fix(mac): don't SIGKILL Apple toolchain binaries under samply record#827
Open
not-matthias wants to merge 1 commit into
Open
fix(mac): don't SIGKILL Apple toolchain binaries under samply record#827not-matthias wants to merge 1 commit into
samply record#827not-matthias wants to merge 1 commit into
Conversation
samply injects DYLD_INSERT_LIBRARIES + SAMPLY_BOOTSTRAP_SERVER_NAME into the whole descendant tree. Each descendant that loads samply-mac-preload runs a dyld initializer that sends its mach task-self port to samply so it can be profiled. For an Apple *platform binary* (CS_PLATFORM_BINARY) the task-self port is immovable. Transferring an immovable port to another process raises a fatal EXC_GUARD / GUARD_TYPE_MACH_PORT (ILLEGAL_MOVE) and the kernel SIGKILLs the process — inside the preload's mach_msg, before main(). This is not specific to dsymutil: the entire Xcode toolchain is affected (clang, ld, nm, strip, lipo, dsymutil, ... all confirmed killed by signal 9; clang++, swift(c), ar, ranlib, otool, dwarfdump, objdump, llvm-* share the same CS_PLATFORM_BINARY + non-restricted property). dsymutil was just the binary the original report hit (Go's linker invokes it). Any compile/link step run under `samply record` breaks as soon as a build tool invokes a toolchain binary by absolute path (the norm); going through the restricted /usr/bin shims hides it because they strip DYLD_*. Symptom: "running dsymutil failed: signal: killed". Confirmed via the crash report (EXC_GUARD "ILLEGAL_MOVE on mach port 515", port 515 == mach_task_self()) and by probing csops(2): the only distinguishing bit between a killed platform binary and a surviving locally-built binary is CS_PLATFORM_BINARY. Fix: in the preload, detect platform binaries via csops(getpid(), CS_OPS_STATUS) and skip the task handoff for them. samply cannot profile a platform binary through this mechanism anyway (its task port is protected), so nothing is lost; the process runs normally instead of being killed. Descendant profiling of all normal binaries is unchanged. Includes a regression test (samply/tests/dsymutil_sigkill.rs). Preload rebuilt for x86_64/arm64/arm64e. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
not-matthias
force-pushed
the
cod-2762-samply-sigkills-dsymutil-upstream-pr
branch
from
4c4d29e to
e3f66c1
Compare
mstange
requested changes
Jun 16, 2026
mstange
left a comment
mstange
left a comment
Owner
There was a problem hiding this comment.
I'm actually surprised that DYLD_INSERT_LIBRARIES isn't blocked for dsymutil. Are there any other shipping macOS binaries that allow DYLD_INSERT_LIBRARIES but don't allow task port sending?
Do you know if the kernel code which triggers the SIGKILL is public? Maybe it contains hints for other detection mechanisms that don't require private APIs.
Comment on lines
+57
to
+64
| extern "C" { | ||
| fn csops( | ||
| pid: libc::pid_t, | ||
| ops: u32, | ||
| useraddr: *mut libc::c_void, | ||
| usersize: libc::size_t, | ||
| ) -> libc::c_int; | ||
| } |
Owner
There was a problem hiding this comment.
This seems to be a private API. Is this really the only way to detect this? I'd rather not rely on private APIs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ran into this when profiling Go binaries with
-ldflags=-s=false -w=falsewhich invokes dsymutils.