Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

runtime: fatal error: found bad pointer in Go heap (incorrect use of unsafe or cgo?) on 386 FreeBSD after CL 138595 #28054

Open
paulzhol opened this issue Oct 6, 2018 · 1 comment
Open

runtime: fatal error: found bad pointer in Go heap (incorrect use of unsafe or cgo?) on 386 FreeBSD after CL 138595 #28054

paulzhol opened this issue Oct 6, 2018 · 1 comment
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-FreeBSD
Milestone
Backlog

Comments

@paulzhol
Copy link
Member

paulzhol commented Oct 6, 2018

https://build.golang.org/log/dc8386895fee1c38f34eb9376c42f013617a2b29
https://build.golang.org/log/0c46001a74e64da259c54f716f30cc5455b97788
https://build.golang.org/log/8d212ce13ba6fc50c4ca2f0ecc386624164e7913

runtime: pointer 0x39d9a000 to unallocated span span.base()=0x39d9a000 span.limit=0x0 span.state=3
runtime: found in object at *(0x39ab2c78+0x4)
object=0x39ab2c78 s.base()=0x39aac000 s.limit=0x39ab4000 s.spanclass=0 s.elemsize=16384 s.state=mSpanManual
 *(object+0) = 0x39d911b0
 *(object+4) = 0x39d9a000 <==
 *(object+8) = 0x39d91008
 *(object+12) = 0x39d98000
 *(object+16) = 0x39d91000
 *(object+20) = 0x39d91008
 *(object+24) = 0x100
 *(object+28) = 0x100
 *(object+32) = 0x80ae0ca
 *(object+36) = 0x39d91000
 *(object+40) = 0x1b0
 *(object+44) = 0x800
 *(object+48) = 0x39d98000
 *(object+52) = 0x2000
 *(object+56) = 0x2000
 *(object+60) = 0x0
 *(object+64) = 0x0
 *(object+68) = 0x800
 *(object+72) = 0x0
 *(object+76) = 0x39d91000
 *(object+80) = 0x0
 *(object+84) = 0x80ac08b
 *(object+88) = 0x3
 *(object+92) = 0x39d98000
 *(object+96) = 0x2000
 *(object+100) = 0x2000
 *(object+104) = 0x39ab2cf0
 *(object+108) = 0x806e103
 *(object+112) = 0x3988e10c
 *(object+116) = 0x39ab2d04
 *(object+120) = 0x0
 *(object+124) = 0x0
 *(object+128) = 0x80c68c4
 *(object+132) = 0x3
 *(object+136) = 0x39d98000
 *(object+140) = 0x2000
 *(object+144) = 0x2000
 *(object+148) = 0x844d520
 *(object+152) = 0x39bde301
 *(object+156) = 0x39a63880
 *(object+160) = 0x80c8a7f
 *(object+164) = 0x399c9980
 *(object+168) = 0x39d98000
 *(object+172) = 0x2000
 *(object+176) = 0x2000
 *(object+180) = 0x0
 *(object+184) = 0x0
 *(object+188) = 0x0
 *(object+192) = 0x8
 *(object+196) = 0x8075ec8
 *(object+200) = 0x845d740
 *(object+204) = 0x2
 *(object+208) = 0x845a840
 *(object+212) = 0x8443380
 *(object+216) = 0x0
 *(object+220) = 0x64
 *(object+224) = 0x2
 *(object+228) = 0x39c53b00
 *(object+232) = 0x39a63880
 *(object+236) = 0x80c8647
 *(object+240) = 0x39bde370
 *(object+244) = 0xffffffff
 *(object+248) = 0x845a840
 *(object+252) = 0x80cd731
 *(object+256) = 0x845a840
 *(object+260) = 0x399c9980
 *(object+264) = 0x8443380
 *(object+268) = 0x80c86fc
 *(object+272) = 0x39bde370
 *(object+276) = 0xffffffff
 *(object+280) = 0x0
 *(object+284) = 0x39bde370
 *(object+288) = 0x80cd8f4
 *(object+292) = 0x3
 *(object+296) = 0x39d734d0
 *(object+300) = 0x21
 *(object+304) = 0x1
 *(object+308) = 0x39bde370
 *(object+312) = 0x0
 *(object+316) = 0x0
 *(object+320) = 0x21
 *(object+324) = 0x0
 *(object+328) = 0x0
 *(object+332) = 0x39d73540
 *(object+336) = 0x80cbe37
 *(object+340) = 0x39d734d0
 *(object+344) = 0x21
 *(object+348) = 0x0
 *(object+352) = 0x39d734d0
 *(object+356) = 0x39bde370
 *(object+360) = 0x0
 *(object+364) = 0x0
 *(object+368) = 0x80c85b7
 *(object+372) = 0x39bde370
 *(object+376) = 0xffffffff
 *(object+380) = 0x0
 *(object+384) = 0x0
 *(object+388) = 0x39bde370
 *(object+392) = 0x0
 *(object+396) = 0x0
 *(object+400) = 0x81394bf
 *(object+404) = 0x39bde370
 *(object+408) = 0xffffffff
 *(object+412) = 0x39bde370
 *(object+416) = 0x0
 *(object+420) = 0x0
 *(object+424) = 0x39d73530
 *(object+428) = 0x2f
 *(object+432) = 0x0
 *(object+436) = 0x810e514
 *(object+440) = 0x39d73530
 *(object+444) = 0x2f
 *(object+448) = 0x39bde370
 *(object+452) = 0x2f
 *(object+456) = 0x1
 *(object+460) = 0x39d73530
 *(object+464) = 0x2f
 *(object+468) = 0x810d41b
 *(object+472) = 0x39d75410
 *(object+476) = 0x2
 *(object+480) = 0x2
 *(object+484) = 0x817d2f1
 *(object+488) = 0x39d734d0
 *(object+492) = 0x21
 *(object+496) = 0x39d75410
 *(object+500) = 0x2
 *(object+504) = 0x2
 *(object+508) = 0x39d73530
 ...
fatal error: found bad pointer in Go heap (incorrect use of unsafe or cgo?)

runtime stack:
runtime.throw(0x84d5035, 0x3e)
	/tmp/workdir/go/src/runtime/panic.go:608 +0x64 fp=0xfb9f6af8 sp=0xfb9f6ae4 pc=0x806f0f4
runtime.findObject(0x39d9a000, 0x39ab2c78, 0x4, 0x28b94fac, 0x39822960, 0x2)
	/tmp/workdir/go/src/runtime/mbitmap.go:399 +0x32d fp=0xfb9f6b1c sp=0xfb9f6af8 pc=0x80597cd
runtime.scanblock(0x39ab2c78, 0x20, 0x850de64, 0x39822960, 0xfb9f6db8)
	/tmp/workdir/go/src/runtime/mgcmark.go:1057 +0x8d fp=0xfb9f6b48 sp=0xfb9f6b1c pc=0x80641fd
runtime.scanframeworker(0xfb9f6d38, 0xfb9f6db8, 0x39822960)
	/tmp/workdir/go/src/runtime/mgcmark.go:793 +0x126 fp=0xfb9f6b88 sp=0xfb9f6b48 pc=0x8063956
runtime.scanstack.func1(0xfb9f6d38, 0x0, 0x8821ee0)
	/tmp/workdir/go/src/runtime/mgcmark.go:708 +0x29 fp=0xfb9f6b98 sp=0xfb9f6b88 pc=0x8092169
runtime.gentraceback(0xffffffff, 0xffffffff, 0x0, 0x398001c0, 0x0, 0x0, 0x7fffffff, 0xfb9f6dac, 0x0, 0x0, ...)
	/tmp/workdir/go/src/runtime/traceback.go:341 +0x100e fp=0xfb9f6d68 sp=0xfb9f6b98 pc=0x808bd4e
runtime.scanstack(0x398001c0, 0x39822960)
	/tmp/workdir/go/src/runtime/mgcmark.go:711 +0x147 fp=0xfb9f6e9c sp=0xfb9f6d68 pc=0x80633f7
runtime.newstack()
	/tmp/workdir/go/src/runtime/stack.go:1019 +0x2aa fp=0xfb9f6f64 sp=0xfb9f6e9c pc=0x8083fda
runtime.morestack()
	/tmp/workdir/go/src/runtime/asm_386.s:475 +0x76 fp=0xfb9f6f68 sp=0xfb9f6f64 pc=0x8093f96

goroutine 1 [GC assist marking (scan)]:
syscall.clen(0x39d91008, 0x100, 0x100, 0x800)
	/tmp/workdir/go/src/syscall/syscall_unix.go:35 +0x3d fp=0x39ab2c60 sp=0x39ab2c5c pc=0x80ae58d
syscall.convertFromDirents11(0x39d91000, 0x1b0, 0x800, 0x39d98000, 0x2000, 0x2000, 0x0)
	/tmp/workdir/go/src/syscall/syscall_freebsd.go:371 +0x12f fp=0x39ab2c9c sp=0x39ab2c60 pc=0x80ae26f
syscall.Getdirentries(0x3, 0x39d98000, 0x2000, 0x2000, 0x39ab2cf0, 0x806e103, 0x3988e10c, 0x39ab2d04)
	/tmp/workdir/go/src/syscall/syscall_freebsd.go:265 +0xfa fp=0x39ab2cd0 sp=0x39ab2c9c pc=0x80ae0ca
syscall.ReadDirent(0x3, 0x39d98000, 0x2000, 0x2000, 0x844d520, 0x39bde301, 0x39a63880)
	/tmp/workdir/go/src/syscall/syscall_bsd.go:71 +0x4b fp=0x39ab2cfc sp=0x39ab2cd0 pc=0x80ac08b
internal/poll.(*FD).ReadDirent(0x399c9980, 0x39d98000, 0x2000, 0x2000, 0x0, 0x0, 0x0)
	/tmp/workdir/go/src/internal/poll/fd_unix.go:416 +0x94 fp=0x39ab2d1c sp=0x39ab2cfc pc=0x80c68c4
os.(*File).readdirnames(0x39bde370, 0xffffffff, 0x845a840, 0x80cd731, 0x845a840, 0x399c9980, 0x8443380)
	/tmp/workdir/go/src/os/dir_unix.go:68 +0x14f fp=0x39ab2d68 sp=0x39ab2d1c pc=0x80c8a7f
os.(*File).Readdirnames(0x39bde370, 0xffffffff, 0x0, 0x39bde370, 0x80cd8f4, 0x3, 0x39d734d0)
	/tmp/workdir/go/src/os/dir.go:45 +0x27 fp=0x39ab2d88 sp=0x39ab2d68 pc=0x80c8647
os.(*File).readdir(0x39bde370, 0xffffffff, 0x0, 0x0, 0x39bde370, 0x0, 0x0)
	/tmp/workdir/go/src/os/dir_unix.go:25 +0x4c fp=0x39ab2dec sp=0x39ab2d88 pc=0x80c86fc
os.(*File).Readdir(0x39bde370, 0xffffffff, 0x39bde370, 0x0, 0x0, 0x39d73530, 0x2f)
	/tmp/workdir/go/src/os/dir.go:26 +0x27 fp=0x39ab2e0c sp=0x39ab2dec pc=0x80c85b7
io/ioutil.ReadDir(0x39d734d0, 0x21, 0x39d75410, 0x2, 0x2, 0x39d73530, 0x2f)
	/tmp/workdir/go/src/io/ioutil/ioutil.go:101 +0x4f fp=0x39ab2e60 sp=0x39ab2e0c pc=0x81394bf
go/build.(*Context).readDir(0x8854c80, 0x39d734d0, 0x21, 0x0, 0x39d73530, 0x2f, 0x4, 0x39bde360)
	/tmp/workdir/go/src/go/build/build.go:179 +0x71 fp=0x39ab2e80 sp=0x39ab2e60 pc=0x817d2f1
go/build.(*Context).Import(0x8854c80, 0x39be74a1, 0xd, 0x3981eb00, 0x1d, 0x4, 0x2, 0x39b79900, 0x39ab3cfc)
	/tmp/workdir/go/src/go/build/build.go:739 +0x5ca fp=0x39ab3314 sp=0x39ab2e80 pc=0x817e83a
cmd/go/internal/load.LoadImport(0x39be74a1, 0xd, 0x3981eb00, 0x1d, 0x39bf3680, 0x39ab3cfc, 0x39c53760, 0x1, 0x1, 0x1, ...)
	/tmp/workdir/go/src/cmd/go/internal/load/pkg.go:544 +0x152d fp=0x39ab3458 sp=0x39ab3314 pc=0x81b671d
cmd/go/internal/load.(*Package).load(0x39bf3680, 0x39ab3cfc, 0x39bf4d00, 0x0, 0x0)
	/tmp/workdir/go/src/cmd/go/internal/load/pkg.go:1410 +0xa17 fp=0x39ab37b4 sp=0x39ab3458 pc=0x81b9dc7
cmd/go/internal/load.LoadImport(0x399a5d66, 0x9, 0x399c4d80, 0x14, 0x39954280, 0x39ab3cfc, 0x399faa40, 0x1, 0x1, 0x1, ...)
	/tmp/workdir/go/src/cmd/go/internal/load/pkg.go:556 +0xf14 fp=0x39ab38f8 sp=0x39ab37b4 pc=0x81b6104
cmd/go/internal/load.(*Package).load(0x39954280, 0x39ab3cfc, 0x39950680, 0x0, 0x0)
	/tmp/workdir/go/src/cmd/go/internal/load/pkg.go:1410 +0xa17 fp=0x39ab3c54 sp=0x39ab38f8 pc=0x81b9dc7
cmd/go/internal/load.GoFilesPackage(0x39878078, 0x1, 0x1, 0x0)
	/tmp/workdir/go/src/cmd/go/internal/load/pkg.go:2002 +0x693 fp=0x39ab3da4 sp=0x39ab3c54 pc=0x81bfe23
cmd/go/internal/run.runRun(0x884fa80, 0x39878078, 0x1, 0x1)
	/tmp/workdir/go/src/cmd/go/internal/run/run.go:78 +0x22f fp=0x39ab3eac sp=0x39ab3da4 pc=0x83e53bf
main.main()
	/tmp/workdir/go/src/cmd/go/main.go:219 +0x8de fp=0x39ab3fd0 sp=0x39ab3eac pc=0x83f795e
runtime.main()
	/tmp/workdir/go/src/runtime/proc.go:201 +0x1d5 fp=0x39ab3ff0 sp=0x39ab3fd0 pc=0x8070775
runtime.goexit()
	/tmp/workdir/go/src/runtime/asm_386.s:1324 +0x1 fp=0x39ab3ff4 sp=0x39ab3ff0 pc=0x8095721

goroutine 2 [force gc (idle)]:
runtime.gopark(0x84f86e4, 0x8854420, 0x1410, 0x1)
	/tmp/workdir/go/src/runtime/proc.go:302 +0xd8 fp=0x3982cfc8 sp=0x3982cfb4 pc=0x8070b28
runtime.goparkunlock(0x8854420, 0x1410, 0x1)
	/tmp/workdir/go/src/runtime/proc.go:308 +0x3f fp=0x3982cfdc sp=0x3982cfc8 pc=0x8070bbf
runtime.forcegchelper()
	/tmp/workdir/go/src/runtime/proc.go:251 +0xa3 fp=0x3982cff0 sp=0x3982cfdc pc=0x80709c3
runtime.goexit()
	/tmp/workdir/go/src/runtime/asm_386.s:1324 +0x1 fp=0x3982cff4 sp=0x3982cff0 pc=0x8095721
created by runtime.init.4
	/tmp/workdir/go/src/runtime/proc.go:240 +0x25

goroutine 3 [GC sweep wait]:
runtime.gopark(0x84f86e4, 0x8854630, 0x809140c, 0x1)
	/tmp/workdir/go/src/runtime/proc.go:302 +0xd8 fp=0x3982d7c4 sp=0x3982d7b0 pc=0x8070b28
runtime.goparkunlock(0x8854630, 0x856140c, 0x1)
	/tmp/workdir/go/src/runtime/proc.go:308 +0x3f fp=0x3982d7d8 sp=0x3982d7c4 pc=0x8070bbf
runtime.bgsweep(0x39852000)
	/tmp/workdir/go/src/runtime/mgcsweep.go:71 +0xe3 fp=0x3982d7e8 sp=0x3982d7d8 pc=0x8065753
runtime.goexit()
	/tmp/workdir/go/src/runtime/asm_386.s:1324 +0x1 fp=0x3982d7ec sp=0x3982d7e8 pc=0x8095721
created by runtime.gcenable
	/tmp/workdir/go/src/runtime/mgc.go:208 +0x43

goroutine 18 [finalizer wait]:
runtime.gopark(0x84f86e4, 0x886730c, 0x140f, 0x1)
	/tmp/workdir/go/src/runtime/proc.go:302 +0xd8 fp=0x39828794 sp=0x39828780 pc=0x8070b28
runtime.goparkunlock(0x886730c, 0x140f, 0x1)
	/tmp/workdir/go/src/runtime/proc.go:308 +0x3f fp=0x398287a8 sp=0x39828794 pc=0x8070bbf
runtime.runfinq()
	/tmp/workdir/go/src/runtime/mfinal.go:175 +0x7c fp=0x398287f0 sp=0x398287a8 pc=0x805cb3c
runtime.goexit()
	/tmp/workdir/go/src/runtime/asm_386.s:1324 +0x1 fp=0x398287f4 sp=0x398287f0 pc=0x8095721
created by runtime.createfing
	/tmp/workdir/go/src/runtime/mfinal.go:156 +0x5a

goroutine 19 [syscall]:
runtime.notetsleepg(0x8867700, 0xffffffff, 0xffffffff, 0x8049601)
	/tmp/workdir/go/src/runtime/lock_futex.go:227 +0x24 fp=0x3982c7c4 sp=0x3982c7ac pc=0x8051e44
os/signal.signal_recv(0x0)
	/tmp/workdir/go/src/runtime/sigqueue.go:139 +0x129 fp=0x3982c7dc sp=0x3982c7c4 pc=0x8081f19
os/signal.loop()
	/tmp/workdir/go/src/os/signal/signal_unix.go:23 +0x14 fp=0x3982c7f0 sp=0x3982c7dc pc=0x818d6f4
runtime.goexit()
	/tmp/workdir/go/src/runtime/asm_386.s:1324 +0x1 fp=0x3982c7f4 sp=0x3982c7f0 pc=0x8095721
created by os/signal.init.0
	/tmp/workdir/go/src/os/signal/signal_unix.go:29 +0x31

goroutine 34 [GC worker (idle)]:
runtime.gopark(0x84f8638, 0x3987c100, 0xffff1417, 0x0)
	/tmp/workdir/go/src/runtime/proc.go:302 +0xd8 fp=0x39828f9c sp=0x39828f88 pc=0x8070b28
runtime.gcBgMarkWorker(0x39822000)
	/tmp/workdir/go/src/runtime/mgc.go:1729 +0xd3 fp=0x39828fe8 sp=0x39828f9c pc=0x8060843
runtime.goexit()
	/tmp/workdir/go/src/runtime/asm_386.s:1324 +0x1 fp=0x39828fec sp=0x39828fe8 pc=0x8095721
created by runtime.gcBgMarkStartWorkers
	/tmp/workdir/go/src/runtime/mgc.go:1677 +0x5b

goroutine 35 [GC worker (idle)]:
runtime.gopark(0x84f8638, 0x39be7938, 0xffff1417, 0x0)
	/tmp/workdir/go/src/runtime/proc.go:302 +0xd8 fp=0x39c6c79c sp=0x39c6c788 pc=0x8070b28
runtime.gcBgMarkWorker(0x39823300)
	/tmp/workdir/go/src/runtime/mgc.go:1729 +0xd3 fp=0x39c6c7e8 sp=0x39c6c79c pc=0x8060843
runtime.goexit()
	/tmp/workdir/go/src/runtime/asm_386.s:1324 +0x1 fp=0x39c6c7ec sp=0x39c6c7e8 pc=0x8095721
created by runtime.gcBgMarkStartWorkers
	/tmp/workdir/go/src/runtime/mgc.go:1677 +0x5b

goroutine 36 [GC worker (idle)]:
runtime.systemstack_switch()
	/tmp/workdir/go/src/runtime/asm_386.s:357 fp=0x39c6cf9c sp=0x39c6cf98 pc=0x8093e90
runtime.gcBgMarkWorker(0x39824600)
	/tmp/workdir/go/src/runtime/mgc.go:1783 +0x19a fp=0x39c6cfe8 sp=0x39c6cf9c pc=0x806090a
runtime.goexit()
	/tmp/workdir/go/src/runtime/asm_386.s:1324 +0x1 fp=0x39c6cfec sp=0x39c6cfe8 pc=0x8095721
created by runtime.gcBgMarkStartWorkers
	/tmp/workdir/go/src/runtime/mgc.go:1677 +0x5b

goroutine 37 [GC worker (idle)]:
runtime.gopark(0x84f8638, 0x39be7948, 0xffff1417, 0x0)
	/tmp/workdir/go/src/runtime/proc.go:302 +0xd8 fp=0x39c6d79c sp=0x39c6d788 pc=0x8070b28
runtime.gcBgMarkWorker(0x39825900)
	/tmp/workdir/go/src/runtime/mgc.go:1729 +0xd3 fp=0x39c6d7e8 sp=0x39c6d79c pc=0x8060843
runtime.goexit()
	/tmp/workdir/go/src/runtime/asm_386.s:1324 +0x1 fp=0x39c6d7ec sp=0x39c6d7e8 pc=0x8095721
created by runtime.gcBgMarkStartWorkers
	/tmp/workdir/go/src/runtime/mgc.go:1677 +0x5b

Does this code needs to mark sl with runtime.KeepAlive and/or keep a reference to the casted *(*[]byte)(unsafe.Pointer(&sl))?

go/src/syscall/syscall_freebsd.go

Lines 370 to 375 in 2294e3e

sl := srcDirent.Name[:]
n := clen(*(*[]byte)(unsafe.Pointer(&sl)))
copy(dstDirent.Name[:], srcDirent.Name[:n])
for i := n; i < int(dstDirent.Namlen); i++ {
dstDirent.Name[i] = 0
}

(I couldn't reproduce this with a simple test doing ioutil.ReadDir + runtime.GC calls)

/cc @ianlancetaylor @bradfitz
@bradfitz bradfitz added this to the Go1.12 milestone Oct 6, 2018
@bradfitz bradfitz added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Oct 6, 2018
@ianlancetaylor
Copy link
Contributor

Perhaps related to #27993 or #27997.

@mark-rushakoff mark-rushakoff mentioned this issue Dec 21, 2018
Closed
@mknyszek mknyszek mentioned this issue Jan 3, 2019
Closed
@andybons andybons modified the milestones: Go1.12, Go1.13 Feb 12, 2019
@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019
@rsc rsc modified the milestones: Go1.14, Backlog Oct 9, 2019
@bcmills bcmills mentioned this issue Feb 27, 2020
Open
@gopherbot gopherbot added the compiler/runtime Issues related to the Go compiler and/or runtime. label Jul 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-FreeBSD
Projects
Go Compiler / Runtime
Status: Triage Backlog
Milestone
Backlog
Development

No branches or pull requests
7 participants
@bradfitz @rsc @andybons @paulzhol @aclements @ianlancetaylor @gopherbot