runtime: unexpected return pc in Android Sandbox #75839
Description
Hello everyone, I have encountered an issue where a Go program encountered an error while running in my sandbox. This is my mistake
09-17 15:14:15.034 E/Go (22603): runtime: unexpected return pc for internal/poll.runtime_pollWait called from 0x71601cf000
09-17 15:14:15.034 E/Go (22603): stack: frame={sp:0x400005a470, fp:0x400005a4a0} stack=[0x400005a000,0x400005a800)
09-17 15:14:15.034 E/Go (22603): 0x000000400005a370: 0x0000006bfb696758 <runtime.exitsyscallfast+0x0000000000000098> 0x0000000000000000
09-17 15:14:15.034 E/Go (22603): 0x000000400005a380: 0x00000040000a81a0 0x0000000000000000
09-17 15:14:15.034 E/Go (22603): 0x000000400005a390: 0x00000040000a81a0 0x000000400005a3e8
09-17 15:14:15.034 E/Go (22603): 0x000000400005a3a0: 0x0000006bfb6b8310 <runtime.exitsyscall+0x0000000000000110> 0x000000400003ca00
09-17 15:14:15.035 E/Go (22603): 0x000000400005a3b0: 0x0000006bfb66af60 <runtime.heapBits.forwardOrBoundary+0x0000000000000050> 0x000000400005a3f8
09-17 15:14:15.035 E/Go (22603): 0x000000400005a3c0: 0x00000040000a81a0 0x00000040000a81a0
09-17 15:14:15.035 E/Go (22603): 0x000000400005a3d0: 0x0000000300000002 0x000000400003ca00
09-17 15:14:15.035 E/Go (22603): 0x000000400005a3e0: 0x00000040000a81a0 0x000000400005a408
09-17 15:14:15.035 E/Go (22603): 0x000000400005a3f0: 0x0000006bfb687e94 <runtime.netpollcheckerr+0x0000000000000024> 0x000000400005a428
09-17 15:14:15.035 E/Go (22603): 0x000000400005a400: 0x0000006bfb68815c <runtime.netpollblock+0x00000000000000bc> 0x000000400005a428
09-17 15:14:15.036 E/Go (22603): 0x000000400005a410: 0x0000006bfb68813c <runtime.netpollblock+0x000000000000009c> 0x0000004000100000
09-17 15:14:15.036 E/Go (22603): 0x000000400005a420: 0x00000040000a81a0 0x000000400005a468
09-17 15:14:15.036 E/Go (22603): 0x000000400005a430: 0x0000006bfb6b7b38 <internal/poll.runtime_pollWait+0x0000000000000048> 0x0000006bfbbe8f20
09-17 15:14:15.036 E/Go (22603): 0x000000400005a440: 0x000000715fe2c760 0x0000004000051b02
09-17 15:14:15.036 E/Go (22603): 0x000000400005a450: 0x000000400005a4a0 0x00000070f16b3d74
09-17 15:14:15.036 E/Go (22603): 0x000000400005a460: 0x000000715fe2c760 0x000000400005a530
09-17 15:14:15.037 E/Go (22603): 0x000000400005a470: <0x00000071601cf000 0x000000400005a5e8
09-17 15:14:15.037 E/Go (22603): 0x000000400005a480: 0x000000400005cc00 0x0000000000000000
09-17 15:14:15.037 E/Go (22603): 0x000000400005a490: 0x00000070846e6a40 0x0000006bfb6baa30 <runtime.mstart+0x0000000000000000>
09-17 15:14:15.037 E/Go (22603): 0x000000400005a4a0: >0x000000400005b700 0x00000072223d484c
09-17 15:14:15.037 E/Go (22603): 0x000000400005a4b0: 0x000000000000001f 0x0000000000000001
09-17 15:14:15.037 E/Go (22603): 0x000000400005a4c0: 0x0000006bfb6be568 <runtime.rtsigprocmask+0x0000000000000018> 0xc00000b700000087
09-17 15:14:15.038 E/Go (22603): 0x000000400005a4d0: 0x0000000000000000 0x0000000000000000
09-17 15:14:15.038 E/Go (22603): 0x000000400005a4e0: 0x0000000000000000 0x0000000000000000
09-17 15:14:15.038 E/Go (22603): 0x000000400005a4f0: 0x0000000000000000 0x0000000000000000
09-17 15:14:15.038 E/Go (22603): 0x000000400005a500: 0x0000000000000000 0x0000000000000000
09-17 15:14:15.038 E/Go (22603): 0x000000400005a510: 0x0000000000000000 0x0000000000000000
09-17 15:14:15.038 E/Go (22603): 0x000000400005a520: 0x0000000000000000 0x0000000000000000
09-17 15:14:15.038 E/Go (22603): 0x000000400005a530: 0x0000000000000000 0x0000000000000000
09-17 15:14:15.038 E/Go (22603): 0x000000400005a540: 0x0000007209299000 0x0000004000000000
09-17 15:14:15.038 E/Go (22603): 0x000000400005a550: 0x0000000000008000 0xfffffffc3bba6a27
09-17 15:14:15.038 E/Go (22603): 0x000000400005a560: 0x0000006bfbf0ddb0 0x0000004000082198
09-17 15:14:15.038 E/Go (22603): 0x000000400005a570: 0x0000000000000000 0x0000000000000000
09-17 15:14:15.038 E/Go (22603): 0x000000400005a580: 0x0000006bfb7080c0 <internal/poll.(*FD).Read.func1+0x0000000000000000> 0x0000004000082180
09-17 15:14:15.038 E/Go (22603): 0x000000400005a590: 0x000000400005a580 0x000000400005a5c8
09-17 15:14:15.038 E/Go (22603): fatal error: unknown caller pc
09-17 15:14:15.040 E/Go (22603):
09-17 15:14:15.040 E/Go (22603): runtime stack:
09-17 15:14:15.041 E/Go (22603): runtime.throw({0x6bfb5e0d12?, 0x6bfbf1c200?})
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/panic.go:992 +0x50
09-17 15:14:15.041 E/Go (22603): runtime.gentraceback(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40000a81a0, 0x0, 0x0, 0x7fffffff, 0x707ff6f9b0, 0x707ff6f818?, 0x0)
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/traceback.go:258 +0x1424
09-17 15:14:15.041 E/Go (22603): runtime.scanstack(0x40000a81a0, 0x4000039238)
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/mgcmark.go:783 +0x150
09-17 15:14:15.041 E/Go (22603): runtime.markroot.func1()
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/mgcmark.go:241 +0xc4
09-17 15:14:15.041 E/Go (22603): runtime.markroot(0x4000039238, 0x1a, 0x1)
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/mgcmark.go:214 +0x1c4
09-17 15:14:15.041 E/Go (22603): runtime.gcDrain(0x4000039238, 0x7)
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/mgcmark.go:1047 +0x358
09-17 15:14:15.041 E/Go (22603): runtime.gcBgMarkWorker.func2()
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/mgc.go:1295 +0x6c
09-17 15:14:15.041 E/Go (22603): runtime.systemstack()
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/asm_arm64.s:241 +0x6c
09-17 15:14:15.041 E/Go (22603):
09-17 15:14:15.041 E/Go (22603): goroutine 52 [GC worker (idle)]:
09-17 15:14:15.041 E/Go (22603): runtime.systemstack_switch()
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/asm_arm64.s:198 +0x8 fp=0x4000114f40 sp=0x4000114f30 pc=0x6bfb6baac8
09-17 15:14:15.041 E/Go (22603): runtime.gcBgMarkWorker()
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/mgc.go:1263 +0x1c4 fp=0x4000114fd0 sp=0x4000114f40 pc=0x6bfb671e54
09-17 15:14:15.041 E/Go (22603): runtime.goexit()
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/asm_arm64.s:1270 +0x4 fp=0x4000114fd0 sp=0x4000114fd0 pc=0x6bfb6bd204
09-17 15:14:15.041 E/Go (22603): created by runtime.gcBgMarkStartWorkers
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/mgc.go:1131 +0x2c
09-17 15:14:15.041 E/Go (22603):
09-17 15:14:15.041 E/Go (22603): goroutine 17 [wait for GC cycle, locked to thread]:
09-17 15:14:15.041 E/Go (22603): runtime.GC()
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/mgc.go:445 +0x54
09-17 15:14:15.041 E/Go (22603): runtime/debug.freeOSMemory()
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/mheap.go:1549 +0x20
09-17 15:14:15.041 E/Go (22603): runtime/debug.FreeOSMemory()
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/debug/garbage.go:100 +0x20
09-17 15:14:15.041 E/Go (22603): github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon.DoGarbageCollection()
09-17 15:14:15.041 E/Go (22603): /go/src/github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/utils.go:186 +0x28
09-17 15:14:15.041 E/Go (22603): github.com/Psiphon-Labs/psiphon-tunnel-core/MobileLibrary/psi.Start({0x400019c000, 0xb1b}, {0x0, 0x0}, {0x0, 0x0}, {0x6bfbbf1d18, 0x40001a2000}, 0x0, 0x0, ...)
09-17 15:14:15.041 E/Go (22603): /go/src/github.com/Psiphon-Labs/psiphon-tunnel-core/MobileLibrary/psi/psi.go:130 +0xa0
09-17 15:14:15.041 E/Go (22603): main.proxypsi__Start({0x706aa33000, 0xb1b, {0x0, 0x0, 0x0, 0x0}}, {0x0, 0x0, {0x0, 0x0, ...}}, ...)
09-17 15:14:15.041 E/Go (22603): /tmp/gomobile-work-3513048598/src/gobind/go_psimain.go:373 +0x118
09-17 15:14:15.041 E/Go (22603):
09-17 15:14:15.041 E/Go (22603): goroutine 6 [IO wait (scan)]:
09-17 15:14:15.041 E/Go (22603): fatal error: unexpected signal during runtime execution
09-17 15:14:15.041 E/Go (22603): panic during panic
09-17 15:14:15.041 E/Go (22603): [signal SIGSEGV: segmentation violation code=0x1 addr=0x118 pc=0x6bfb6affdc]
09-17 15:14:15.041 E/Go (22603):
09-17 15:14:15.041 E/Go (22603): runtime stack:
09-17 15:14:15.041 E/Go (22603): runtime.throw({0x6bfb5f61da?, 0x6bfbf1c200?})
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/panic.go:992 +0x50
09-17 15:14:15.041 E/Go (22603): runtime.sigpanic()
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/signal_unix.go:802 +0x1d0
09-17 15:14:15.041 E/Go (22603): runtime.gentraceback(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40000a81a0, 0x0, 0x0, 0x64, 0x0, 0x27d64e3?, 0x0)
09-17 15:14:15.041 E/Go (22603): /usr/local/go/src/runtime/traceback.go:246 +0x54c
09-17 15:14:15.042 E/Go (22603): runtime.traceback1(0xffffffffffffffff, 0xffffffffffffffff, 0x0?, 0x40000a81a0, 0x0)
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/traceback.go:846 +0x158
09-17 15:14:15.042 E/Go (22603): runtime.traceback(0x40000a81a0?, 0x6bfb6b2900?, 0x707ff6f2b8?, 0x6bfb68fe90?)
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/traceback.go:793 +0x24
09-17 15:14:15.042 E/Go (22603): runtime.tracebackothers.func1(0x40000a81a0)
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/traceback.go:1062 +0xdc
09-17 15:14:15.042 E/Go (22603): runtime.forEachGRace(0x707ff6f338)
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/proc.go:590 +0x4c
09-17 15:14:15.042 E/Go (22603): runtime.tracebackothers(0x4000277040)
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/traceback.go:1048 +0xac
09-17 15:14:15.042 E/Go (22603): runtime.dopanic_m(0x4000277040, 0x6bfb68e124?, 0x1?)
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/panic.go:1192 +0x1f8
09-17 15:14:15.042 E/Go (22603): runtime.fatalthrow.func1()
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/panic.go:1047 +0x48
09-17 15:14:15.042 E/Go (22603): runtime.fatalthrow()
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/panic.go:1044 +0x40
09-17 15:14:15.042 E/Go (22603): runtime.throw({0x6bfb5e0d12?, 0x6bfbf1c200?})
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/panic.go:992 +0x50
09-17 15:14:15.042 E/Go (22603): runtime.gentraceback(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40000a81a0, 0x0, 0x0, 0x7fffffff, 0x707ff6f9b0, 0x707ff6f818?, 0x0)
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/traceback.go:258 +0x1424
09-17 15:14:15.042 E/Go (22603): runtime.scanstack(0x40000a81a0, 0x4000039238)
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/mgcmark.go:783 +0x150
09-17 15:14:15.042 E/Go (22603): runtime.markroot.func1()
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/mgcmark.go:241 +0xc4
09-17 15:14:15.042 E/Go (22603): runtime.markroot(0x4000039238, 0x1a, 0x1)
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/mgcmark.go:214 +0x1c4
09-17 15:14:15.042 E/Go (22603): runtime.gcDrain(0x4000039238, 0x7)
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/mgcmark.go:1047 +0x358
09-17 15:14:15.042 E/Go (22603): runtime.gcBgMarkWorker.func2()
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/mgc.go:1295 +0x6c
09-17 15:14:15.042 E/Go (22603): runtime.systemstack()
09-17 15:14:15.042 E/Go (22603): /usr/local/go/src/runtime/asm_arm64.s:241 +0x6c
As far as my environment is concerned, it is a sandbox application similar to a virtual application, which uses seccomp for all running applications but does not prevent normal operation. We intercepted all SIGSYS signals to prevent applications from obtaining seccomp signals. At the same time, we manually modified sp within SYS signal processing to avoid running on the user's stack,
Meanwhile, I tried some operations and when I set my seccomp signal listening function to run on the signal stack created by Go, the program worked properly
So, my current guess is that while executing my seccomp code, the system triggered some possible timing signal. Causing the program to interrupt in my code. At the same time, the signal listening function of Go traverses the sp of the interrupt program, but cannot scan the expected address of Go, resulting in an error. Is my guess correct?