Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

maps: segfault in Clone #62203

Closed
chriso opened this issue Aug 22, 2023 · 5 comments
Closed

maps: segfault in Clone #62203

chriso opened this issue Aug 22, 2023 · 5 comments
Assignees
@cuonglm
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. NeedsFix The path to resolution is known, but the work has not been done. release-blocker
Milestone
Go1.22

Comments

@chriso
Copy link
Contributor

chriso commented Aug 22, 2023
edited

What version of Go are you using (go version)?

$ go version
go version go1.21.0 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/tmp/go'
GOENV='/home/chris/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/usr/local/lib/go/pkg/mod'
GOOS='linux'
GOPATH='/usr/local/lib/go'
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/home/chris/go-1.21'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/home/chris/go-1.21/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.0'
GCCGO='gccgo'
GOAMD64='v4'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1170293352=/tmp/go-build -gno-record-gcc-switches'

What did you do?

Run the following program:

package main

import "maps"

func main() {
	m := map[string]struct{}{}

	ss := []string{
		"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z",
		"A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V",
		"hmm",
	}
	for _, s := range ss {
		m[s] = struct{}{}
	}
	_ = maps.Clone(m)

	delete(m, "hmm")

	_ = maps.Clone(m)
}

Note: the contents of the strings doesn't seem to affect the crash. The number of strings appears to be significant however.

What did you expect to see?

The program exit normally.

What did you see instead?

unexpected fault address 0x0
fatal error: fault
[signal SIGSEGV: segmentation violation code=0x80 addr=0x0 pc=0x40cd1b]

goroutine 1 [running]:
runtime.throw({0x4666c9?, 0x40c894?})
	/home/chris/go-1.21/src/runtime/panic.go:1077 +0x5c fp=0xc00011aac8 sp=0xc00011aa98 pc=0x42cedc
runtime.sigpanic()
	/home/chris/go-1.21/src/runtime/signal_unix.go:875 +0x285 fp=0xc00011ab28 sp=0xc00011aac8 pc=0x4412a5
runtime.(*bmap).overflow(...)
	/home/chris/go-1.21/src/runtime/map.go:210
runtime.mapclone2(0x45e320, 0xc00011e000)
	/home/chris/go-1.21/src/runtime/map.go:1557 +0x3bb fp=0xc00011abc8 sp=0xc00011ab28 pc=0x40cd1b
maps.clone({0x45e320, 0xc00011e000})
	/home/chris/go-1.21/src/runtime/map.go:1454 +0x25 fp=0xc00011abe8 sp=0xc00011abc8 pc=0x453885
maps.Clone[...](...)
	/home/chris/go-1.21/src/maps/maps.go:46
main.main()
	/tmp/crash.go:20 +0xfc fp=0xc00011af40 sp=0xc00011abe8 pc=0x457efc
runtime.main()
	/home/chris/go-1.21/src/runtime/proc.go:267 +0x2bb fp=0xc00011afe0 sp=0xc00011af40 pc=0x42f8bb
runtime.goexit()
	/home/chris/go-1.21/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00011afe8 sp=0xc00011afe0 pc=0x4550c1
@ianlancetaylor
Copy link
Contributor

CC @randall77 @cuiweixie

@ianlancetaylor
Copy link
Contributor

@gopherbot Please open a backport to 1.21.

This use of maps.Clone panics in the 1.21 release, which should never happen. We don't have to worry about earlier releases because they don't implement maps.Clone.

@ianlancetaylor ianlancetaylor added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. compiler/runtime Issues related to the Go compiler and/or runtime. labels Aug 22, 2023
@ianlancetaylor ianlancetaylor added this to the Go1.22 milestone Aug 22, 2023
@gopherbot gopherbot mentioned this issue Aug 22, 2023
Closed
@gopherbot
Copy link

Backport issue(s) opened: #62204 (for 1.21).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

@gopherbot
Copy link

Change https://go.dev/cl/521236 mentions this issue: runtime: fix dst buckets bit check in mapclone2

@gopherbot
Copy link

Change https://go.dev/cl/522317 mentions this issue: runtime: fix maps.Clone bug when cloning a map mid-grow

@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Aug 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cuonglm cuonglm

Labels
compiler/runtime Issues related to the Go compiler and/or runtime. NeedsFix The path to resolution is known, but the work has not been done. release-blocker
Projects
None yet
Milestone
Go1.22
Development

No branches or pull requests
5 participants
@chriso @dmitshur @ianlancetaylor @cuonglm @gopherbot