From @andk

git bisect

commit ebdc880
Author​: Nicholas Clark <nick@​ccl4.org>
Date​: Fri Oct 4 14​:54​:00 2013 +0200

  S_process_special_blocks() should use a new stack for BEGIN blocks.

diagnostics

It happens only when XML​::LibXML is installed. If XML​::LibXML is not
installed, I typically get a pass. Sample fail report​:

http​://www.cpantesters.org/cpan/report/917e0d8a-546a-11e3-9195-4aca9d5baa37

perl -V

Summary of my perl5 (revision 5 version 19 subversion 7) configuration​:
  Commit id​: ebdc880
  Platform​:
  osname=linux, osvers=3.10-3-amd64, archname=x86_64-linux-ld
  uname='linux k83 3.10-3-amd64 #1 smp debian 3.10.11-1 (2013-09-10) x86_64 gnulinux '
  config_args='-Dprefix=/home/sand/src/perl/repoperls/installed-perls/perl/v5.19.6-22-gebdc880/127e -Dmyhostname=k83 -Dinstallusrbinperl=n -Uversiononly -Dusedevel -des -Ui_db -Uuseithreads -Duselongdouble -DDEBUGGING=-g'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=undef, usemultiplicity=undef
  useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
  use64bitint=define, use64bitall=define, uselongdouble=define
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O2 -g',
  cppflags='-fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
  ccversion='', gccversion='4.8.2', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=8, nvtype='long double', nvsize=16, Off_t='off_t', lseeksize=8
  alignbytes=16, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
  libpth=/usr/local/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/lib
  libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat
  perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
  libc=, so=so, useshrplib=false, libperl=libperl.a
  gnulibc_version='2.17'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib -fstack-protector'

Characteristics of this binary (from libperl)​:
  Compile-time options​: HAS_TIMES PERLIO_LAYERS PERL_DONT_CREATE_GVSV
  PERL_HASH_FUNC_ONE_AT_A_TIME_HARD PERL_MALLOC_WRAP
  PERL_NEW_COPY_ON_WRITE PERL_PRESERVE_IVUV
  PERL_USE_DEVEL USE_64_BIT_ALL USE_64_BIT_INT
  USE_LARGE_FILES USE_LOCALE USE_LOCALE_COLLATE
  USE_LOCALE_CTYPE USE_LOCALE_NUMERIC USE_LONG_DOUBLE
  USE_PERLIO USE_PERL_ATOF
  Built under linux
  Compiled at Nov 25 2013 15​:13​:59
  @​INC​:
  /home/sand/src/perl/repoperls/installed-perls/perl/v5.19.6-22-gebdc880/127e/lib/site_perl/5.19.7/x86_64-linux-ld
  /home/sand/src/perl/repoperls/installed-perls/perl/v5.19.6-22-gebdc880/127e/lib/site_perl/5.19.7
  /home/sand/src/perl/repoperls/installed-perls/perl/v5.19.6-22-gebdc880/127e/lib/5.19.7/x86_64-linux-ld
  /home/sand/src/perl/repoperls/installed-perls/perl/v5.19.6-22-gebdc880/127e/lib/5.19.7

--
andreas

From @nwc10

On Mon, Nov 25, 2013 at 06​:48​:57AM -0800, Andreas J. Koenig via RT wrote​:

# New Ticket Created by (Andreas J. Koenig)
# Please include the string​: [perl #120626]
# in the subject line of all future correspondence about this issue.
# <URL​: https://rt-archive.perl.org/perl5/Ticket/Display.html?id=120626 >

git bisect
----------
commit ebdc880
Author​: Nicholas Clark <nick@​ccl4.org>
Date​: Fri Oct 4 14​:54​:00 2013 +0200

S\_process\_special\_blocks\(\) should use a new stack for BEGIN blocks\.

diagnostics
-----------
It happens only when XML​::LibXML is installed. If XML​::LibXML is not
installed, I typically get a pass. Sample fail report​:

http​://www.cpantesters.org/cpan/report/917e0d8a-546a-11e3-9195-4aca9d5baa37

I'm not going to get a chance to look at this (heck, I didn't get time myself
to get that commit into blead), but I think that the key clue is this​:

Attempt to reload XML/LibXML.pm aborted.
Compilation failed in require at /home/sand/src/perl/repoperls/installed-perls/perl/v5.19.6-26-ga2235d7/9980/lib/site_perl/5.19.7/x86_64-linux-thread-multi/XML/LibXML/SAX.pm line 17.
BEGIN failed--compilation aborted at /home/sand/src/perl/repoperls/installed-perls/perl/v5.19.6-26-ga2235d7/9980/lib/site_perl/5.19.7/x86_64-linux-thread-multi/XML/LibXML/SAX.pm line 17.
Compilation failed in require at (eval 347) line 1.
# Looks like your test exited with 255 before it could output anything.

Why is it now attempting a reload?
Presumably it didn't before.

Nicholas Clark

The RT System itself - Status changed from 'new' to 'open'

From @andk

also affected​: GSHANK/HTML-FormHandler-0.40053.tar.gz

sample fail report​: http​://www.cpantesters.org/cpan/report/d85bd3a2-5561-11e3-a024-97dd9d5baa37

Running the failing test verbosely​:

PERL_DL_NONLAZY=1 /home/sand/src/perl/repoperls/installed-perls/perl/v5.19.6-22-gebdc880/127e/bin/perl "-MExtUtils​::Command​::MM" "-MTest​::Harness" "-e" "undef *Test​::Harness​::Switches; test_harness(1, 'blib/lib', 'blib/arch')" t/fields/repeatable.t
t/fields/repeatable.t ..
ok 1 - use HTML​::FormHandler​::Field​::Repeatable;
ok 2 - field built
ok 3 - attribute set
perl​: malloc.c​:3544​: _int_malloc​: Assertion `victim->fd_nextsize->bk_nextsize == victim' failed.
All 3 subtests passed

Test Summary Report

t/fields/repeatable.t (Wstat​: 6 Tests​: 3 Failed​: 0)
  Non-zero wait status​: 6
  Parse errors​: No plan found in TAP output
Files=1, Tests=3, 1 wallclock secs ( 0.03 usr 0.00 sys + 0.53 cusr 0.04 csys = 0.60 CPU)

--
andreas

From @cpansprout

On Mon Nov 25 06​:48​:56 2013, andreas.koenig.7os6VVqR@​franz.ak.mind.de wrote​:

git bisect
----------
commit ebdc880
Author​: Nicholas Clark <nick@​ccl4.org>
Date​: Fri Oct 4 14​:54​:00 2013 +0200

S_process_special_blocks() should use a new stack for BEGIN blocks.

diagnostics
-----------
It happens only when XML​::LibXML is installed. If XML​::LibXML is not
installed, I typically get a pass. Sample fail report​:

http​://www.cpantesters.org/cpan/report/917e0d8a-546a-11e3-9195-
4aca9d5baa37

It is not failing for me under current bleadperl. Does it fail for you still?

I wonder whether 901ee10 might have fixed it, but it would
take me a while to find out with my current setup.

--

Father Chrysostomos

From @andk

"Father Chrysostomos via RT" <perlbug-followup@​perl.org> writes​:

It is not failing for me under current bleadperl. Does it fail for
you still?

Yes, but I had to determine the conditions under which to reproduce more
carefully. Last time I said, XML​::LibXML must be installed. But now I
see another condition must be met which I did not realize last time​:

- XML​::SAX​::Expat is not installed

--or--

- XML​::SAX​::Expat is also installed and XML/SAX/ParserDetails.ini is
  listing Expat before LibXML

After this finding I checked whether 5.19.6 is indeed passing when
exactly those conditions are met, and it is.

--
andreas

From @andk

Now also affected​: SREZIC/Tk-804.032.tar.gz

http​://www.cpantesters.org/cpan/report/776f4750-86ac-11e3-95c9-a5a95d7e0655
--
andreas

From @andk

Andreas Koenig <andreas.koenig.7os6VVqR@​franz.ak.mind.de> writes​:

Now also affected​: SREZIC/Tk-804.032.tar.gz

Program terminated with signal 6, Aborted.
#0 0x00002ad6b01821d5 in __GI_raise (sig=sig@​entry=6)
  at ../nptl/sysdeps/unix/sysv/linux/raise.c​:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c​: No such file or directory.
(gdb) bt
#0 0x00002ad6b01821d5 in __GI_raise (sig=sig@​entry=6)
  at ../nptl/sysdeps/unix/sysv/linux/raise.c​:56
#1 0x00002ad6b0185388 in __GI_abort () at abort.c​:90
#2 0x00002ad6b166ff89 in InterpHv (interp=0x27c5660, fatal=<optimized out>)
  at tkGlue.c​:516
#3 0x00002ad6b166ffce in FindXv (my_perl=0x26e1010,
  interp=interp@​entry=0x27c5660, create=create@​entry=1,
  key=key@​entry=0x2ad6b16e99f9 "_TK_RESULT_", type=type@​entry=0,
  createProc=createProc@​entry=0x2ad6b166e570 <createSV>, who=<optimized out>)
  at tkGlue.c​:528
#4 0x00002ad6b16705a4 in FindSv (who=<optimized out>,
  key=0x2ad6b16e99f9 "_TK_RESULT_", create=1, hv=0x27c5660,
  my_perl=<optimized out>) at tkGlue.c​:610
#5 Tcl_GetObjResult (interp=interp@​entry=0x27c5660) at tkGlue.c​:622
#6 0x00002ad6b1680d99 in Tcl_GetStringResult (interp=interp@​entry=0x27c5660)
  at strGlue.c​:99
#7 0x00002ad6b167b063 in XS_Tk__MainWindow_Create (my_perl=0x1,
  cv=<optimized out>) at tkGlue.c​:2382
#8 0x00000000004ae302 in Perl_pp_entersub (my_perl=0x26e1010) at pp_hot.c​:2760
#9 0x00000000004a6af6 in Perl_runops_standard (my_perl=0x26e1010) at run.c​:42
#10 0x000000000043c044 in S_run_body (oldscope=1, my_perl=0x26e1010)
  at perl.c​:2433
#11 perl_run (my_perl=0x26e1010) at perl.c​:2349
#12 0x000000000041bc3b in main (argc=79, argv=0x7fff63ed9108,
  env=0x7fff63ed9388) at perlmain.c​:112

--
andreas

From @wolfsage

With ebdc880, I can reproduce the HTML​::FormHandler test crash, and
I get this valgrind output​:

  mhorsfall@​tworivers​:~/.cpanm/work/1390878740.27975/HTML-FormHandler-0.40055$
valgrind ~/badcommit/bin/perl -Iblib/lib -Iblib/arch
t/fields/repeatable.t 2>&1
  ==28093== Memcheck, a memory error detector
  ==28093== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
  ==28093== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
  ==28093== Command​: /home/mhorsfall/badcommit/bin/perl -Iblib/lib
-Iblib/arch t/fields/repeatable.t
  ==28093==
  ok 1 - use HTML​::FormHandler​::Field​::Repeatable;
  ok 2 - field built
  ==28093== Invalid write of size 8
  ==28093== at 0xA472891​: XS_Data__Clone_clone (Data-Clone.xs​:395)
  ==28093== by 0x4F0214​: Perl_pp_entersub (pp_hot.c​:2760)
  ==28093== by 0x4E50D1​: Perl_runops_standard (run.c​:42)
  ==28093== by 0x43F792​: S_run_body (perl.c​:2433)
  ==28093== by 0x43F371​: perl_run (perl.c​:2349)
  ==28093== by 0x41CD3B​: main (perlmain.c​:112)
  ==28093== Address 0x592fd20 is 16 bytes inside a block of size 1,024 free'd
  ==28093== at 0x4C2B7B2​: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==28093== by 0x4BAD8C​: Perl_safesysrealloc (util.c​:173)
  ==28093== by 0x4E2F7E​: Perl_av_extend_guts (av.c​:154)
  ==28093== by 0x4E2CF8​: Perl_av_extend (av.c​:82)
  ==28093== by 0x5285CC​: Perl_stack_grow (scope.c​:38)
  ==28093== by 0x55BDC2​: Perl_do_kv (doop.c​:1268)
  ==28093== by 0x4E8E76​: Perl_pp_rv2av (pp_hot.c​:934)
  ==28093== by 0x4E50D1​: Perl_runops_standard (run.c​:42)
  ==28093== by 0x43FF64​: Perl_call_sv (perl.c​:2732)
  ==28093== by 0xA471F53​: dc_call_sv1 (Data-Clone.xs​:176)
  ==28093== by 0xA4721E1​: dc_clone_object (Data-Clone.xs​:227)
  ==28093== by 0xA472356​: clone_rv (Data-Clone.xs​:266)
  ==28093==
  ok 3 - attribute set
  ok 4 - form built
  ok 5 - worked in form
  1..5

(Though it doesn't crash when run under valgrind. Neat.)​:

  mhorsfall@​tworivers​:~/.cpanm/work/1390878740.27975/HTML-FormHandler-0.40055$
~/badcommit/bin/perl -Iblib/lib -Iblib/arch t/fields/repeatable.t
2>&1
  ok 1 - use HTML​::FormHandler​::Field​::Repeatable;
  ok 2 - field built
  ok 3 - attribute set
  perl​: malloc.c​:3729​: _int_malloc​: Assertion
`victim->fd_nextsize->bk_nextsize == victim' failed.

With ea35f80 (ebdc880~1) I cannot reproduce the crash, and the
valgrind output is "clean". (Valgrind reports some definitely lost
bytes thought).

With latest blead (b373396) I still get the crash with the same
valgrind output.

Each time, I built perl with grindperl, for example​:

  grindperl --prefix=/home/mhorsfall/blead -j 5 --install
--no-debugging --no-threads -D optimize=-g

-- Matthew Horsfall (alh)

From perl5-porters@perl.org

Matthew Horsfall wrote​:

==28093== Invalid write of size 8
==28093== at 0xA472891​: XS_Data__Clone_clone (Data-Clone.xs​:395)

Could you get a Perl backtrace at that point?

E.g., set a breakpoint on XS_Data__Clone_clone and then use​:

gdb) p Perl_warn("") /* no threads */
gdb) p Perl_warn(my_perl,"") /* threads */

Then edit the cited sourced file and put Carp​::cluck() where
appropriate.

Then re-run the whole thing through valgrind.

The output of that would be much appreciated.

==28093== Address 0x592fd20 is 16 bytes inside a block of size 1,024 free'd
...
==28093== by 0x5285CC​: Perl_stack_grow (scope.c​:38)
==28093== by 0x55BDC2​: Perl_do_kv (doop.c​:1268)

That line is an EXTEND. So somehow the entersub call above is using a
reallocated stack, which is weird.

From @wolfsage

I think I've got this right​:

  ok 1 - use HTML​::FormHandler​::Field​::Repeatable;
  ok 2 - field built
  ==3474== Invalid write of size 8
  ==3474== at 0xA873891​: XS_Data__Clone_clone (Data-Clone.xs​:395)
  ==3474== by 0x4F24CA​: Perl_pp_entersub (pp_hot.c​:2768)
  ==3474== by 0x4E7399​: Perl_runops_standard (run.c​:42)
  ==3474== by 0x43FC9C​: S_run_body (perl.c​:2446)
  ==3474== by 0x43F87B​: perl_run (perl.c​:2362)
  ==3474== by 0x41CD9B​: main (perlmain.c​:112)
  ==3474== Address 0x592fd20 is 16 bytes inside a block of size 1,024 free'd
  ==3474== at 0x4C2B7B2​: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==3474== by 0x4BD3F7​: Perl_safesysrealloc (util.c​:244)
  ==3474== by 0x4E5246​: Perl_av_extend_guts (av.c​:154)
  ==3474== by 0x4E4FC0​: Perl_av_extend (av.c​:82)
  ==3474== by 0x52AB5C​: Perl_stack_grow (scope.c​:38)
  ==3474== by 0x55E26E​: Perl_do_kv (doop.c​:1268)
  ==3474== by 0x4EB13E​: Perl_pp_rv2av (pp_hot.c​:934)
  ==3474== by 0x4E7399​: Perl_runops_standard (run.c​:42)
  ==3474== by 0x44046E​: Perl_call_sv (perl.c​:2746)
  ==3474== by 0xA872F53​: dc_call_sv1 (Data-Clone.xs​:176)
  ==3474== by 0xA8731E1​: dc_clone_object (Data-Clone.xs​:227)
  ==3474== by 0xA873356​: clone_rv (Data-Clone.xs​:266)
  ==3474==
  Squawk at blib/lib/HTML/FormHandler/Merge.pm line 56.
  HTML​::FormHandler​::Merge​::merge_hashes(HASH(0x9ccc120),
HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line
23
  HTML​::FormHandler​::Merge​::__ANON__(HASH(0x9ccc120),
HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 40
  HTML​::FormHandler​::Merge​::merge(HASH(0x595afe0),
HASH(0x826db90)) called at
blib/lib/HTML/FormHandler/Field/Repeatable.pm line 75
  HTML​::FormHandler​::Field​::Repeatable​::create_element(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578))
called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 55
  HTML​::FormHandler​::Field​::Repeatable​::init_state(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578))
called at t/fields/repeatable.t line 15
  Squawk at blib/lib/HTML/FormHandler/Merge.pm line 56.
  HTML​::FormHandler​::Merge​::merge_hashes(HASH(0x9ccc120),
HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 23
  HTML​::FormHandler​::Merge​::__ANON__(HASH(0x9ccc120),
HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 40
  HTML​::FormHandler​::Merge​::merge(HASH(0x595afe0),
HASH(0x826db90)) called at
blib/lib/HTML/FormHandler/Field/Repeatable.pm line 75
  HTML​::FormHandler​::Field​::Repeatable​::create_element(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578))
called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 55
  HTML​::FormHandler​::Field​::Repeatable​::init_state(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578))
called at t/fields/repeatable.t line 15
  Squawk at blib/lib/HTML/FormHandler/Merge.pm line 56.
  HTML​::FormHandler​::Merge​::merge_hashes(HASH(0x9ccc120),
HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 23
  HTML​::FormHandler​::Merge​::__ANON__(HASH(0x9ccc120),
HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 40
  HTML​::FormHandler​::Merge​::merge(HASH(0x595afe0),
HASH(0x826db90)) called at
blib/lib/HTML/FormHandler/Field/Repeatable.pm line 75
  HTML​::FormHandler​::Field​::Repeatable​::create_element(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578))
called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 55
  HTML​::FormHandler​::Field​::Repeatable​::init_state(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578))
called at t/fields/repeatable.t line 15
  Squawk at blib/lib/HTML/FormHandler/Merge.pm line 56.
  HTML​::FormHandler​::Merge​::merge_hashes(HASH(0x9ccc120),
HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 23
  HTML​::FormHandler​::Merge​::__ANON__(HASH(0x9ccc120),
HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 40
  HTML​::FormHandler​::Merge​::merge(HASH(0x595afe0),
HASH(0x826db90)) called at
blib/lib/HTML/FormHandler/Field/Repeatable.pm line 75
  HTML​::FormHandler​::Field​::Repeatable​::create_element(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578))
called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 55
  HTML​::FormHandler​::Field​::Repeatable​::init_state(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578))
called at t/fields/repeatable.t line 15
  ok 3 - attribute set

-- Matthew Horsfall (alh)

From @wolfsage

And that looks terrible in my email client.

Attached.

From @wolfsage

==3474== Memcheck, a memory error detector
==3474== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==3474== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==3474== Command​: /home/mhorsfall/blead/bin/perl -Iblib/lib -Iblib/arch t/fields/repeatable.t
==3474==
ok 1 - use HTML​::FormHandler​::Field​::Repeatable;
ok 2 - field built
==3474== Invalid write of size 8
==3474== at 0xA873891​: XS_Data__Clone_clone (Data-Clone.xs​:395)
==3474== by 0x4F24CA​: Perl_pp_entersub (pp_hot.c​:2768)
==3474== by 0x4E7399​: Perl_runops_standard (run.c​:42)
==3474== by 0x43FC9C​: S_run_body (perl.c​:2446)
==3474== by 0x43F87B​: perl_run (perl.c​:2362)
==3474== by 0x41CD9B​: main (perlmain.c​:112)
==3474== Address 0x592fd20 is 16 bytes inside a block of size 1,024 free'd
==3474== at 0x4C2B7B2​: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3474== by 0x4BD3F7​: Perl_safesysrealloc (util.c​:244)
==3474== by 0x4E5246​: Perl_av_extend_guts (av.c​:154)
==3474== by 0x4E4FC0​: Perl_av_extend (av.c​:82)
==3474== by 0x52AB5C​: Perl_stack_grow (scope.c​:38)
==3474== by 0x55E26E​: Perl_do_kv (doop.c​:1268)
==3474== by 0x4EB13E​: Perl_pp_rv2av (pp_hot.c​:934)
==3474== by 0x4E7399​: Perl_runops_standard (run.c​:42)
==3474== by 0x44046E​: Perl_call_sv (perl.c​:2746)
==3474== by 0xA872F53​: dc_call_sv1 (Data-Clone.xs​:176)
==3474== by 0xA8731E1​: dc_clone_object (Data-Clone.xs​:227)
==3474== by 0xA873356​: clone_rv (Data-Clone.xs​:266)
==3474==
Squawk at blib/lib/HTML/FormHandler/Merge.pm line 56.
  HTML​::FormHandler​::Merge​::merge_hashes(HASH(0x9ccc120), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 23
  HTML​::FormHandler​::Merge​::__ANON__(HASH(0x9ccc120), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 40
  HTML​::FormHandler​::Merge​::merge(HASH(0x595afe0), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 75
  HTML​::FormHandler​::Field​::Repeatable​::create_element(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578)) called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 55
  HTML​::FormHandler​::Field​::Repeatable​::init_state(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578)) called at t/fields/repeatable.t line 15
Squawk at blib/lib/HTML/FormHandler/Merge.pm line 56.
  HTML​::FormHandler​::Merge​::merge_hashes(HASH(0x9ccc120), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 23
  HTML​::FormHandler​::Merge​::__ANON__(HASH(0x9ccc120), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 40
  HTML​::FormHandler​::Merge​::merge(HASH(0x595afe0), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 75
  HTML​::FormHandler​::Field​::Repeatable​::create_element(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578)) called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 55
  HTML​::FormHandler​::Field​::Repeatable​::init_state(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578)) called at t/fields/repeatable.t line 15
Squawk at blib/lib/HTML/FormHandler/Merge.pm line 56.
  HTML​::FormHandler​::Merge​::merge_hashes(HASH(0x9ccc120), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 23
  HTML​::FormHandler​::Merge​::__ANON__(HASH(0x9ccc120), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 40
  HTML​::FormHandler​::Merge​::merge(HASH(0x595afe0), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 75
  HTML​::FormHandler​::Field​::Repeatable​::create_element(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578)) called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 55
  HTML​::FormHandler​::Field​::Repeatable​::init_state(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578)) called at t/fields/repeatable.t line 15
Squawk at blib/lib/HTML/FormHandler/Merge.pm line 56.
  HTML​::FormHandler​::Merge​::merge_hashes(HASH(0x9ccc120), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 23
  HTML​::FormHandler​::Merge​::__ANON__(HASH(0x9ccc120), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Merge.pm line 40
  HTML​::FormHandler​::Merge​::merge(HASH(0x595afe0), HASH(0x826db90)) called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 75
  HTML​::FormHandler​::Field​::Repeatable​::create_element(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578)) called at blib/lib/HTML/FormHandler/Field/Repeatable.pm line 55
  HTML​::FormHandler​::Field​::Repeatable​::init_state(HTML​::FormHandler​::Field​::Repeatable=HASH(0x5947578)) called at t/fields/repeatable.t line 15
ok 3 - attribute set

From perl5-porters@perl.org

Matthew Horsfall wrote​:

I think I've got this right​:

Thank you. Sorry for putting you to the trouble. The valgrind output
has just made something in my head click​:

==3474== Address 0x592fd20 is 16 bytes inside a block of size 1,024 free'd
==3474== at 0x4C2B7B2​: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3474== by 0x4BD3F7​: Perl_safesysrealloc (util.c​:244)
==3474== by 0x4E5246​: Perl_av_extend_guts (av.c​:154)
==3474== by 0x4E4FC0​: Perl_av_extend (av.c​:82)
==3474== by 0x52AB5C​: Perl_stack_grow (scope.c​:38)
==3474== by 0x55E26E​: Perl_do_kv (doop.c​:1268)
==3474== by 0x4EB13E​: Perl_pp_rv2av (pp_hot.c​:934)
==3474== by 0x4E7399​: Perl_runops_standard (run.c​:42)
==3474== by 0x44046E​: Perl_call_sv (perl.c​:2746)
==3474== by 0xA872F53​: dc_call_sv1 (Data-Clone.xs​:176)
==3474== by 0xA8731E1​: dc_clone_object (Data-Clone.xs​:227)
==3474== by 0xA873356​: clone_rv (Data-Clone.xs​:266)

Data​::Clone is calling the perl code that reallocated the stack, so I
suspect the bug is there. Where is *it* not protecting things?

(I suspect its use of call_sv is buggy and that the commit that
supposedly broke it is a red herring.)

I am trying to reproduce this on dromedary. The bad news is that I
keep losing my ssh connection before I finish processing dependencies.
But I seem to be getting closer each time....

From perl5-porters@perl.org

I wrote, in response to Matthew Horsfall​:

(I suspect its use of call_sv is buggy and that the commit that
supposedly broke it is a red herring.)

It is likely that, since require() does not use the existing stack,
the stack at the offending call to Data​::Clone​::clone() is smaller
than it used to be, requiring a clone callback to reallocated
the stack.

Indeed, Data​::Clone does not protect against stack reallocation during
callbacks.

RDF​::Trine does not depend on Data​::Clone, so I do not know which of
its dependencies has a similar bug. If I do not get a chance, could
you try running whichever of its tests is failing through valgrind
(presuming it fails for you)?

From @tonycoz

On Wed, Jan 29, 2014 at 05​:44​:07AM -0000, Father Chrysostomos wrote​:

I am trying to reproduce this on dromedary. The bad news is that I
keep losing my ssh connection before I finish processing dependencies.
But I seem to be getting closer each time....

You can use screen(1) to deal with dodgy connections.

Tony

From @khwilliamson

On 01/28/2014 10​:55 PM, Tony Cook wrote​:

On Wed, Jan 29, 2014 at 05​:44​:07AM -0000, Father Chrysostomos wrote​:

I am trying to reproduce this on dromedary. The bad news is that I
keep losing my ssh connection before I finish processing dependencies.
But I seem to be getting closer each time....

You can use screen(1) to deal with dodgy connections.

Tony

Another possible thing to try is

ssh -oServerAliveInterval=150 users.perl5.git.perl.org

From @wolfsage

On Wed, Jan 29, 2014 at 12​:44 AM, Father Chrysostomos <sprout@​cpan.org> wrote​:

Thank you. Sorry for putting you to the trouble. The valgrind output
has just made something in my head click​:

No problem. I'm trying to set up the RDF​::Trine case now.

-- Matthew Horsfall (alh)

From @wolfsage

On Wed, Jan 29, 2014 at 8​:57 AM, Matthew Horsfall (alh)
<wolfsage@​gmail.com> wrote​:

On Wed, Jan 29, 2014 at 12​:44 AM, Father Chrysostomos <sprout@​cpan.org> wrote​:

Thank you. Sorry for putting you to the trouble. The valgrind output
has just made something in my head click​:

No problem. I'm trying to set up the RDF​::Trine case now.

I believe I've reduced it to this​:

  use strict;
  use warnings;

  use Module​::Load​::Conditional qw(can_load);

  BEGIN {
  can_load(
  modules => {
  'XML​::LibXML' => 0,
  }
  );
  }

  eval "use XML​::LibXML;";
  die $@​ if $@​;

If you look at %INC, 'XML/LibXML.pm' => undef !

-- Matthew Horsfall (alh)

From perl5-porters@perl.org

I wrote​:

Indeed, Data​::Clone does not protect against stack reallocation during
callbacks.

I was implying that it should do PUSHSTACK/POPSTACK, but actually it
should not have to, as XSUBs may reallocate the stack and pp_entersub
already accounts for that. What seems to be the problem is that
Data​::Clone is not protecting itself. The code in question is​:

void
clone(SV* sv)
CODE​:
{
  ST(0) = sv_clone(sv);
  XSRETURN(1);
}

where sv_clone can reallocate the stack. That line translates into​:

  PL_stack_base[ax + (0)] = Data_Clone_sv_clone( (sv));

Does the C standard guarantee any execution order here? (According
to Perl execution order, that code would actually work. According to
JavaScript execution order, it is completely broken.)

From @tonycoz

On Thu, Jan 30, 2014 at 04​:38​:47AM -0000, Father Chrysostomos wrote​:

where sv_clone can reallocate the stack. That line translates into​:

PL\_stack\_base\[ax \+ \(0\)\] = Data\_Clone\_sv\_clone\( \(sv\)\);

Does the C standard guarantee any execution order here? (According
to Perl execution order, that code would actually work. According to
JavaScript execution order, it is completely broken.)

It doesn't.

Tony

From perl5-porters@perl.org

Matthew Horsfall wrote​:

I believe I've reduced it to this​:

use strict;
use warnings;

use Module​::Load​::Conditional qw(can_load);

BEGIN {
can_load(
modules => {
'XML​::LibXML' => 0,
}
);
}

eval "use XML​::LibXML;";
die $@​ if $@​;

Thank you. I was able to reproduce it with that.

XML​::LibXML​::bootstrap does POPMARK twice. No wonder it screws up.
The version number read by Perl_xs_version_bootcheck was the wrong
stack item. That it worked before was a stroke of serendipity (or
not). (I do not yet fully understand why it worked.)

From @cpansprout

Thank you to everyone who provided diagnostics and advice. I have submitted a patch to CPAN ticket #92606 and mentioned RDF​::Trine in the Known Problems section of perl5200delta in commit 1a85989.

--

Father Chrysostomos

@cpansprout - Status changed from 'open' to 'resolved'

From @eserte

"Father Chrysostomos via RT" <perlbug-followup@​perl.org> writes​:

Thank you to everyone who provided diagnostics and advice. I have
submitted a patch to CPAN ticket #92606 and mentioned RDF​::Trine in
the Known Problems section of perl5200delta in commit 1a85989.

Unfortunately Tk was forgotten.

--
Slaven Rezic - slaven <at> rezic <dot> de

  Berlin Perl Mongers - http​://berlin.pm.org