runtime: -msan / -asan stack corruption with CPU profiling and SetCgoTraceback context callback #71395
Labels
BugReport
Issues describing a possible bug in the Go implementation.
compiler/runtime
Issues related to the Go compiler and/or runtime.
NeedsFix
The path to resolution is known, but the work has not been done.
Milestone
msancall
andasancall
are used to call into the MSAN and ASAN C runtimes, respectively.These wrappers need to handle stack switching, similar to
asmcgocall
.If the caller is running on
g0
, then they just perform the call, otherwise they switch SP tog0.sched.sp
and then make the call. This is normally fine, but in a signal context we will be ongsignal
(notg0
!), but the code the signal interrupted may have been ong0
. By usingg0.sched.sp
, the MSAN/ASAN call will scribble all over the stack that the interrupted code is using.As far as I know, MSAN/ASAN calls are possible from signal context in only one case:
runtime.cgoContextPCs
containsmsanwrite
/asanwrite
calls.runtime.cgoContextPCs
is reachable from the SIGPROF signal handler:runtime.sigprof
->runtime.tracebackPCs
->runtime.(*unwinder).cgoCallers
->runtime.cgoContextPCs
.runtime.SetCgoTraceback
. Note that both thetraceback
andcontext
handlers must be registered. The latter is required becauseruntime.cgoContextPCs
only calls the traceback function ifgp.cgoCtxt
is active, which requires a context handler.https://go.dev/cl/643875 contains a reproducer. The allocator runs portions on the system stack, so with MSAN/ASAN plus profiling, we see crashes due to stack corruption in the allocator.
I haven't tested older versions, but this code hasn't changed in a while, so I suspect that 1.22 and 1.23 are also affected.
The text was updated successfully, but these errors were encountered: