runtime: finalizer call has wrong frame size

[cherrymui]

What version of Go are you using (go version)?

tip (bcb89fc)

Does this issue reproduce with the latest release?

Yes. Reproduce with Go 1.17 and tip, not with Go 1.16.

What operating system and processor architecture are you using (go env)?

darwin/amd64

What did you do?

package main

import "runtime"

var ch = make(chan int, 2)

func main() {
	x, y := new([4]int64), new([4]int64) // not tinyalloc'd
	runtime.SetFinalizer(x, F)
	runtime.SetFinalizer(y, F)

	runtime.GC()
	runtime.GC()
	<- ch
	<- ch // make sure it tries to run the second finalizer, therefore the first reflectcall must finish
}

func F(p interface{}) [4]int64 { // 32-byte on-stack result, use up space for call32
	forceSpill()
	ch <- 1
	x := p.(*[4]int64)
	return *x
}

//go:noinline
func forceSpill() {}

This program runs fine with Go 1.16, but crash with Go 1.17 and tip. It is due to finalizer call has wrong frame size on register-ABI platforms, which leads to memory corruption.

Fixed by CL https://go-review.googlesource.com/c/go/+/389574 .

Open an issue for Go 1.18.

[cherrymui]

@gopherbot please backport this to Go 1.17 release. Thanks.

[gopherbot]

Change https://go.dev/cl/388995 mentions this issue: [release-branch.go1.18] runtime: count spill slot for frame size at finalizer call

[gopherbot]

Backport issue(s) opened: #51458 (for 1.17).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

[gopherbot]

Change https://go.dev/cl/389794 mentions this issue: [release-branch.go1.17] runtime: count spill slot for frame size at finalizer call

[gopherbot]

Closed by merging ce427cf to release-branch.go1.18.