x/tools/gopls: impossible SEGV in regexp/syntax.MatchRunePos

```
#!stacks
"sigpanic" && "MatchRunePos:+9"
```
Issue created by [stacks](https://pkg.go.dev/golang.org/x/tools/gopls/internal/telemetry/cmd/stacks).

Yet more corruption: either Inst.Rune is a corrupt slice (len + data are inconsistent), or SP is invalid, as there are only two instructions that can fail at this line:

```go
func (i *Inst) MatchRunePos(r rune) int {
	rune := i.Rune

	switch len(rune) {
	case 0:
		return noMatch

	case 1:
		// Special case: single-rune slice is from literal string, not char class.
		r0 := rune[0] <--------- panic here
		if r == r0 {
			return 0
		}
		if Flags(i.Arg)&FoldCase != 0 {
                         --- possible panic while spilling r0 here ---
			for r1 := unicode.SimpleFold(r0); r1 != r0; r1 = unicode.SimpleFold(r1) {
				if r == r1 {
					return 0
				}
			}
		}
```
```asm
TEXT regexp/syntax.(*Inst).MatchRunePos(SB) /Users/adonovan/w/goroot/src/regexp/syntax/prog.go
  prog.go:204           0x10030ef70             f9400b90                MOVD 16(R28), R16                               
  prog.go:204           0x10030ef74             eb3063ff                CMP R16, RSP                                    
  prog.go:204           0x10030ef78             54001109                BLS 136(PC)                                     
  prog.go:204           0x10030ef7c             f81d0ffe                MOVD.W R30, -48(RSP)                            
  prog.go:204           0x10030ef80             f81f83fd                MOVD R29, -8(RSP)                               
  prog.go:204           0x10030ef84             d10023fd                SUB $8, RSP, R29                                
  prog.go:205           0x10030ef88             a9410c02                LDP 16(R0), (R2, R3)             load Inst.Rune data and len
  prog.go:207           0x10030ef8c             f100087f                CMP $2, R3                       switch len               
  prog.go:226           0x10030ef90             5400018d                BLE 12(PC)                       B case01
  ...
case1:  
  prog.go:213           0x10030efcc             b9800042                MOVW (R2), R2             here??     load rune[0] after len check
  prog.go:214           0x10030efd0             6b02003f                CMPW R2, R1                                     
  prog.go:214           0x10030efd4             54000140                BEQ 10(PC)                                      
  prog.go:217           0x10030efd8             b9400803                MOVWU 8(R0), R3                                 
  prog.go:217           0x10030efdc             360003c3                TBZ $0, R3, 30(PC)                              
  prog.go:226           0x10030efe0             b90043e1                MOVW R1, 64(RSP)                                
  prog.go:213           0x10030efe4             b90027e2                MOVW R2, 36(RSP)          here??     spill r0
```

(The above is arm64 code but the corresponding amd64 instructions are essentially identical.)

This stack `CX-PMg` was [reported by telemetry](https://storage.googleapis.com/prod-telemetry-merged/2025-03-23.json):

- `crash/crash`
- [`runtime.throw:+9`](https://cs.opensource.google/go/go/+/go1.24.1:src/runtime/panic.go;l=1101)
- [`runtime.sigpanic:+33`](https://cs.opensource.google/go/go/+/go1.24.1:src/runtime/signal_unix.go;l=939)
- [`regexp/syntax.(*Inst).MatchRunePos:+9`](https://cs.opensource.google/go/go/+/go1.24.1:src/regexp/syntax/prog.go;l=213)
- [`regexp/syntax.(*Inst).MatchRune:=196`](https://cs.opensource.google/go/go/+/go1.24.1:src/regexp/syntax/prog.go;l=196)
- [`regexp.(*machine).step:+35`](https://cs.opensource.google/go/go/+/go1.24.1:src/regexp/exec.go;l=295)
- [`regexp.(*machine).match:+50`](https://cs.opensource.google/go/go/+/go1.24.1:src/regexp/exec.go;l=225)
- [`regexp.(*Regexp).doExecute:+21`](https://cs.opensource.google/go/go/+/go1.24.1:src/regexp/exec.go;l=542)
- [`regexp.(*Regexp).allMatches:+9`](https://cs.opensource.google/go/go/+/go1.24.1:src/regexp/regexp.go;l=778)
- [`regexp.(*Regexp).FindAllIndex:+5`](https://cs.opensource.google/go/go/+/go1.24.1:src/regexp/regexp.go;l=1100)
- [`golang.org/x/tools/gopls/internal/server.findLinksInString:+2`](https://cs.opensource.google/go/x/tools/+/gopls/v0.18.1:gopls/internal/server/link.go;l=220)
- [`golang.org/x/tools/gopls/internal/server.goLinks:+86`](https://cs.opensource.google/go/x/tools/+/gopls/v0.18.1:gopls/internal/server/link.go;l=197)
- [`golang.org/x/tools/gopls/internal/server.(*server).DocumentLink:+14`](https://cs.opensource.google/go/x/tools/+/gopls/v0.18.1:gopls/internal/server/link.go;l=45)
- [`golang.org/x/tools/gopls/internal/protocol.serverDispatch:+291`](https://cs.opensource.google/go/x/tools/+/gopls/v0.18.1:gopls/internal/protocol/tsserver.go;l=461)
- [`golang.org/x/tools/gopls/internal/lsprpc.(*streamServer).ServeStream.ServerHandler.func3:+5`](https://cs.opensource.google/go/x/tools/+/gopls/v0.18.1:gopls/internal/protocol/protocol.go;l=160)
- [`golang.org/x/tools/gopls/internal/lsprpc.(*streamServer).ServeStream.handshaker.func4:+52`](https://cs.opensource.google/go/x/tools/+/gopls/v0.18.1:gopls/internal/lsprpc/lsprpc.go;l=509)
- [`golang.org/x/tools/gopls/internal/protocol.Handlers.MustReplyHandler.func1:+2`](https://cs.opensource.google/go/x/tools/+/gopls/v0.18.1:internal/jsonrpc2/handler.go;l=35)
- [`golang.org/x/tools/gopls/internal/protocol.Handlers.AsyncHandler.func2.2:+3`](https://cs.opensource.google/go/x/tools/+/gopls/v0.18.1:internal/jsonrpc2/handler.go;l=104)
```
golang.org/x/tools/gopls@v0.18.1 go1.24.1 darwin/amd64 other (1)
```



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

x/tools/gopls: impossible SEGV in regexp/syntax.MatchRunePos #73090

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

x/tools/gopls: impossible SEGV in regexp/syntax.MatchRunePos #73090

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions