Description
What version of Go are you using (go version)?
$ go version go version go1.11.4 linux/amd64
Does this issue reproduce with the latest release?
1.11.4 is currently the latest release
What operating system and processor architecture are you using (go env)?
go env Output
$ go env GOARCH="amd64" GOBIN="" GOCACHE="/home/parse/.cache/go-build" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOOS="linux" GOPATH="/home/parse/go" GOPROXY="" GORACE="" GOROOT="/usr/local/go" GOTMPDIR="" GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64" GCCGO="gccgo" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build285473962=/tmp/go-build -gno-record-gcc-switches"
What did you do?
This behavior was noted as part of much larger program that runs as a setuid (non-root) binary so can't be reproduced on play.golang.org. The program makes heavy use of runtime.LockOSThread and syscall.SYS_SETRESUID to drop privileges by setting r=e=suid=(original ruid). However, I'm getting occasional failures in calls that explicitly set raised privileges:
Error: Privileged setresuid(1) call failed for 'incoming message': 1; thread 1459 r/e/suid: 56486/56486/56486
This shows that thread 1459 was cloned from a fully drop-privileged thread.
What did you expect to see?
New worker threads not being cloned from threads locked with LockOSThread
What did you see instead?
Threads cloned from LockOSThread altered-threads that carried over state, in this case irrevocably dropped privileges