We've had several reports in the rclone forum of a crash which appears to be som…ething to do with cgofuse. I dismissed these as some random stuff up with Windows, but we've had 3 reports now which is more than the co-incidence level!
- https://forum.rclone.org/t/rclone-crash-when-uploding-file-to-onerdive/24732/3
- https://forum.rclone.org/t/uploading-via-rclone-crash/23841/2
- https://forum.rclone.org/t/rclone-crashes-during-upload/19544/6
These produced 3 very similar tracebacks
```
unexpected fault address 0xffffffffffffffff
fatal error: fault
[signal 0xc0000005 code=0x0 addr=0xffffffffffffffff pc=0x40350e]
goroutine 17 [running, locked to thread]:
runtime.throw(0x1df5fc3, 0x5)
runtime/panic.go:1117 +0x79 fp=0xc0007d7d08 sp=0xc0007d7cd8 pc=0x43d859
runtime.sigpanic()
runtime/signal_windows.go:245 +0x2d6 fp=0xc0007d7d60 sp=0xc0007d7d08 pc=0x453796
indexbytebody(0x500000000000501, 0xaff, 0x470300, 0xc00006c300, 0xaff, 0x0, 0x500000000000501, 0x500000000000501, 0xaff, 0xc0007d7e08, ...)
internal/bytealg/indexbyte_amd64.s:124 +0xce fp=0xc0007d7d68 sp=0xc0007d7d60 pc=0x40350e
runtime.findnull(0x500000000000501, 0xc0007d7e08)
runtime/string.go:438 +0x87 fp=0xc0007d7dc0 sp=0xc0007d7d68 pc=0x458d67
runtime.gostring(0x500000000000501, 0xc0000ea8c0, 0xc00008e058)
runtime/string.go:320 +0x36 fp=0xc0007d7e18 sp=0xc0007d7dc0 pc=0x471a56
github.com/billziss-gh/cgofuse/fuse._Cfunc_GoString(...)
_cgo_gotypes.go:320
github.com/billziss-gh/cgofuse/fuse.c_GoString(...)
github.com/billziss-gh/cgofuse@v1.5.0/fuse/host_cgo.go:708
github.com/billziss-gh/cgofuse/fuse.hostRelease(0x500000000000501, 0x2e86fc18, 0x0)
github.com/billziss-gh/cgofuse@v1.5.0/fuse/host.go:284 +0x94 fp=0xc0007d7e78 sp=0xc0007d7e18 pc=0x17293b4
github.com/billziss-gh/cgofuse/fuse.go_hostRelease(...)
github.com/billziss-gh/cgofuse@v1.5.0/fuse/host_cgo.go:926
_cgoexp_12ef5be0dd8c_go_hostRelease(0x2e86fb80)
_cgo_gotypes.go:768 +0x3e fp=0xc0007d7ea0 sp=0xc0007d7e78 pc=0x172f8fe
runtime.cgocallbackg1(0x172f8c0, 0x2e86fb80, 0x0)
runtime/cgocall.go:292 +0x19a fp=0xc0007d7f40 sp=0xc0007d7ea0 pc=0x40517a
runtime.cgocallbackg(0x172f8c0, 0x2e86fb80, 0x0)
runtime/cgocall.go:228 +0xfc fp=0xc0007d7fb8 sp=0xc0007d7f40 pc=0x404edc
runtime.cgocallback(0x0, 0x0, 0x0)
runtime/asm_amd64.s:788 +0xc0 fp=0xc0007d7fe0 sp=0xc0007d7fb8 pc=0x476180
runtime.goexit()
runtime/asm_amd64.s:1371 +0x1 fp=0xc0007d7fe8 sp=0xc0007d7fe0 pc=0x476461
```
```
unexpected fault address 0xffffffffffffffff
fatal error: fault
[signal 0xc0000005 code=0x0 addr=0xffffffffffffffff pc=0x40350e]
goroutine 147 [running, locked to thread]:
runtime.throw(0x1df5fc3, 0x5)
runtime/panic.go:1117 +0x79 fp=0xc00071dd08 sp=0xc00071dcd8 pc=0x43d859
runtime.sigpanic()
runtime/signal_windows.go:245 +0x2d6 fp=0xc00071dd60 sp=0xc00071dd08 pc=0x453796
indexbytebody(0x2f736569766f4d2f, 0x2d1, 0x470300, 0xc000645800, 0x2d1, 0x0, 0x2f736569766f4d2f, 0x2f736569766f4d2f, 0x2d1, 0xc00071de08, ...)
internal/bytealg/indexbyte_amd64.s:124 +0xce fp=0xc00071dd68 sp=0xc00071dd60 pc=0x40350e
runtime.findnull(0x2f736569766f4d2f, 0xc00071de08)
runtime/string.go:438 +0x87 fp=0xc00071ddc0 sp=0xc00071dd68 pc=0x458d67
runtime.gostring(0x2f736569766f4d2f, 0xc0003dba40, 0xc0000de058)
runtime/string.go:320 +0x36 fp=0xc00071de18 sp=0xc00071ddc0 pc=0x471a56
github.com/billziss-gh/cgofuse/fuse._Cfunc_GoString(...)
_cgo_gotypes.go:320
github.com/billziss-gh/cgofuse/fuse.c_GoString(...)
github.com/billziss-gh/cgofuse@v1.5.0/fuse/host_cgo.go:708
github.com/billziss-gh/cgofuse/fuse.hostRelease(0x2f736569766f4d2f, 0x2ec2fc18, 0x0)
github.com/billziss-gh/cgofuse@v1.5.0/fuse/host.go:284 +0x94 fp=0xc00071de78 sp=0xc00071de18 pc=0x17293b4
github.com/billziss-gh/cgofuse/fuse.go_hostRelease(...)
github.com/billziss-gh/cgofuse@v1.5.0/fuse/host_cgo.go:926
_cgoexp_12ef5be0dd8c_go_hostRelease(0x2ec2fb80)
_cgo_gotypes.go:768 +0x3e fp=0xc00071dea0 sp=0xc00071de78 pc=0x172f8fe
runtime.cgocallbackg1(0x172f8c0, 0x2ec2fb80, 0x0)
runtime/cgocall.go:292 +0x19a fp=0xc00071df40 sp=0xc00071dea0 pc=0x40517a
runtime.cgocallbackg(0x172f8c0, 0x2ec2fb80, 0x0)
runtime/cgocall.go:228 +0xfc fp=0xc00071dfb8 sp=0xc00071df40 pc=0x404edc
runtime.cgocallback(0x0, 0x0, 0x0)
runtime/asm_amd64.s:788 +0xc0 fp=0xc00071dfe0 sp=0xc00071dfb8 pc=0x476180
runtime.goexit()
runtime/asm_amd64.s:1371 +0x1 fp=0xc00071dfe8 sp=0xc00071dfe0 pc=0x476461
```
```
unexpected fault address 0xffffffffffffffff
fatal error: fault
[signal 0xc0000005 code=0x0 addr=0xffffffffffffffff pc=0x4c360e]
goroutine 66 [running, locked to thread]:
runtime.throw(0x1bd0b9e, 0x5)
runtime/panic.go:1116 +0x79 fp=0xc0003ffd20 sp=0xc0003ffcf0 pc=0x4fc259
runtime.sigpanic()
runtime/signal_windows.go:249 +0x24f fp=0xc0003ffd50 sp=0xc0003ffd20 pc=0x510f4f
indexbytebody(0x500000000000501, 0xaff, 0x52cf00, 0xc000085380, 0xaff, 0x0, 0x500000000000501, 0x500000000000501, 0xaff, 0xc0003ffdf8, ...)
internal/bytealg/indexbyte_amd64.s:124 +0xce fp=0xc0003ffd58 sp=0xc0003ffd50 pc=0x4c360e
runtime.findnull(0x500000000000501, 0xc0003ffdf8)
runtime/string.go:454 +0x87 fp=0xc0003ffdb0 sp=0xc0003ffd58 pc=0x516627
runtime.gostring(0x500000000000501, 0xc000185040, 0xeb627ffa10)
runtime/string.go:320 +0x36 fp=0xc0003ffe08 sp=0xc0003ffdb0 pc=0x52e616
github.com/billziss-gh/cgofuse/fuse._Cfunc_GoString(...)
_cgo_gotypes.go:322
github.com/billziss-gh/cgofuse/fuse.c_GoString(...)
github.com/billziss-gh/cgofuse@v1.4.0/fuse/host_cgo.go:686
github.com/billziss-gh/cgofuse/fuse.hostRelease(0x500000000000501, 0xeb627ffb40, 0x21000000000)
github.com/billziss-gh/cgofuse@v1.4.0/fuse/host.go:284 +0x94 fp=0xc0003ffe68 sp=0xc0003ffe08 pc=0x15d0c54
github.com/billziss-gh/cgofuse/fuse.go_hostRelease(...)
github.com/billziss-gh/cgofuse@v1.4.0/fuse/host_cgo.go:901
github.com/billziss-gh/cgofuse/fuse._cgoexpwrap_e4f666a8d790_go_hostRelease(0x500000000000501, 0xeb627ffb40, 0x0)
_cgo_gotypes.go:802 +0x3c fp=0xc0003ffe90 sp=0xc0003ffe68 pc=0x15d641c
runtime.call32(0x0, 0xeb627ff930, 0xeb627ffaa0, 0x18)
runtime/asm_amd64.s:540 +0x45 fp=0xc0003ffec0 sp=0xc0003ffe90 pc=0x5311e5
runtime.cgocallbackg1(0x0)
runtime/cgocall.go:332 +0x1b8 fp=0xc0003fff58 sp=0xc0003ffec0 pc=0x4c51b8
runtime.cgocallbackg(0x0)
runtime/cgocall.go:207 +0xe5 fp=0xc0003fffc0 sp=0xc0003fff58 pc=0x4c4f45
runtime.cgocallback_gofunc(0x0, 0x20, 0x2030001, 0x2030001)
runtime/asm_amd64.s:794 +0xb2 fp=0xc0003fffe0 sp=0xc0003fffc0 pc=0x532992
runtime.goexit()
runtime/asm_amd64.s:1374 +0x1 fp=0xc0003fffe8 sp=0xc0003fffe0 pc=0x532c61
```
The middle one of those reports has a mad pointer of 0x2f736569766f4d2f which decodes in ASCII as `/seivoM/` which is highly suggestive of a use after free.
The other two have the pointer 0x500000000000501 which could be valid but looks a little fishy too.
If you check the forum posts I linked above then you'll see a bit more analysis.
So I think this is probably a use after free due to handling of Go strings, but I'm not certain!
Any help much appreciated.