Skip to content

x/tools/gopls: DidChangeWatchedFiles: impossible crash in growslice #75465

Closed as not planned
Closed as not planned
x/tools/gopls: DidChangeWatchedFiles: impossible crash in growslice#75465
Labels
BugReportIssues describing a possible bug in the Go implementation.NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.ToolsThis label describes issues relating to any tools in the x/tools repository.goplsIssues related to the Go language server, gopls.gopls/memory-corruption"can't happen" gopls crashes (races, unsafe, miscompile, runtime bugs, faulty HW)gopls/telemetry-wins
Milestone
gopls/backlog
@adonovan

Description

@adonovan
adonovan
opened on Sep 15, 2025
#!stacks
"sigpanic" && "growslice:+17"

Issue created by stacks.

Another impossible crash: the compiler generates code to load the *Snapshot type descriptor from rodata in R4, then calls growslice, which experiences a SEGV while loading from this register at L194.

golang.org/x/tools/gopls/internal/cache.(*Session).ExpandModificationsToDirectories STEXT size=1504 args=0x30 locals=0x318 funcid=0x0 align=0x0
...
	0x019c 00412 	L0967	MOVD	$type:*golang.org/x/tools/gopls/internal/cache.Snapshot(SB), R4
	0x01a4 00420 	L0967	CALL	runtime.growslice(SB)
...
runtime.growslice STEXT size=1536 args=0x28 locals=0x58 funcid=0x0 align=0x0
	0x0000 00000 	L0177	MOVD	16(g), R16
	0x0004 00004 	L0177	CMP	R16, RSP
	0x0008 00008 	L0177	BLS	1500
	0x000c 00012 	L0177	MOVD.W	R30, -96(RSP)
	0x0010 00016 	L0177	MOVD	R29, -8(RSP)
	0x0014 00020 	L0177	SUB	$8, RSP, R29
	0x0018 00024 	L0178	SUB	R3, R1, R3
	0x001c 00028 	L0190	TBNZ	$63, R1, 1476
	0x0020 00032 	L0194	MOVD	(R4), R5                        <----- SEGV

Unlike all previous crashes, which have been loads from SP or g, this one is an ordinary register. I'm struggling to think of a realistic scenario in which an application bug (e.g. data race, misuse of unsafe) could cause this problem. It's one thing for buggy code to clobber arbitrary memory, but this crash means that a register has been corrupted. R4 has somehow been clobbered between the load from rodata (which can't have been written) and the load at L194, with no intervening function calls. I suppose it's possible that the runtime suspended the g in between, and the memory where the g's register file was saved was corrupted, but that seems very unlikely, not least because there is nothing that would synchronously invoke the scheduler in this handful of instructions.

I'm starting to suspect that this is a bug not in the application, but in the runtime or hardware. @prattmic

This stack fcv6BQ was reported by telemetry:

golang.org/x/tools/gopls@v0.20.0 go1.24.4 darwin/arm64 other,vscode (1)

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugReportIssues describing a possible bug in the Go implementation.NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.ToolsThis label describes issues relating to any tools in the x/tools repository.goplsIssues related to the Go language server, gopls.gopls/memory-corruption"can't happen" gopls crashes (races, unsafe, miscompile, runtime bugs, faulty HW)gopls/telemetry-wins

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions