-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
runtime: "found bad pointer in Go heap" on linux-mips64le-mengzhuo builder #35541
Comments
I can't reproduce by all.bash nor dist test ( tried serval times) |
Eyeballing the hex dump, it looks to me that the bad pointer is found in a g struct, in g._defer field.
The stack bounds matches the stack of goroutine 67, as well as g.sched.pc and g.sched.sp. What's interesting is that the bad pointer 0xc0005313e0 is also within the stack bound, in particular, within this frame
Presumably it is a stack-allocated defer. I don't know why spanOf does not find the span of the stack, returns a different span instead...
This also looks like the g._defer field in a g. The stack bounds match goroutine 1. What's more interesting is that findObject and badPointer were complaining about pointer 0xc000346ef8, but in the object dump the field is actually containing 0xc00034a688, a different value.
I think g._defer can only change synchronously, right? But the goroutine is not running... Also, the span's address range, [0xc000346000, 0xc000355e00], overlaps with the stack bounds [0xc00033c000, 0xc00034c000], assuming my interpretation of the hex dump is right. How could this be possible? @aclements any idea how g._defer could change this way, or how span tracking could go weirdly? |
Another one today https://build.golang.org/log/a810adac990353a9918a366fc13538c03649d206 |
@cherrymui It looks like some bug of mpagealloc? |
@mengzhuo Only the scavenger (mgcscavenge.go) operates in terms of physical pages, the runtime page size is always 8 KiB on all platforms, so 8 KiB alignment is exactly what we want. It could be related to the page allocator, but the physical page size here doesn't matter, I don't think. |
Still occurring regularly. Does this need to be addressed for the 1.14 release? Should we mention it as a known issue in the release notes? 2020-01-21T23:58:54-fb8cdb7/linux-mips64le-mengzhuo |
I think we would need input from the runtime team to make that decision, or anyone else on this thread with sufficient expertise (@cherrymui @ianlancetaylor @aclements @rsc @randall77) It's interesting that the failure also happened on freebsd-arm64, as @ianlancetaylor linked. Should the title be updated? |
I'm not sure whether the (I'd prefer to keep this issue focused on the |
I looked at a few new MIPS failures and they all look like the ones before, and are consistent with my previous comment. The "bad pointer" seems from g._defer, which points to the stack (within the stack bounds), but spanOf returns a different span. I don't yet understand how this could happen. The freebsd-arm64 one is different, and may be fixed by CL https://go-review.googlesource.com/c/go/+/212626 . |
I think it’s unnecessary.
The kernel development of Loongson is out of tree and not stable. I’ve
tried to use Linux 5.4, but it has an unknown bug in vsyscall and causing
segment fault.
Bryan C. Mills <notifications@github.com>于2020年1月22日 周三22:32写道:
… Still occurring regularly. Does this need to be addressed for the 1.14
release? Should we mention it as a known issue in the release notes?
(CC @cagedmantis <https://github.com/cagedmantis> @dmitshur
<https://github.com/dmitshur> @toothrot <https://github.com/toothrot>)
2020-01-21T23:58:54-fb8cdb7/linux-mips64le-mengzhuo
<https://build.golang.org/log/fa85cfe17b4648348e5b5de9a069f2afceabaeb1>
2020-01-07T18:40:18-7340d15/linux-mips64le-mengzhuo
<https://build.golang.org/log/6f063f52e50c29c5afb522fa6d8a0f340cfd7418>
2019-12-20T23:07:52-4d5bb9c/linux-mips64le-mengzhuo
<https://build.golang.org/log/7592f9e2accda55b972da33ac348f133bf6fdc69>
2019-12-18T19:09:23-87a5467/linux-mips64le-mengzhuo
<https://build.golang.org/log/26562517daa862c4feabd0c1daa0ea3f6e6674f1>
2019-12-10T21:11:20-207a0b7/linux-mips64le-mengzhuo
<https://build.golang.org/log/2ee2b502cf3b7af0c3f495e46655eb59e82d05b4>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#35541?email_source=notifications&email_token=AAGYHHWHUFDNI66XBRV3QGTQ7BKJTA5CNFSM4JMGUVW2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJTYB2Y#issuecomment-577208555>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGYHHS2HWBNR7W726HEPLDQ7BKJTANCNFSM4JMGUVWQ>
.
|
@bcmills It weird that mips-rtrk don't crash not even once by this "unused span". Here is kernel that loongson used. |
I noticed that a while ago and looked at that function, but didn't find anything suspicious, especially about defers. |
Hi @cherrymui I've tried turn on
|
Hi, @cherrymui I can reproduce this bug on my box by running runtime/TestDeferHeapAndStack test.
|
I did a |
Thanks @mengzhuo . These are all useful information. I'll take a careful look when I get a chance. Thanks. |
Change https://golang.org/cl/234478 mentions this issue: |
2019-11-12T05:18:25-194ae32/linux-mips64le-mengzhuo
2019-11-11T16:02:42-f511467/linux-mips64le-mengzhuo
Possibly related to #34835, #32324.
CC @mengzhuo @cherrymui
The text was updated successfully, but these errors were encountered: