" message Product: Wine Version: 6.12 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: mikrutrafal@protonmail.com Distribution: ---
When I installed on clear prefix rustc with cargo - https://static.rust-lang.org/dist/rust-1.53.0-x86_64-pc-windows-gnu.msi ``` wget https://static.rust-lang.org/dist/rust-1.53.0-x86_64-pc-windows-gnu.msi msiexec /i rust-1.53.0-x86_64-pc-windows-gnu.msi ```
then after running commands
``` echo "fn main() { println!("Hello World!");}" > roman.rs rustc roman.rs ```
compiler crashes with this info(not sure if this is Wine or Rustc info) ``` free(): double free detected in tcache 2 ```
I think that this issue is very important to fix, because Rust allows to run tests via e.g. `cargo test` command which allows to execute tests inside repository.
This probably will really help with testing Wine because tests are usually small and it will be easy to track issue down.
There is a lot of rust repositories, but this two use directly windows API, so testing them should give easy info about crashes etc. https://github.com/microsoft/windows-samples-rs https://github.com/microsoft/windows-rs
https://bugs.winehq.org/show_bug.cgi?id=51438
Bernhard Übelacker bernhardu@mailbox.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bernhardu@mailbox.org
--- Comment #1 from Bernhard Übelacker bernhardu@mailbox.org --- Hello, I tried to run the instructions on top of a plain wine64 built from todays git (49cde09958).
Unfortunately I could not reproduce the free error:
$ echo "fn main() { println!("Hello World");}" > roman.rs $ cat roman.rs fn main() { println!("Hello World");} $ wine rustc roman.rs $ wine roman.exe Hello World
Do you use prebuilt wine packages?
https://bugs.winehq.org/show_bug.cgi?id=51438
--- Comment #2 from Rafał Mikrut mikrutrafal@protonmail.com --- Hi,
I completely forgot to mention that I used wine-staging 6.12(from official PPA on Ubuntu 21.04).
I retested it with wine-devel 6.12 and seems that this is only wine-staging bug.
https://bugs.winehq.org/show_bug.cgi?id=51438
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Product|Wine |Wine-staging Component|-unknown |-unknown CC| |leslie_alistair@hotmail.com | |, z.figura12@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=51438
--- Comment #3 from Zebediah Figura z.figura12@gmail.com --- It could be an intermittent bug. Assuming it isn't, though, the most helpful thing would be to perform a bisect between upstream wine and wine-staging; see https://wiki.winehq.org/Wine-Staging#Reporting_and_debugging_bugs_against_Staging for some details.
https://bugs.winehq.org/show_bug.cgi?id=51438
--- Comment #4 from Bernhard Übelacker bernhardu@mailbox.org --- Created attachment 70297 --> https://bugs.winehq.org/attachment.cgi?id=70297 51438_debugging.txt
I experimented a little with rr and found this free happens inside wineserver.
I did also the git bisect, which points to this commit:
Author: Erich E. Hoover erich.e.hoover@gmail.com Date: Thu Jan 16 21:02:11 2014 -0700 server: Add support for deleting junction points with RemoveDirectory. https://github.com/wine-staging/wine-staging/blob/master/patches/ntdll-Junct...
Attached file contains also a valgrind run (just of wineserver), that points it out clearly:
Invalid free() / delete / delete[] / realloc() at 0x48399AB: free (in vgpreload_memcheck-amd64-linux.so) by 0x12EF62: inode_destroy (fd.c:1174) by 0x142910: release_object (object.c:441) ... Address 0x605c840 is 0 bytes inside a block of size 123 free'd at 0x48399AB: free (in vgpreload_memcheck-amd64-linux.so) by 0x132EB9: set_fd_name (fd.c:2829) by 0x133DE6: req_set_fd_name_info (fd.c:3165) ... Block was alloc'd at at 0x483877F: malloc (in vgpreload_memcheck-amd64-linux.so) by 0x491EE4A: strdup (strdup.c:42) by 0x130D64: dup_fd_name (fd.c:1863) by 0x131674: open_fd (fd.c:2098) ...
https://bugs.winehq.org/show_bug.cgi?id=51438
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |erich.e.hoover@gmail.com
--- Comment #5 from Zebediah Figura z.figura12@gmail.com --- Erich, could you please take a look?
https://bugs.winehq.org/show_bug.cgi?id=51438
--- Comment #6 from Erich E. Hoover erich.e.hoover@gmail.com --- (In reply to Zebediah Figura from comment #5)
Erich, could you please take a look?
Yup, it appears that there I lost something in a rebase: === @@ -2605,10 +2623,10 @@ static void set_fd_name( struct fd *fd, struct fd *root, const char *nameptr, da
free( fd->nt_name ); fd->nt_name = dup_nt_name( root, nt_name, &fd->nt_namelen ); + free( fd->unlink_name ); free( fd->unix_name ); fd->closed->unix_name = fd->unix_name = realpath( name, NULL ); - free( name ); - if (!fd->unix_name) + if (!fd->unlink_name || !fd->unix_name) set_error( STATUS_NO_MEMORY ); return; === ^^ This should also have the line: fd->closed->unlink_name = fd->unlink_name = name;
Rafał, would you mind adding this line and giving it a try?
https://bugs.winehq.org/show_bug.cgi?id=51438
--- Comment #7 from Bernhard Übelacker bernhardu@mailbox.org --- I retried on tag wine-6.12 with patches applied from wine-staging of 163f74fe61851.
There I added the line like this:
--- a/server/fd.c +++ b/server/fd.c @@ -2828,6 +2828,7 @@ static void set_fd_name( struct fd *fd, ... ... free( fd->unix_name ); + fd->closed->unlink_name = fd->unlink_name = name; fd->closed->unix_name = fd->unix_name = realpath( name, NULL ); ...
https://github.com/wine-staging/wine-staging/commit/750044c08c49c7a117fcc911...
And the free fault is no longer visible and valgrind run shows nothing related to the free.
https://bugs.winehq.org/show_bug.cgi?id=51438
--- Comment #8 from Erich E. Hoover erich.e.hoover@gmail.com --- (In reply to Bernhard Übelacker from comment #7)
... And the free fault is no longer visible and valgrind run shows nothing related to the free.
Wonderful, I'll try to get the fix for this and another bug put together this evening. Sorry about the inconvenience, it's definitely my fault (I remember doing a rebase to these lines myself).
https://bugs.winehq.org/show_bug.cgi?id=51438
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |https://web.archive.org/web | |/20210617185712/https://sta | |tic.rust-lang.org/dist/rust | |-1.53.0-x86_64-pc-windows-g | |nu.msi Ever confirmed|0 |1 Status|UNCONFIRMED |NEW
--- Comment #9 from Gijs Vermeulen gijsvrm@gmail.com --- Confirming, adding 'download' keyword + stable download.
$ sha1sum rust-1.53.0-x86_64-pc-windows-gnu.msi d1ac1b55fb397d98dcff069f85e6e1af9110d22e rust-1.53.0-x86_64-pc-windows-gnu.msi
$ du -sh rust-1.53.0-x86_64-pc-windows-gnu.msi 248M rust-1.53.0-x86_64-pc-windows-gnu.msi
https://bugs.winehq.org/show_bug.cgi?id=51438
--- Comment #10 from Bernhard Übelacker bernhardu@mailbox.org --- Wine-Staging 6.14 now contains following line again: https://github.com/wine-staging/wine-staging/commit/c91c63a5da1ab7f885bdafb4...
Rafał, do you still see the crash with Wine-Staging 6.14 ?
https://bugs.winehq.org/show_bug.cgi?id=51438
--- Comment #11 from Rafał Mikrut mikrutrafal@protonmail.com --- Looks that now Rust can compile app without any crash
https://bugs.winehq.org/show_bug.cgi?id=51438
Erich E. Hoover erich.e.hoover@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #12 from Erich E. Hoover erich.e.hoover@gmail.com --- Fixed by staging commit c91c63a5da1ab7f885bdafb4dbc0da5a49a8a3af.
https://bugs.winehq.org/show_bug.cgi?id=51438
Erich E. Hoover erich.e.hoover@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #13 from Erich E. Hoover erich.e.hoover@gmail.com --- Closing bug, fixed in wine-staging 6.14