Skip to content

x/vuln: Panics regularly #54995

New issue
New issue
Closed
Closed
x/vuln: Panics regularly#54995
Labels
FrozenDueToAgevulncheck or vulndbIssues for the x/vuln or x/vulndb repox/vuln
Milestone
 
Unreleased
@klauern

Description

@klauern
klauern
opened on Sep 10, 2022 · edited by klauern

What version of Go are you using (go version)?

$ go version
go version go1.19.1 darwin/amd64

Does this issue reproduce at the latest version of golang.org/x/vuln?

As far as I know, yes. I don't know if there's a way to force latest to pull updates, but I did just run go install

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/nklauer/Library/Caches/go-build"
GOENV="/Users/nklauer/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/nklauer/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/nklauer/go"
GOPRIVATE=""
GOROOT="/usr/local/Cellar/go/1.19.1/libexec"
GOSUMDB="off"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.19.1/libexec/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.19.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/nklauer/dev/secure/ziggy/go.mod"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/xf/1zy1skqj6lj51ym5mybtq_800000gq/T/go-build3917429776=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

I have tried running govulncheck on a few of my applications and so far the only thing I get back is a panic.

What did you expect to see?

What did you see instead?

panic: T

goroutine 2599 [running]:
golang.org/x/tools/go/ssa.(*Program).needMethods(0xc019045e10, {0x162deb8?, 0xc000ef4210?}, 0x0)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/methods.go:237 +0x5b9
golang.org/x/tools/go/ssa.(*Program).needMethods(0xc019045e10, {0x162ddf0?, 0xc000eca750?}, 0x0)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/methods.go:193 +0x487
golang.org/x/tools/go/ssa.(*Program).needMethods(0xc019045e10, {0x162de90?, 0xc000e91350?}, 0x0)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/methods.go:233 +0x710
golang.org/x/tools/go/ssa.(*Program).needMethods(0xc019045e10, {0x162ddf0?, 0xc01c8c22e0?}, 0x0)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/methods.go:181 +0x1b4
golang.org/x/tools/go/ssa.(*Program).needMethods(0xc019045e10, {0x162ddc8?, 0xc0009da700?}, 0x0)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/methods.go:215 +0x565
golang.org/x/tools/go/ssa.(*Program).needMethodsOf(0xc019045e10, {0x162ddc8?, 0xc0009da700?})
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/methods.go:145 +0x70
golang.org/x/tools/go/ssa.(*Package).build(0xc01903f380)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:2281 +0x111
sync.(*Once).doSlow(0x0?, 0x0?)
        /usr/local/Cellar/go/1.19.1/libexec/src/sync/once.go:74 +0xc2
sync.(*Once).Do(...)
        /usr/local/Cellar/go/1.19.1/libexec/src/sync/once.go:65
golang.org/x/tools/go/ssa.(*Package).Build(...)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:2269
golang.org/x/tools/go/ssa.(*Program).Build.func1(0x0?)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:2253 +0x4c
created by golang.org/x/tools/go/ssa.(*Program).Build
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:2252 +0x19c

Activity

klauern
added
vulncheck or vulndbIssues for the x/vuln or x/vulndb repo
on Sep 10, 2022
gopherbot
added
x/vuln
on Sep 10, 2022
gopherbot
added this to the Unreleased milestone on Sep 10, 2022
seankhliao

seankhliao commented on Sep 10, 2022

@seankhliao
seankhliao
on Sep 10, 2022
Member

go version -m /path/to/govulncheck please?

klauern

klauern commented on Sep 10, 2022

@klauern
klauern
on Sep 10, 2022
Author
        path    golang.org/x/vuln/cmd/govulncheck
        mod     golang.org/x/vuln       v0.0.0-20220331201349-63200278c86a      h1:JMaGYGKpqcBrR0BJ/vCwedt3XaSrwgKS/jKxseWoy/o=
        dep     golang.org/x/mod        v0.6.0-dev.0.20211013180041-c96bc1413d57        h1:LQmS1nU0twXLA96Kt7U9qtHJEbBk3z6Q0V4UXjZkpr4=
        dep     golang.org/x/sys        v0.0.0-20211213223007-03aa0b5f6827      h1:A0Qkn7Z/n8zC1xd9LTw17AiKlBRK64tw3ejWQiEqca0=
        dep     golang.org/x/tools      v0.1.8  h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
        dep     golang.org/x/xerrors    v0.0.0-20200804184101-5ec99f83aff1      h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
        build   -compiler=gc
        build   CGO_ENABLED=1
        build   CGO_CFLAGS=
        build   CGO_CPPFLAGS=
        build   CGO_CXXFLAGS=
        build   CGO_LDFLAGS=
        build   GOARCH=amd64
        build   GOOS=darwin
        build   GOAMD64=v1
seankhliao

seankhliao commented on Sep 10, 2022

@seankhliao
seankhliao
on Sep 10, 2022 · edited by seankhliao
Member

That looks quite old, from ~5 months ago.
Please make sure to install a more up to date version.

klauern

klauern commented on Sep 10, 2022

@klauern
klauern
on Sep 10, 2022
Author

hm, ok, I cleaned the cache and reinstalled, now I get a different error:

at 13:30:26 ❯ go clean -cache -modcache -i -r

at 13:36:47 ❯ go install golang.org/x/vuln/cmd/govulncheck@latest
go: downloading golang.org/x/vuln v0.0.0-20220331201349-63200278c86a
go: downloading golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57
go: downloading golang.org/x/tools v0.1.8
go: downloading golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827
go: downloading golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1

 ❯ govulncheck ./...
panic: no concrete method: func (*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]).Add(x1 *math/big.Int, y1 *math/big.Int, x2 *math/big.Int, y2 *math/big.Int) (*math/big.Int, *math/big.Int)

goroutine 2482 [running]:
golang.org/x/tools/go/ssa.(*Program).declaredFunc(0xc01b1c12b0, 0xc006bccd20)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/methods.go:124 +0xf9
golang.org/x/tools/go/ssa.(*Program).addMethod(0x162ddf0?, 0xc019da4050, 0xc010eafb80)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/methods.go:86 +0x14a
golang.org/x/tools/go/ssa.(*Program).needMethods(0xc01b1c12b0, {0x162ddf0?, 0xc00bbb1d30?}, 0x0)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/methods.go:173 +0x787
golang.org/x/tools/go/ssa.(*Program).needMethodsOf(0xc01b1c12b0, {0x162ddf0?, 0xc00bbb1d30?})
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/methods.go:145 +0x70
golang.org/x/tools/go/ssa.emitConv(0xc01b8f3cc0, {0x1632868, 0xc00c4f3920}, {0x162ddc8?, 0xc00e664540})
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/emit.go:210 +0x405
golang.org/x/tools/go/ssa.emitStore(0x0?, {0x1631f68, 0xc00c4f38c0}, {0x1632868, 0xc00c4f3920}, 0x8c97a7)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/emit.go:261 +0x9b
golang.org/x/tools/go/ssa.(*address).store(0xc00f027ad0, 0xc01b8f3cc0?, {0x1632868?, 0xc00c4f3920?})
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/lvalue.go:41 +0x47
golang.org/x/tools/go/ssa.(*builder).assign(0xc01b83ab40?, 0x1631f20?, {0x1630510?, 0xc00f027ad0}, {0x162f730?, 0xc00e38f340?}, 0xb8?, 0x0)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:506 +0x4eb
golang.org/x/tools/go/ssa.(*builder).compLit(0xc01b8f3cc0?, 0xc01b8f3cc0, {0x1631740, 0xc00c4f3800}, 0xc0065b6940, 0x1, 0xc014143888)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:1182 +0x129b
golang.org/x/tools/go/ssa.(*builder).addr(0xc00f027a70?, 0xc01b8f3cc0, {0x162f4f0?, 0xc0065b6940}, 0x0)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:360 +0x1b1
golang.org/x/tools/go/ssa.(*builder).expr0(0x14d6540?, 0xc01b8f3cc0, {0x162f4f0?, 0xc0065b6940}, {0x7, {0x162de40, 0xc00bbb1c30}, {0x0, 0x0}})
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:787 +0x19df
golang.org/x/tools/go/ssa.(*builder).expr(0xc00f0279e0?, 0xc01b8f3cc0, {0x162f4f0?, 0xc0065b6940?})
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:530 +0x19f
golang.org/x/tools/go/ssa.(*builder).assign(0x14d6840?, 0xc01b6af1a0?, {0x1630890?, 0x19436a0}, {0x162f4f0?, 0xc0065b6940?}, 0x0?, 0x0)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:502 +0x3e5
golang.org/x/tools/go/ssa.(*Package).build(0xc01b83ab40)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:2331 +0xb45
sync.(*Once).doSlow(0xc017f35970?, 0xc017f58150?)
        /usr/local/Cellar/go/1.19.1/libexec/src/sync/once.go:74 +0xc2
sync.(*Once).Do(...)
        /usr/local/Cellar/go/1.19.1/libexec/src/sync/once.go:65
golang.org/x/tools/go/ssa.(*Package).Build(...)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:2269
golang.org/x/tools/go/ssa.(*Program).Build.func1(0x0?)
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:2253 +0x4c
created by golang.org/x/tools/go/ssa.(*Program).Build
        /Users/nklauer/go/pkg/mod/golang.org/x/tools@v0.1.8/go/ssa/builder.go:2252 +0x19c
klauern

klauern commented on Sep 10, 2022

@klauern
klauern
on Sep 10, 2022
Author

Is there another command I need to run to properly clean/purge whatever older libs I might have?

seankhliao

seankhliao commented on Sep 10, 2022

@seankhliao
seankhliao
on Sep 10, 2022 · edited by seankhliao
Member

That's still the same version, probably cached in your GOPROXY (you'll also want to rotate the credentials you leaked in the initial report).

klauern

klauern commented on Sep 10, 2022

@klauern
klauern
on Sep 10, 2022
Author

Thanks for the catch on that. I was able to get it to work by turning off the proxy var. Appreciate the help

klauern
closed this as completedon Sep 10, 2022
golang
locked and limited conversation to collaborators on Sep 10, 2023
gopherbot
added
FrozenDueToAge
on Sep 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgevulncheck or vulndbIssues for the x/vuln or x/vulndb repox/vuln

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @klauern@gopherbot@seankhliao

        Issue actions
          x/vuln: Panics regularly · Issue #54995 · golang/go