From mhanor@yahoo.com

Hello,
I can easily reproduce a crash using a very simple script, see the attached file, script.pl

It crashes when I try to interrupt its execution, by pressing CTRL+C. It doesn't always crash, but it does most of the times. See the attached Windbg log, crash_perl64.txt
Perl version​: perl 5, version 18, subversion 2 (v5.18.2) built for MSWin32-x64-multi-thread
Host​: Windows 7 Home Premium 64 bit SP1, 8GB RAM, i3 2120

I can crash, in the same manner, ActivePerl x64, Strawberry Perl x64 and 64-bit self-build Perl from 5.18.2 sources, using Visual C++ 2010.

From mhanor@yahoo.com

Microsoft (R) Windows Debugger Version 6.2.9200.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine​: perl script.pl
Symbol search path is​: SRV*c​:\\symbols*http​://referencesource.microsoft.com/symbols;SRV*c​:\\symbols*http​://msdl.microsoft.com/download/symbols;SRV*c​:\\symbols*http​://symbols.mozilla.org/firefox;SRV*c​:\\symbols*http​://symbols.mozilla.org/thunderbird;SRV*c​:\\symbols*http​://symbols.mozilla.org/xulrunner
Executable search path is​:
ModLoad​: 00000001`3ff40000 00000001`3ff4b000 perl.exe
ModLoad​: 00000000`77930000 00000000`77ad9000 ntdll.dll
ModLoad​: 000007fe`f9710000 000007fe`f977e000 C​:\windows\system32\verifier.dll
Page heap​: pid 0x2C4​: page heap enabled with flags 0x3.
ModLoad​: 00000000`77810000 00000000`7792f000 C​:\windows\system32\kernel32.dll
ModLoad​: 000007fe`fda80000 000007fe`fdaeb000 C​:\windows\system32\KERNELBASE.dll
ModLoad​: 00000000`61750000 00000000`61822000 C​:\windows\system32\MSVCR100.dll
ModLoad​: 00000000`613c0000 00000000`61750000 d​:\work_x64\perl-5.18.2\perl518.dll
ModLoad​: 00000000`77710000 00000000`7780a000 C​:\windows\system32\USER32.dll
ModLoad​: 000007fe`fdcc0000 000007fe`fdd27000 C​:\windows\system32\GDI32.dll
ModLoad​: 000007fe`fdf50000 000007fe`fdf5e000 C​:\windows\system32\LPK.dll
ModLoad​: 000007fe`fdf60000 000007fe`fe029000 C​:\windows\system32\USP10.dll
ModLoad​: 000007fe`fdd70000 000007fe`fde0f000 C​:\windows\system32\msvcrt.dll
ModLoad​: 000007fe`fdbe0000 000007fe`fdcbb000 C​:\windows\system32\ADVAPI32.dll
ModLoad​: 000007fe`fdeb0000 000007fe`fdecf000 C​:\windows\SYSTEM32\sechost.dll
ModLoad​: 000007fe`ffb10000 000007fe`ffc3d000 C​:\windows\system32\RPCRT4.dll
ModLoad​: 000007fe`fc050000 000007fe`fc244000 C​:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll
ModLoad​: 000007fe`ff2f0000 000007fe`ff361000 C​:\windows\system32\SHLWAPI.dll
ModLoad​: 000007fe`fdd30000 000007fe`fdd5e000 C​:\windows\system32\IMM32.DLL
ModLoad​: 000007fe`ff1e0000 000007fe`ff2e9000 C​:\windows\system32\MSCTF.dll
(2c4.278)​: Control-C exception - code 40010005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
kernel32!CtrlRoutine+0xe2​:
00000000`77864712 eb6d jmp kernel32!CtrlRoutine+0x151 (00000000`77864781)
0​:001> gu
(2c4.2e0)​: Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
perl518!VMem​::UnlinkBlock+0x13​:
00000000`616bb4b3 488b00 mov rax,qword ptr [rax] ds​:00000000`0447ffc0=????????????????
0​:000> !heap -p -a 0447ffc0
  address 000000000447ffc0 found in
  _DPH_HEAP_ROOT @​ 3e31000
  in free-ed allocation ( DPH_HEAP_BLOCK​: VirtAddr VirtSize)
  3e45ea0​: 447f000 2000
  000007fef9718a4a verifier!AVrfDebugPageHeapReAllocate+0x00000000000002da
  0000000077a0693f ntdll!RtlDebugReAllocateHeap+0x000000000000003f
  00000000779a45e4 ntdll! ?? :​:FNODOBFM​::`string'+0x000000000001c71e
  00000000617b9903 MSVCR100!realloc+0x0000000000000057
  00000000616b2418 perl518!VMem​::Realloc+0x0000000000000088 [d​:\work_x64\perl-5.18.2\win32\vmem.h @​ 178]
  00000000616bc0de perl518!CPerlHost​::Realloc+0x000000000000002e [d​:\work_x64\perl-5.18.2\win32\perlhost.h @​ 66]
  00000000616b3b6f perl518!PerlMemRealloc+0x000000000000002f [d​:\work_x64\perl-5.18.2\win32\perlhost.h @​ 305]
  00000000616a146b perl518!Perl_safesysrealloc+0x000000000000015b [d​:\work_x64\perl-5.18.2\util.c @​ 184]
  00000000615e52c4 perl518!Perl_sv_grow+0x0000000000000204 [d​:\work_x64\perl-5.18.2\sv.c @​ 1519]
  00000000615f7ab6 perl518!Perl_sv_catpvn_flags+0x00000000000001d6 [d​:\work_x64\perl-5.18.2\sv.c @​ 5090]
  000000006160cb5f perl518!Perl_sv_vcatpvfn_flags+0x000000000000094f [d​:\work_x64\perl-5.18.2\sv.c @​ 10410]
  000000006160c13c perl518!Perl_sv_vsetpvfn+0x00000000000000cc [d​:\work_x64\perl-5.18.2\sv.c @​ 10150]
  00000000616a439b perl518!Perl_vmess+0x000000000000008b [d​:\work_x64\perl-5.18.2\util.c @​ 1328]
  00000000616a57d7 perl518!Perl_vwarn+0x0000000000000027 [d​:\work_x64\perl-5.18.2\util.c @​ 1684]
  00000000616a591a perl518!Perl_warn+0x000000000000005a [d​:\work_x64\perl-5.18.2\util.c @​ 1728]
  00000000616d00d3 perl518!sig_terminate+0x0000000000000033 [d​:\work_x64\perl-5.18.2\win32\win32.c @​ 2156]
  00000000616d42a9 perl518!win32_ctrlhandler+0x0000000000000099 [d​:\work_x64\perl-5.18.2\win32\win32.c @​ 4207]
  0000000077864769 kernel32!CtrlRoutine+0x0000000000000139
  000000007782652d kernel32!BaseThreadInitThunk+0x000000000000000d
  000000007795c541 ntdll!RtlUserThreadStart+0x000000000000001d

0​:000> kP
Child-SP RetAddr Call Site
00000000`0027f200 00000000`616b24ed perl518!VMem​::UnlinkBlock(
  struct _MemoryBlockHeader * ptr = 0x00000000`0447ffc0)+0x13 [d​:\work_x64\perl-5.18.2\win32\vmem.h @​ 114]
00000000`0027f220 00000000`616bc114 perl518!VMem​::Free(
  void * pMem = 0x00000000`0447ffd8)+0x8d [d​:\work_x64\perl-5.18.2\win32\vmem.h @​ 212]
00000000`0027f260 00000000`616b3ba5 perl518!CPerlHost​::Free(
  void * ptr = 0x00000000`0447ffd8)+0x24 [d​:\work_x64\perl-5.18.2\win32\perlhost.h @​ 67]
00000000`0027f290 00000000`616a185f perl518!PerlMemFree(
  struct IPerlMem * piPerl = 0x00000000`03fde998,
  void * ptr = 0x00000000`0447ffd8)+0x25 [d​:\work_x64\perl-5.18.2\win32\perlhost.h @​ 310]
00000000`0027f2c0 00000000`615fcdfd perl518!Perl_safesysfree(
  void * where = 0x00000000`0447ffd8)+0x1ef [d​:\work_x64\perl-5.18.2\util.c @​ 278]
00000000`0027f310 00000000`615fe35e perl518!Perl_sv_clear(
  struct interpreter * my_perl = 0x00000000`04024f48,
  struct sv * orig_sv = 0x00000000`0402d418)+0x13fd [d​:\work_x64\perl-5.18.2\sv.c @​ 6320]
00000000`0027f490 00000000`615dbd75 perl518!Perl_sv_free2(
  struct interpreter * my_perl = 0x00000000`04024f48,
  struct sv * sv = 0x00000000`0402d418,
  unsigned long rc = 1)+0xfe [d​:\work_x64\perl-5.18.2\sv.c @​ 6591]
00000000`0027f4e0 00000000`615dbd1d perl518!S_SvREFCNT_dec_NN(
  struct interpreter * my_perl = 0x00000000`04024f48,
  struct sv * sv = 0x00000000`0402d418)+0x45 [d​:\work_x64\perl-5.18.2\inline.h @​ 85]
00000000`0027f520 00000000`614f7dd1 perl518!Perl_free_tmps(
  struct interpreter * my_perl = 0x00000000`04024f48)+0x8d [d​:\work_x64\perl-5.18.2\scope.c @​ 171]
00000000`0027f560 00000000`613e7433 perl518!Perl_pp_unstack(
  struct interpreter * my_perl = 0x00000000`04024f48)+0xb1 [d​:\work_x64\perl-5.18.2\pp_hot.c @​ 245]
00000000`0027f5a0 00000000`614873c6 perl518!Perl_runops_debug(
  struct interpreter * my_perl = 0x00000000`04024f48)+0x193 [d​:\work_x64\perl-5.18.2\dump.c @​ 2213]
00000000`0027f5f0 00000000`61486ac9 perl518!S_run_body(
  struct interpreter * my_perl = 0x00000000`04024f48,
  long oldscope = 0n1)+0x336 [d​:\work_x64\perl-5.18.2\win32\perl.c @​ 2469]
00000000`0027f640 00000000`616b9422 perl518!perl_run(
  struct interpreter * my_perl = 0x00000000`04024f48)+0x1b9 [d​:\work_x64\perl-5.18.2\win32\perl.c @​ 2386]
00000000`0027f820 00000001`3ff41036 perl518!RunPerl(
  int argc = 0n2,
  char ** argv = 0x00000000`03f1afd0,
  char ** env = 0x00000000`03f72e50)+0x1c2 [d​:\work_x64\perl-5.18.2\win32\perllib.c @​ 270]
00000000`0027fc70 00000001`3ff411d6 perl!main(
  int argc = 0n2,
  char ** argv = 0x00000000`03f1afd0,
  char ** env = 0x00000000`03ea1e50)+0x26 [d​:\work_x64\perl-5.18.2\win32\perlmain.c @​ 24]
00000000`0027fca0 00000000`7782652d perl!__tmainCRTStartup(void)+0x11a [f​:\dd\vctools\crt_bld\self_64_amd64\crt\src\crtexe.c @​ 555]
00000000`0027fcd0 00000000`7795c541 kernel32!BaseThreadInitThunk+0xd
00000000`0027fd00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d

From mhanor@yahoo.com

script.pl

From @bulk88

On Tue Feb 11 13​:48​:02 2014, mhanor@​yahoo.com wrote​:

Hello,
I can easily reproduce a crash using a very simple script, see the
attached file, script.pl

It crashes when I try to interrupt its execution, by pressing CTRL+C.
It doesn't always crash, but it does most of the times. See the
attached Windbg log, crash_perl64.txt
Perl version​: perl 5, version 18, subversion 2 (v5.18.2) built for
MSWin32-x64-multi-thread
Host​: Windows 7 Home Premium 64 bit SP1, 8GB RAM, i3 2120

I can crash, in the same manner, ActivePerl x64, Strawberry Perl x64
and 64-bit self-build Perl from 5.18.2 sources, using Visual C++ 2010.

This is a race condition. Identical to https://rt-archive.perl.org/perl5/Ticket/Display.html?id=101072 . The 2 MS C lib signal handlers provided by MS always run in a separate new thread by Win API. They do not stop the existing thread, change instruction pointer, then run the C func on the C stack of the existing thread with the timeslice of the existing thread. I think I've seen and participated in discussion of this before on the ML or Perl RT, but Perl RT's full text search has been broken/removed for months since the RT 4 upgrade.

--
bulk88 ~ bulk88 at hotmail.com

The RT System itself - Status changed from 'new' to 'open'

From @tonycoz

On Tue Feb 11 18​:49​:16 2014, bulk88 wrote​:

This is a race condition. Identical to
https://rt-archive.perl.org/perl5/Ticket/Display.html?id=101072 . The 2 MS C lib
signal handlers provided by MS always run in a separate new thread by
Win API. They do not stop the existing thread, change instruction
pointer, then run the C func on the C stack of the existing thread
with the timeslice of the existing thread. I think I've seen and
participated in discussion of this before on the ML or Perl RT, but
Perl RT's full text search has been broken/removed for months since
the RT 4 upgrade.

I wonder why we have a handler when the user hasn't requested one.

As to searching, you might try using Google Groups or markmail. You might be thinking of https://rt-archive.perl.org/perl5/Ticket/Display.html?id=116254

Tony

From @bulk88

On Tue Feb 11 20​:12​:54 2014, tonyc wrote​:

I wonder why we have a handler when the user hasn't requested one.

Because of a Perl_warn http​://perl5.git.perl.org/perl.git/commit/3fadfdf11dfb17421538d2f4280b4d99a5c6cb5a?f=win32/win32.c . I'm not sure what signal safety rules are on POSIX, but http​://perl5.git.perl.org/perl.git/commit/3fadfdf11dfb17421538d2f4280b4d99a5c6cb5a?f=win32/win32.c this says printf/stdio/malloc are not signal safe on paper (a Linux box with glibc has a longer safe list). Nothing except exit() is "safe". So the issue here is, you called malloc inside a sig handler. Now you randomly deadlock/heap corruption. (from a IRC disccusion with TonyC) I do really like that warning, since it says what happened graphically instead of a "normal exit" and checking the exit code is the only way to know if it crashed/segved/abnormal exit.

As to searching, you might try using Google Groups or markmail. You
might be thinking of https://rt-archive.perl.org/perl5/Ticket/Display.html?id=116254

No, https​://rt.perl.org/Ticket/Display.html?id=40445 was the one. Also this thread is related https://groups.google.com/forum/#!searchin/perl.perl5.porters/%22ctrl-c%22|sort:date/perl.perl5.porters/-owPMsC9bBA/IefqyhyXp8YJ

--
bulk88 ~ bulk88 at hotmail.com