From @ntyni

This is a bug report for perl from Niko Tyni <ntyni@​debian.org>,
generated with the help of perlbug 1.36 running under perl 5.10.0.

As reported in <http​://bugs.debian.org/343690>, the attached script
crashes 5.8.8, 5.10.0 and blead @​33824 in a mostly reproducible way with
a segmentation fault.

Note that unlimiting the process stack size ('ulimit -s unlimited' or the
like) seems to be required, and it takes three or four tries on my amd64
SMP host to get it to crash. The sysctls may be required on Linux to keep
the system from swapping itself to death first (vm.overcommit_memory=2
means never overcommit, see proc(5)).

Severity set to "low" because I assume the system is running out of
memory during perl_clone(), which makes it mostly a user error. The
situation is not handled very gracefully, though.

Backtrace on 5.10.0 follows. The resulting core file is obscenely big. The
number of Perl_*_dup calls and the final crashing place in the stack
trace varies.

% debugperl ~/t.pl
sid% debugperl ~/t.pl
0
Thread creation failed​: pthread_create returned 12 at /home/niko/t.pl
line 26.
Out of memory!
sid% debugperl ~/t.pl
0
Thread creation failed​: pthread_create returned 12 at /home/niko/t.pl
line 26.
--76--
76
76
76

sid% debugperl ~/t.pl
0
Thread creation failed​: pthread_create returned 12 at /home/niko/t.pl
line 26.
Thread creation failed​: pthread_create returned 12 at /home/niko/t.pl
line 26.
zsh​: segmentation fault (core dumped) debugperl ~/t.pl

#0 0x00000000004833bf in S_more_bodies (my_perl=0x1d50da0, sv_type=SVt_PVAV) at sv.c​:1065
#1 0x0000000000484536 in Perl_sv_dup (my_perl=0x1d50da0, sstr=0x9c5d88, param=0x40601c20) at sv.c​:10106
#2 0x00000000004844b6 in Perl_sv_dup (my_perl=0x1d50da0, sstr=0x9c5d70, param=0x40601c20) at sv.c​:10218
#3 0x00000000004845d0 in Perl_sv_dup (my_perl=0x1d50da0, sstr=0x9c5d58, param=0x40601c20) at sv.c​:10304
#4 0x0000000000484413 in Perl_sv_dup (my_perl=0x1d50da0, sstr=0x9c5bd8, param=0x40601c20) at sv.c​:10305
#5 0x0000000000485605 in Perl_gp_dup (my_perl=0x1d50da0, gp=0x9c9fc8, param=0x40601c20) at sv.c​:9738
#6 0x0000000000483e59 in Perl_sv_dup (my_perl=0x1d50da0, sstr=0x9c5bc0, param=0x40601c20) at sv.c​:10172
#7 0x000000000046c973 in Perl_he_dup (my_perl=0x1d50da0, e=0x9c02f8, shared=-96 ' ', param=0x40601c20)
  at hv.c​:189
#8 0x0000000000484023 in Perl_sv_dup (my_perl=0x1d50da0, sstr=0x9c5b90, param=0x40601c20) at sv.c​:10247
#9 0x00000000004855ca in Perl_gp_dup (my_perl=0x1d50da0, gp=0x9c9df8, param=0x40601c20) at sv.c​:9736
#10 0x0000000000483e59 in Perl_sv_dup (my_perl=0x1d50da0, sstr=0x9c5b78, param=0x40601c20) at sv.c​:10172
#11 0x000000000046c973 in Perl_he_dup (my_perl=0x1d50da0, e=0x9c02b0, shared=-32 'à', param=0x40601c20)
  at hv.c​:189
#12 0x0000000000484023 in Perl_sv_dup (my_perl=0x1d50da0, sstr=0x9605d8, param=0x40601c20) at sv.c​:10247
#13 0x0000000000483e47 in Perl_sv_dup (my_perl=0x1d50da0, sstr=0x9605c0, param=0x40601c20) at sv.c​:10171
#14 0x0000000000498995 in perl_clone (proto_perl=0x91cda0, flags=2) at sv.c​:11077
#15 0x00002b2f8a126244 in XS_threads_create (my_perl=0x91cda0, cv=<value optimized out>)
  at threads.xs​:666
#16 0x0000000000479a78 in Perl_pp_entersub (my_perl=0x91cda0) at pp_hot.c​:2847
#17 0x00000000004533f1 in Perl_runops_debug (my_perl=0x91cda0) at dump.c​:1931
#18 0x0000000000472628 in Perl_call_sv (my_perl=0x91cda0, sv=0x9d5e08, flags=4) at perl.c​:2653
#19 0x00002b2f8a127d6e in S_ithread_run (arg=<value optimized out>) at threads.xs​:440
#20 0x00002b2f84787017 in start_thread () from /lib/libpthread.so.0
#21 0x00002b2f84a6154d in clone () from /lib/libc.so.6
#22 0x0000000000000000 in ?? ()

Flags​:
  category=core
  severity=low

Site configuration information for perl 5.10.0​:

Configured by Debian Project at Thu May 8 11​:57​:24 UTC 2008.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration​:
  Platform​:
  osname=linux, osvers=2.6.18-6-xen-amd64, archname=x86_64-linux-gnu-thread-multi
  uname='linux sid 2.6.18-6-xen-amd64 #1 smp thu apr 24 05​:10​:26 utc 2008 x86_64 gnulinux '
  config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=define, usemultiplicity=define
  useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O2 -g',
  cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include'
  ccversion='', gccversion='4.2.3 (Debian 4.2.3-5)', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
  libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
  perllibs=-ldl -lm -lpthread -lc -lcrypt
  libc=/lib/libc-2.7.so, so=so, useshrplib=true, libperl=libperl.so.5.10.0
  gnulibc_version='2.7'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib'

Locally applied patches​:
 

@​INC for perl 5.10.0​:
  /etc/perl
  /usr/local/lib/perl/5.10.0
  /usr/local/share/perl/5.10.0
  /usr/lib/perl5
  /usr/share/perl5
  /usr/lib/perl/5.10
  /usr/share/perl/5.10
  /usr/local/lib/site_perl
  .

Environment for perl 5.10.0​:
  HOME=/home/niko
  LANG=en_US.UTF-8
  LANGUAGE (unset)
  LC_CTYPE=fi_FI.UTF-8
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/home/niko/bin​:/usr/local/bin​:/usr/bin​:/bin​:/usr/bin/X11​:/usr/games​:/sbin​:/usr/sbin
  PERL_BADLANG (unset)
  SHELL=/bin/zsh

From @ntyni

t.pl

From @jimc

fg
./perl -Ilib ~/Download/t.pl
Perl exited with active threads​:
  28 running and unjoined
  1 finished and unjoined
  222 running and detached

with -Dm also, it segfaults quickly

dmesg says​:
perl[12674]​: segfault at abababb3 ip 0814f755 sp bf970f10 error 4 in
perl[8048000+28a000]

the abababb3 looks a lot like a poisoned addr​: = abababab + 8

I get lots of segvs in the spawned threads
(apparently, cuz main script finishes)

Thread creation failed​: pthread_create returned 11 at
/home/jimc/Download/t.pl line 25.
Thread creation failed​: pthread_create returned 11 at
/home/jimc/Download/t.pl line 25.

The RT System itself - Status changed from 'new' to 'open'