New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
runtime: panic message clobbered #30150
Labels
Milestone
Comments
Change https://golang.org/cl/161778 mentions this issue: |
Thank you for this report @cherrymui! I can confirm that CL https://go-review.googlesource.com/c/134156 introduced this bug. Kindly paging @randall77 as well as @aclements |
Change https://golang.org/cl/162358 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Feb 13, 2019
In runtime.gopanic, the _panic object p is stack allocated and referenced from gp._panic. With stack objects, p on stack is dead at the point preprintpanics runs. gp._panic points to p, but stack scan doesn't look at gp. Heap scan of gp does look at gp._panic, but it stops and ignores the pointer as it points to the stack. So whatever p points to may be collected and clobbered. We need to scan gp._panic explicitly during stack scan. To test it reliably, we introduce a GODEBUG mode "clobberfree", which clobbers the memory content when the GC frees an object. Fixes #30150. Change-Id: I11128298f03a89f817faa221421a9d332b41dced Reviewed-on: https://go-review.googlesource.com/c/161778 Run-TryBot: Cherry Zhang <cherryyz@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Austin Clements <austin@google.com> (cherry picked from commit af8f406) Reviewed-on: https://go-review.googlesource.com/c/162358 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Cherry Zhang <cherryyz@google.com>
nebulabox
pushed a commit
to nebulabox/go
that referenced
this issue
Feb 18, 2019
In runtime.gopanic, the _panic object p is stack allocated and referenced from gp._panic. With stack objects, p on stack is dead at the point preprintpanics runs. gp._panic points to p, but stack scan doesn't look at gp. Heap scan of gp does look at gp._panic, but it stops and ignores the pointer as it points to the stack. So whatever p points to may be collected and clobbered. We need to scan gp._panic explicitly during stack scan. To test it reliably, we introduce a GODEBUG mode "clobberfree", which clobbers the memory content when the GC frees an object. Fixes golang#30150. Change-Id: I11128298f03a89f817faa221421a9d332b41dced Reviewed-on: https://go-review.googlesource.com/c/161778 Run-TryBot: Cherry Zhang <cherryyz@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Austin Clements <austin@google.com>
nebulabox
pushed a commit
to nebulabox/go
that referenced
this issue
Feb 20, 2019
In runtime.gopanic, the _panic object p is stack allocated and referenced from gp._panic. With stack objects, p on stack is dead at the point preprintpanics runs. gp._panic points to p, but stack scan doesn't look at gp. Heap scan of gp does look at gp._panic, but it stops and ignores the pointer as it points to the stack. So whatever p points to may be collected and clobbered. We need to scan gp._panic explicitly during stack scan. To test it reliably, we introduce a GODEBUG mode "clobberfree", which clobbers the memory content when the GC frees an object. Fixes golang#30150. Change-Id: I11128298f03a89f817faa221421a9d332b41dced Reviewed-on: https://go-review.googlesource.com/c/161778 Run-TryBot: Cherry Zhang <cherryyz@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Austin Clements <austin@google.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
What version of Go are you using (
go version
)?tip (ca7c12d)
Does this issue reproduce with the latest release?
No, not with Go 1.11
What operating system and processor architecture are you using (
go env
)?linux/amd64
What did you do?
https://play.golang.org/p/HIJtff_t5Wh
What did you expect to see?
With Go 1.11, this program panics with
which looks correct to me.
What did you see instead?
With tip, this program panics with
The "YYY" panic message is clobbered.
In runtime.gopanic, the
_panic
structp
is stack allocated and referenced fromgp._panic
. With stack objects, the stack variablep
is dead at the point the panic message is printed (preprintpanics at https://go.googlesource.com/go/+/master/src/runtime/panic.go#563).gp._panic
points top
, but stack scan doesn't look atgp
. So whateverp
points to may be collected and clobbered. We need to keep it alive.Will send a CL soon.
The text was updated successfully, but these errors were encountered: