From @rurban

This is a bug report for perl from rurban@​cpanel.net,
generated with the help of perlbug 1.39 running under perl 5.15.8.

XS​::APItest​::clone_with_stack() fails threaded with heap-use-after-free
on address 0x7fd35fa6c788, which is PL_curcop at Perl_newGP in the final
destruct END method. This ptr has to be protected somehow.
See backtrace below.

Interestingly it survives the first perl_destruct at APITest.xs​:3043

How to repro​:

cd ~
svn co http​://llvm.org/svn/llvm-project/llvm/trunk llvm
cd llvm
R=$(svn info | grep Revision​: | awk '{print $2}')
# I tested with r152121 and r152199
(cd tools && svn co -r $R http​://llvm.org/svn/llvm-project/cfe/trunk clang)
(cd projects && svn co -r $R http​://llvm.org/svn/llvm-project/compiler-rt/trunk compiler-rt)
mkdir build
(cd build && ../configure --enable-optimized && make -j 10)

# Build and test asan run-time library
cd projects/compiler-rt/lib/asan/
make -f Makefile.old get_third_party
# this might need to patch the shebang of the python tools from /usr/bin/python2.4 to /usr/bin/python
make -f Makefile.old test -j 10
# Install clang and asan run-time into a separate directory
# ../asan_clang_linux
make -f Makefile.old install

cd <perl-git>
#patch perl with my three asan fixes​:
  #111594​: 0ffb95f Socket.xs heap-buffer-overflow with abstract AF_UNIX paths
  https://rt-archive.perl.org/perl5/Ticket/Display.html?id=111594
  #111586​: sdbm.c​: fix off-by-one access to global ".dir"
  #72700​: Copy&paste List​::Util BOOT bug, reading global past 2 bytes

# build perl with​:
./Configure -de -Dusedevel -DEBUGGING -Doptimize=-g3 -Duseithreads \
  -D'cc=~/llvm/projects/compiler-rt/lib/asan_clang_linux/bin/clang' \
  -A'ccflags=-faddress-sanitizer' -A'ldflags=-faddress-sanitizer' \
  -Duseshrplib

# this will fail​:
./perl -Ilib -Ilib/auto -MXS​::APItest -e'clone_with_stack();'

$ echo "b __asan_report_error" >.gdbinit

reini /usr/src/perl/build-5.15.8d-asan
$ gdb --args ./perl -Ilib -Ilib/auto -MXS​::APItest -e'clone_with_stack();'
GNU gdb (GDB) 7.2-debian
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+​: GNU GPL version 3 or later
<http​://gnu.org/licenses/gpl.html>
This is free software​: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see​:
<http​://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/rurban/Perl/src/build-5.15.8d-asan/perl...done.
Breakpoint 1 at 0x4074b0
(gdb) r
Starting program​: /home/rurban/Perl/src/build-5.15.8d-asan/perl -Ilib
-Ilib/auto -MXS​::APItest -eclone_with_stack\(\)\;
[Thread debugging using libthread_db enabled]

Breakpoint 1, 0x00000000004074b0 in __asan_report_error ()
(gdb) bt
#0 0x00000000004074b0 in __asan_report_error ()
#1 0x0000000000407947 in __asan_report_load8 ()
#2 0x00007ffff6468366 in Perl_newGP (my_perl=<value optimized out>, gv=<value optimized out>) at gv.c​:164
#3 0x00007ffff6460107 in Perl_gv_init_pvn (my_perl=<value optimized out>, gv=<value optimized out>, stash=<value optimized out>, name=<value optimized out>, len=<value optimized out>,
  flags=<value optimized out>) at gv.c​:364
#4 0x00007ffff64bdb7d in Perl_gv_fetchpvn_flags (my_perl=<value optimized out>, nambeg=<value optimized out>,
  full_len=<value optimized out>, flags=<value optimized out>, sv_type=<value optimized out>) at gv.c​:1690
#5 0x00007ffff64e425f in Perl_gv_fetchpv (my_perl=<value optimized out>, nambeg=<value optimized out>, add=<value optimized out>, sv_type=<value optimized out>) at gv.c​:1379
#6 0x00007ffff63fa59f in Perl_get_sv (my_perl=Unhandled dwarf expression opcode 0x0) at perl.c​:2427
#7 0x00007ffff2de180d in XS_XS__APItest_END (my_perl=<value optimized out>, cv=<value optimized out>) at APItest.xs​:2293
#8 0x00007ffff6e5a374 in Perl_pp_entersub (my_perl=<value optimized out>) at pp_hot.c​:2778
#9 0x00007ffff64021f8 in Perl_call_sv (my_perl=0x7ffff4ecf080, sv=0x7ffff49df698, flags=13) at perl.c​:2704
#10 0x00007ffff63d5530 in Perl_call_list (my_perl=0x7ffff4ecf080, oldscope=1, paramList=0x7ffff49a7230) at perl.c​:4781
#11 0x00007ffff63bce61 in perl_destruct (my_perl=Unhandled dwarf expression opcode 0x0) at perl.c​:567
#12 0x00007ffff2e47df4 in XS_XS__APItest_clone_with_stack (my_perl=<value optimized out>, cv=<value optimized out>) at APItest.xs​:3066
#13 0x00007ffff6e5a374 in Perl_pp_entersub (my_perl=<value optimized out>) at pp_hot.c​:2778
#14 0x00007ffff6a9e77e in Perl_runops_debug (my_perl=<value optimized out>) at dump.c​:2119
#15 0x00007ffff63f9077 in S_run_body (my_perl=Unhandled dwarf expression opcode 0x0) at perl.c​:2401
#16 0x00007ffff63f1d5d in perl_run (my_perl=Unhandled dwarf expression opcode 0x0) at perl.c​:2319
#17 0x000000000040481b in main (argc=<value optimized out>, argv=<value optimized out>, env=<value optimized out>) at perlmain.c​:120
(gdb) up 2
#2 0x00007ffff6468366 in Perl_newGP (my_perl=<value optimized out>, gv=<value optimized out>) at gv.c​:164
164 = (PL_curcop && CopFILE(PL_curcop)) ? CopFILE(PL_curcop) : "";
(gdb) l
159 {
160 GP *gp;
161 U32 hash;
162 #ifdef USE_ITHREADS
163 const char *const file
164 = (PL_curcop && CopFILE(PL_curcop)) ? CopFILE(PL_curcop) : "";
165 const STRLEN len = strlen(file);
166 #else
167 SV *const temp_sv = CopFILESV(PL_curcop);
168 const char *file;
(gdb) p PL_curcop
No symbol "PL_curcop" in current context.
(gdb) p *(PerlInterpreter*)0x7ffff4ecf080
$1 = {Istack_sp = 0x7ffff42d3098, Iop = 0x7fffffff33a8, Icurpad = 0x7ffff2c0c598, Istack_base = 0x7ffff42d3098,
  Istack_max = 0x7ffff42d3490, Iscopestack = 0x7ffff3a82a98, Iscopestack_name = 0x7ffff3a82c98,
  Iscopestack_ix = 4, Iscopestack_max = 32, Isavestack = 0x7ffff49ab098, Isavestack_ix = 16,
  Isavestack_max = 680, Itmps_stack = 0x7ffff42d2898, Itmps_ix = 63, Itmps_floor = 63, Itmps_max = 128,
  Imodcount = 1073741837, Imarkstack = 0x7ffff3a82898, Imarkstack_ptr = 0x7ffff3a82898,
  Imarkstack_max = 0x7ffff3a82918, ISv = 0x0, IXpv = 0x0, Ina = 0, Istatbuf = {st_dev = 0, st_ino = 0,
  st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 0, st_blksize = 0,
  st_blocks = 0, st_atim = {tv_sec = 0, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {
  tv_sec = 0, tv_nsec = 0}, __unused = {0, 0, 0}}, Istatcache = {st_dev = 23, st_ino = 6918482, st_nlink = 1,
  st_mode = 33188, st_uid = 1000, st_gid = 1000, __pad0 = 0, st_rdev = 0, st_size = 0, st_blksize = 4096,
  st_blocks = 0, st_atim = {tv_sec = 1331084500, tv_nsec = 216040363}, st_mtim = {tv_sec = 1331084500,
  tv_nsec = 216040363}, st_ctim = {tv_sec = 1331084500, tv_nsec = 216040363}, __unused = {0, 0, 0}},
  Istatgv = 0x0, Istatname = 0x7ffff49a76b0, Itimesbuf = {tms_utime = 0, tms_stime = 0, tms_cutime = 0,
  tms_cstime = 0}, Icurpm = 0x0, Irs = 0x7ffff49a76c8, Ilast_in_gv = 0x0, Iofsgv = 0x7ffff49d7818,
  Idefoutgv = 0x7ffff499b140, Ichopset = 0x7ffff7bbc940 " \n-", Iformtarget = 0x7ffff49a76f8,
  Ibodytarget = 0x7ffff49a76f8, Itoptarget = 0x7ffff49a76e0, Idefstash = 0x7ffff4a370f8,
  Icurstash = 0x7ffff4a370f8, Irestartop = 0x0, Irestartjmpenv = 0x0, Icurcop = 0x7ffff4eba758,
  Icurstack = 0x7ffff49a7698, Icurstackinfo = 0x7ffff2c0ca98, Imainstack = 0x7ffff49a7698,
  Itop_env = 0x7fffffff3280, Istart_env = {je_prev = 0x0, je_buf = {{__jmpbuf = {0, 0, 0, 0, 0, 0, 0, 0},
  __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 16 times>}}}}, je_ret = -1,
  je_mustcatch = true}, Ierrors = 0x7ffff49a7710, Ihv_fetch_ent_mh = 0x0, Ilastgotoprobe = 0x0, Isortcop = 0x0,
  Isortstash = 0x0, Ifirstgv = 0x0, Isecondgv = 0x0, Iefloatbuf = 0x0, Iefloatsize = 0, Ireg_state = {
  re_state_reg_flags = 0, re_state_reg_start_tmpl = 0, re_state_reg_eval_set = 0,
  re_state_reg_match_utf8 = false, re_state_bostr = 0x0, re_state_reginput = 0x0, re_state_regeol = 0x0,
  re_state_regoffs = 0x0, re_state_reglastparen = 0x0, re_state_reglastcloseparen = 0x0,
  re_state_reg_start_tmp = 0x0, re_state_reg_magic = 0x0, re_state_reg_oldcurpm = 0x0,
  re_state_reg_curpm = 0x0, re_state_reg_oldsaved = 0x0, re_state_reg_oldsavedlen = 0,
  re_state_reg_poscache_size = 0, re_state_reg_oldpos = 0, re_state_reg_maxiter = 0, re_state_reg_leftiter = 0,
  re_state_regsize = 0, re_state_reg_poscache = 0x0, re_state_reg_starttry = 0x0}, Iregdummy = {
  flags = 0 '\000', type = 0 '\000', next_off = 0}, Idumpindent = 4, Iutf8locale = true,
  Irehash_seed_set = 171, Icolors = {0xabababababababab <Address 0xabababababababab out of bounds>,
  0xabababababababab <Address 0xabababababababab out of bounds>,
  0xabababababababab <Address 0xabababababababab out of bounds>,
  0xabababababababab <Address 0xabababababababab out of bounds>,
  0xabababababababab <Address 0xabababababababab out of bounds>,
  0xabababababababab <Address 0xabababababababab out of bounds>}, Ipeepp = 0x7ffff2e7bb00 <my_peep>,
  Irpeepp = 0x7ffff2e7c960 <my_rpeep>, Iopfreehook = 0, Iwatchaddr = 0x0, Iwatchok = 0x0, Iregmatch_slab = 0x0,
  Iregmatch_state = 0xabababababababab, Idelaymagic = 0, Ilocalizing = 0 '\000', Icolorset = false,
  Iin_eval = 1 '\001', Itainted = false, Itainting = false, Iperl_destruct_level = 0 '\000',
  Iphase = PERL_PHASE_END, Iperldb = 0, Isignals = 0, Iorigargc = 5, Iorigargv = 0x7fffffffe608,
---Type <return> to continue, or q <return> to quit---
  Ienvgv = 0x7ffff4a370e0, Iincgv = 0x7ffff49cf2a8, Ihintgv = 0x7ffff49e5218,
  Iorigfilename = 0x7ffff2c00998 "-e", Idiehook = 0x0, Iwarnhook = 0x0, Ipatchlevel = 0x7ffff49a19b0,
  Iapiversion = 0x7ffff49a1a88, Ilocalpatches = 0x7ffff7dd7780, Isplitstr = 0x7ffff7bbc980 " ", Iminus_c = false,
  Iminus_n = false, Iminus_p = false, Iminus_l = false, Iminus_a = false, Iminus_F = false, Idoswitches = false,
  Iminus_E = false, Idowarn = 8 '\b', Isawampersand = false, Iunsafe = false, Iexit_flags = 2 '\002',
  Ireginterp_cnt = 0, Iinplace = 0x0, Ie_script = 0x0, Ibasetime = 1331138355, Iformfeed = 0x0, Imaxsysfd = 2,
  Istatusvalue = 0, Istatusvalue_posix = 0, Isig_pending = 0, Ipsig_pend = 0x7ffff3a82698,
  Istdingv = 0x7ffff499c070, Istderrgv = 0x7ffff499b740, Idefgv = 0x7ffff4a37c20, Iargvgv = 0x7ffff499b500,
  Iargvoutgv = 0x0, Iargvout_stack = 0x0, Ireplgv = 0x7ffff49d7ab8, Ierrgv = 0x7ffff4a0b5a8, IDBgv = 0x0,
  IDBline = 0x0, IDBsub = 0x0, IDBsingle = 0x0, IDBtrace = 0x0, IDBsignal = 0x0, Idbargs = 0x0,
  Idebstash = 0x7ffff4a09e78, Iglobalstash = 0x7ffff49d7e18, Icurstname = 0x7ffff49a7200,
  Ibeginav = 0x7ffff49a7218, Iendav = 0x7ffff49a7230, Iunitcheckav = 0x0, Icheckav = 0x7ffff49a7248,
  Iinitav = 0x7ffff49a7260, Istrtab = 0x7ffff4a370b0, Isub_generation = 5, Iforkprocess = 0, Isv_count = 3677,
  Isv_objcount = 3, Isv_root = 0x7ffff49a7c50, Isv_arenaroot = 0x7ffff49a7098, Ifdpid = 0x7ffff49a72d8,
  Iop_mask = 0x0, Imain_cv = 0x7ffff49a72f0, Imain_root = 0x7ffff2cbe080, Imain_start = 0x7ffff2cbe680,
  Ieval_root = 0x7fffffff33a8, Ieval_start = 0x7ffff2d0b480, Icurcopdb = 0x0, Ifilemode = 0, Ilastfd = 0,
  Ioldname = 0x0, IArgv = 0x0, ICmd = 0x0, Ipreambleav = 0x0, Imess_sv = 0x0, Iors_sv = 0x0, Igensym = 0,
  Icv_has_eval = 171, Itaint_warn = false, Ilaststype = 252, Ilaststatval = 0, Iexitlistlen = 0, Iexitlist = 0x0,
  Imodglobal = 0x7ffff49a7368, Iprofiledata = 0x0, Icompiling = {op_next = 0x0, op_sibling = 0x0, op_ppaddr = 0,
  op_targ = 0, op_type = 0, op_opt = 0, op_latefree = 0, op_latefreed = 0, op_attached = 0, op_spare = 0,
  op_flags = 0 '\000', op_private = 0 '\000', cop_line = 0, cop_stashpv = 0x7ffff2cc6980 "main",
  cop_file = 0x7ffff2cc6a80 "-e", cop_stashflags = 0, cop_hints = 0, cop_seq = 0, cop_warnings = 0x0,
  cop_hints_hash = 0x0}, Icompcv = 0x0, Icomppad = 0x7ffff49a7338, Icomppad_name = 0x7ffff49a7320,
  Icomppad_name_fill = -1, Icomppad_name_floor = 0, IDBcv = 0x0, Igeneration = 138, Iin_clean_objs = false,
  Iin_clean_all = false, Inomemok = false, Isavebegin = 171, Idelaymagic_uid = 0, Idelaymagic_euid = 0,
  Idelaymagic_gid = 0, Idelaymagic_egid = 0, Ian = 0, Icop_seqmax = 444, Ievalseq = 1, Iorigalen = 1786,
  Iorigenviron = 0x7fffffffe638, Iosname = 0x7ffff2c0c698 "linux",
  Isighandlerp = 0x7ffff6bfd0a0 <Perl_sighandler>, Ibody_roots = {0x7ffff49ad440, 0x0, 0x0, 0x7ffff49cd0a0,
  0x7ffff4ed9978, 0x0, 0x7ffff4ed77b8, 0x7ffff49a5608, 0x7ffff49c7de0, 0x7ffff49a3b48, 0x0, 0x7ffff49fb098,
  0x7ffff49f9f98, 0x7ffff4999780, 0x0, 0x7ffff4ed82b8}, Iunicode = 0, Imaxo = 374,
  Irunops = 0x7ffff6a9dd60 <Perl_runops_debug>, Isv_undef = {sv_any = 0x0, sv_refcnt = 2147485851,
  sv_flags = 134217728, sv_u = {svu_pv = 0xabababababababab <Address 0xabababababababab out of bounds>,
  svu_iv = -6076574518398440533, svu_uv = 12370169555311111083, svu_rv = 0xabababababababab,
  svu_array = 0xabababababababab, svu_hash = 0xabababababababab, svu_gp = 0xabababababababab,
  svu_fp = 0xabababababababab}}, Isv_no = {sv_any = 0x7ffff4ed00a8, sv_refcnt = 2147483647,
  sv_flags = 134248198, sv_u = {svu_pv = 0x7ffff2cc6798 "", svu_iv = 140737266870168, svu_uv = 140737266870168,
  svu_rv = 0x7ffff2cc6798, svu_array = 0x7ffff2cc6798, svu_hash = 0x7ffff2cc6798, svu_gp = 0x7ffff2cc6798,
  svu_fp = 0x7ffff2cc6798}}, Isv_yes = {sv_any = 0x7ffff4ed0088, sv_refcnt = 2147483651,
  sv_flags = 134248198, sv_u = {svu_pv = 0x7ffff2cc6898 "1", svu_iv = 140737266870424,
  svu_uv = 140737266870424, svu_rv = 0x7ffff2cc6898, svu_array = 0x7ffff2cc6898, svu_hash = 0x7ffff2cc6898,
---Type <return> to continue, or q <return> to quit---
  svu_gp = 0x7ffff2cc6898, svu_fp = 0x7ffff2cc6898}}, Isubname = 0x7ffff49a7380, Isubline = 0,
  Imin_intro_pending = 0, Imax_intro_pending = 0, Ipadix = 3, Ipadix_floor = 0, Ihints = 256, Idebug = 0,
  Ibreakable_sub_gen = 2880154539, Iamagic_generation = 1, Icollation_name = 0x7ffff2c0c898 "en_US.UTF-8",
  Icollxfrm_base = 2, Icollxfrm_mult = 3, Icollation_ix = 1, Icollation_standard = false,
  Iutf8cache = -85 '\253', Inumeric_standard = true, Inumeric_local = false,
  Inumeric_name = 0x7ffff2c0c998 "en_US.UTF-8", Inumeric_radix_sv = 0x0, IASCII = 0x7ffff49a7398,
  ILatin1 = 0x7ffff49a73b0, IAboveLatin1 = 0x7ffff49a7680, IPerlSpace = 0x7ffff49a73c8,
  IXPerlSpace = 0x7ffff49a73e0, IL1PosixAlnum = 0x7ffff49a73f8, IPosixAlnum = 0x7ffff49a7410,
  IL1PosixAlpha = 0x7ffff49a7428, IPosixAlpha = 0x7ffff49a7440, IPosixBlank = 0x7ffff49a7458,
  IXPosixBlank = 0x7ffff49a7470, IL1Cased = 0x7ffff49a7488, IPosixCntrl = 0x7ffff49a74a0,
  IXPosixCntrl = 0x7ffff49a74b8, IPosixDigit = 0x7ffff49a74d0, IL1PosixGraph = 0x7ffff49a74e8,
  IPosixGraph = 0x7ffff49a7500, IL1PosixLower = 0x7ffff49a7518, IPosixLower = 0x7ffff49a7530,
  IL1PosixPrint = 0x7ffff49a7548, IPosixPrint = 0x7ffff49a7560, IL1PosixPunct = 0x7ffff49a7578,
  IPosixPunct = 0x7ffff49a7590, IPosixSpace = 0x7ffff49a75a8, IXPosixSpace = 0x7ffff49a75c0,
  IL1PosixUpper = 0x7ffff49a75d8, IPosixUpper = 0x7ffff49a75f0, IL1PosixWord = 0x7ffff49a7608,
  IPosixWord = 0x7ffff49a7620, IPosixXDigit = 0x7ffff49a7638, IXPosixXDigit = 0x7ffff49a7650,
  IVertSpace = 0x7ffff49a7668, Iutf8_alnum = 0x0, Iutf8_alpha = 0x0, Iutf8_space = 0x0, Iutf8_graph = 0x0,
  Iutf8_digit = 0x0, Iutf8_upper = 0x0, Iutf8_lower = 0x0, Iutf8_print = 0x0, Iutf8_punct = 0x0,
  Iutf8_xdigit = 0x0, Iutf8_mark = 0x0, Iutf8_X_begin = 0x0, Iutf8_X_extend = 0x0, Iutf8_X_prepend = 0x0,
  Iutf8_X_non_hangul = 0x0, Iutf8_X_L = 0x0, Iutf8_X_LV = 0x0, Iutf8_X_LVT = 0x0, Iutf8_X_T = 0x0,
  Iutf8_X_V = 0x0, Iutf8_X_LV_LVT_V = 0x0, Iutf8_toupper = 0x0, Iutf8_totitle = 0x0, Iutf8_tolower = 0x0,
  Iutf8_tofold = 0x0, Iutf8_quotemeta = 0x0, Ilast_swash_hv = 0x0, Ilast_swash_tmps = 0x0, Ilast_swash_slen = 0,
  Ilast_swash_key = "\000\253\253\253\253\253\253\253\253\253\253\253", Ilast_swash_klen = 0 '\000',
  Ipad_reset_pending = false, Isrand_called = false, Iin_load_module = false, Iparser = 0x0,
  Ipsig_ptr = 0x7ffff42d22c0, Ipsig_name = 0x7ffff42d2098, Iptr_table = 0x0, Ibeginav_save = 0x0,
  Ibody_arenas = 0x7ffff4a21098, Iregex_pad = 0x7ffff3a7f298, Iregex_padav = 0x7ffff49a1aa0,
  Ireentrant_buffer = 0x7ffff36cb498, Icustom_op_names = 0x0, Icustom_op_descs = 0x0, Iperlio = 0x7ffff4ed1098,
  Iknown_layers = 0x7ffff2cc6b98, Idef_layerlist = 0x7ffff2cc6c98, Iencoding = 0x0, Idebug_pad = {pad = {{
  sv_any = 0x7ffff4ed9548, sv_refcnt = 0, sv_flags = 17412, sv_u = {svu_pv = 0x7ffff2c00f98 "",
  svu_iv = 140737266061208, svu_uv = 140737266061208, svu_rv = 0x7ffff2c00f98,
  svu_array = 0x7ffff2c00f98, svu_hash = 0x7ffff2c00f98, svu_gp = 0x7ffff2c00f98,
  svu_fp = 0x7ffff2c00f98}}, {sv_any = 0x7ffff4ed9558, sv_refcnt = 0, sv_flags = 17412, sv_u = {
  svu_pv = 0x7ffff2c01098 "", svu_iv = 140737266061464, svu_uv = 140737266061464,
  svu_rv = 0x7ffff2c01098, svu_array = 0x7ffff2c01098, svu_hash = 0x7ffff2c01098,
  svu_gp = 0x7ffff2c01098, svu_fp = 0x7ffff2c01098}}, {sv_any = 0x7ffff4ed9568, sv_refcnt = 0,
  sv_flags = 17412, sv_u = {svu_pv = 0x7ffff2c01198 "", svu_iv = 140737266061720, svu_uv = 140737266061720,
  svu_rv = 0x7ffff2c01198, svu_array = 0x7ffff2c01198, svu_hash = 0x7ffff2c01198,
  svu_gp = 0x7ffff2c01198, svu_fp = 0x7ffff2c01198}}}}, Iutf8_idstart = 0x0, Iutf8_idcont = 0x0,
  Iutf8_xidstart = 0x0, Iutf8_perl_idstart = 0x0, Iutf8_xidcont = 0x0, Isort_RealCmp = 0, Icheckav_save = 0x0,
  Iunitcheckav_save = 0x0, Iclocktick = 100, Istashcache = 0x7ffff49a7728,
---Type <return> to continue, or q <return> to quit---
  Isharehook = 0x7ffff6b31750 <Perl_sv_nosharing>, Ilockhook = 0x7ffff6b31750 <Perl_sv_nosharing>,
  Iunlockhook = 0x7ffff7a83250 <Perl_sv_nounlocking>, Ithreadhook = 0x7ffff63bada0 <Perl_nothreadhook>,
  Idestroyhook = 0x7ffff6b31910 <Perl_sv_destroyable>, Isignalhook = 0x7ffff6ba9210 <Perl_despatch_signals>,
  Ihash_seed = 0, Irehash_seed = 17663680354852133593, Iisarev = 0x7ffff49a7278,
  Iregistered_mros = 0x7ffff49a7740, Iblockhooks = 0x7ffff49a7788, Iutf8_foldclosures = 0x0,
  Iutf8_foldable = 0x0, Icustom_ops = 0x0, Iglobhook = 0, Iglob_index = 0, Ireentrant_retint = 0,
  Imy_cxt_list = 0x7ffff3a82498, Imy_cxt_size = 16, Imemory_debug_header = {interpreter = 0x7ffff4ecf080,
  prev = 0x7ffff4a21080, next = 0x7ffff2c10a80}}
(gdb) p *(PerlInterpreter*)0x7ffff4ecf080->Icur
Icurcop Icurpad Icurstack Icurstash
Icurcopdb Icurpm Icurstackinfo Icurstname
(gdb) p *(PerlInterpreter*)0x7ffff4ecf080->Icurcop
Attempt to extract a component of a value that is not a structure pointer.
(gdb) p (PerlInterpreter*)0x7ffff4ecf080->Icurcop
Attempt to extract a component of a value that is not a structure pointer.
(gdb) p ((PerlInterpreter*)0x7ffff4ecf080)->Icurcop
$2 = (COP *) 0x7ffff4eba758
(gdb) p *((PerlInterpreter*)0x7ffff4ecf080)->Icurcop
$3 = {op_next = 0x0, op_sibling = 0x0, op_ppaddr = 0, op_targ = 0, op_type =
0, op_opt = 0, op_latefree = 0,
  op_latefreed = 0, op_attached = 0, op_spare = 0, op_flags = 0 '\000',
op_private = 0 '\000', cop_line = 0,
  cop_stashpv = 0x7ffff46bfc80 "\002\342@​\200\377\177", cop_file = 0x0,
cop_stashflags = 0, cop_hints = 0,
  cop_seq = 0, cop_warnings = 0x0, cop_hints_hash = 0x0}
(gdb)

Flags​:
  category=core
  severity=medium

Site configuration information for perl 5.15.8​:

Configured by rurban at Tue Mar 6 19​:21​:22 CST 2012.

Summary of my perl5 (revision 5 version 15 subversion 8) configuration​:
  Derived from​: cf6c0815c23de4458d8b435adf61c1629dce4be3
  Platform​:
  osname=linux, osvers=3.0.0-1-amd64, archname=x86_64-linux-thread-multi-debug-asan
  uname='linux reini 3.0.0-1-amd64 #1 smp sun jul 24 02​:24​:44 utc 2011 x86_64 gnulinux '
  config_args='-de -Dusedevel -Dinstallman1dir=none -Dinstallman3dir=none -Dinstallsiteman1dir=none -Dinstallsiteman3dir=none -Dmksymlinks -DEBUGGING -Doptimize=-g3 -Duseithreads -D'cc=/home/rurban/Software/llvm-svn152121/projects/compiler-rt/lib/asan_clang_linux/bin/clang' -A'ccflags=-faddress-sanitizer' -A'ldflags=-faddress-sanitizer' -A'ccflags=-mllvm\ -asan-blacklist=/usr/src/perl/asan_blacklist.ignore' -Dcf_email='rurban@​cpanel.net' -Dperladmin='rurban@​cpanel.net' -Duseshrplib'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=define, usemultiplicity=define
  useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='/home/rurban/Software/llvm-svn152121/projects/compiler-rt/lib/asan_clang_linux/bin/clang', ccflags ='-D_REENTRANT -D_GNU_SOURCE -faddress-sanitizer -mllvm -asan-blacklist=/usr/src/perl/asan_blacklist.ignore -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-g3',
  cppflags='-D_REENTRANT -D_GNU_SOURCE -faddress-sanitizer -asan-blacklist=/usr/src/perl/asan_blacklist.ignore -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
  ccversion='', gccversion='4.2.1 Compatible Clang 3.1 (trunk 152121)', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='/home/rurban/Software/llvm-svn152121/projects/compiler-rt/lib/asan_clang_linux/bin/clang', ldflags =' -faddress-sanitizer -fstack-protector -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib /usr/lib/x86_64-linux-gnu /lib64 /usr/lib64
  libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc -lgdbm_compat
  perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
  libc=, so=so, useshrplib=true, libperl=libperl.so
  gnulibc_version='2.13'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/local/lib/perl5/5.15.8/x86_64-linux-thread-multi-debug-asan/CORE'
  cccdlflags='-fPIC', lddlflags='-shared -g3 -L/usr/local/lib -fstack-protector'

Locally applied patches​:
 

@​INC for perl 5.15.8​:
  /usr/local/lib/perl5/site_perl/5.15.8/x86_64-linux-thread-multi-debug-asan
  /usr/local/lib/perl5/site_perl/5.15.8
  /usr/local/lib/perl5/5.15.8/x86_64-linux-thread-multi-debug-asan
  /usr/local/lib/perl5/5.15.8
  /usr/local/lib/perl5/site_perl
  .

Environment for perl 5.15.8​:
  HOME=/home/rurban
  LANG=en_US.UTF-8
  LANGUAGE (unset)
  LD_LIBRARY_PATH=/usr/src/perl/build-5.15.8d-asan
  LOGDIR (unset)
  PATH=/home/rurban/bin​:/usr/local/bin​:/usr/bin​:/bin​:/usr/local/games​:/usr/games
  PERL_BADLANG (unset)
  SHELL=/bin/bash

From @rurban

XS​::APItest​::clone_with_stack() fails threaded with heap-use-after-
free on address 0x7fd35fa6c788, which is PL_curcop at Perl_newGP in the
final destruct END method. This ptr has to be protected somehow.

Fixed by the patch in
http​://www.nntp.perl.org/group/perl.perl5.porters/2012/05/msg187161.html

The RT System itself - Status changed from 'new' to 'open'

From @cpansprout

On Tue Jun 05 12​:01​:24 2012, rurban wrote​:

XS​::APItest​::clone_with_stack() fails threaded with heap-use-after-
free on address 0x7fd35fa6c788, which is PL_curcop at Perl_newGP in the
final destruct END method. This ptr has to be protected somehow.

Fixed by the patch in
http​://www.nntp.perl.org/group/perl.perl5.porters/2012/05/msg187161.html

Where Michael Shroeder asked​:

So, is the attached patch correct or is that a bad way to
fix this problem?

It took me a little while to figure out what it was doing, but it does
look correct to me.

I have applied it now as 4a808ed. I used your (Michael’s) message as
the basis for the commit message, but I expanded it slightly to explain
that blk_oldcop is pointing to PL_compiling.

--

Father Chrysostomos

@cpansprout - Status changed from 'open' to 'resolved'

From @rurban

The regression fix in 4a808ed needs to be cherry-picked for maint-5.16.
smoke-me/rjbs/maint-5.16 still fails on this.
--
Reini Urban

From [Unknown Contact. See original ticket]

The regression fix in 4a808ed needs to be cherry-picked for maint-5.16.
smoke-me/rjbs/maint-5.16 still fails on this.
--
Reini Urban