runtime: SIGSEGV in mstart #47441

prattmic · 2021-07-28T15:31:31Z

On some Google internal workloads on 1.17rc1, we are seeing SIGSEGVs of the form:

#4  <C signal handler>
#5  0x000056222cf1049d in runtime.sigfwd () at /root/gc/src/runtime/sys_linux_amd64.s:327
#6  0x00007f596f4bf6c0 in ?? ()
#7  0x000056222cef2174 in runtime.sigfwdgo (sig=11, info=0x7f596f4bf8f0, ctx=0x7f596f4bf7c0) at /root/gc/src/runtime/signal_unix.go:1032
#8  0x000056222cef0927 in runtime.sigtrampgo (sig=11, info=0x7f596f4bf8f0, ctx=0x56222ee116ad <sys_gettid+13>) at /root/gc/src/runtime/signal_unix.go:418
#9  0x000056222cf10ff0 in runtime.sigtrampgo (sig=11, info=0x7f596f4bf8f0, ctx=0x7f596f4bf7c0) at <autogenerated>:1
#10 0x000056222cf104fd in runtime.sigtramp () at /root/gc/src/runtime/sys_linux_amd64.s:344
#11 <signal handler called>
#12 0x00007f596f4c0500 in ?? ()
#13 0x000056222cf0c665 in runtime.mstart () at /root/gc/src/runtime/asm_amd64.s:248
#14 0x000056222cf10e45 in runtime.mstart () at <autogenerated>:1
#15 0x000056222dd24440 in crosscall_amd64 () at gcc_amd64.S:40
#16 0x0000000000000000 in ?? ()

0x00007f596f4c0500 seems to be an address on the C stack calling mstart, indicating we jumped into the stack.

We don't have many details yet, this is still being investigated. If anyone else has seen similar crashes on 1.17, we'd love to hear.

cc @ianlancetaylor @cherrymui @aclements

The text was updated successfully, but these errors were encountered:

ianlancetaylor · 2021-07-29T03:10:42Z

@cherrymui found the problem: a preemption can occur after the call to unlockOSThread in unwindm before g.m.incgo = true in cgocallbackg. That can cause the G to move to a new M, which breaks the assumptions of cgocallbackg.

The preemption point is the first defer in cgocallbackg1. When that deferred function runs (after the second defer, of unwindm), it can be preempted. I believe that this is due to the regabidefer experiment, which wraps most defer functions. Those wrappers are separate functions, and as such are preemption points.

Here is a test case that recreates the observed problem. In order to recreate the problem the test case uses runtime.SetCgoTraceback so that the first defer in cgocallbackg1 is executed.

foo1.go:

package main

/*
extern void cgoTraceback(void* p);
extern void cgoSymbolizer(void* p);
extern void cgoContext(void* p);
extern void GoFunction(int);

static void callGo(int i) {
	GoFunction(i);
}
*/
import "C"

import (
	"fmt"
	"runtime"
	"sync"
	"unsafe"
)

//export GoFunction
func GoFunction(i C.int) {
	fmt.Sprintf("%d\n", i)
}

func main() {
	runtime.SetCgoTraceback(0, unsafe.Pointer(C.cgoTraceback), unsafe.Pointer(C.cgoContext), unsafe.Pointer(C.cgoSymbolizer))
	const funcs = 1e3
	const calls = 1e5
	var wg sync.WaitGroup
	wg.Add(1)
	for i := 0; i < funcs; i++ {
		go func(i int) {
			defer wg.Done()
			for j := 0; j < calls; j++ {
				C.callGo(C.int(i*calls + j))
			}
		}(i)
	}
	wg.Wait()
}

foo2.c:

#include <stdio.h>
#include <signal.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>

static void crash(int signum) {
	printf("caught SIGSEGV\n");
	abort();
}

__attribute__((constructor))
void setSignalHandler() {
	struct sigaction sa;

	memset(&sa, 0, sizeof sa);
	if (sigfillset(&sa.sa_mask) != 0) {
		abort();
	}
	sa.sa_handler = crash;
	if (sigaction(SIGSEGV, &sa, NULL) != 0) {
		abort();
	}
}

void cgoTraceback(void* p) {}
void cgoSymbolizer(void* p) {}

struct contextArg {
	uintptr_t context;
};

void cgoContext(struct contextArg* p) {
	if (p->context == 0) {
		p->context = 1;
	}
}

gopherbot · 2021-07-29T04:22:47Z

Change https://golang.org/cl/338197 mentions this issue: runtime: avoid possible preemption when returning from Go to C

gopherbot · 2021-07-29T14:37:29Z

Change https://golang.org/cl/338270 mentions this issue: cmd/compile: mark defer wrapper nosplit for runtime and nosplit callee

gopherbot · 2021-10-30T01:41:36Z

Change https://golang.org/cl/359796 mentions this issue: runtime: add always-preempt maymorestack hook

This adds a maymorestack hook that forces a preemption at every possible cooperative preemption point. This would have helped us catch several recent preemption-related bugs earlier, including #47302, #47304, and #47441. For #48297. Change-Id: Ib82c973589c8a7223900e1842913b8591938fb9f Reviewed-on: https://go-review.googlesource.com/c/go/+/359796 Trust: Austin Clements <austin@google.com> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: David Chase <drchase@google.com>

prattmic added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. release-blocker labels Jul 28, 2021

prattmic added this to the Go1.17 milestone Jul 28, 2021

gopherbot closed this as completed in 70fd4e4 Jul 29, 2021

ferrmin mentioned this issue Jul 30, 2021

runtime: avoid possible preemption when returning from Go to C ferrmin/go#117

Merged

aclements mentioned this issue Sep 9, 2021

runtime: add "maymorestack" hook for testing stack growth prologues #48297

Closed

golang locked and limited conversation to collaborators Oct 30, 2022

gopherbot added the FrozenDueToAge label Oct 30, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

runtime: SIGSEGV in mstart #47441

runtime: SIGSEGV in mstart #47441

prattmic commented Jul 28, 2021

ianlancetaylor commented Jul 29, 2021

gopherbot commented Jul 29, 2021

gopherbot commented Jul 29, 2021

gopherbot commented Oct 30, 2021

runtime: SIGSEGV in mstart #47441

runtime: SIGSEGV in mstart #47441

Comments

prattmic commented Jul 28, 2021

ianlancetaylor commented Jul 29, 2021

gopherbot commented Jul 29, 2021

gopherbot commented Jul 29, 2021

gopherbot commented Oct 30, 2021