Skip to content

"disallowed arm64 system call" crashes on Android API levels 26-30 #123014

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mhsmith opened this issue Aug 14, 2024 · 3 comments · Fixed by #124458
Closed

"disallowed arm64 system call" crashes on Android API levels 26-30 #123014

mhsmith opened this issue Aug 14, 2024 · 3 comments · Fixed by #124458
Assignees
@mhsmith
Labels
OS-android tests Tests in the Lib/test dir type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@mhsmith
Copy link
Member

mhsmith commented Aug 14, 2024
edited by bedevere-app bot
Loading

Crash report

What happened?

I've seen two versions of this crash. The first one mostly affects the asyncio tests, but also some others, e.g. test_type_params.

It happens both on an emulator (API levels 26-29) and a physical device (Nexus 5X, API level 27). It does not happen on API levels 25 or 30 (but see the other crash below), nor on 34, which is the version that will be used by the buildbot.

Here's a log from API level 29. All the other versions are similar, except that API level 26 and 27 say "disallowed arm64 system call 0" instead of 434.

18:33:56.889 python.stdout    I  test_check_thread (test.test_asyncio.test_base_events.BaseEventLoopTests.test_check_thread) ... 
18:33:56.932 python.stdout    I  ok
18:33:56.932 python.stdout    I  test_close (test.test_asyncio.test_base_events.BaseEventLoopTests.test_close) ... 
18:33:56.933 python.stdout    I  ok
18:33:56.933 python.stdout    I  test_create_named_task_with_custom_factory (test.test_asyncio.test_base_events.BaseEventLoopTests.test_create_named_task_with_custom_factory) ... 
18:33:56.934 libc             A  Fatal signal 31 (SIGSYS), code 1 (SYS_SECCOMP) in tid 6011 (.python.testbed), pid 6011 (.python.testbed)
18:33:56.954 crash_dump64     I  obtaining output fd from tombstoned, type: kDebuggerdTombstone
18:33:56.957 DEBUG            A  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
18:33:56.957 DEBUG            A  Build fingerprint: 'google/sdk_gphone64_arm64/emulator64_arm64:10/QSR1.211112.010/10744382:userdebug/dev-keys'
18:33:56.957 DEBUG            A  Revision: '0'
18:33:56.957 DEBUG            A  ABI: 'arm64'
18:33:56.958 DEBUG            A  Timestamp: 2024-08-14 18:33:56+0100
18:33:56.958 DEBUG            A  pid: 6011, tid: 6011, name: .python.testbed  >>> org.python.testbed <<<
18:33:56.958 DEBUG            A  uid: 10144
18:33:56.958 DEBUG            A  signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
18:33:56.958 DEBUG            A  Cause: seccomp prevented call to disallowed arm64 system call 434
18:33:56.958 DEBUG            A      x0  000000000000177b  x1  0000000000000000  x2  0000007fd13766c0  x3  0000007fd1376740
18:33:56.958 DEBUG            A      x4  0000000000000200  x5  0000007fd1376628  x6  0000007fd1376628  x7  0000000000000002
18:33:56.958 DEBUG            A      x8  00000000000001b2  x9  bf29487f6e1cf2c9  x10 0000007fd1376a58  x11 0000007e3b9c662c
18:33:56.958 DEBUG            A      x12 000000000000010b  x13 0000007e3b9c7f54  x14 0000000000000062  x15 0000000000000020
18:33:56.958 DEBUG            A      x16 0000007e3baea3c8  x17 0000007f27d44220  x18 0000000000000000  x19 0000007f2b950020
18:33:56.958 DEBUG            A      x20 0000007e3bb85fa8  x21 0000007e9e8616c0  x22 0000007e39411b70  x23 8000000000000002
18:33:56.958 DEBUG            A      x24 0000007e9e8616c0  x25 0000007e9e8616b0  x26 0000007e39411b70  x27 0000007e9e861648
18:33:56.958 DEBUG            A      x28 0000007e3bb85fa8  x29 0000007fd1376ab0
18:33:56.958 DEBUG            A      sp  0000007fd1376aa0  lr  0000007e3ba264ac  pc  0000007f27d44240
Backtrace 
18:33:57.041 DEBUG            A  
                                 backtrace:
18:33:57.041 DEBUG            A        #00 pc 000000000007f240  /apex/com.android.runtime/lib64/bionic/libc.so (syscall+32) (BuildId: c042ffb4e195c9462700c20f99189c2b)
18:33:57.041 DEBUG            A        #01 pc 000000000040c4a8  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #02 pc 0000000000293984  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #03 pc 0000000000240f34  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (PyObject_Vectorcall+92) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #04 pc 0000000000377ba0  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+16500) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #05 pc 000000000024056c  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #06 pc 00000000002415fc  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #07 pc 00000000002d7bc8  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #08 pc 00000000002c9f38  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #09 pc 0000000000240754  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyObject_MakeTpCall+296) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #10 pc 0000000000377ba0  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+16500) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #11 pc 0000000000243ca0  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #12 pc 000000000037a4b4  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+27016) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #13 pc 000000000024056c  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #14 pc 00000000002415fc  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #15 pc 00000000002d0b80  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #16 pc 0000000000240754  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyObject_MakeTpCall+296) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #17 pc 0000000000375c50  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+8484) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #18 pc 0000000000243ca0  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #19 pc 000000000037a4b4  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+27016) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #20 pc 000000000024056c  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #21 pc 00000000002415fc  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #22 pc 00000000002d0b80  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #23 pc 0000000000240754  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyObject_MakeTpCall+296) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #24 pc 0000000000377ba0  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+16500) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #25 pc 0000000000243ca0  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #26 pc 000000000037a4b4  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+27016) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #27 pc 000000000024056c  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #28 pc 00000000002415fc  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #29 pc 00000000002d0b80  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #30 pc 0000000000240754  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyObject_MakeTpCall+296) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #31 pc 0000000000377ba0  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+16500) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #32 pc 0000000000373838  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (PyEval_EvalCode+308) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #33 pc 000000000037073c  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #34 pc 000000000037a8e8  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+28092) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #35 pc 0000000000373838  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (PyEval_EvalCode+308) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #36 pc 000000000037073c  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #37 pc 0000000000293984  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #38 pc 0000000000240f34  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (PyObject_Vectorcall+92) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #39 pc 0000000000377ba0  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+16500) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #40 pc 0000000000401108  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #41 pc 0000000000400704  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (Py_RunMain+1544) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd)
18:33:57.041 DEBUG            A        #42 pc 00000000000012a8  /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libmain_activity.so (Java_org_python_testbed_PythonTestRunner_runPython+420) (BuildId: 35a3871328d919cad4212115b139c278b49fe120)

CPython versions tested on:

CPython main branch

Operating systems tested on:

Other

Output from running 'python -VV' on the command line:

CPython 3.14.0a0 (heads/android-test-script-dirty:ae3a460a043, Aug 12 2024, 22:45:13) [Clang 17.0.2 (https://android.googlesource.com/toolchain/llvm-project d9f89f4d1

Linked PRs
@mhsmith mhsmith added type-crash A hard crash of the interpreter, possibly with a core dump OS-android labels Aug 14, 2024
@mhsmith mhsmith self-assigned this Aug 14, 2024
@mhsmith mhsmith changed the title test_asyncio hard crash on Android API levels 26-29 "disallowed arm64 system call" crashes on Android API levels 26-30 Aug 14, 2024
@mhsmith
Copy link
Member Author

mhsmith commented Aug 14, 2024
edited
Loading

On API level 30, test_asyncio is fine, but test_signal crashes with a different system call number. API level 31 is fine.

18:01:03.824 python.stdout    I  test_sigwait_thread (test.test_signal.PendingSignalsTests.test_sigwait_thread) ... 
18:01:03.824 python.stdout    I  skipped 'requires subprocess support'
18:01:03.824 python.stdout    I  test_sigwaitinfo (test.test_signal.PendingSignalsTests.test_sigwaitinfo) ... 
18:01:03.824 python.stdout    I  skipped 'need signal.sigwaitinfo()'
18:01:03.824 python.stdout    I  test_pidfd_send_signal (test.test_signal.PidfdSignalTest.test_pidfd_send_signal) ... 
18:01:03.824 libc             A  Fatal signal 31 (SIGSYS), code 1 (SYS_SECCOMP) in tid 19400 (.python.testbed), pid 19400 (.python.testbed)
18:01:03.850 crash_dump64     I  obtaining output fd from tombstoned, type: kDebuggerdTombstone
18:01:03.859 DEBUG            A  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
18:01:03.859 DEBUG            A  Build fingerprint: 'google/sdk_gphone_arm64/emulator_arm64:11/RSR1.240422.006/12134477:userdebug/dev-keys'
18:01:03.859 DEBUG            A  Revision: '0'
18:01:03.859 DEBUG            A  ABI: 'arm64'
18:01:03.859 DEBUG            A  Timestamp: 2024-08-14 18:01:03+0100
18:01:03.859 DEBUG            A  pid: 19400, tid: 19400, name: .python.testbed  >>> org.python.testbed <<<
18:01:03.859 DEBUG            A  uid: 10166
18:01:03.859 DEBUG            A  signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
18:01:03.859 DEBUG            A  Cause: seccomp prevented call to disallowed arm64 system call 424

@picnixz picnixz added the tests Tests in the Lib/test dir label Aug 15, 2024
@vstinner
Copy link
Member

System call 434 on ARM64 is pidof_open(). This syscall is exposed as os.pidfd_open() on Python, and it's used by asyncio in _PidfdChildWatcher.

asyncio has a functional test to skip the function if it fails because of SECCOMP:

def can_use_pidfd():
    if not hasattr(os, 'pidfd_open'):
        return False
    try:
        pid = os.getpid()
        os.close(os.pidfd_open(pid, 0))
    except OSError:
        # blocked by security policy like SECCOMP
        return False
    return True

Sadly, it seems like Android policy is to kill the process, rather than failing with ENOSYS errno (or another error such as EPERM). Can you tune the Android policy to fail with an error raher than killing the process?

Or maybe can_use_pidfd() should install a signal handler for SIGSYS and catch the signal?

@mhsmith
Copy link
Member Author

mhsmith commented Sep 24, 2024
edited
Loading

Sadly, it seems like Android policy is to kill the process, rather than failing with ENOSYS errno

Yes, unfortunately they do that a lot, and we don't have any control over the policy. So the simplest solution would be to just disable the pidfd functions at build time on Android, as we've done with other blocked functions like chroot and setuid.

For future reference, system call number 424 in the second crash is pidfd_send_signal.

@bedevere-app bedevere-app bot mentioned this issue Sep 24, 2024
Merged
vstinner pushed a commit that referenced this issue Sep 25, 2024
@mhsmith
gh-123014: Disable pidfd API on older Android versions (#124458)
c58c572
mhsmith added a commit to mhsmith/cpython that referenced this issue Sep 25, 2024
@mhsmith
pythongh-123014: Disable pidfd API on older Android versions (python#…
7c4724f 
…124458)

(cherry picked from commit c58c572)
@bedevere-app bedevere-app bot mentioned this issue Sep 25, 2024
Merged
Yhg1s pushed a commit that referenced this issue Sep 26, 2024
@mhsmith
[3.13] gh-123014: Disable pidfd API on older Android versions (GH-124458
9f5b921 
) (#124543)

gh-123014: Disable pidfd API on older Android versions (#124458)

(cherry picked from commit c58c572)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mhsmith mhsmith

Labels
OS-android tests Tests in the Lib/test dir type-crash A hard crash of the interpreter, possibly with a core dump
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

gh-123014: Disable pidfd API on older Android versions mhsmith/cpython
3 participants
@mhsmith @vstinner @picnixz