1
0
mirror of https://github.com/golang/go synced 2024-11-26 18:26:48 -07:00

runtime: fix panic stack during runtime.Goexit during panic

A runtime.Goexit during a panic-invoked deferred call
left the panic stack intact even though all the stack frames
are gone when the goroutine is torn down.
The next goroutine to reuse that struct will have a
bogus panic stack and can cause the traceback routines
to walk into garbage.

Most likely to happen during tests, because t.Fatal might
be called during a deferred func and uses runtime.Goexit.

This "not enough cleared in Goexit" failure mode has
happened to us multiple times now. Clear all the pointers
that don't make sense to keep, not just gp->panic.

Fixes #8158.

LGTM=iant, dvyukov
R=iant, dvyukov
CC=golang-codereviews
https://golang.org/cl/102220043
This commit is contained in:
Russ Cox 2014-06-06 16:52:14 -04:00
parent ac0e12d158
commit 4534fdb144
2 changed files with 47 additions and 0 deletions

View File

@ -1459,6 +1459,12 @@ goexit0(G *gp)
gp->m = nil;
gp->lockedm = nil;
gp->paniconfault = 0;
gp->defer = nil; // should be true already but just in case.
gp->panic = nil; // non-nil for Goexit during panic. points at stack-allocated data.
gp->writenbuf = 0;
gp->writebuf = nil;
gp->waitreason = nil;
gp->param = nil;
m->curg = nil;
m->lockedg = nil;
if(m->locked & ~LockExternal) {

View File

@ -0,0 +1,41 @@
// run
// Copyright 2014 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package main
import (
"runtime"
"time"
)
func main() {
c := make(chan bool, 1)
go f1(c)
<-c
time.Sleep(10 * time.Millisecond)
go f2(c)
<-c
}
func f1(done chan bool) {
defer func() {
recover()
done <- true
runtime.Goexit() // left stack-allocated Panic struct on gp->panic stack
}()
panic("p")
}
func f2(done chan bool) {
defer func() {
recover()
done <- true
runtime.Goexit()
}()
time.Sleep(10 * time.Millisecond) // overwrote Panic struct with Timer struct
runtime.GC() // walked gp->panic list, found mangled Panic struct, crashed
panic("p")
}