Commit 4534fdb1 authored by Russ Cox's avatar Russ Cox

runtime: fix panic stack during runtime.Goexit during panic

A runtime.Goexit during a panic-invoked deferred call
left the panic stack intact even though all the stack frames
are gone when the goroutine is torn down.
The next goroutine to reuse that struct will have a
bogus panic stack and can cause the traceback routines
to walk into garbage.

Most likely to happen during tests, because t.Fatal might
be called during a deferred func and uses runtime.Goexit.

This "not enough cleared in Goexit" failure mode has
happened to us multiple times now. Clear all the pointers
that don't make sense to keep, not just gp->panic.

Fixes #8158.

LGTM=iant, dvyukov
R=iant, dvyukov
CC=golang-codereviews
https://golang.org/cl/102220043
parent ac0e12d1
...@@ -1459,6 +1459,12 @@ goexit0(G *gp) ...@@ -1459,6 +1459,12 @@ goexit0(G *gp)
gp->m = nil; gp->m = nil;
gp->lockedm = nil; gp->lockedm = nil;
gp->paniconfault = 0; gp->paniconfault = 0;
gp->defer = nil; // should be true already but just in case.
gp->panic = nil; // non-nil for Goexit during panic. points at stack-allocated data.
gp->writenbuf = 0;
gp->writebuf = nil;
gp->waitreason = nil;
gp->param = nil;
m->curg = nil; m->curg = nil;
m->lockedg = nil; m->lockedg = nil;
if(m->locked & ~LockExternal) { if(m->locked & ~LockExternal) {
......
// run
// Copyright 2014 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package main
import (
"runtime"
"time"
)
func main() {
c := make(chan bool, 1)
go f1(c)
<-c
time.Sleep(10 * time.Millisecond)
go f2(c)
<-c
}
func f1(done chan bool) {
defer func() {
recover()
done <- true
runtime.Goexit() // left stack-allocated Panic struct on gp->panic stack
}()
panic("p")
}
func f2(done chan bool) {
defer func() {
recover()
done <- true
runtime.Goexit()
}()
time.Sleep(10 * time.Millisecond) // overwrote Panic struct with Timer struct
runtime.GC() // walked gp->panic list, found mangled Panic struct, crashed
panic("p")
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment