net/http/pprof, cmd/internal/objfile: panic: runtime error: slice bounds out of range in disasm.go

[javasgl]

go/src/cmd/internal/objfile/disasm.go

Line 271 in 574c286

code := d.text[:end-d.textStart]

panic in here

net/http.(*conn).serve.func1(0xc003f52000)
	/usr/local/go/src/net/http/server.go:1769 +0x139
panic(0x15200e0, 0x1a3d450)
	/usr/local/go/src/runtime/panic.go:522 +0x1b5
cmd/internal/objfile.(*Disasm).Decode(0xc000126600, 0x0, 0x1000fff, 0x0, 0x0, 0x0, 0xc0000e0f78)
	/usr/local/go/src/cmd/internal/objfile/disasm.go:271 +0x468
main.(*objTool).Disasm(0xc0000918d0, 0xc001a04cb0, 0xa, 0x0, 0x1000fff, 0x203001, 0xc0000e10b8, 0x10e5d56, 0xc003b61742, 0xc003c38210)
	/usr/local/go/src/cmd/pprof/pprof.go:180 +0xf2
cmd/vendor/github.com/google/pprof/driver.(*internalObjTool).Disasm(0xc0000918e0, 0xc001a04cb0, 0xa, 0x0, 0x1000fff, 0x200, 0xc000548000, 0x44, 0xc003b61720, 0xc003b616d0)
	/usr/local/go/src/cmd/vendor/github.com/google/pprof/driver/driver.go:280 +0x7f
cmd/vendor/github.com/google/pprof/internal/report.assemblyPerSourceLine(0xc000eaa000, 0x86b9, 0x9800, 0xc0004de000, 0x110, 0x200, 0xc0007b5a40, 0x26, 0x16ae4e0, 0xc0000918e0, ...)
	/usr/local/go/src/cmd/vendor/github.com/google/pprof/internal/report/source.go:251 +0xec
cmd/vendor/github.com/google/pprof/internal/report.PrintWebList(0x16aa400, 0xc0000952c0, 0xc001170b20, 0x16ae4e0, 0xc0000918e0, 0x32, 0x2, 0x0)
	/usr/local/go/src/cmd/vendor/github.com/google/pprof/internal/report/source.go:208 +0xaa3
cmd/vendor/github.com/google/pprof/internal/driver.(*webInterface).source(0xc0008855c0, 0x16b48e0, 0xc0012d4380, 0xc004963c00)
	/usr/local/go/src/cmd/vendor/github.com/google/pprof/internal/driver/webui.go:386 +0x18c
net/http.HandlerFunc.ServeHTTP(0xc000636770, 0x16b48e0, 0xc0012d4380, 0xc004963c00)
	/usr/local/go/src/net/http/server.go:1995 +0x44
cmd/vendor/github.com/google/pprof/internal/driver.defaultWebServer.func1(0x16b48e0, 0xc0012d4380, 0xc004963c00)
	/usr/local/go/src/cmd/vendor/github.com/google/pprof/internal/driver/webui.go:173 +0x9c
net/http.HandlerFunc.ServeHTTP(0xc00009c500, 0x16b48e0, 0xc0012d4380, 0xc004963c00)
	/usr/local/go/src/net/http/server.go:1995 +0x44
net/http.StripPrefix.func1(0x16b48e0, 0xc0012d4380, 0xc003ffbb00)
	/usr/local/go/src/net/http/server.go:2034 +0x18d
net/http.HandlerFunc.ServeHTTP(0xc0008d4420, 0x16b48e0, 0xc0012d4380, 0xc003ffbb00)
	/usr/local/go/src/net/http/server.go:1995 +0x44
net/http.(*ServeMux).ServeHTTP(0xc0000a6680, 0x16b48e0, 0xc0012d4380, 0xc003ffbb00)
	/usr/local/go/src/net/http/server.go:2375 +0x1d6
net/http.serverHandler.ServeHTTP(0xc00090c000, 0x16b48e0, 0xc0012d4380, 0xc003ffbb00)
	/usr/local/go/src/net/http/server.go:2774 +0xa8
net/http.(*conn).serve(0xc003f52000, 0x16b5e60, 0xc001faa9c0)
	/usr/local/go/src/net/http/server.go:1878 +0x851
created by net/http.(*Server).Serve
	/usr/local/go/src/net/http/server.go:2884 +0x2f4
2020/01/17 17:07:30 http: panic serving 127.0.0.1:57041: runtime error: slice bounds out of range

[ianlancetaylor]

Looks related to #36570, but likely more serious since it affects pprof rather than objdump.

[ianlancetaylor]

@javasgl You did not fill out the bug template, you just deleted it. Please fill out the template. We need that information. Thanks.

[cherrymui]

Is the code being disassembled is an infinite loop?

[gopherbot]

Change https://golang.org/cl/215297 mentions this issue: cmd/compile: change the "bogus line" to be 1

[dr2chase]

I tried to reproduce this several ways, and failed. We need more information.
Test program ("bogo.go"):

package main

import (
	"runtime/pprof"
	"os"
	"io"
	"time"
)

var file io.WriteCloser 

func main() {
	file, _ = os.Create("bogo.prof")
	pprof.StartCPUProfile(file)
	go func() {
		time.Sleep(5*time.Second)
		pprof.StopCPUProfile()
		file.Close()
		os.Exit(0)
	}()


	loop()
}

//go:noinline
func loop() {

	for { }

}

I tried web, weblist, and disasm within go tool pprof bogo.prof and I also tried poking at the UI in go tool pprof -http=localhost:9090 ./bogo bogo.prof. I definitely saw the bogus line number in the disassembly, but nothing crashed.

[randall77]

I think he's working with 1.12 or earlier, because the panic message has no array bounds contents, and that change went in for 1.13.
I also matched up the trace entry in http/server/server.go:1995 and it makes sense in 1.12 but not 1.13 or tip.

The bogus line number was also introduced in 1.13, so this may be related, but is a different error than #36570 .

Could the original poster try this with 1.13, 1.14beta1, or tip? It is entirely possible it is fixed.

Also what @ianlancetaylor said - please fill out the template so we don't have to guess as to what Go version / OS / etc. you're using.

[dr2chase]

Might not be closed, was a gaffe in the commit wording.

[odeke-em]

Kindly pinging you @javasgl, it’s been about 3 weeks since Ian requested that you fill out the issue template to indicate the preliminary information like Go version. Keith matched it up to Go1.12 and earlier from debugging. We are about to roll out Go1.14 so please respond ASAP, but we can also move this to the backlog milestone.
Thank you.

[javasgl]

go version: 1.12.9

[odeke-em]

Cool, thank you @javasgl, if you can consistently reproduce this bug, please try with Go1.14rc1 as per https://golang.org/dl/#unstable with

go get golang.org/dl/go1.14rc1

and then

go1.14rc1 run main.go

and then let us know the results, most likely the bug won't come back. Thank you again.

[javasgl]

I tried go1.13.6 , go1.13.7 and go1.14rc1, i can't reproduce this bug

may be 1.13.x has fixed this bug

[odeke-em]

Gotcha, great to hear that it no longer reproduces!

Alright, so I'll close this bug, but please don't hesitate to file other bugs or seek out. I look forward to seeing more of you in the Go community and thank you for using Go and for reporting this issue!