search

python / cpython

The Python programming language
https://www.python.org
Other
62.37k stars 29.95k forks source link

"disallowed arm64 system call" crashes on Android API levels 26-30 #123014

Open mhsmith opened 1 month ago

mhsmith commented 1 month ago

Crash report

What happened?

I've seen two versions of this crash. The first one mostly affects the asyncio tests, but also some others, e.g. test_type_params.

It happens both on an emulator (API levels 26-29) and a physical device (Nexus 5X, API level 27). It does not happen on API levels 25 or 30 (but see the other crash below), nor on 34, which is the version that will be used by the buildbot.

Here's a log from API level 29. All the other versions are similar, except that API level 26 and 27 say "disallowed arm64 system call 0" instead of 434.

18:33:56.889 python.stdout    I  test_check_thread (test.test_asyncio.test_base_events.BaseEventLoopTests.test_check_thread) ... 
18:33:56.932 python.stdout    I  ok
18:33:56.932 python.stdout    I  test_close (test.test_asyncio.test_base_events.BaseEventLoopTests.test_close) ... 
18:33:56.933 python.stdout    I  ok
18:33:56.933 python.stdout    I  test_create_named_task_with_custom_factory (test.test_asyncio.test_base_events.BaseEventLoopTests.test_create_named_task_with_custom_factory) ... 
18:33:56.934 libc             A  Fatal signal 31 (SIGSYS), code 1 (SYS_SECCOMP) in tid 6011 (.python.testbed), pid 6011 (.python.testbed)
18:33:56.954 crash_dump64     I  obtaining output fd from tombstoned, type: kDebuggerdTombstone
18:33:56.957 DEBUG            A  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
18:33:56.957 DEBUG            A  Build fingerprint: 'google/sdk_gphone64_arm64/emulator64_arm64:10/QSR1.211112.010/10744382:userdebug/dev-keys'
18:33:56.957 DEBUG            A  Revision: '0'
18:33:56.957 DEBUG            A  ABI: 'arm64'
18:33:56.958 DEBUG            A  Timestamp: 2024-08-14 18:33:56+0100
18:33:56.958 DEBUG            A  pid: 6011, tid: 6011, name: .python.testbed  >>> org.python.testbed <<<
18:33:56.958 DEBUG            A  uid: 10144
18:33:56.958 DEBUG            A  signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
18:33:56.958 DEBUG            A  Cause: seccomp prevented call to disallowed arm64 system call 434
18:33:56.958 DEBUG            A      x0  000000000000177b  x1  0000000000000000  x2  0000007fd13766c0  x3  0000007fd1376740
18:33:56.958 DEBUG            A      x4  0000000000000200  x5  0000007fd1376628  x6  0000007fd1376628  x7  0000000000000002
18:33:56.958 DEBUG            A      x8  00000000000001b2  x9  bf29487f6e1cf2c9  x10 0000007fd1376a58  x11 0000007e3b9c662c
18:33:56.958 DEBUG            A      x12 000000000000010b  x13 0000007e3b9c7f54  x14 0000000000000062  x15 0000000000000020
18:33:56.958 DEBUG            A      x16 0000007e3baea3c8  x17 0000007f27d44220  x18 0000000000000000  x19 0000007f2b950020
18:33:56.958 DEBUG            A      x20 0000007e3bb85fa8  x21 0000007e9e8616c0  x22 0000007e39411b70  x23 8000000000000002
18:33:56.958 DEBUG            A      x24 0000007e9e8616c0  x25 0000007e9e8616b0  x26 0000007e39411b70  x27 0000007e9e861648
18:33:56.958 DEBUG            A      x28 0000007e3bb85fa8  x29 0000007fd1376ab0
18:33:56.958 DEBUG            A      sp  0000007fd1376aa0  lr  0000007e3ba264ac  pc  0000007f27d44240
Backtrace ``` 18:33:57.041 DEBUG A backtrace: 18:33:57.041 DEBUG A #00 pc 000000000007f240 /apex/com.android.runtime/lib64/bionic/libc.so (syscall+32) (BuildId: c042ffb4e195c9462700c20f99189c2b) 18:33:57.041 DEBUG A #01 pc 000000000040c4a8 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #02 pc 0000000000293984 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #03 pc 0000000000240f34 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (PyObject_Vectorcall+92) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #04 pc 0000000000377ba0 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+16500) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #05 pc 000000000024056c /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #06 pc 00000000002415fc /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #07 pc 00000000002d7bc8 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #08 pc 00000000002c9f38 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #09 pc 0000000000240754 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyObject_MakeTpCall+296) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #10 pc 0000000000377ba0 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+16500) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #11 pc 0000000000243ca0 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #12 pc 000000000037a4b4 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+27016) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #13 pc 000000000024056c /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #14 pc 00000000002415fc /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #15 pc 00000000002d0b80 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #16 pc 0000000000240754 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyObject_MakeTpCall+296) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #17 pc 0000000000375c50 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+8484) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #18 pc 0000000000243ca0 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #19 pc 000000000037a4b4 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+27016) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #20 pc 000000000024056c /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #21 pc 00000000002415fc /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #22 pc 00000000002d0b80 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #23 pc 0000000000240754 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyObject_MakeTpCall+296) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #24 pc 0000000000377ba0 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+16500) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #25 pc 0000000000243ca0 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #26 pc 000000000037a4b4 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+27016) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #27 pc 000000000024056c /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #28 pc 00000000002415fc /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #29 pc 00000000002d0b80 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #30 pc 0000000000240754 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyObject_MakeTpCall+296) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #31 pc 0000000000377ba0 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+16500) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #32 pc 0000000000373838 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (PyEval_EvalCode+308) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #33 pc 000000000037073c /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #34 pc 000000000037a8e8 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+28092) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #35 pc 0000000000373838 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (PyEval_EvalCode+308) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #36 pc 000000000037073c /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #37 pc 0000000000293984 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #38 pc 0000000000240f34 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (PyObject_Vectorcall+92) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #39 pc 0000000000377ba0 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (_PyEval_EvalFrameDefault+16500) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #40 pc 0000000000401108 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #41 pc 0000000000400704 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libpython3.14.so (Py_RunMain+1544) (BuildId: 7a9e2cc5793608ec69a9b011e3d402888fdc63dd) 18:33:57.041 DEBUG A #42 pc 00000000000012a8 /data/app/org.python.testbed--6MoesW_JSB_WMIUJ8RxCg==/lib/arm64/libmain_activity.so (Java_org_python_testbed_PythonTestRunner_runPython+420) (BuildId: 35a3871328d919cad4212115b139c278b49fe120) ```

CPython versions tested on:

CPython main branch

Operating systems tested on:

Other

Output from running 'python -VV' on the command line:

CPython 3.14.0a0 (heads/android-test-script-dirty:ae3a460a043, Aug 12 2024, 22:45:13) [Clang 17.0.2 (https://android.googlesource.com/toolchain/llvm-project d9f89f4d1

mhsmith commented 1 month ago

On API level 30, test_asyncio is fine, but test_signal crashes with a different system call number. API level 31 is fine.

18:01:03.824 python.stdout    I  test_sigwait_thread (test.test_signal.PendingSignalsTests.test_sigwait_thread) ... 
18:01:03.824 python.stdout    I  skipped 'requires subprocess support'
18:01:03.824 python.stdout    I  test_sigwaitinfo (test.test_signal.PendingSignalsTests.test_sigwaitinfo) ... 
18:01:03.824 python.stdout    I  skipped 'need signal.sigwaitinfo()'
18:01:03.824 python.stdout    I  test_pidfd_send_signal (test.test_signal.PidfdSignalTest.test_pidfd_send_signal) ... 
18:01:03.824 libc             A  Fatal signal 31 (SIGSYS), code 1 (SYS_SECCOMP) in tid 19400 (.python.testbed), pid 19400 (.python.testbed)
18:01:03.850 crash_dump64     I  obtaining output fd from tombstoned, type: kDebuggerdTombstone
18:01:03.859 DEBUG            A  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
18:01:03.859 DEBUG            A  Build fingerprint: 'google/sdk_gphone_arm64/emulator_arm64:11/RSR1.240422.006/12134477:userdebug/dev-keys'
18:01:03.859 DEBUG            A  Revision: '0'
18:01:03.859 DEBUG            A  ABI: 'arm64'
18:01:03.859 DEBUG            A  Timestamp: 2024-08-14 18:01:03+0100
18:01:03.859 DEBUG            A  pid: 19400, tid: 19400, name: .python.testbed  >>> org.python.testbed <<<
18:01:03.859 DEBUG            A  uid: 10166
18:01:03.859 DEBUG            A  signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
18:01:03.859 DEBUG            A  Cause: seccomp prevented call to disallowed arm64 system call 424
vstinner commented 2 weeks ago

System call 434 on ARM64 is pidof_open(). This syscall is exposed as os.pidfd_open() on Python, and it's used by asyncio in _PidfdChildWatcher.

asyncio has a functional test to skip the function if it fails because of SECCOMP:

def can_use_pidfd():
    if not hasattr(os, 'pidfd_open'):
        return False
    try:
        pid = os.getpid()
        os.close(os.pidfd_open(pid, 0))
    except OSError:
        # blocked by security policy like SECCOMP
        return False
    return True

Sadly, it seems like Android policy is to kill the process, rather than failing with ENOSYS errno (or another error such as EPERM). Can you tune the Android policy to fail with an error raher than killing the process?

Or maybe can_use_pidfd() should install a signal handler for SIGSYS and catch the signal?