runtime: garbage collector found invalid heap pointer iterating over map #9872
Description
This issue appears similar to #9384, but does not require a struct and is still reproducible on some systems running 1.4.1 .
The following program panics on OS X 10.9.5 and 10.7.5 with go1.4.1 darwin/386:
package main
import ()
func main() {
var m = make(map[int]int)
for i := 0; i < 50000000; i++ {
m[i] = 1
}
}
Here is the output:
runtime: garbage collector found invalid heap pointer *(0x54c60+0x10)=0x301c0000 s=nil
fatal error: invalid heap pointer
runtime stack:
runtime.throw(0x53823)
/usr/local/go/src/runtime/panic.go:491 +0x83 fp=0xbffffa68 sp=0xbffffa50
scanblock(0x54c60, 0x5980, 0x3017c070)
/usr/local/go/src/runtime/mgc0.c:378 +0x487 fp=0xbffffb08 sp=0xbffffa68
markroot(0x1017e000, 0x1)
/usr/local/go/src/runtime/mgc0.c:496 +0x133 fp=0xbffffb40 sp=0xbffffb08
runtime.parfordo(0x1017e000)
/usr/local/go/src/runtime/parfor.c:76 +0x93 fp=0xbffffb9c sp=0xbffffb40
gc(0xbffffcd8)
/usr/local/go/src/runtime/mgc0.c:1439 +0x1ef fp=0xbffffcc8 sp=0xbffffb9c
runtime.gc_m()
/usr/local/go/src/runtime/mgc0.c:1368 +0xb4 fp=0xbffffce8 sp=0xbffffcc8
runtime.onM(0x54ef8)
/usr/local/go/src/runtime/asm_386.s:266 +0x4b fp=0xbffffcec sp=0xbffffce8
runtime.mstart()
/usr/local/go/src/runtime/proc.c:818 fp=0xbffffcf0 sp=0xbffffcec
goroutine 1 [garbage collection]:
runtime.switchtoM()
/usr/local/go/src/runtime/asm_386.s:208 fp=0x10189694 sp=0x10189690
runtime.gogc(0x0)
/usr/local/go/src/runtime/malloc.go:469 +0x1a4 fp=0x101896b4 sp=0x10189694
runtime.mallocgc(0x13000000, 0x2ed60, 0x0, 0x55100)
/usr/local/go/src/runtime/malloc.go:341 +0x2be fp=0x1018970c sp=0x101896b4
runtime.newarray(0x2ed60, 0x400000, 0x5c21)
/usr/local/go/src/runtime/malloc.go:365 +0xaf fp=0x1018972c sp=0x1018970c
runtime.hashGrow(0x2d3e0, 0x101a4020)
/usr/local/go/src/runtime/hashmap.go:744 +0x69 fp=0x10189744 sp=0x1018972c
runtime.mapassign1(0x2d3e0, 0x101a4020, 0x101897bc, 0x101897b8)
/usr/local/go/src/runtime/hashmap.go:456 +0x425 fp=0x101897a0 sp=0x10189744
main.main()
/Users/brian/gocode/src/github.com/bdeterling/memtest/main/main.go:10 +0x88 fp=0x101897cc sp=0x101897a0
runtime.main()
/usr/local/go/src/runtime/proc.go:63 +0xc6 fp=0x101897f0 sp=0x101897cc
runtime.goexit()
/usr/local/go/src/runtime/asm_386.s:2287 +0x1 fp=0x101897f4 sp=0x101897f0
goroutine 2 [force gc (idle)]:
runtime.gopark(0x20630, 0x54d20, 0x37488, 0xf)
/usr/local/go/src/runtime/proc.go:130 +0xd8 fp=0x101867cc sp=0x101867b4
runtime.goparkunlock(0x54d20, 0x37488, 0xf)
/usr/local/go/src/runtime/proc.go:136 +0x3c fp=0x101867e0 sp=0x101867cc
runtime.forcegchelper()
/usr/local/go/src/runtime/proc.go:99 +0x9d fp=0x101867f0 sp=0x101867e0
runtime.goexit()
/usr/local/go/src/runtime/asm_386.s:2287 +0x1 fp=0x101867f4 sp=0x101867f0
created by runtime.init·4
/usr/local/go/src/runtime/proc.go:87 +0x1f
goroutine 3 [GC sweep wait]:
runtime.gopark(0x20630, 0x5a640, 0x37148, 0xd)
/usr/local/go/src/runtime/proc.go:130 +0xd8 fp=0x10189fcc sp=0x10189fb4
runtime.goparkunlock(0x5a640, 0x37148, 0xd)
/usr/local/go/src/runtime/proc.go:136 +0x3c fp=0x10189fe0 sp=0x10189fcc
runtime.bgsweep()
/usr/local/go/src/runtime/mgc0.go:98 +0x91 fp=0x10189ff0 sp=0x10189fe0
runtime.goexit()
/usr/local/go/src/runtime/asm_386.s:2287 +0x1 fp=0x10189ff4 sp=0x10189ff0
created by gc
/usr/local/go/src/runtime/mgc0.c:1383
The panic occurs consistently on iteration 13631487 (CFFFFF). It does not matter what value is assigned to the map. Defining the map with smaller types of values (bool, int8) causes it to fail after precisely double the iterations; larger (complex128) fail after half as many. Cannot reproduce on OS X 10.10 or Redhat 6.3.