Skip to content

Objects/call.c:342: PyObject *_PyObject_Call(PyThreadState *, PyObject *, PyObject *, PyObject *): Assertion `!_PyErr_Occurred(tstate)' failed. #113602

New issue
New issue
Closed
Closed
Objects/call.c:342: PyObject *_PyObject_Call(PyThreadState *, PyObject *, PyObject *, PyObject *): Assertion `!_PyErr_Occurred(tstate)' failed.#113602
Labels
interpreter-core(Objects, Python, Grammar, and Parser dirs)type-bugAn unexpected behavior, bug, or errortype-crashA hard crash of the interpreter, possibly with a core dump
@alex

Description

@alex
alex
opened on Dec 31, 2023

Bug report

Bug description:

The fuzz_pycompile fuzzer identified an assertion failure:
(https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65451 - which should unembargo itself "soon" now that this is fixed)


Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/a64c8acb44b2e25736a340a8e5865db3E.-6.ADDR.0.INSTR.[UNKNOWN].fuzz
--
  | fuzz_pycompile: Objects/call.c:342: PyObject *_PyObject_Call(PyThreadState *, PyObject *, PyObject *, PyObject *): Assertion `!_PyErr_Occurred(tstate)' failed.
  | ==65602== ERROR: libFuzzer: deadly signal
  | #0 0x553b61 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
  | #1 0x472678 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
  | #2 0x457353 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
  | #3 0x79a033e1441f in libpthread.so.0
  | #4 0x79a033c2a00a in __libc_signal_restore_set /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/internal-signals.h:86:3
  | #5 0x79a033c2a00a in raise /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:48:3
  | #6 0x79a033c09858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7
  | #7 0x79a033c09728 in __assert_fail_base /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:92:3
  | #8 0x79a033c1afd5 in __assert_fail /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:101:3
  | #9 0xbaee90 in _PyObject_Call cpython3/Objects/call.c:342:5
  | #10 0xbaf0d0 in PyObject_Call cpython3/Objects/call.c:373:12
  | #11 0x85175e in PyErr_SetFromErrnoWithFilenameObjects cpython3/Python/errors.c:874:13
  | #12 0x851551 in PyErr_SetFromErrnoWithFilenameObject cpython3/Python/errors.c:785:12
  | #13 0x9a1acd in _Py_fopen_obj cpython3/Python/fileutils.c:1832:9
  | #14 0x8581b4 in _PyErr_ProgramDecodedTextObject cpython3/Python/errors.c:1924:16
  | #15 0xdbb0d2 in _PyPegen_raise_error_known_location cpython3/Parser/pegen_errors.c:336:22
  | #16 0xdcc92b in RAISE_ERROR_KNOWN_LOCATION cpython3/Parser/pegen.h:182:5
  | #17 0xe4fc58 in invalid_class_pattern_rule cpython3/Parser/parser.c:23691:20
  | #18 0xe49692 in class_pattern_rule cpython3/Parser/parser.c:10330:42
  | #19 0xe45d6f in closed_pattern_rule cpython3/Parser/parser.c:8166:34
  | #20 0xe43704 in _gather_65_rule cpython3/Parser/parser.c:29094:21
  | #21 0xe43704 in or_pattern_rule cpython3/Parser/parser.c:7969:44
  | #22 0xe40db8 in as_pattern_rule cpython3/Parser/parser.c:7885:24
  | #23 0xe40db8 in pattern_rule cpython3/Parser/parser.c:7817:31
  | #24 0xe46ffb in group_pattern_rule cpython3/Parser/parser.c:9388:24
  | #25 0xe45437 in closed_pattern_rule cpython3/Parser/parser.c:8109:34
  | #26 0xe43704 in _gather_65_rule cpython3/Parser/parser.c:29094:21
  | #27 0xe43704 in or_pattern_rule cpython3/Parser/parser.c:7969:44
  | #28 0xe40db8 in as_pattern_rule cpython3/Parser/parser.c:7885:24
  | #29 0xe40db8 in pattern_rule cpython3/Parser/parser.c:7817:31
  | #30 0xe41b27 in maybe_star_pattern_rule cpython3/Parser/parser.c:9654:28
  | #31 0xe4075e in open_sequence_pattern_rule cpython3/Parser/parser.c:9541:24
  | #32 0xe40064 in patterns_rule cpython3/Parser/parser.c:7746:44
  | #33 0xe3e8ce in invalid_case_block_rule cpython3/Parser/parser.c:23514:29
  | #34 0xe3e8ce in case_block_rule cpython3/Parser/parser.c:7617:39
  | #35 0xe3e8ce in _loop1_64_rule cpython3/Parser/parser.c:28954:31
  | #36 0xdcb16f in match_stmt_rule cpython3/Parser/parser.c:7458:44
  | #37 0xdc1f10 in compound_stmt_rule cpython3/Parser/parser.c:2244:31
  | #38 0xdc0a62 in statement_rule cpython3/Parser/parser.c:1405:18
  | #39 0xdc0a62 in _loop1_3_rule cpython3/Parser/parser.c:25234:30
  | #40 0xdc0a62 in statements_rule cpython3/Parser/parser.c:1362:18
  | #41 0xdbcccd in file_rule cpython3/Parser/parser.c:1164:18
  | #42 0xdbcccd in _PyPegen_parse cpython3/Parser/parser.c:41840:18
  | #43 0xdb83b5 in _PyPegen_run_parser cpython3/Parser/pegen.c:857:9
  | #44 0xdb8d48 in _PyPegen_run_parser_from_string cpython3/Parser/pegen.c:965:14
  | #45 0xb2e517 in _PyParser_ASTFromString cpython3/Parser/peg_api.c:13:21
  | #46 0x92ea85 in Py_CompileStringObject cpython3/Python/pythonrun.c:1437:11
  | #47 0x92ebf4 in Py_CompileStringExFlags cpython3/Python/pythonrun.c:1465:10
  | #48 0x5874d1 in fuzz_pycompile cpython3/Modules/_xxtestfuzz/fuzzer.c:550:24
  | #49 0x5874d1 in _run_fuzz cpython3/Modules/_xxtestfuzz/fuzzer.c:563:14
  | #50 0x5874d1 in LLVMFuzzerTestOneInput cpython3/Modules/_xxtestfuzz/fuzzer.c:704:11
  | #51 0x4588f3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
  | #52 0x444052 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
  | #53 0x4498fc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
  | #54 0x472e32 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
  | #55 0x79a033c0b082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
  | #56 0x43a21d in _start


<br class="Apple-interchange-newline">Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/a64c8acb44b2e25736a340a8e5865db3E.-6.ADDR.0.INSTR.[UNKNOWN].fuzz
fuzz_pycompile: Objects/call.c:342: PyObject *_PyObject_Call(PyThreadState *, PyObject *, PyObject *, PyObject *): Assertion `!_PyErr_Occurred(tstate)' failed.
==65602== ERROR: libFuzzer: deadly signal
    #0 0x553b61 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
    #1 0x472678 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
    #2 0x457353 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
    #3 0x79a033e1441f in libpthread.so.0
    #4 0x79a033c2a00a in __libc_signal_restore_set /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/internal-signals.h:86:3
    #5 0x79a033c2a00a in raise /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:48:3
    #6 0x79a033c09858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7
    #7 0x79a033c09728 in __assert_fail_base /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:92:3
    #8 0x79a033c1afd5 in __assert_fail /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:101:3
    #9 0xbaee90 in _PyObject_Call [cpython3/Objects/call.c:342](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Objects/call.c#L342):5
    #10 0xbaf0d0 in PyObject_Call [cpython3/Objects/call.c:373](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Objects/call.c#L373):12
    #11 0x85175e in PyErr_SetFromErrnoWithFilenameObjects [cpython3/Python/errors.c:874](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Python/errors.c#L874):13
    #12 0x851551 in PyErr_SetFromErrnoWithFilenameObject [cpython3/Python/errors.c:785](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Python/errors.c#L785):12
    #13 0x9a1acd in _Py_fopen_obj [cpython3/Python/fileutils.c:1832](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Python/fileutils.c#L1832):9
    #14 0x8581b4 in _PyErr_ProgramDecodedTextObject [cpython3/Python/errors.c:1924](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Python/errors.c#L1924):16
    #15 0xdbb0d2 in _PyPegen_raise_error_known_location [cpython3/Parser/pegen_errors.c:336](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/pegen_errors.c#L336):22
    #16 0xdcc92b in RAISE_ERROR_KNOWN_LOCATION [cpython3/Parser/pegen.h:182](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/pegen.h#L182):5
    #17 0xe4fc58 in invalid_class_pattern_rule [cpython3/Parser/parser.c:23691](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L23691):20
    #18 0xe49692 in class_pattern_rule [cpython3/Parser/parser.c:10330](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L10330):42
    #19 0xe45d6f in closed_pattern_rule [cpython3/Parser/parser.c:8166](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L8166):34
    #20 0xe43704 in _gather_65_rule [cpython3/Parser/parser.c:29094](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L29094):21
    #21 0xe43704 in or_pattern_rule [cpython3/Parser/parser.c:7969](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L7969):44
    #22 0xe40db8 in as_pattern_rule [cpython3/Parser/parser.c:7885](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L7885):24
    #23 0xe40db8 in pattern_rule [cpython3/Parser/parser.c:7817](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L7817):31
    #24 0xe46ffb in group_pattern_rule [cpython3/Parser/parser.c:9388](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L9388):24
    #25 0xe45437 in closed_pattern_rule [cpython3/Parser/parser.c:8109](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L8109):34
    #26 0xe43704 in _gather_65_rule [cpython3/Parser/parser.c:29094](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L29094):21
    #27 0xe43704 in or_pattern_rule [cpython3/Parser/parser.c:7969](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L7969):44
    #28 0xe40db8 in as_pattern_rule [cpython3/Parser/parser.c:7885](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L7885):24
    #29 0xe40db8 in pattern_rule [cpython3/Parser/parser.c:7817](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L7817):31
    #30 0xe41b27 in maybe_star_pattern_rule [cpython3/Parser/parser.c:9654](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L9654):28
    #31 0xe4075e in open_sequence_pattern_rule [cpython3/Parser/parser.c:9541](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L9541):24
    #32 0xe40064 in patterns_rule [cpython3/Parser/parser.c:7746](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L7746):44
    #33 0xe3e8ce in invalid_case_block_rule [cpython3/Parser/parser.c:23514](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L23514):29
    #34 0xe3e8ce in case_block_rule [cpython3/Parser/parser.c:7617](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L7617):39
    #35 0xe3e8ce in _loop1_64_rule [cpython3/Parser/parser.c:28954](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L28954):31
    #36 0xdcb16f in match_stmt_rule [cpython3/Parser/parser.c:7458](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L7458):44
    #37 0xdc1f10 in compound_stmt_rule [cpython3/Parser/parser.c:2244](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L2244):31
    #38 0xdc0a62 in statement_rule [cpython3/Parser/parser.c:1405](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L1405):18
    #39 0xdc0a62 in _loop1_3_rule [cpython3/Parser/parser.c:25234](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L25234):30
    #40 0xdc0a62 in statements_rule [cpython3/Parser/parser.c:1362](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L1362):18
    #41 0xdbcccd in file_rule [cpython3/Parser/parser.c:1164](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L1164):18
    #42 0xdbcccd in _PyPegen_parse [cpython3/Parser/parser.c:41840](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/parser.c#L41840):18
    #43 0xdb83b5 in _PyPegen_run_parser [cpython3/Parser/pegen.c:857](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/pegen.c#L857):9
    #44 0xdb8d48 in _PyPegen_run_parser_from_string [cpython3/Parser/pegen.c:965](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/pegen.c#L965):14
    #45 0xb2e517 in _PyParser_ASTFromString [cpython3/Parser/peg_api.c:13](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Parser/peg_api.c#L13):21
    #46 0x92ea85 in Py_CompileStringObject [cpython3/Python/pythonrun.c:1437](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Python/pythonrun.c#L1437):11
    #47 0x92ebf4 in Py_CompileStringExFlags [cpython3/Python/pythonrun.c:1465](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Python/pythonrun.c#L1465):10
    #48 0x5874d1 in fuzz_pycompile [cpython3/Modules/_xxtestfuzz/fuzzer.c:550](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Modules/_xxtestfuzz/fuzzer.c#L550):24
    #49 0x5874d1 in _run_fuzz [cpython3/Modules/_xxtestfuzz/fuzzer.c:563](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Modules/_xxtestfuzz/fuzzer.c#L563):14
    #50 0x5874d1 in LLVMFuzzerTestOneInput [cpython3/Modules/_xxtestfuzz/fuzzer.c:704](https://github.com/python/cpython/blob/f46987b8281148503568516c29a4a04a75aaba8d/Modules/_xxtestfuzz/fuzzer.c#L704):11
    #51 0x4588f3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #52 0x444052 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #53 0x4498fc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
    #54 0x472e32 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #55 0x79a033c0b082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
    #56 0x43a21d in _start

Reproducer (note that the first two bytes are metadata for the fuzzer):

00000000: 2020 6d61 7463 6820 793a 0a20 6361 7365    match y:. case
00000010: 2065 2865 3d76 2c76 2c                    e(e=v,v,

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux

Linked PRs

Metadata

Metadata

Assignees

No one assigned

    Labels

    interpreter-core(Objects, Python, Grammar, and Parser dirs)type-bugAn unexpected behavior, bug, or errortype-crashA hard crash of the interpreter, possibly with a core dump

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions