x/mobile: seccomp prevented call to disallowed arm64 system call 434

[fat-fellow]

Go version

go version 1.22.9 darwin/arm64

Output of go env in your module/workspace:

GO111MODULE='on'
GOARCH='arm64'
GOBIN=''
GOCACHE='/Users/azaza/Library/Caches/go-build'
GOENV='/Users/azaza/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='arm64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/azaza/go/pkg/mod'
GONOPROXY='github.com/anyproto/*'
GONOSUMDB='github.com/anyproto/*'
GOOS='darwin'
GOPATH='/Users/azaza/go'
GOPRIVATE='github.com/anyproto/*'
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/opt/homebrew/Cellar/go@1.22/1.22.9/libexec'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='local'
GOTOOLDIR='/opt/homebrew/Cellar/go@1.22/1.22.9/libexec/pkg/tool/darwin_arm64'
GOVCS=''
GOVERSION='go1.22.9'
GCCGO='gccgo'
AR='ar'
CC='cc'
CXX='c++'
CGO_ENABLED='1'
GOMOD='/Users/azaza/anytype-heart/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/9v/ytsyk_250mg_q5dlkzlg_85c0000gn/T/go-build314952532=/tmp/go-build -gno-record-gcc-switches -fno-common'

What did you do?

I am attempting to build our project library for the Android team using Go 1.23.3. You can refer to revert of the changes here: Pull Request #1856.

What did you see happen?

I've noticed crashes when running on Android versions below 12. It seems this issue should be resolved here. https://github.com/golang/go/commit/9563300f6e262589ae25c71d778bfcd646d4a750

https://gpages.juszkiewicz.com.pl/syscalls-table/syscalls.html 434 - seems https://www.man7.org/linux/man-pages/man2/pidfd_open.2.html Android log

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2024-11-21 11:15:03.968 DEBUG                              Build fingerprint: 'google/sdk_gphone64_arm64/emulator64_arm64:10/QSR1.210802.001/7603624:user/release-keys'
2024-11-21 11:15:03.968 DEBUG                              Revision: '0'
2024-11-21 11:15:03.968 DEBUG                              ABI: 'arm64'
2024-11-21 11:15:03.968 DEBUG                              Timestamp: 2024-11-21 11:15:03+0100
2024-11-21 11:15:03.968 DEBUG                              pid: 2169, tid: 2234, name: ytype.app.debug  >>> io.anytype.app.debug <<<
2024-11-21 11:15:03.968 DEBUG                              uid: 10148
2024-11-21 11:15:03.968 DEBUG                              signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
2024-11-21 11:15:03.968 DEBUG                              Cause: seccomp prevented call to disallowed arm64 system call 434
2024-11-21 11:15:03.968 DEBUG                                  x0  0000000000000879  x1  0000000000000000  x2  0000000000000000  x3  0000000000000000
2024-11-21 11:15:03.968 DEBUG                                  x4  0000000000000000  x5  0000000000000000  x6  0000000000000000  x7  0000000000000002
2024-11-21 11:15:03.968 DEBUG                                  x8  00000000000001b2  x9  0000000000000002  x10 0000000000000000  x11 0000000000000000
2024-11-21 11:15:03.968 DEBUG                                  x12 0000000000000001  x13 0000000000000010  x14 0000000000000168  x15 0000000000000169
2024-11-21 11:15:03.968 DEBUG                                  x16 00000040006803a0  x17 000000400068f780  x18 0000007d958a4000  x19 0000000000000070
2024-11-21 11:15:03.968 DEBUG                                  x20 000000400068f960  x21 0000004000255980  x22 0000000000000001  x23 7a696d6974706f20
2024-11-21 11:15:03.968 DEBUG                                  x24 0000007d9a13cbe0  x25 ffffffffffffffff  x26 0000007d9a536478  x27 0000000000000000
2024-11-21 11:15:03.968 DEBUG                                  x28 00000040000021c0  x29 000000400068f608
2024-11-21 11:15:03.968 DEBUG                                  sp  000000400068f610  lr  0000007d97b5ea7c  pc  0000007d97b49b10
2024-11-21 11:15:03.969 DEBUG                              
                                                           backtrace:
2024-11-21 11:15:03.969 DEBUG                                    #00 pc 0000000001588b10  /data/app/io.anytype.app.debug-AmXN-qfNKsfLdIRgZoRbZw==/base.apk (offset 0x207c000)
2024-11-21 11:15:03.982 ConnectivityService                requestNetwork for uid/pid:10148/2169 NetworkRequest [ TRACK_DEFAULT id=160, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED Uid: 10148] ]
2024-11-21 11:15:03.983 WifiNetworkFactory                 got request NetworkRequest [ TRACK_DEFAULT id=160, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED Uid: 10148] ] with score 60 and serial -1
2024-11-21 11:15:03.983 UntrustedWifiNetworkFactory        got request NetworkRequest [ TRACK_DEFAULT id=160, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED Uid: 10148] ] with score 60 and serial -1
2024-11-21 11:15:03.983 PhoneSwitcherNetworkRequstListener got request NetworkRequest [ TRACK_DEFAULT id=160, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED Uid: 10148] ] with score 60 and serial -1
2024-11-21 11:15:04.176 /system/bin/tombstoned             Tombstone written to: /data/tombstones/tombstone_01

What did you expect to see?

When I use Go 1.22.9, everything works as expected (see the PR above). TL;DR: The fix for the incorrect syscall in Go 1.23.3 doesn't seem to work.

[gabyhelp]

Related Issues

• syscall: accept(2) syscall blocked on Android, use accept4(2) instead #45767 (closed)
• x/sys/cpu: Crash on android arm64 device in release build #36622 (closed)
• x/mobile: bind with go1.22.5,1.22.6 leads to: fatal error: runtime: stack split at bad time #68760
• x/mobile: seccomp filters os.Stat and print/println/panic on amd64 Android O #24403 (closed)
• x/mobile: gomobile apps crash inside runtime.usleep() on Android O beta #20409 (closed)
• os: os.checkPidfd() crashes with SIGSYS #69065 (closed)
• affected/package: #63512 (closed)
• x/mobile libc : SIGABRT crash on the Genymotion Android emulator #29249 (closed)
• fatal error: unexpected signal during runtime execution #49543 (closed)
• cmd/compile: syscall.Syscall15: nosplit stack over 792 byte limit #69813 (closed)

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[fat-fellow]

https://github.com/golang/go/issues/70495 It seems to be related.

[ianlancetaylor]

CC @kolyshkin

Is this being built with -buildmode=c-archive and linked into a C program? If so the problem may be that we have not installed a Go signal handler for SIGSYS.

[fat-fellow]

This is the build command we use in ci:

Run GOEXPERIMENT=rangefunc gomobile bind -tags "envproduction nogrpcserver gomobile nowatchdog nosigar nomutexdeadlockdetector timetzdata rasterizesvg" -ldflags "$FLAGS" -v -target=android -androidapi 26 -o lib.aar github.com/anyproto/anytype-heart/clientlibrary/service github.com/anyproto/anytype-heart/core || true
  GOEXPERIMENT=rangefunc gomobile bind -tags "envproduction nogrpcserver gomobile nowatchdog nosigar nomutexdeadlockdetector timetzdata rasterizesvg" -ldflags "$FLAGS" -v -target=android -androidapi [2](https://github.com/anyproto/anytype-heart/actions/runs/11962148864/job/33350207129#step:26:2)6 -o lib.aar github.com/anyproto/anytype-heart/clientlibrary/service github.com/anyproto/anytype-heart/core || true
  gtar --exclude ".*" -czvf android_lib_${VERSION}.tar.gz lib.aar protobuf json
  mv android_lib_${VERSION}.tar.gz .release/
  shell: /bin/bash -e {0}
  env:
    GOPATH: /Users/user1/go
    GOBIN: /Users/user1/go/bin
    FLAGS: -X github.com/anyproto/anytype-heart/util/vcs.GitSummary=v0.[3](https://github.com/anyproto/anytype-heart/actions/runs/11962148864/job/33350207129#step:26:3)7.2 -X github.com/anyproto/anytype-heart/metrics.DefaultInHouseKey=*** -X github.com/anyproto/anytype-heart/util/unsplash.DefaultToken=***
    VERSION: v0.3[7](https://github.com/anyproto/anytype-heart/actions/runs/11962148864/job/33350207129#step:26:7).3
    MAVEN_ARTIFACT_VERSION: v0.37.3
    GOPRIVATE: github.com/anyproto

This is the local one:

gomobile bind -tags "nogrpcserver gomobile nowatchdog nosigar timetzdata rasterizesvg" -ldflags "-X github.com/anyproto/anytype-heart/util/vcs.BuildDate=2024-11-21T22:19:33Z -X github.com/anyproto/anytype-heart/util/vcs.GitCommit=53d9aa592 -X github.com/anyproto/anytype-heart/util/vcs.GitBranch=github.com/anyproto/anytype-heart/util/vcs2 -X github.com/anyproto/anytype-heart/util/vcs.GitState=dirty -X github.com/anyproto/anytype-heart/util/vcs.GitSummary=v0.37.1-4-g53d9aa592"  -target=android -androidapi 26 -o lib.aar github.com/anyproto/anytype-heart/clientlibrary/service github.com/anyproto/anytype-heart/core

We've tested both ways. It doesn't work either

-buildmode=c-archive We have explicitly enabled this only for desktop builds.

These AAR-packaged native libraries are used later through JNI interaction in this android open-source project. We do not include them in any native library. https://github.com/anyproto/anytype-kotlin/blob/main/gradle/libs.versions.toml#L2