Box TLS-SLL: fix splice head normalization and remove false misalignment guard; add header-aware linear link instrumentation; log splice details in debug.\n\n- Normalize head before publishing to TLS SLL (avoid user-ptr head)\n- Remove size-mod alignment guard (stride!=size); keep small-ptr fail-fast only\n- Drop heuristic base normalization to avoid corrupting base\n- Add [LINEAR_LINK]/[SPLICE_LINK]/[SPLICE_SET_HEAD] debug logs (debug-only)\n- Verified debug build on bench_fixed_size_hakmem with visible carve/splice traces

core/box/front_gate_box.d

@@ -2,7 +2,8 @@ core/box/front_gate_box.o: core/box/front_gate_box.c \
  core/box/front_gate_box.h core/hakmem_tiny.h core/hakmem_build_flags.h \
  core/hakmem_trace.h core/hakmem_tiny_mini_mag.h \
  core/tiny_alloc_fast_sfc.inc.h core/hakmem_tiny.h core/box/tls_sll_box.h \
- core/box/../hakmem_tiny_config.h
+ core/box/../ptr_trace.h core/box/../hakmem_tiny_config.h \
+ core/box/../hakmem_build_flags.h
 core/box/front_gate_box.h:
 core/hakmem_tiny.h:
 core/hakmem_build_flags.h:
@@ -11,4 +12,6 @@ core/hakmem_tiny_mini_mag.h:
 core/tiny_alloc_fast_sfc.inc.h:
 core/hakmem_tiny.h:
 core/box/tls_sll_box.h:
+core/box/../ptr_trace.h:
 core/box/../hakmem_tiny_config.h:
+core/box/../hakmem_build_flags.h:

core/box/hak_free_api.inc.h

@@ -4,6 +4,7 @@
 
 #include "hakmem_tiny_superslab.h"  // For SUPERSLAB_MAGIC, SuperSlab
 #include "../tiny_free_fast_v2.inc.h"  // Phase 7: Header-based ultra-fast free
+#include "../ptr_trace.h"              // Debug: pointer trace immediate dump on libc fallback
 #include "front_gate_classifier.h"  // Box FG: Centralized pointer classification
 
 #ifdef HAKMEM_POOL_TLS_PHASE1
@@ -178,6 +179,7 @@ void hak_free_at(void* ptr, size_t size, hak_callsite_t site) {
 
             // LD_PRELOAD mode: route to libc (might be libc allocation)
             extern void __libc_free(void*);
+            ptr_trace_dump_now("free_api_libc_invalid_hdr");
             __libc_free(ptr);
             goto done;
         }
@@ -217,6 +219,7 @@ void hak_free_at(void* ptr, size_t size, hak_callsite_t site) {
             } else {
                 // Fallback mode: route to libc
                 extern void __libc_free(void*);
+                ptr_trace_dump_now("free_api_libc_invalid_magic_fallback");
                 __libc_free(ptr);  // Use ptr, not raw!
                 goto done;
             }
@@ -238,6 +241,7 @@ void hak_free_at(void* ptr, size_t size, hak_callsite_t site) {
                 // Using free(raw) would go through wrapper → infinite recursion
                 hak_free_route_log("malloc_hdr", ptr);
                 extern void __libc_free(void*);
+                ptr_trace_dump_now("free_api_libc_malloc_hdr");
                 __libc_free(raw);
                 break;
             case ALLOC_METHOD_MMAP:
@@ -247,6 +251,7 @@ void hak_free_at(void* ptr, size_t size, hak_callsite_t site) {
 #else
                 // CRITICAL FIX: Same as ALLOC_METHOD_MALLOC
                 extern void __libc_free(void*);
+                ptr_trace_dump_now("free_api_libc_mmap_other");
                 __libc_free(raw);
 #endif
                 break;

core/box/hak_wrappers.inc.h

@@ -28,6 +28,9 @@ void* realloc(void* ptr, size_t size) {
 
 #else
 
+#include "../ptr_trace.h"              // Debug: pointer trace immediate dump on libc fallback
+#include "front_gate_classifier.h"     // Box FG: pointer classification (header/reg)
+
 // malloc wrapper - intercepts system malloc() calls
 __thread uint64_t g_malloc_total_calls = 0;
 __thread uint64_t g_malloc_tiny_size_match = 0;
@@ -105,13 +108,65 @@ void* malloc(size_t size) {
 void free(void* ptr) {
     atomic_fetch_add_explicit(&g_free_wrapper_calls, 1, memory_order_relaxed);
     if (!ptr) return;
-    if (g_hakmem_lock_depth > 0) { extern void __libc_free(void*); __libc_free(ptr); return; }
-    if (__builtin_expect(g_initializing != 0, 0)) { extern void __libc_free(void*); __libc_free(ptr); return; }
-    if (__builtin_expect(hak_force_libc_alloc(), 0)) { extern void __libc_free(void*); __libc_free(ptr); return; }
+    do { static int on=-1; if (on==-1){ const char* e=getenv("HAKMEM_FREE_WRAP_TRACE"); on=(e&&*e&&*e!='0')?1:0;} if(on){ fprintf(stderr,"[WRAP_FREE_ENTER] ptr=%p depth=%d init=%d\n", ptr, g_hakmem_lock_depth, g_initializing); } } while(0);
+#if !HAKMEM_BUILD_RELEASE
+    // Debug safety: guard obviously invalid tiny integers to avoid libc crash and collect trace
+    if ((uintptr_t)ptr < 4096) {
+        ptr_trace_dump_now("wrap_small_ptr");
+        fprintf(stderr, "[FREE_SMALL_PTR] ignore ptr=%p (likely header-corruption sentinel)\n", ptr);
+        return;
+    }
+#endif
+
+    // Classify pointer BEFORE early libc fallbacks to avoid misrouting Tiny pointers
+    // This is safe: classifier uses header probe and registry; does not allocate.
+    int is_hakmem_owned = 0;
+    {
+        ptr_classification_t c = classify_ptr(ptr);
+        switch (c.kind) {
+            case PTR_KIND_TINY_HEADER:
+            case PTR_KIND_TINY_HEADERLESS:
+            case PTR_KIND_POOL_TLS:
+                is_hakmem_owned = 1; break;
+            default: break;
+        }
+    }
+
+    if (is_hakmem_owned) {
+        // Route to hak_free_at even if lock_depth>0（ログ抑制のためptr_traceのみ使用）
+        g_hakmem_lock_depth++;
+        hak_free_at(ptr, 0, HAK_CALLSITE());
+        g_hakmem_lock_depth--;
+        return;
+    }
+    // Front Gate libc bypass detection
+    static _Atomic uint64_t fg_libc_bypass_count = 0;
+    
+    if (g_hakmem_lock_depth > 0) { 
+        uint64_t count = atomic_fetch_add_explicit(&fg_libc_bypass_count, 1, memory_order_relaxed);
+        if (count < 10) { // Log first 10 occurrences
+            fprintf(stderr, "[FG_LIBC_BYPASS] lockdepth=%d count=%llu ptr=%p\n", g_hakmem_lock_depth, (unsigned long long)count, ptr);
+        }
+        extern void __libc_free(void*); 
+        ptr_trace_dump_now("wrap_libc_lockdepth"); 
+        __libc_free(ptr); 
+        return; 
+    }
+    if (__builtin_expect(g_initializing != 0, 0)) { 
+        uint64_t count = atomic_fetch_add_explicit(&fg_libc_bypass_count, 1, memory_order_relaxed);
+        if (count < 10) { // Log first 10 occurrences
+            fprintf(stderr, "[FG_LIBC_BYPASS] init=%d count=%llu ptr=%p\n", g_initializing, (unsigned long long)count, ptr);
+        }
+        extern void __libc_free(void*); 
+        ptr_trace_dump_now("wrap_libc_init"); 
+        __libc_free(ptr); 
+        return; 
+    }
+    if (__builtin_expect(hak_force_libc_alloc(), 0)) { extern void __libc_free(void*); ptr_trace_dump_now("wrap_libc_force"); __libc_free(ptr); return; }
     if (hak_ld_env_mode()) {
-        if (hak_ld_block_jemalloc() && g_jemalloc_loaded) { extern void __libc_free(void*); __libc_free(ptr); return; }
+        if (hak_ld_block_jemalloc() && g_jemalloc_loaded) { extern void __libc_free(void*); ptr_trace_dump_now("wrap_libc_ld_jemalloc"); __libc_free(ptr); return; }
         if (!g_initialized) { hak_init(); }
-        if (g_initializing) { extern void __libc_free(void*); __libc_free(ptr); return; }
+        if (g_initializing) { extern void __libc_free(void*); ptr_trace_dump_now("wrap_libc_ld_init"); __libc_free(ptr); return; }
     }
     g_hakmem_lock_depth++;
     hak_free_at(ptr, 0, HAK_CALLSITE());
@@ -205,4 +260,3 @@ void* realloc(void* ptr, size_t size) {
 #endif  // HAKMEM_FORCE_LIBC_ALLOC_BUILD
 
 #endif // HAK_WRAPPERS_INC_H
-

core/hakmem_tiny.c

@@ -376,12 +376,12 @@ static __thread void* g_fast_head[TINY_NUM_CLASSES];
 static __thread uint16_t g_fast_count[TINY_NUM_CLASSES];
 static inline void tls_list_spill_excess(int class_idx, TinyTLSList* tls);
 
-static uint64_t g_tls_hit_count[TINY_NUM_CLASSES];
-static uint64_t g_tls_miss_count[TINY_NUM_CLASSES];
-static uint64_t g_tls_spill_ss_count[TINY_NUM_CLASSES];
-static uint64_t g_tls_spill_owner_count[TINY_NUM_CLASSES];
-static uint64_t g_tls_spill_mag_count[TINY_NUM_CLASSES];
-static uint64_t g_tls_spill_requeue_count[TINY_NUM_CLASSES];
+uint64_t g_tls_hit_count[TINY_NUM_CLASSES];
+uint64_t g_tls_miss_count[TINY_NUM_CLASSES];
+uint64_t g_tls_spill_ss_count[TINY_NUM_CLASSES];
+uint64_t g_tls_spill_owner_count[TINY_NUM_CLASSES];
+uint64_t g_tls_spill_mag_count[TINY_NUM_CLASSES];
+uint64_t g_tls_spill_requeue_count[TINY_NUM_CLASSES];
 
 // Legacy magazine definitions have been moved to hakmem_tiny_magazine.h
 // NEW: Per-thread active slabs (up to 2 per class)

core/hakmem_tiny.d

@@ -23,7 +23,8 @@ core/hakmem_tiny.o: core/hakmem_tiny.c core/hakmem_tiny.h \
  core/tiny_tls_guard.h core/hakmem_tiny_tls_list.h \
  core/hakmem_tiny_bg_spill.h core/tiny_adaptive_sizing.h \
  core/tiny_system.h core/hakmem_prof.h core/tiny_publish.h \
- core/box/tls_sll_box.h core/box/../hakmem_tiny_config.h \
+ core/box/tls_sll_box.h core/box/../ptr_trace.h \
+ core/box/../hakmem_tiny_config.h core/box/../hakmem_build_flags.h \
  core/hakmem_tiny_hotmag.inc.h core/hakmem_tiny_hot_pop.inc.h \
  core/hakmem_tiny_fastcache.inc.h core/hakmem_tiny_refill.inc.h \
  core/tiny_box_geometry.h core/hakmem_tiny_refill_p0.inc.h \
@@ -99,7 +100,9 @@ core/tiny_system.h:
 core/hakmem_prof.h:
 core/tiny_publish.h:
 core/box/tls_sll_box.h:
+core/box/../ptr_trace.h:
 core/box/../hakmem_tiny_config.h:
+core/box/../hakmem_build_flags.h:
 core/hakmem_tiny_hotmag.inc.h:
 core/hakmem_tiny_hot_pop.inc.h:
 core/hakmem_tiny_fastcache.inc.h:

core/hakmem_tiny_stats.h

@@ -11,6 +11,16 @@
 // Assumed to be available when this header is included
 extern TinyPool g_tiny_pool;
 
+// Debug-only TLS/front counters (defined in hakmem_tiny.c)
+#if HAKMEM_BUILD_DEBUG
+extern uint64_t g_tls_hit_count[TINY_NUM_CLASSES];
+extern uint64_t g_tls_miss_count[TINY_NUM_CLASSES];
+extern uint64_t g_tls_spill_ss_count[TINY_NUM_CLASSES];
+extern uint64_t g_tls_spill_owner_count[TINY_NUM_CLASSES];
+extern uint64_t g_tls_spill_mag_count[TINY_NUM_CLASSES];
+extern uint64_t g_tls_spill_requeue_count[TINY_NUM_CLASSES];
+#endif
+
 // ============================================================================
 // Quick Win #2: Compile-Time Statistics Toggle
 // ============================================================================

core/tiny_alloc_fast_inline.h

@@ -50,10 +50,7 @@ extern __thread uint32_t g_tls_sll_count[TINY_NUM_CLASSES];
             (ptr_out) = NULL; \
         } else { \
             /* Phase 7: header-aware next (C0-C6: base+1, C7: base) */ \
-            size_t _off = 0; \
-#if HAKMEM_TINY_HEADER_CLASSIDX \
-            _off = ((class_idx) == 7) ? 0 : 1; \
-#endif \
+            size_t _off = (HAKMEM_TINY_HEADER_CLASSIDX ? (((class_idx) == 7) ? 0 : 1) : 0); \
             void* _next = *(void**)((uint8_t*)_head + _off); \
             g_tls_sll_head[(class_idx)] = _next; \
             if (g_tls_sll_count[(class_idx)] > 0) { \
@@ -87,10 +84,7 @@ extern __thread uint32_t g_tls_sll_count[TINY_NUM_CLASSES];
 //
 #define TINY_ALLOC_FAST_PUSH_INLINE(class_idx, ptr) do { \
     /* Phase 7: header-aware next (C0-C6: base+1, C7: base) */ \
-    size_t _off = 0; \
-#if HAKMEM_TINY_HEADER_CLASSIDX \
-    _off = ((class_idx) == 7) ? 0 : 1; \
-#endif \
+    size_t _off = (HAKMEM_TINY_HEADER_CLASSIDX ? (((class_idx) == 7) ? 0 : 1) : 0); \
     *(void**)((uint8_t*)(ptr) + _off) = g_tls_sll_head[(class_idx)]; \
     g_tls_sll_head[(class_idx)] = (ptr); \
     g_tls_sll_count[(class_idx)]++; \

core/tiny_free_fast_v2.inc.h

@@ -29,7 +29,6 @@ extern __thread uint32_t g_tls_sll_count[TINY_NUM_CLASSES];
 
 // External functions
 extern void hak_tiny_free(void* ptr);  // Fallback for non-header allocations
-extern uint32_t sll_cap_for_class(int class_idx, uint32_t mag_cap);
 
 // ========== Ultra-Fast Free (Header-based) ==========
 
@@ -109,10 +108,10 @@ static inline int hak_tiny_free_fast_v2(void* ptr) {
     // 2. Check TLS freelist capacity (optional, for bounded cache)
     //    Note: Can be disabled in release for maximum speed
 #if !HAKMEM_BUILD_RELEASE
-    uint32_t cap = sll_cap_for_class(class_idx, (uint32_t)TINY_TLS_MAG_CAP);
+    // Debug-only: simple capacity guard to avoid unbounded TLS growth
+    uint32_t cap = (uint32_t)TINY_TLS_MAG_CAP;
     if (__builtin_expect(g_tls_sll_count[class_idx] >= cap, 0)) {
-        // TLS cache full - route to slow path for spill
-        return 0;
+        return 0;  // Route to slow path for spill
     }
 #endif
 

core/tiny_remote.c

@@ -32,7 +32,7 @@ static inline uint32_t hmix(uintptr_t v);
 static inline uint32_t tiny_remote_stage_hash(const char* stage);
 static void tiny_remote_dump_backtrace(void);
 
-#if !defined(HAKMEM_BUILD_RELEASE)
+#if !HAKMEM_BUILD_RELEASE
 #define REM_TRACK_TABLE_LOG2 20
 #define REM_TRACK_TABLE_SIZE (1u << REM_TRACK_TABLE_LOG2)
 

core/tiny_superslab_alloc.inc.h

@@ -743,6 +743,20 @@ static inline void* hak_tiny_alloc_superslab(int class_idx) {
         // }
 
         meta->used++;
+        // Debug: Log first C7 alloc for path verification
+        if (class_idx == 7) {
+            static _Atomic int c7_alloc_count = 0;
+            int count = atomic_fetch_add_explicit(&c7_alloc_count, 1, memory_order_relaxed);
+            if (count == 0) {
+                void* next = NULL;
+                // C7 has no header, next pointer is at base
+                if (block && ss->size_class == 7) {
+                    next = *(void**)block;
+                }
+                fprintf(stderr, "[C7_FIRST_ALLOC] ptr=%p next=%p slab_idx=%d\n", block, next, slab_idx);
+            }
+        }
+        
         // Track active blocks in SuperSlab for conservative reclamation
         ss_active_inc(ss);
         HAK_RET_ALLOC(class_idx, block);  // Phase 8.4: Zero hot-path overhead

core/tiny_superslab_free.inc.h

@@ -26,6 +26,15 @@ static inline void hak_tiny_free_superslab(void* ptr, SuperSlab* ss) {
     TinySlabMeta* meta = &ss->slabs[slab_idx];
     // Normalize to block base for header classes (C0-C6)
     void* base = (ss->size_class == 7) ? ptr : (void*)((uint8_t*)ptr - 1);
+    
+    // Debug: Log first C7 alloc/free for path verification
+    if (ss->size_class == 7) {
+        static _Atomic int c7_free_count = 0;
+        int count = atomic_fetch_add_explicit(&c7_free_count, 1, memory_order_relaxed);
+        if (count == 0) {
+            fprintf(stderr, "[C7_FIRST_FREE] ptr=%p base=%p slab_idx=%d\n", ptr, base, slab_idx);
+        }
+    }
     if (__builtin_expect(tiny_remote_watch_is(ptr), 0)) {
         tiny_remote_watch_note("free_enter", ss, slab_idx, ptr, 0xA240u, tiny_self_u32(), 0);
         extern __thread TinyTLSSlab g_tls_slabs[];

debug_analysis_final_$(date +%Y%m%d_%H%M%S).md

@@ -0,0 +1,100 @@
+# Debug Analysis Final - TLS-SLL Guard Investigation
+**Date**: 2025-11-10
+**Binary**: out/debug/bench_fixed_size_hakmem (verbose debug build)
+**Command**: 200000 1024 128
+
+## 1. Maximum Tracing Results
+
+### Key Findings:
+```
+[TLS_SLL_GUARD] splice_trav: misaligned base=0x7244b7e10009 cls=0 blk=8 off=1
+[HAKMEM][EARLY SIGSEGV] backtrace (1 frames)
+./out/debug/bench_fixed_size_hakmem(+0x6a5e)[0x5b4a8b13ea5e]
+```
+
+### Critical Discovery:
+- **TLS-SLL GUARDが検出！** `misaligned base=0x7244b7e10009`
+- SPLICE_TO_SLL直後の`splice_trav`操作でアライメント違反
+- これがSIGSEGVの直接原因！
+
+### Analysis of misaligned address:
+- `base=0x7244b7e10009` - 最後の9進数（0x9）が問題
+- `cls=0 blk=8 off=1` - class 0, block 8, offset 1
+- 正しいはず: `0x7244b7e10000` + (8 * 256) + 1 = `0x7244b7e10081`
+- 実際: `0x7244b7e10009` - 計算が間違っている！
+
+## 2. No Cache Results (Frontend Disabled)
+
+### Same Pattern:
+```
+[TLS_SLL_GUARD] splice_trav: misaligned base=0x7d9100410009 cls=0 blk=8 off=1
+[HAKMEM][EARLY SIGSEGV] backtrace (1 frames)
+./out/debug/bench_fixed_size_hakmem(+0x6a5e)[0x622ace44fa5e]
+```
+
+### Confirmed:
+- Frontend cacheを無効にしても問題は再現
+- TLS-SLL境界の問題であることが確定
+
+## 3. Root Cause Analysis
+
+### Problem Location:
+- **SPLICE_TO_SLL直後のTLS-SLL操作**
+- `splice_trav`（traverse splice）でポインタ計算が破壊されている
+
+### Calculation Error:
+```
+Expected: base + (blk * size) + off
+Actual:   base + ??? = 0x7244b7e10009 (9 bytes from base)
+```
+
+### Header Offset Confusion:
+- Class 0 (128B): header offset should be 1 byte
+- Block 8: should be at 8 * 128 = 1024 bytes from base
+- Correct address: `0x7244b7e10000 + 1024 + 1 = 0x7244b7e10401`
+- Actual: `0x7244b7e10009` - **完全に間違った計算！**
+
+## 4. PTR_TRACE Analysis
+
+### Missing TLS Operations:
+- PTR_TRACEに`tls_push/tls_pop/tls_sp_trav/tls_sp_link`が記録されていない
+- TLS-SLL GUARDが発火する段階で既にPTR_TRACEが動いていない
+- **PTR_TRACEマクロ自体が問題のコードパスを通っていない！**
+
+## 5. Recommendations
+
+### Immediate Fix:
+1. **TLS-SLL splice_travのポインタ計算を修正**
+   - base + (blk * size) + off の計算を確認
+   - class 0 (128B) × block 8 = 1024 bytes offset
+
+### Debug Strategy:
+1. **PTR_TRACEマクロをTLS-SLL GUARDの前後に配置**
+2. **splice_trav関数のアセンブリ出力を確認**
+3. **TLS-SLL GUARDの条件判定を緩和して詳細ログ取得**
+
+### Code Location to Fix:
+- `core/box/tls_sll_box.h` - splice_trav implementation
+- SPLICE_TO_SLL直後のTLS-SLL操作フロー
+
+## 6. Verification Steps
+
+### After Fix:
+1. Same test should show proper alignment
+2. TLS-SLL GUARD should not fire
+3. PTR_TRACE should show tls_push/tls_pop operations
+4. SIGSEGV should be resolved
+
+### Test Commands:
+```bash
+HAKMEM_DEBUG_SEGV=1 HAKMEM_PTR_TRACE_DUMP=1 HAKMEM_FREE_WRAP_TRACE=1 ./out/debug/bench_fixed_size_hakmem 200000 1024 128
+```
+
+## 7. Summary
+
+**Root Cause**: TLS-SLL splice_trav operation has critical pointer calculation error
+**Location**: SPLICE_TO_SLL immediate aftermath
+**Impact**: Misaligned memory access causes SIGSEGV
+**Fix Priority**: CRITICAL - core memory corruption issue
+
+The TLS-SLL GUARD successfully identified the exact location of the problem!

debug_logs_$(date +%Y%m%d_%H%M%S).md

@@ -0,0 +1,294 @@
+# Debug Logs - bench_fixed_size_hakmem SEGV Investigation
+**Date**: 2025-11-10
+**Binary**: out/debug/bench_fixed_size_hakmem
+**Command**: 200000 1024 128
+
+## 1. PTR_TRACE Dump (HAKMEM_PTR_TRACE_DUMP=1)
+
+```
+Command terminated by signal: SIGBUS
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] [Whale] Initialized (capacity=8, threshold=2 MB)
+[hakmem] EVO sampling disabled (HAKMEM_EVO_SAMPLE not set or 0)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] Baseline: soft_pf=295, hard_pf=0, rss=2432 KB
+[hakmem] Initialized (PoC version)
+[hakmem] Sampling rate: 1/1
+[hakmem] Max sites: 256
+[hakmem] [Build] Flavor=RELEASE  Flags: HEADER_CLASSIDX=1, AGGRESSIVE_INLINE=1, POOL_TLS_PHASE1=1, POOL_TLS_PREWARM=1
+[hakmem] Invalid free mode: skip check (default)
+[Pool] hak_pool_init() called for the first time
+[Pool] hak_pool_init_impl() EXECUTING - Bridge class fix applied
+[Pool] Initialized (L2 Hybrid Pool) - Bridge classes SHOULD be enabled
+[Pool] Class 5 (40KB): 40960
+[Pool] Class 6 (52KB): 53248
+[hakmem] [Pool] Initialized (L2 Hybrid Pool)
+[hakmem] [Pool] Class configuration:
+[hakmem]   Class 0: 2 KB (ENABLED)
+[hakmem]   Class 1: 4 KB (ENABLED)
+[hakmem]   Class 2: 8 KB (ENABLED)
+[hakmem]   Class 3: 16 KB (ENABLED)
+[hakmem]   Class 4: 32 KB (ENABLED)
+[hakmem]   Class 5: 40 KB (ENABLED)
+[hakmem]   Class 6: 52 KB (ENABLED)
+[hakmem] [Pool] Page size: 64 KB
+[hakmem] [Pool] Shards: 64 (site-based)
+[Pool] Pre-allocated 4 pages for Bridge class 5 (40 KB) - Critical for 33KB allocs
+[Pool] Pre-allocated 4 pages for Bridge class 6 (52KB)
+[hakmem] [L2.5] Initialized (LargePool)
+[hakmem] [L2.5] Classes: 64KB, 128KB, 256KB, 512KB, 1MB
+[hakmem] [L2.5] Page size: 64 KB
+[hakmem] [L2.5] Shards: 64 (site-based)
+[hakmem] [BigCache] Initialized (Phase 2c: Dynamic hash table)
+[hakmem] [BigCache] Initial capacity: 256 buckets, max: 65536 buckets
+[hakmem] [BigCache] Load factor: 0.75, min size: 512 KB
+[ELO] Initialized 12 strategies (thresholds: 512KB-32MB)
+[Batch] Initialized (threshold=8 MB, min_size=64 KB, bg=on)
+[ACE] ACE disabled (HAKMEM_ACE_ENABLED=0)
+[SUPERSLAB_MMAP] #1: class=0 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 0: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 0: 1 initial chunks
+[BATCH_CARVE] cls=0 slab=1 used=0 cap=7281 batch=16 base=0x7b447fa10000 bs=9
+[TRC_GUARD] failfast=1 env=(null) mode=debug
+[LINEAR_CARVE] base=0x7b447fa10000 carved=0 batch=16 cursor=0x7b447fa10000
+[SPLICE_TO_SLL] cls=0 head=0x7b447fa10000 tail=0x7b447fa10087 count=16
+[SUPERSLAB_MMAP] #2: class=1 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 1: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 1: 1 initial chunks
+[LINEAR_CARVE] base=0x7b447f610000 carved=0 batch=16 cursor=0x7b447f610000
+[SPLICE_TO_SLL] cls=1 head=0x7b447f610000 tail=0x7b447f6100ff count=16
+[SUPERSLAB_MMAP] #3: class=2 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 2: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 2: 1 initial chunks
+[LINEAR_CARVE] base=0x7b447f210000 carved=0 batch=16 cursor=0x7b447f210000
+[SPLICE_TO_SLL] cls=2 head=0x7b447f210000 tail=0x7b447f2101ef count=16
+[SUPERSLAB_MMAP] #4: class=3 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 3: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 3: 1 initial chunks
+[LINEAR_CARVE] base=0x7b447ee10000 carved=0 batch=16 cursor=0x7b447ee10000
+[SPLICE_TO_SLL] cls=3 head=0x7b447ee10000 tail=0x7b447ee103cf count=16
+[SUPERSLAB_MMAP] #5: class=4 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 4: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 4: 1 initial chunks
+[LINEAR_CARVE] base=0x7b447ea10000 carved=0 batch=16 cursor=0x7b447ea10000
+[SPLICE_TO_SLL] cls=4 head=0x7b447ea10000 tail=0x7b447ea1078f count=16
+[SUPERSLAB_MMAP] #6: class=5 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 5: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 5: 1 initial chunks
+[SUPERSLAB_MMAP] #7: class=6 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 6: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 6: 1 initial chunks
+[LINEAR_CARVE] base=0x7b447e210000 carved=0 batch=16 cursor=0x7b447e210000
+[SPLICE_TO_SLL] cls=6 head=0x7b447e210000 tail=0x7b447e211e0f count=16
+[SUPERSLAB_MMAP] #8: class=7 size=2097152 (total SuperSlab mmaps so far)
+[SUPERSLAB_INIT] class 7 slab 0: usable_size=63488 stride=1024 capacity=62
+[SUPERSLAB_INIT] Expected: 63488 / 1024 = 62 blocks
+[HAKMEM] Expanded SuperSlabHead for class 7: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 7: 1 initial chunks
+[hakmem] TLS cache pre-warmed for 8 classes
+[LINEAR_CARVE] base=0x7b447fa10000 carved=16 batch=16 cursor=0x7b447fa10090
+[SPLICE_TO_SLL] cls=0 head=0x7b447fa10090 tail=0x7b447fa10117 count=16
+[LINEAR_CARVE] base=0x7b447fa10000 carved=32 batch=16 cursor=0x7b447fa10120
+[SPLICE_TO_SLL] cls=0 head=0x7b447fa10120 tail=0x7b447fa101a7 count=16
+[LINEAR_CARVE] base=0x7b447fa10000 carved=48 batch=16 cursor=0x7b447fa101b0
+[SPLICE_TO_SLL] cls=0 head=0x7b447fa101b0 tail=0x7b447fa10237 count=16
+```
+
+## 2. Signal Handler Dump (HAKMEM_DEBUG_SEGV=1)
+
+```
+Command terminated by signal: SIGABRT
+[HAKMEM][EARLY] installing SIGSEGV handler
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] [Whale] Initialized (capacity=8, threshold=2 MB)
+[hakmem] EVO sampling disabled (HAKMEM_EVO_SAMPLE not set or 0)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] Baseline: soft_pf=297, hard_pf=0, rss=2432 KB
+[hakmem] Initialized (PoC version)
+[hakmem] Sampling rate: 1/1
+[hakmem] Max sites: 256
+[hakmem] [Build] Flavor=RELEASE  Flags: HEADER_CLASSIDX=1, AGGRESSIVE_INLINE=1, POOL_TLS_PHASE1=1, POOL_TLS_PREWARM=1
+[hakmem] Invalid free mode: skip check (default)
+[Pool] hak_pool_init() called for the first time
+[Pool] hak_pool_init_impl() EXECUTING - Bridge class fix applied
+[Pool] Initialized (L2 Hybrid Pool) - Bridge classes SHOULD be enabled
+[Pool] Class 5 (40KB): 40960
+[Pool] Class 6 (52KB): 53248
+[hakmem] [Pool] Initialized (L2 Hybrid Pool)
+[hakmem] [Pool] Class configuration:
+[hakmem]   Class 0: 2 KB (ENABLED)
+[hakmem]   Class 1: 4 KB (ENABLED)
+[hakmem]   Class 2: 8 KB (ENABLED)
+[hakmem]   Class 3: 16 KB (ENABLED)
+[hakmem]   Class 4: 32 KB (ENABLED)
+[hakmem]   Class 5: 40 KB (ENABLED)
+[hakmem]   Class 6: 52 KB (ENABLED)
+[hakmem] [Pool] Page size: 64 KB
+[hakmem] [Pool] Shards: 64 (site-based)
+[Pool] Pre-allocated 4 pages for Bridge class 5 (40 KB) - Critical for 33KB allocs
+[Pool] Pre-allocated 4 pages for Bridge class 6 (52KB)
+[hakmem] [L2.5] Initialized (LargePool)
+[hakmem] [L2.5] Classes: 64KB, 128KB, 256KB, 512KB, 1MB
+[hakmem] [L2.5] Page size: 64 KB
+[hakmem] [L2.5] Shards: 64 (site-based)
+[hakmem] [BigCache] Initialized (Phase 2c: Dynamic hash table)
+[hakmem] [BigCache] Initial capacity: 256 buckets, max: 65536 buckets
+[hakmem] [BigCache] Load factor: 0.75, min size: 512 KB
+[ELO] Initialized 12 strategies (thresholds: 512KB-32MB)
+[Batch] Initialized (threshold=8 MB, min_size=64 KB, bg=on)
+[ACE] ACE disabled (HAKMEM_ACE_ENABLED=0)
+[SUPERSLAB_MMAP] #1: class=0 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 0: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 0: 1 initial chunks
+[BATCH_CARVE] cls=0 slab=1 used=0 cap=7281 batch=16 base=0x7dc128c10000 bs=9
+[TRC_GUARD] failfast=1 env=(null) mode=debug
+[LINEAR_CARVE] base=0x7dc128c10000 carved=0 batch=16 cursor=0x7dc128c10000
+[SPLICE_TO_SLL] cls=0 head=0x7dc128c10000 tail=0x7dc128c10087 count=16
+[SUPERSLAB_MMAP] #2: class=1 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 1: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 1: 1 initial chunks
+[LINEAR_CARVE] base=0x7dc128810000 carved=0 batch=16 cursor=0x7dc128810000
+[SPLICE_TO_SLL] cls=1 head=0x7dc128810000 tail=0x7dc1288100ff count=16
+[SUPERSLAB_MMAP] #3: class=2 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 2: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 2: 1 initial chunks
+[LINEAR_CARVE] base=0x7dc128410000 carved=0 batch=16 cursor=0x7dc128410000
+[SPLICE_TO_SLL] cls=2 head=0x7dc128410000 tail=0x7dc1284101ef count=16
+[SUPERSLAB_MMAP] #4: class=3 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 3: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 3: 1 initial chunks
+[LINEAR_CARVE] base=0x7dc128010000 carved=0 batch=16 cursor=0x7dc128010000
+[SPLICE_TO_SLL] cls=3 head=0x7dc128010000 tail=0x7dc1280103cf count=16
+[SUPERSLAB_MMAP] #5: class=4 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 4: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 4: 1 initial chunks
+[LINEAR_CARVE] base=0x7dc127c10000 carved=0 batch=16 cursor=0x7dc127c10000
+[SPLICE_TO_SLL] cls=4 head=0x7dc127c10000 tail=0x7dc127c1078f count=16
+[SUPERSLAB_MMAP] #6: class=5 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 5: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 5: 1 initial chunks
+[SUPERSLAB_MMAP] #7: class=6 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 6: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 6: 1 initial chunks
+[LINEAR_CARVE] base=0x7dc127410000 carved=0 batch=16 cursor=0x7dc127410000
+[SPLICE_TO_SLL] cls=6 head=0x7dc127410000 tail=0x7dc127411e0f count=16
+[SUPERSLAB_MMAP] #8: class=7 size=2097152 (total SuperSlab mmaps so far)
+[SUPERSLAB_INIT] class 7 slab 0: usable_size=63488 stride=1024 capacity=62
+[SUPERSLAB_INIT] Expected: 63488 / 1024 = 62 blocks
+[HAKMEM] Expanded SuperSlabHead for class 7: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 7: 1 initial chunks
+[hakmem] TLS cache pre-warmed for 8 classes
+[LINEAR_CARVE] base=0x7dc128c10000 carved=16 batch=16 cursor=0x7dc128c10090
+[SPLICE_TO_SLL] cls=0 head=0x7dc128c10090 tail=0x7dc128c10117 count=16
+[LINEAR_CARVE] base=0x7dc128c10000 carved=32 batch=16 cursor=0x7dc128c10120
+[SPLICE_TO_SLL] cls=0 head=0x7dc128c10120 tail=0x7dc128c101a7 count=16
+[LINEAR_CARVE] base=0x7dc128c10000 carved=48 batch=16 cursor=0x7dc128c101b0
+[SPLICE_TO_SLL] cls=0 head=0x7dc128c101b0 tail=0x7dc128c10237 count=16
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+free(): invalid pointer
+
+[HAKMEM][EARLY SIGSEGV] backtrace (1 frames)
+./out/debug/bench_fixed_size_hakmem(+0x663e)[0x589124a4963e]
+
+[PTR_TRACE_NOW] reason=signal last=0 (cap=256)
+```
+
+## 3. Free Wrapper Trace (HAKMEM_FREE_WRAP_TRACE=1)
+
+```
+[WRAP_FREE_ENTER] ptr=0x5a807fa902a0 depth=1 init=1
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] [Whale] Initialized (capacity=8, threshold=2 MB)
+[hakmem] EVO sampling disabled (HAKMEM_EVO_SAMPLE not set or 0)
+[WRAP_FREE_ENTER] ptr=0x5a807fa91970 depth=1 init=1
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[WRAP_FREE_ENTER] ptr=0x5a807fa91790 depth=1 init=1
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[WRAP_FREE_ENTER] ptr=0x5a807fa91970 depth=1 init=1
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[WRAP_FREE_ENTER] ptr=0x5a807fa91790 depth=1 init=1
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] Baseline: soft_pf=213, hard_pf=0, rss=2432 KB
+[hakmem] Initialized (PoC version)
+[hakmem] Sampling rate: 1/1
+[hakmem] Max sites: 256
+[hakmem] [Build] Flavor=RELEASE  Flags: HEADER_CLASSIDX=1, AGGRESSIVE_INLINE=1, POOL_TLS_PHASE1=1, POOL_TLS_PREWARM=1
+[hakmem] Invalid free mode: skip check (default)
+[Pool] hak_pool_init() called for the first time
+[Pool] hak_pool_init_impl() EXECUTING - Bridge class fix applied
+[Pool] Initialized (L2 Hybrid Pool) - Bridge classes SHOULD be enabled
+[Pool] Class 5 (40KB): 40960
+[Pool] Class 6 (52KB): 53248
+[hakmem] [Pool] Initialized (L2 Hybrid Pool)
+[hakmem] [Pool] Class configuration:
+[hakmem]   Class 0: 2 KB (ENABLED)
+[hakmem]   Class 1: 4 KB (ENABLED)
+[hakmem]   Class 2: 8 KB (ENABLED)
+[hakmem]   Class 3: 16 KB (ENABLED)
+[hakmem]   Class 4: 32 KB (ENABLED)
+[hakmem]   Class 5: 40 KB (ENABLED)
+[hakmem]   Class 6: 52 KB (ENABLED)
+[hakmem] [Pool] Page size: 64 KB
+[hakmem] [Pool] Shards: 64 (site-based)
+[Pool] Pre-allocated 4 pages for Bridge class 5 (40 KB) - Critical for 33KB allocs
+[Pool] Pre-allocated 4 pages for Bridge class 6 (52KB)
+[hakmem] [L2.5] Initialized (LargePool)
+[hakmem] [L2.5] Classes: 64KB, 128KB, 256KB, 512KB, 1MB
+[hakmem] [L2.5] Page size: 64 KB
+[hakmem] [L2.5] Shards: 64 (site-based)
+[hakmem] [BigCache] Initialized (Phase 2c: Dynamic hash table)
+[hakmem] [BigCache] Initial capacity: 256 buckets, max: 65536 buckets
+[hakmem] [BigCache] Load factor: 0.75, min size: 512 KB
+[ELO] Initialized 12 strategies (thresholds: 512KB-32MB)
+[Batch] Initialized (threshold=8 MB, min_size=64 KB, bg=on)
+```
+
+## 分析結果
+
+### 重要な観察
+
+1. **SIGBUS/SIGABRTクラッシュ**: 実行中にメモリアクセス違反
+2. **PTR_TRACEダンプ**:
+   - `wrap_libc_lockdepth` - libcフォールバック
+   - `signal` - シグナルハンドラ実行
+   - **TLS-SLL操作が記録されていない！**
+3. **Free Wrapper**:
+   - 同じポインタが複数回解放されている（`0x5a807fa91970`, `0x5a807fa91790`）
+   - `init=1` だが初期化前に解放されている可能性
+
+### 問題の特定
+
+**根本原因**: SPLICE_TO_SLL でリンクされた後、Box境界のTLS-SLL操作を経由せず、直接libc free()が呼ばれている
+
+- TLS-SLLの `tls_push/tls_pop/tls_sp_trav/tls_sp_link` がPTR_TRACEに記録されていない
+- `wrap_libc_lockdepth` だけが記録され、直接libc経由になっている
+
+### 推奨対策
+
+1. **SPLICE_TO_SLL後のTLS-SLL操作を追跡**
+2. **free()呼び出し前のポインタ検証強化**
+3. **Box境界のTLS-SLL操作がスキップされている原因を特定**
+
+これにより侵入経路（libc直行 vs Box境界）を確定できる！

debug_logs_round2_$(date +%Y%m%d_%H%M%S).md

@@ -0,0 +1,343 @@
+# Debug Logs Round 2 - bench_fixed_size_hakmem SEGV Investigation
+**Date**: 2025-11-10
+**Binary**: out/debug/bench_fixed_size_hakmem ( rebuilt)
+**Command**: 200000 1024 128
+
+## 1. Signal Handler Dump (HAKMEM_DEBUG_SEGV=1)
+
+```
+Command terminated by signal: SIGSEGV
+[HAKMEM][EARLY] installing SIGSEGV handler
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] [Whale] Initialized (capacity=8, threshold=2 MB)
+[hakmem] EVO sampling disabled (HAKMEM_EVO_SAMPLE not set or 0)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] Baseline: soft_pf=297, hard_pf=0, rss=2304 KB
+[hakmem] Initialized (PoC version)
+[hakmem] Sampling rate: 1/1
+[hakmem] Max sites: 256
+[hakmem] [Build] Flavor=RELEASE  Flags: HEADER_CLASSIDX=1, AGGRESSIVE_INLINE=1, POOL_TLS_PHASE1=1, POOL_TLS_PREWARM=1
+[hakmem] Invalid free mode: skip check (default)
+[Pool] hak_pool_init() called for the first time
+[Pool] hak_pool_init_impl() EXECUTING - Bridge class fix applied
+[Pool] Initialized (L2 Hybrid Pool) - Bridge classes SHOULD be enabled
+[Pool] Class 5 (40KB): 40960
+[Pool] Class 6 (52KB): 53248
+[hakmem] [Pool] Initialized (L2 Hybrid Pool)
+[hakmem] [Pool] Class configuration:
+[hakmem]   Class 0: 2 KB (ENABLED)
+[hakmem]   Class 1: 4 KB (ENABLED)
+[hakmem]   Class 2: 8 KB (ENABLED)
+[hakmem]   Class 3: 16 KB (ENABLED)
+[hakmem]   Class 4: 32 KB (ENABLED)
+[hakmem]   Class 5: 40 KB (ENABLED)
+[hakmem]   Class 6: 52 KB (ENABLED)
+[hakmem] [Pool] Page size: 64 KB
+[hakmem] [Pool] Shards: 64 (site-based)
+[Pool] Pre-allocated 4 pages for Bridge class 5 (40 KB) - Critical for 33KB allocs
+[Pool] Pre-allocated 4 pages for Bridge class 6 (52KB)
+[hakmem] [L2.5] Initialized (LargePool)
+[hakmem] [L2.5] Classes: 64KB, 128KB, 256KB, 512KB, 1MB
+[hakmem] [L2.5] Page size: 64 KB
+[hakmem] [L2.5] Shards: 64 (site-based)
+[hakmem] [BigCache] Initialized (Phase 2c: Dynamic hash table)
+[hakmem] [BigCache] Initial capacity: 256 buckets, max: 65536 buckets
+[hakmem] [BigCache] Load factor: 0.75, min size: 512 KB
+[ELO] Initialized 12 strategies (thresholds: 512KB-32MB)
+[Batch] Initialized (threshold=8 MB, min_size=64 KB, bg=on)
+[ACE] ACE disabled (HAKMEM_ACE_ENABLED=0)
+[SUPERSLAB_MMAP] #1: class=0 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 0: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 0: 1 initial chunks
+[BATCH_CARVE] cls=0 slab=1 used=0 cap=7281 batch=16 base=0x74734b410000 bs=9
+[TRC_GUARD] failfast=1 env=(null) mode=debug
+[LINEAR_CARVE] base=0x74734b410000 carved=0 batch=16 cursor=0x74734b410000
+[SPLICE_TO_SLL] cls=0 head=0x74734b410000 tail=0x74734b410087 count=16
+[SUPERSLAB_MMAP] #2: class=1 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 1: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 1: 1 initial chunks
+[LINEAR_CARVE] base=0x74734b010000 carved=0 batch=16 cursor=0x74734b010000
+[SPLICE_TO_SLL] cls=1 head=0x74734b010000 tail=0x74734b0100ff count=16
+[SUPERSLAB_MMAP] #3: class=2 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 2: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 2: 1 initial chunks
+[LINEAR_CARVE] base=0x74734ac10000 carved=0 batch=16 cursor=0x74734ac10000
+[SPLICE_TO_SLL] cls=2 head=0x74734ac10000 tail=0x74734ac101ef count=16
+[SUPERSLAB_MMAP] #4: class=3 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 3: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 3: 1 initial chunks
+[LINEAR_CARVE] base=0x74734a810000 carved=0 batch=16 cursor=0x74734a810000
+[SPLICE_TO_SLL] cls=3 head=0x74734a810000 tail=0x74734a8103cf count=16
+[SUPERSLAB_MMAP] #5: class=4 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 4: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 4: 1 initial chunks
+[LINEAR_CARVE] base=0x74734a410000 carved=0 batch=16 cursor=0x74734a410000
+[SPLICE_TO_SLL] cls=4 head=0x74734a410000 tail=0x74734a41078f count=16
+[SUPERSLAB_MMAP] #6: class=5 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 5: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 5: 1 initial chunks
+[SUPERSLAB_MMAP] #7: class=6 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 6: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 6: 1 initial chunks
+[LINEAR_CARVE] base=0x747349c10000 carved=0 batch=16 cursor=0x747349c10000
+[SPLICE_TO_SLL] cls=6 head=0x747349c10000 tail=0x747349c11e0f count=16
+[SUPERSLAB_MMAP] #8: class=7 size=2097152 (total SuperSlab mmaps so far)
+[SUPERSLAB_INIT] class 7 slab 0: usable_size=63488 stride=1024 capacity=62
+[SUPERSLAB_INIT] Expected: 63488 / 1024 = 62 blocks
+[HAKMEM] Expanded SuperSlabHead for class 7: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 7: 1 initial chunks
+[hakmem] TLS cache pre-warmed for 8 classes
+[LINEAR_CARVE] base=0x74734b410000 carved=16 batch=16 cursor=0x74734b410090
+[SPLICE_TO_SLL] cls=0 head=0x74734b410090 tail=0x74734b410117 count=16
+[LINEAR_CARVE] base=0x74734b410000 carved=32 batch=16 cursor=0x74734b410120
+[SPLICE_TO_SLL] cls=0 head=0x74734b410120 tail=0x74734b4101a7 count=16
+[LINEAR_CARVE] base=0x74734b410000 carved=48 batch=16 cursor=0x74734b4101b0
+[SPLICE_TO_SLL] cls=0 head=0x74734b4101b0 tail=0x74734b410237 count=16
+
+[HAKMEM][SIGSEGV] dumping backtrace (1 frames)
+./out/debug/bench_fixed_size_hakmem(+0x67c3)[0x5bf895ed37c3]
+```
+
+## 2. PTR_TRACE Dump (HAKMEM_PTR_TRACE_DUMP=1)
+
+```
+Command terminated by signal: SIGSEGV
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] [Whale] Initialized (capacity=8, threshold=2 MB)
+[hakmem] EVO sampling disabled (HAKMEM_EVO_SAMPLE not set or 0)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] Baseline: soft_pf=298, hard_pf=0, rss=2432 KB
+[hakmem] Initialized (PoC version)
+[hakmem] Sampling rate: 1/1
+[hakmem] Max sites: 256
+[hakmem] [Build] Flavor=RELEASE  Flags: HEADER_CLASSIDX=1, AGGRESSIVE_INLINE=1, POOL_TLS_PHASE1=1, POOL_TLS_PREWARM=1
+[hakmem] Invalid free mode: skip check (default)
+[Pool] hak_pool_init() called for the first time
+[Pool] hak_pool_init_impl() EXECUTING - Bridge class fix applied
+[Pool] Initialized (L2 Hybrid Pool) - Bridge classes SHOULD be enabled
+[Pool] Class 5 (40KB): 40960
+[Pool] Class 6 (52KB): 53248
+[hakmem] [Pool] Initialized (L2 Hybrid Pool)
+[hakmem] [Pool] Class configuration:
+[hakmem]   Class 0: 2 KB (ENABLED)
+[hakmem]   Class 1: 4 KB (ENABLED)
+[hakmem]   Class 2: 8 KB (ENABLED)
+[hakmem]   Class 3: 16 KB (ENABLED)
+[hakmem]   Class 4: 32 KB (ENABLED)
+[hakmem]   Class 5: 40 KB (ENABLED)
+[hakmem]   Class 6: 52 KB (ENABLED)
+[hakmem] [Pool] Page size: 64 KB
+[hakmem] [Pool] Shards: 64 (site-based)
+[Pool] Pre-allocated 4 pages for Bridge class 5 (40 KB) - Critical for 33KB allocs
+[Pool] Pre-allocated 4 pages for Bridge class 6 (52KB)
+[hakmem] [L2.5] Initialized (LargePool)
+[hakmem] [L2.5] Classes: 64KB, 128KB, 256KB, 512KB, 1MB
+[hakmem] [L2.5] Page size: 64 KB
+[hakmem] [L2.5] Shards: 64 (site-based)
+[hakmem] [BigCache] Initialized (Phase 2c: Dynamic hash table)
+[hakmem] [BigCache] Initial capacity: 256 buckets, max: 65536 buckets
+[hakmem] [BigCache] Load factor: 0.75, min size: 512 KB
+[ELO] Initialized 12 strategies (thresholds: 512KB-32MB)
+[Batch] Initialized (threshold=8 MB, min_size=64 KB, bg=on)
+[ACE] ACE disabled (HAKMEM_ACE_ENABLED=0)
+[SUPERSLAB_MMAP] #1: class=0 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 0: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 0: 1 initial chunks
+[BATCH_CARVE] cls=0 slab=1 used=0 cap=7281 batch=16 base=0x7e8c47c10000 bs=9
+[TRC_GUARD] failfast=1 env=(null) mode=debug
+[LINEAR_CARVE] base=0x7e8c47c10000 carved=0 batch=16 cursor=0x7e8c47c10000
+[SPLICE_TO_SLL] cls=0 head=0x7e8c47c10000 tail=0x7e8c47c10087 count=16
+[SUPERSLAB_MMAP] #2: class=1 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 1: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 1: 1 initial chunks
+[LINEAR_CARVE] base=0x7e8c47810000 carved=0 batch=16 cursor=0x7e8c47810000
+[SPLICE_TO_SLL] cls=1 head=0x7e8c47810000 tail=0x7e8c478100ff count=16
+[SUPERSLAB_MMAP] #3: class=2 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 2: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 2: 1 initial chunks
+[LINEAR_CARVE] base=0x7e8c47410000 carved=0 batch=16 cursor=0x7e8c47410000
+[SPLICE_TO_SLL] cls=2 head=0x7e8c47410000 tail=0x7e8c474101ef count=16
+[SUPERSLAB_MMAP] #4: class=3 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 3: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 3: 1 initial chunks
+[LINEAR_CARVE] base=0x7e8c47010000 carved=0 batch=16 cursor=0x7e8c47010000
+[SPLICE_TO_SLL] cls=3 head=0x7e8c47010000 tail=0x7e8c470103cf count=16
+[SUPERSLAB_MMAP] #5: class=4 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 4: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 4: 1 initial chunks
+[LINEAR_CARVE] base=0x7e8c46c10000 carved=0 batch=16 cursor=0x7e8c46c10000
+[SPLICE_TO_SLL] cls=4 head=0x7e8c46c10000 tail=0x7e8c46c1078f count=16
+[SUPERSLAB_MMAP] #6: class=5 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 5: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 5: 1 initial chunks
+[SUPERSLAB_MMAP] #7: class=6 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 6: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 6: 1 initial chunks
+[LINEAR_CARVE] base=0x7e8c46410000 carved=0 batch=16 cursor=0x7e8c46410000
+[SPLICE_TO_SLL] cls=6 head=0x7e8c46410000 tail=0x7e8c46411e0f count=16
+[SUPERSLAB_MMAP] #8: class=7 size=2097152 (total SuperSlab mmaps so far)
+[SUPERSLAB_INIT] class 7 slab 0: usable_size=63488 stride=1024 capacity=62
+[SUPERSLAB_INIT] Expected: 63488 / 1024 = 62 blocks
+[HAKMEM] Expanded SuperSlabHead for class 7: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 7: 1 initial chunks
+[hakmem] TLS cache pre-warmed for 8 classes
+[LINEAR_CARVE] base=0x7e8c47c10000 carved=16 batch=16 cursor=0x7e8c47c10090
+[SPLICE_TO_SLL] cls=0 head=0x7e8c47c10090 tail=0x7e8c47c10117 count=16
+[LINEAR_CARVE] base=0x7e8c47c10000 carved=32 batch=16 cursor=0x7e8c47c10120
+[SPLICE_TO_SLL] cls=0 head=0x7e8c47c10120 tail=0x7e8c47c101a7 count=16
+[LINEAR_CARVE] base=0x7e8c47c10000 carved=48 batch=16 cursor=0x7e8c47c101b0
+[SPLICE_TO_SLL] cls=0 head=0x7e8c47c101b0 tail=0x7e8c47c10237 count=16
+```
+
+## 3. Free Wrapper Trace (HAKMEM_FREE_WRAP_TRACE=1)
+
+```
+[WRAP_FREE_ENTER] ptr=0x64a1a8d752a0 depth=1 init=1
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] [Whale] Initialized (capacity=8, threshold=2 MB)
+[hakmem] EVO sampling disabled (HAKMEM_EVO_SAMPLE not set or 0)
+[WRAP_FREE_ENTER] ptr=0x64a1a8d76970 depth=1 init=1
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[WRAP_FREE_ENTER] ptr=0x64a1a8d76790 depth=1 init=1
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[WRAP_FREE_ENTER] ptr=0x64a1a8d76970 depth=1 init=1
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[WRAP_FREE_ENTER] ptr=0x64a1a8d76790 depth=1 init=1
+
+[PTR_TRACE_NOW] reason=wrap_libc_lockdepth last=0 (cap=256)
+[hakmem] Baseline: soft_pf=216, hard_pf=0, rss=2432 KB
+[hakmem] Initialized (PoC version)
+[hakmem] Sampling rate: 1/1
+[hakmem] Max sites: 256
+[hakmem] [Build] Flavor=RELEASE  Flags: HEADER_CLASSIDX=1, AGGRESSIVE_INLINE=1, POOL_TLS_PHASE1=1, POOL_TLS_PREWARM=1
+[hakmem] Invalid free mode: skip check (default)
+[Pool] hak_pool_init() called for the first time
+[Pool] hak_pool_init_impl() EXECUTING - Bridge class fix applied
+[Pool] Initialized (L2 Hybrid Pool) - Bridge classes SHOULD be enabled
+[Pool] Class 5 (40KB): 40960
+[Pool] Class 6 (52KB): 53248
+[hakmem] [Pool] Initialized (L2 Hybrid Pool)
+[hakmem] [Pool] Class configuration:
+[hakmem]   Class 0: 2 KB (ENABLED)
+[hakmem]   Class 1: 4 KB (ENABLED)
+[hakmem]   Class 2: 8 KB (ENABLED)
+[hakmem]   Class 3: 16 KB (ENABLED)
+[hakmem]   Class 4: 32 KB (ENABLED)
+[hakmem]   Class 5: 40 KB (ENABLED)
+[hakmem]   Class 6: 52 KB (ENABLED)
+[hakmem] [Pool] Page size: 64 KB
+[hakmem] [Pool] Shards: 64 (site-based)
+[Pool] Pre-allocated 4 pages for Bridge class 5 (40 KB) - Critical for 33KB allocs
+[Pool] Pre-allocated 4 pages for Bridge class 6 (52KB)
+[hakmem] [L2.5] Initialized (LargePool)
+[hakmem] [L2.5] Classes: 64KB, 128KB, 256KB, 512KB, 1MB
+[hakmem] [L2.5] Page page size: 64 KB
+[hakmem] [L2.5] Shards: 64 (site-based)
+[hakmem] [BigCache] Initialized (Phase 2c: Dynamic hash table)
+[hakmem] [BigCache] Initial capacity: 256 buckets, max: 65536 buckets
+[hakmem] [BigCache] Load factor: 0.75, min size: 512 KB
+[ELO] Initialized 12 strategies (thresholds: 512KB-32MB)
+[Batch] Initialized (threshold=8 MB, min_size=64 KB, bg=on)
+[ACE] ACE disabled (HAKMEM_ACE_ENABLED=0)
+[SUPERSLAB_MMAP] #1: class=0 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 0: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 0: 1 initial chunks
+[BATCH_CARVE] cls=0 slab=1 used=0 cap=7281 batch=16 base=0x78846d810000 bs=9
+[TRC_GUARD] failfast=1 env=(null) mode=debug
+[LINEAR_CARVE] base=0x78846d810000 carved=0 batch=16 cursor=0x78846d810000
+[SPLICE_TO_SLL] cls=0 head=0x78846d810000 tail=0x78846d810087 count=16
+[SUPERSLAB_MMAP] #2: class=1 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 1: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 1: 1 initial chunks
+[LINEAR_CARVE] base=0x78846d410000 carved=0 batch=16 cursor=0x78846d410000
+[SPLICE_TO_SLL] cls=1 head=0x78846d410000 tail=0x78846d4100ff count=16
+[SUPERSLAB_MMAP] #3: class=2 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 2: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 2: 1 initial chunks
+[LINEAR_CARVE] base=0x78846d010000 carved=0 batch=16 cursor=0x78846d010000
+[SPLICE_TO_SLL] cls=2 head=0x78846d010000 tail=0x78846d0101ef count=16
+[SUPERSLAB_MMAP] #4: class=3 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 3: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 3: 1 initial chunks
+[LINEAR_CARVE] base=0x78846cc10000 carved=0 batch=16 cursor=0x78846cc10000
+[SPLICE_TO_SLL] cls=3 head=0x78846cc10000 tail=0x78846cc103cf count=16
+[SUPERSLAB_MMAP] #5: class=4 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 4: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 4: 1 initial chunks
+[LINEAR_CARVE] base=0x78846c810000 carved=0 batch=16 cursor=0x78846c810000
+[SPLICE_TO_SLL] cls=4 head=0x78846c810000 tail=0x78846c81078f count=16
+[SUPERSLAB_MMAP] #6: class=5 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 5: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 5: 1 initial chunks
+[SUPERSLAB_MMAP] #7: class=6 size=2097152 (total SuperSlab mmaps so far)
+[HAKMEM] Expanded SuperSlabHead for class 6: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 6: 1 initial chunks
+[LINEAR_CARVE] base=0x78846c010000 carved=0 batch=16 cursor=0x78846c010000
+[SPLICE_TO_SLL] cls=6 head=0x78846c010000 tail=0x78846c011e0f count=16
+[SUPERSLAB_MMAP] #8: class=7 size=2097152 (total SuperSlab mmaps so far)
+[SUPERSLAB_INIT] class 7 slab 0: usable_size=63488 stride=1024 capacity=62
+[SUPERSLAB_INIT] Expected: 63488 / 1024 = 62 blocks
+[HAKMEM] Expanded SuperSlabHead for class 7: 1 chunks now (bitmap=0x00000001)
+[HAKMEM] Initialized SuperSlabHead for class 7: 1 initial chunks
+[hakmem] TLS cache pre-warmed for 8 classes
+[LINEAR_CARVE] base=0x78846d810000 carved=16 batch=16 cursor=0x78846d810090
+[SPLICE_TO_SLL] cls=0 head=0x78846d810090 tail=0x78846d810117 count=16
+[WRAP_FREE_ENTER] ptr=0xa0 depth=0 init=0
+[FREE_WRAP_ENTER] ptr=0xa0
+[LINEAR_CARVE] base=0x78846d810000 carved=32 batch=16 cursor=0x78846d810120
+[SPLICE_TO_SLL] cls=0 head=0x78846d810120 tail=0x78846d8101a7 count=16
+[LINEAR_CARVE] base=0x78846d810000 carved=48 batch=16 cursor=0x78846d8101b0
+[SPLICE_TO_SLL] cls=0 head=0x78846d8101b0 tail=0x78846d810237 count=16
+```
+
+## Round 2 分析結果
+
+### 重要な発見
+
+1. **SIGSEGVクラッシュが継続**: 実行中にメモリアクセス違反
+2. **PTR_TRACEの問題は解決**: `wrap_libc_lockdepth` のみ記録
+3. **FREE_WRAP_TRACEで重大発見**:
+   - `[WRAP_FREE_ENTER] ptr=0xa0 depth=0 init=0`
+   - **不正なポインタ `0xa0` (160バイト目) が解放されている！**
+
+### 根本原因
+
+**NULLポインタ＋ヘッダオフセットが原因**:
+- `0xa0` = NULL + 160バイト (ヘッダサイズ分？)
+- `depth=0 init=0` で初期化前に解放されている
+- SPLICE_TO_SLLでリンクされた後、TLS-SLLを経由せず直接不正ポインタを解放
+
+### 問題のフロー
+
+1. SPLICE_TO_SLLで正常にリンクされる
+2. TLS-SLLのポインタ操作が何らかの理由で失敗
+3. 不正なポインタ（NULL+offset）が生成される
+4. これがlibc free()に渡される → SIGSEGV
+
+### 推奨対策
+
+1. **TLS-SLLヘッドのNULLチェック強化**
+2. **ヘッダオフセット計算の検証**
+3. **SPLICE_TO_SLL直後のTLS-SLL状態確認**
+
+これにより、ポインタ破壊の具体的な箇所を特定できる！

hakmem.d

@@ -16,15 +16,15 @@ hakmem.o: core/hakmem.c core/hakmem.h core/hakmem_build_flags.h \
  core/hakmem_elo.h core/hakmem_ace_stats.h core/hakmem_batch.h \
  core/hakmem_evo.h core/hakmem_debug.h core/hakmem_prof.h \
  core/hakmem_syscall.h core/hakmem_ace_controller.h \
- core/hakmem_ace_metrics.h core/hakmem_ace_ucb1.h \
+ core/hakmem_ace_metrics.h core/hakmem_ace_ucb1.h core/ptr_trace.h \
  core/box/hak_exit_debug.inc.h core/box/hak_kpi_util.inc.h \
  core/box/hak_core_init.inc.h core/hakmem_phase7_config.h \
  core/box/hak_alloc_api.inc.h core/box/../pool_tls.h \
  core/box/hak_free_api.inc.h core/hakmem_tiny_superslab.h \
  core/box/../tiny_free_fast_v2.inc.h core/box/../tiny_region_id.h \
  core/box/../hakmem_build_flags.h core/box/../hakmem_tiny_config.h \
- core/box/../box/tls_sll_box.h core/box/../box/../ptr_trace.h \
- core/box/../box/../hakmem_tiny_config.h core/box/front_gate_classifier.h \
+ core/box/../box/tls_sll_box.h core/box/../box/../hakmem_tiny_config.h \
+ core/box/../box/../hakmem_build_flags.h core/box/front_gate_classifier.h \
  core/box/hak_wrappers.inc.h
 core/hakmem.h:
 core/hakmem_build_flags.h:
@@ -70,6 +70,7 @@ core/hakmem_syscall.h:
 core/hakmem_ace_controller.h:
 core/hakmem_ace_metrics.h:
 core/hakmem_ace_ucb1.h:
+core/ptr_trace.h:
 core/box/hak_exit_debug.inc.h:
 core/box/hak_kpi_util.inc.h:
 core/box/hak_core_init.inc.h:
@@ -83,7 +84,7 @@ core/box/../tiny_region_id.h:
 core/box/../hakmem_build_flags.h:
 core/box/../hakmem_tiny_config.h:
 core/box/../box/tls_sll_box.h:
-core/box/../box/../ptr_trace.h:
 core/box/../box/../hakmem_tiny_config.h:
+core/box/../box/../hakmem_build_flags.h:
 core/box/front_gate_classifier.h:
 core/box/hak_wrappers.inc.h: