Skip Menu |
Report information
Id: 131634
Status: new
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: randir <sergey.aleynikov [at]>

Operating System: (no value)
PatchStatus: (no value)
Severity: medium
Type: core
Perl Version: 5.27.1
Fixed In: (no value)

Date: Thu, 22 Jun 2017 23:23:29 +0300
From: Sergey Aleynikov <sergey.aleynikov [...]>
Subject: inline.h:147: I32 S_POPMARK(): Assertion `(PL_markstack_ptr > PL_markstack) || !"MARK underflow"' failed.
To: perlbug [...]
Download (untitled) / with headers
text/plain 5.9k
This is a bug report for perl from, generated with the help of perlbug 1.40 running under perl 5.27.1. ----------------------------------------------------------------- [Please describe your issue here] While fuzzing perl v5.27.1-37-g4c95ee9f29 built with afl and run under libdislocator, I found the following program 00000000 31 2b 65 76 61 6c 20 71 21 28 29 20 3d 20 73 6f |1+eval q!() = so| 00000010 72 74 7b 30 7d 30 2c 30 2e 2e 5f 21 |rt{0}0,0.._!| 0000001c to cause an assertion failure. This is a regression in v5.26, bisect points to: commit b3698342565fb462291fba4b432cfcd05b6eb4e1 Author: Zefram <> Date: Fri Jan 27 03:55:46 2017 +0000 fix range op under aborted constant folding GDB info about the crash location is: gdb$ bt #0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007f13bf1443fa in __GI_abort () at abort.c:89 #2 0x00007f13bf13be37 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x563740fe6e88 "(PL_markstack_ptr > PL_markstack) || !\"MARK underflow\"", file=file@entry=0x563740fe6d20 "inline.h", line=line@entry=0x93, function=function@entry=0x563740fe90f8 <__PRETTY_FUNCTION__.14228> "S_POPMARK") at assert.c:92 #3 0x00007f13bf13bee2 in __GI___assert_fail (assertion=0x563740fe6e88 "(PL_markstack_ptr > PL_markstack) || !\"MARK underflow\"", file=0x563740fe6d20 "inline.h", line=0x93, function=0x563740fe90f8 <__PRETTY_FUNCTION__.14228> "S_POPMARK") at assert.c:101 #4 0x0000563740dacc78 in S_POPMARK () at inline.h:147 #5 0x0000563740db71ea in Perl_pp_aassign () at pp_hot.c:1250 #6 0x0000563740d60a7d in Perl_runops_debug () at dump.c:2451 #7 0x0000563740f63287 in S_sortcv (a=0x5637430e8b78, b=0x5637430e93d0) at pp_sort.c:1799 #8 0x0000563740f5dcd0 in dynprep (list1=0x5637430cfb60, list2=0x7ffd9cd562d0, nmemb=0x2, cmp=0x563740f63093 <S_sortcv>) at pp_sort.c:197 #9 0x0000563740f5e150 in S_mergesortsv (base=0x5637430cfb60, nmemb=0x2, cmp=0x563740f63093 <S_sortcv>, flags=0x0) at pp_sort.c:379 #10 0x0000563740f60609 in Perl_sortsv_flags (array=0x5637430cfb60, nmemb=0x2, cmp=0x563740f63093 <S_sortcv>, flags=0x0) at pp_sort.c:1463 #11 0x0000563740f627c2 in Perl_pp_sort () at pp_sort.c:1686 #12 0x0000563740d60a7d in Perl_runops_debug () at dump.c:2451 #13 0x0000563740c56b3d in S_run_body (oldscope=0x1) at perl.c:2548 #14 0x0000563740c560bb in perl_run (my_perl=0x5637430cb010) at perl.c:2471 #15 0x0000563740c0ef3e in main (argc=0x2, argv=0x7ffd9cd56f48, env=0x7ffd9cd56f60) at perlmain.c:123 [Please do not change anything below this line] ----------------------------------------------------------------- --- Flags: category=core severity=medium --- Site configuration information for perl 5.27.1: Configured by root at Sun May 28 01:44:41 MSK 2017. Summary of my perl5 (revision 5 version 26 subversion 0) configuration: Derived from: 4c95ee9f298c2edfc1382d540ff89288790e78b6 Platform: osname=linux osvers=4.9.0-3-amd64 archname=x86_64-linux uname='linux dorothy 4.9.0-3-amd64 #1 smp debian 4.9.25-1 (2017-05-02) x86_64 gnulinux ' config_args='-des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast -Doptimize=-O0 -g -ggdb3 -fno-omit-frame-pointer' hint=previous useposix=true d_sigaction=define useithreads=undef usemultiplicity=undef use64bitint=define use64bitall=define uselongdouble=undef usemymalloc=n default_inc_excludes_dot=define bincompat5005=undef Compiler: cc='afl-clang-fast' ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2' optimize='-O0 -g -ggdb3 -fno-omit-frame-pointer' cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include' ccversion='' gccversion='4.2.1 Compatible Clang 3.9.1 (tags/RELEASE_391/rc2)' gccosandvers='' intsize=4 longsize=8 ptrsize=8 doublesize=8 byteorder=12345678 doublekind=3 d_longlong=define longlongsize=8 d_longdbl=define longdblsize=16 longdblkind=3 ivtype='long' ivsize=8 nvtype='double' nvsize=8 Off_t='off_t' lseeksize=8 alignbytes=8 prototype=define Linker and Libraries: ld='afl-clang-fast' ldflags =' -fstack-protector-strong -L/usr/local/lib' libpth=/usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib /usr/include/x86_64-linux-gnu /usr/lib libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc so=so useshrplib=false libperl=libperl.a gnulibc_version='2.24' Dynamic Linking: dlsrc=dl_dlopen.xs dlext=so d_dlsymun=undef ccdlflags='-Wl,-E' cccdlflags='-fPIC' lddlflags='-shared -O0 -g -ggdb3 -fno-omit-frame-pointer -L/usr/local/lib -fstack-protector-strong' Locally applied patches: uncommitted-changes --- @INC for perl 5.27.1: lib /usr/local/lib/perl5/site_perl/5.26.0/x86_64-linux /usr/local/lib/perl5/site_perl/5.26.0 /usr/local/lib/perl5/5.26.0/x86_64-linux /usr/local/lib/perl5/5.26.0 --- Environment for perl 5.27.1: HOME=/home/afl LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_CTYPE=en_US.UTF-8 LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.24.1-dbg/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games PERLBREW_BASHRC_VERSION=0.78 PERLBREW_HOME=/home/afl/.perlbrew PERLBREW_MANPATH=/home/afl/perlbrew/perls/perl-5.24.1-dbg/man PERLBREW_PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.24.1-dbg/bin PERLBREW_PERL=perl-5.24.1-dbg PERLBREW_ROOT=/home/afl/perlbrew PERLBREW_VERSION=0.78 PERL_BADLANG (unset) SHELL=/usr/bin/zsh
Download 0076
application/octet-stream 28b

Message body not shown because it is not plain text.

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at