From @geeknik

Triggered in Perl v5.25.6 (v5.25.5-106-g877b982).

od -tx1 test123
0000000 70 72 69 6e 74 20 6d 61 70 20 63 68 72 24 5f 5b
0000020 30 5d 2d 6f 72 64 44 64 0a 5f 2c 40 5f 3d 5b 30
0000040 5d 2d 6f 72 64 2d 64 24 5f 2c 40 5f 3d 27 32 30
0000060 30 6f 63 54 01 00 67 5a 59 54 a8 78 63 56 5c c2
0000100 a8 60 67 65 c7 63 35 27 3d 7e 6d 3b 28 5c 64 1a
0000120 7c 22 29 3b 67 3b 0a
0000127

./perl test123
Can't locate object method "ordDd" via package "_" (perhaps you forgot to
load "_"?) at test123 line 1.
perl​: gv.c​:1492​: HV *S_gv_stashsvpvn_cached(SV *, const char *, U32, I32)​:
Assertion `PL_valid_types_IVX[((svtype)((_svivx)->sv_flags & 0xff)) & 0xf]'
failed.
Aborted

Running Perl 5.20.2-3+deb8u6 under Valgrind we get a nice segfault​:

Can't locate object method "ordDd" via package "_" (perhaps you forgot to
load "_"?) at test123 line 1.
==12280== Invalid read of size 8
==12280== at 0x4E90336​: Perl_gv_fetchmeth_pvn (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E90513​: Perl_gv_fetchmeth_pvn (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E907C4​: Perl_gv_fetchmeth_pvn_autoload (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0C326​: ??? (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0CECF​: Perl_sv_clear (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0D289​: Perl_sv_free2 (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0D5CC​: ??? (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F03DC6​: ??? (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0D8E7​: Perl_sv_clean_objs (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E8641C​: perl_destruct (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x400DE0​: main (in /usr/bin/perl)
==12280== Address 0x5f3c7b8 is 8 bytes inside a block of size 32 free'd
==12280== at 0x4C29E90​: free (vg_replace_malloc.c​:473)
==12280== by 0x4F0D1A7​: Perl_sv_clear (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0D289​: Perl_sv_free2 (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F3018F​: Perl_free_tmps (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E8B750​: perl_run (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x400E18​: main (in /usr/bin/perl)
==12280==
==12280== Invalid read of size 4
==12280== at 0x4E8FFA0​: Perl_gv_stashsv (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E90346​: Perl_gv_fetchmeth_pvn (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E90513​: Perl_gv_fetchmeth_pvn (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E907C4​: Perl_gv_fetchmeth_pvn_autoload (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0C326​: ??? (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0CECF​: Perl_sv_clear (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0D289​: Perl_sv_free2 (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0D5CC​: ??? (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F03DC6​: ??? (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0D8E7​: Perl_sv_clean_objs (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E8641C​: perl_destruct (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x400DE0​: main (in /usr/bin/perl)
==12280== Address 0xc is not stack'd, malloc'd or (recently) free'd
==12280==
==12280==
==12280== Process terminating with default action of signal 11 (SIGSEGV)
==12280== Access not within mapped region at address 0xC
==12280== at 0x4E8FFA0​: Perl_gv_stashsv (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E90346​: Perl_gv_fetchmeth_pvn (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E90513​: Perl_gv_fetchmeth_pvn (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E907C4​: Perl_gv_fetchmeth_pvn_autoload (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0C326​: ??? (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0CECF​: Perl_sv_clear (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0D289​: Perl_sv_free2 (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0D5CC​: ??? (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F03DC6​: ??? (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4F0D8E7​: Perl_sv_clean_objs (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x4E8641C​: perl_destruct (in
/usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==12280== by 0x400DE0​: main (in /usr/bin/perl)
==12280== If you believe this happened as a result of a stack
==12280== overflow in your program's main thread (unlikely but
==12280== possible), you can try to increase the size of the
==12280== main thread stack using the --main-stacksize= flag.
==12280== The main thread stack size used in this run was 8388608.
Segmentation fault

From @geeknik

test123.gz

From @hvds

Here's a shorter version​:

% echo 'map xx->yy, (@​z = 1), (@​z = ())' | ./miniperl
Can't locate object method "yy" via package "xx" (perhaps you forgot to load "xx"?) at - line 1.
miniperl​: gv.c​:1500​: S_gv_stashsvpvn_cached​: Assertion `PL_valid_types_IVX[((svtype)((_svivx)->sv_flags & 0xff)) & 0xf]' failed.
Aborted (core dumped)
%

I'm pretty sure this is only a stack refcounting issue, but here's the backtrace in case anyone is moved to look further​:

#3 0x00007ffff72e7c32 in __GI___assert_fail (
  assertion=0x776ca0 "PL_valid_types_IVX[((svtype)((_svivx)->sv_flags & 0xff)) & 0xf]", file=0x76fcda "gv.c", line=1500,
  function=0x77cf90 <__PRETTY_FUNCTION__.15678> "S_gv_stashsvpvn_cached")
  at assert.c​:101
#4 0x00000000004600ed in S_gv_stashsvpvn_cached (namesv=0x0,
  name=0x775b68 "UNIVERSAL", namelen=9, flags=0) at gv.c​:1500
#5 0x00000000004603c0 in Perl_gv_stashpvn (name=0x775b68 "UNIVERSAL",
  namelen=9, flags=0) at gv.c​:1528
#6 0x0000000000459684 in S_gv_fetchmeth_internal (stash=0x0, meth=0x0,
  name=0x7e7e73 <S_destroy> "DESTROY", len=7, level=1, flags=0) at gv.c​:711
#7 0x000000000045b051 in S_gv_fetchmeth_internal (stash=0xa9f6a8, meth=0x0,
  name=0x7e7e73 <S_destroy> "DESTROY", len=7, level=-1, flags=0) at gv.c​:832
#8 0x000000000045b5cc in Perl_gv_fetchmeth_pvn (stash=0xa9f6a8,
  name=0x7e7e73 <S_destroy> "DESTROY", len=7, level=-1, flags=0) at gv.c​:859
#9 0x00000000005de80c in S_curse (sv=0xa9fa68, check_refcnt=true) at sv.c​:6839
#10 0x00000000005dc30b in Perl_sv_clear (orig_sv=0xa9fa68) at sv.c​:6497
#11 0x00000000005df82a in Perl_sv_free2 (sv=0xa9fa68, rc=1) at sv.c​:6994
#12 0x00000000005a9548 in S_SvREFCNT_dec_NN (sv=0xa9fa68) at inline.h​:200
#13 0x00000000005ab1b5 in do_clean_named_io_objs (sv=0xa9fa50) at sv.c​:600
#14 0x00000000005aa1ad in S_visit (f=0x5aadec <do_clean_named_io_objs>,
  flags=32777, mask=49407) at sv.c​:476
#15 0x00000000005ab69b in Perl_sv_clean_objs () at sv.c​:632
#16 0x0000000000443c54 in perl_destruct (my_perl=0xa8a010) at perl.c​:855
#17 0x000000000072ab51 in main (argc=3, argv=0x7fffffffe518,
  env=0x7fffffffe538) at miniperlmain.c​:140

Hugo

The RT System itself - Status changed from 'new' to 'open'

From @iabyn

On Fri, Nov 11, 2016 at 06​:20​:38AM -0800, Hugo van der Sanden via RT wrote​:

Here's a shorter version​:

% echo 'map xx->yy, (@​z = 1), (@​z = ())' | ./miniperl
Can't locate object method "yy" via package "xx" (perhaps you forgot to load "xx"?) at - line 1.
miniperl​: gv.c​:1500​: S_gv_stashsvpvn_cached​: Assertion `PL_valid_types_IVX[((svtype)((_svivx)->sv_flags & 0xff)) & 0xf]' failed.
Aborted (core dumped)
%

I'm pretty sure this is only a stack refcounting issue, but here's the backtrace in case anyone is moved to look further​:

It would indeed appear to be. I've linked this ticket to the
"[META] stack not reference counted issues" ticket.

--
Never do today what you can put off till tomorrow.