cmd/gc: go1.0.3 clean code crashes in scanblock()

[shivakumargn]

I have a codebase that runs without issues when built with go1.0.3 while crashes
consistently with below revision.
I do not have a reproducible smaller sample as of now.

> go version
go version devel +2a50b4f1d9f9 Sat Apr 13 23:09:08 2013 -0700 linux/amd64
(This is on RHEL6.3)

> hg tip
changeset:   16658:2a50b4f1d9f9
tag:         tip
user:        Brad Fitzpatrick <[email protected]>
date:        Sat Apr 13 23:09:08 2013 -0700
summary:     crypto/ecdsa: doc cleanup

Panic stack:

unexpected fault address 0xc1c4824a60
fatal error: fault
[signal 0xb code=0x1 addr=0xc1c4824a60 pc=0x419d2a]

goroutine 1 [running]:
[fp=0xc20021ee08] runtime.throw(0x8888b7)
    /sources/golang/src/pkg/runtime/panic.c:473 +0x67
[fp=0xc20021ee20] runtime.sigpanic()
    /sources/golang/src/pkg/runtime/os_linux.c:239 +0xe7
[fp=0xc20021f1c0] scanblock(0x7f24b96ce000, 0x7f24b96ce300, 0x1f, 0xc20021f100)
    /sources/golang/src/pkg/runtime/mgc0.c:911 +0x5ca
[fp=0xc20021f210] markroot(0xc2000b2000, 0x1000000004)
    /sources/golang/src/pkg/runtime/mgc0.c:1269 +0xab
[fp=0xc20021f288] runtime.parfordo(0xc2000b2000)
    /sources/golang/src/pkg/runtime/parfor.c:105 +0x9b
[fp=0xc20021f3b8] gc(0x7f24ca91ad64)
    /sources/golang/src/pkg/runtime/mgc0.c:2000 +0x29d
----- stack segment boundary -----
[fp=0x7f24ca91ad78] runtime.gc(0xc200000000)
    /sources/golang/src/pkg/runtime/mgc0.c:1927 +0x11b
[fp=0x7f24ca91add0] runtime.mallocgc(0x20, 0x100000000, 0x1)
    /sources/golang/src/pkg/runtime/zmalloc_linux_amd64.c:101 +0x1e4
[fp=0x7f24ca91ae00] runtime.new()
    /sources/golang/src/pkg/runtime/zmalloc_linux_amd64.c:628 +0x5b
[fp=0x7f24ca91ae58] regexp.(*machine).alloc(0xc2000f2e10, 0xc200167b18, 0x42a2a3)
    /sources/golang/src/pkg/regexp/exec.go:97 +0xa3
[fp=0x7f24ca91aee0] regexp.(*machine).add(0xc2000f2e10, 0xc2000f2e50, 0x1a00000007, 0x5,
0xc200210fa0, ...)
    /sources/golang/src/pkg/regexp/exec.go:302 +0x48a
[fp=0x7f24ca91af68] regexp.(*machine).add(0xc2000f2e10, 0xc2000f2e50, 0x6, 0x5,
0xc200210fa0, ...)
    /sources/golang/src/pkg/regexp/exec.go:295 +0x385
----- stack segment boundary -----
[fp=0xc2001201e8] regexp.(*machine).step(0xc2000f2e10, 0xc2000f2e20, 0xc2000f2e50, 0x4,
0x5, ...)
    /sources/golang/src/pkg/regexp/exec.go:247 +0x4f2
[fp=0xc200120270] regexp.(*machine).match(0xc2000f2e10, 0xc200128d70, 0xc2000f2ed0, 0x4,
0x1, ...)
    /sources/golang/src/pkg/regexp/exec.go:165 +0x400
[fp=0xc200120300] regexp.(*Regexp).doExecute(0xc200209500, 0x0, 0x0, 0x0, 0x0, ...)
    /sources/golang/src/pkg/regexp/exec.go:333 +0xfa
[fp=0xc2001203b0] regexp.(*Regexp).FindStringSubmatch(0xc200209500, 0xc200126229, 0x10,
0x33, 0x0, ...)
    /sources/golang/src/pkg/regexp/regexp.go:872 +0x7a
[fp=0xc200121b00] tool/UploadConfig/RCParse.GenerateRCConfig(0xc2000c3310, 0x0, 0x0)
    /sources/gopath.xyz/src/tool/UploadConfig/RCParse/RCParse.go:133 +0xb13
----- stack segment boundary -----
[fp=0xc2000edb98] main.main()
    /sources/gopath.xyz/src/tool/UploadConfig/UploadConfig.go:82 +0x15d3
----- stack segment boundary -----
[fp=0x7f24ca90efb8] runtime.main()
    /sources/golang/src/pkg/runtime/proc.c:182 +0x92
[fp=0x7f24ca90efc0] runtime.goexit()
    /sources/golang/src/pkg/runtime/proc.c:1223

goroutine 2 [syscall]:

[shivakumargn]

Comment 1:

No crash seen when tried with IgnorePreciseGC set to 1 in pkg/runtime/mgc0.c

[DanielMorsing]

Comment 2:

Would it be possible for you to share the code that caused this?

[shivakumargn]

Comment 3:

Current codebase is not open source and also not runnable without multiple dependencies.
I will try to create a smaller sample to reproduce the problem.

[minux]

Comment 4:

does your code base use unsafe or cgo?
have you run it under the race detector?

[minux]

Comment 5:

Labels changed: added priority-soon, go1.1, removed priority-triage.

[robpike]

Comment 6:

Please try it again with the code at tip and see if it still crashes. There have been
some critical fixes in the last few days.

[davecheney]

Comment 7:

Can you please try the suggestion from r in comment #6 and reply as soon as possible.

Status changed to WaitingForReply.

[shivakumargn]

Comment 8:

My previous setup is currently unavailable. Will try in next day or two.

[shivakumargn]

Comment 9:

I have been able to get a sample that generates the crash.
Barring the fact that pointer to slice is used unnecessarily, I believe the code is
legal.

Attachments:

1. crash.zip (956 bytes)

[shivakumargn]

Comment 10:

Crash still exists with latest tip
> go version
go version devel +be96dbedf109 Mon Apr 22 10:32:10 2013 -0700 linux/amd64
Sample code that reproduces the crash is attached.
Barring the fact that pointer to slice is unnecessary i believe the code is legal.
Tested on RHEL6.3 & Win7. RHEL6.3 has a crash while Win7 does not.

Attachments:

1. crash.zip (956 bytes)

[bradfitz]

Comment 11:

I can reproduce.
I've prepared this CL for others to clpatch in:
   https://golang.org/cl/8607045
Then:
bradfitz@barbon:~/go/test$ go run run.go -- ./fixedbugs/issue5291.go
rundir               fixedbugs/issue5291.go: exit status 2
Iteration:  0
Iteration:  1
unexpected fault address 0xc1c46af640
fatal error: fault
[signal 0xb code=0x1 addr=0xc1c46af640 pc=0x40aafa]
goroutine 1 [running]:
[fp=0xc20004ae08] runtime.throw(0x50a217)
    /home/bradfitz/go/src/pkg/runtime/panic.c:473 +0x67
[fp=0xc20004ae20] runtime.sigpanic()
    /home/bradfitz/go/src/pkg/runtime/os_linux.c:239 +0xe7
[fp=0xc20004b1c0] scanblock(0x7fc987093000, 0x7fc987093018, 0x0, 0xc20004b100)
    /home/bradfitz/go/src/pkg/runtime/mgc0.c:911 +0x5ca
[fp=0xc20004b210] markroot(0xc20004e000, 0x1000000003)
    /home/bradfitz/go/src/pkg/runtime/mgc0.c:1269 +0xab
[fp=0xc20004b288] runtime.parfordo(0xc20004e000)
    /home/bradfitz/go/src/pkg/runtime/parfor.c:105 +0x9b
[fp=0xc20004b3b8] gc(0x7fc987194eac)
    /home/bradfitz/go/src/pkg/runtime/mgc0.c:2000 +0x29d
----- stack segment boundary -----
[fp=0x7fc987194ec0] runtime.gc(0x1)
    /home/bradfitz/go/src/pkg/runtime/mgc0.c:1927 +0x11b
[fp=0x7fc987194ed0] runtime.GC()
    /home/bradfitz/go/src/pkg/runtime/zmalloc_linux_amd64.c:672 +0x24
[fp=0x7fc987194f78] pkg1.Crashcall(0x0, 0x0)
    /home/bradfitz/go/test/fixedbugs/issue5291.dir/pkg1.go:19 +0x100
[fp=0x7fc987194f90] main.main()
    /home/bradfitz/go/test/fixedbugs/issue5291.dir/prog.go:12 +0x1c
[fp=0x7fc987194fb8] runtime.main()
    /home/bradfitz/go/src/pkg/runtime/proc.c:182 +0x92
[fp=0x7fc987194fc0] runtime.goexit()
    /home/bradfitz/go/src/pkg/runtime/proc.c:1223
goroutine 2 [runnable]:
exit status 1

Status changed to Accepted.

[ianlancetaylor]

Comment 12:

This is a compiler bug: the compiler is generating bad precise GC info.
This CL keeps the compiler from generating the bad info, so you at least get a
compile-time crash rather than a run-time crash: https://golang.org/cl/8929044
But we want to not get a crash at all.

[gopherbot]

Comment 14:

Please try this patch: https://golang.org/cl/8663052/

Status changed to WaitingForReply.

[dvyukov]

Comment 15:

Issue #5353 has been merged into this issue.

[dvyukov]

Comment 16:

in 5353 the bad gcinfo is generated for io.ioutil/blackHoleBuf

[dsymonds]

Comment 17:

Fixed in https://code.google.com/p/go/source/detail?r=1d079908dd84.

Status changed to Fixed.