MacOS M1 can not run binary with go build, CODE SIGNING

[taoyq1988]

Go version

go version go1.21.4 darwin/arm64

Reproducibility

• Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

GO111MODULE=''
GOARCH='arm64'
GOBIN=''
GOCACHE='/Users/tt/Library/Caches/go-build'
GOENV='/Users/tt/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='arm64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/tt/workspace/code/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='darwin'
GOPATH='/Users/tt/workspace/code/go'
GOPRIVATE=''
GOPROXY='https://goproxy.cn,direct'
GOROOT='/Users/tt/workspace/tools/go'
GOSUMDB='off'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/Users/tt/workspace/tools/go/pkg/tool/darwin_arm64'
GOVCS=''
GOVERSION='go1.21.4'
GCCGO='gccgo'
AR='ar'
CC='clang'
CXX='clang++'
CGO_ENABLED='1'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/rq/424y01rs27982pm0_238_t180000gn/T/go-build2771029319=/tmp/go-build -gno-record-gcc-switches -fno-common'

What did you do?

go build to create binary, then program can not work by CODE SIGNING

but if I use go run xxx, this can work sucessfully.

What did you expect to see?

What did you see instead?

[seankhliao]

please show the sequence of commands you're running

[taoyq1988]

this is my sequence of commands:

go build -o xxx .
./xxx

then will get:

[1]    68085 killed     ./xxx

but if I use go run to run my program:

go run main.go

will work successfully:

2023/11/24 22:43:13 INFO Start app
2023/11/24 22:43:13 INFO Start http server port=8899
2023/11/24 22:43:13 INFO Secret secret=123456
...

In order to find problem, I use sudo dmesg | grep xxx to debug:
will get:

RX: 20 01 00 00 00 00 14 00 10 01 00 A2 00 00 0A 00AMFI: '/Users/tt/workspace/code/project/web3/chainface/xxx' has no CMS blob?
[461206.842074]: AMFI: '/Users/tt/workspace/code/project/web3/chainface/xxx': Unrecoverable CT signature issue, bailing out.
[461207.310723]: Sandbox: Mockitt Helper (GPU)(11446) deny(1) mach-lookup com.apple.audio.audiohaldSandbox: Microsoft Edge Helper (GPU)(22329) deny(1) mach-lookup com.apple.audio.audiohaldSandbox: Google Chrome Helper (GPU)(1468) deny(1) mach-lookup com.apple.audio.audiohaldWaking up reference: 1933Thread waiting on reference 1933 woke upevaluation result: 1933, allowed, cache,  1700837284, 8, /Users/tt/workspace/code/project/web3/chainface/xxxCODE SIGNING: cs_invalid_page(0x102f5c000): p=70443[xxx] final status 0x23020200, denying page sending SIGKILL
[461207.326867]: CODE SIGNING: process 70443[xxx]: rejecting invalid page at address 0x102f5c000 from offset 0x0 in file "/Users/tt/workspace/code/project/web3/chainface/xxx" (cs_mtime:1700837282.365474057 == mtime:1700837282.365474057) (signed:1 validated:1 tainted:1 nx:0 wpmapped:0 dirty:0 depth:0)
[461207.326904]: xxx[70443] Corpse allowed 2 of 5

@seankhliao @Nasfame

[taoyq1988]

@taoyq1988 share the out of 'go run . '

I have given out the out of the 'go run . ', it's same as command 'go run main.go' -- the logs output of my program:

2023/11/24 22:43:13 INFO Start app
2023/11/24 22:43:13 INFO Start http server port=8899
2023/11/24 22:43:13 INFO Secret secret=123456
...

@Nasfame

[taoyq1988]

My MacOS version is 14.1.1

[taoyq1988]

The go versions I have used on my computer are 1.18 and 1.20, and the most recent one I have used is 1.20.

For a simple hello world program, go 1.21 can compile and run go build normally. And I also discovered today that if I add -ldflags -w after go build, the previous program can also be run using go 1.21.

go build -ldflags -w -o xxx .
./xxx

@Nasfame

[seankhliao]

sounds like the solution is to use the latest release.
for future bug report, we'd appreciate if the reported versions in the initial report reflected those that had the issue.

[taoyq1988]

but I had said the version I used at first, the latest release version 1.21.4.

the latest release version still has this bug.

[taoyq1988]

go 1.20 has no problem, but go 1.21 has.

[sylr]

I'm having the same problem with binaries built with gotip.

$ gotip version
go version devel go1.22-f6509cf5 Thu Dec 21 00:15:58 2023 +0000 darwin/arm64
$ gotip build ./cmd/gotraceui
# honnef.co/go/gotraceui/cmd/gotraceui
ld: warning: ignoring duplicate libraries: '-lobjc'
$ ./gotraceui
[1]    46622 killed     ./gotraceui

As @taoyq1988 suggested, this works however:

gotip build -ldflags -w ./cmd/gotraceui

[sylr]

Here a crash report:

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Incident Identifier: B24BF945-E2FF-40F5-8CB0-8AC849FB6BB1
CrashReporter Key:   5B7B7B6C-9868-0FDA-A407-8AA6703D4834
Hardware Model:      Mac14,15
Process:             gotraceui [48433]
Path:                /Users/USER/*/gotraceui
Identifier:          gotraceui
Version:             ???
Code Type:           ARM-64 (Native)
Role:                Unspecified
Parent Process:      zsh [44587]
Coalition:           com.googlecode.iterm2 [3977]
Responsible Process: iTerm2 [5136]

Date/Time:           2023-12-21 17:38:48.7905 +0400
Launch Time:         2023-12-21 17:38:48.7890 +0400
OS Version:          macOS 14.2 (23C64)
Release Type:        User
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid))
Exception Subtype: UNKNOWN_0x32 at 0x000000010453c000
Exception Codes: 0x0000000000000032, 0x000000010453c000
VM Region Info: 0x10453c000 is in 0x10453c000-0x10496c000;  bytes after start: 0  bytes before end: 4390911
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  __TEXT                      10453c000-10496c000    [ 4288K] r-x/r-x SM=COW  
      __DATA_CONST                10496c000-104c88000    [ 3184K] rw-/rw- SM=COW  
Termination Reason: CODESIGNING 2 Invalid Page

Triggered by Thread:  0

Thread 0 Crashed:
0                                 	       0x1053fa204 dyld3::MachOFile::forEachLoadCommand(Diagnostics&, void (load_command const*, bool&) block_pointer) const + 52
1                                 	       0x1053fc2ac dyld3::MachOFile::forEachSupportedPlatform(void (dyld3::Platform, unsigned int, unsigned int) block_pointer) const + 160
2                                 	       0x1054522e4 dyld3::MachOFile::isBuiltForSimulator() const + 124
3                                 	       0x1053fdb88 start + 992


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x000000010453c000   x1: 0x000000016b8c30d8   x2: 0x000000016b8c3080   x3: 0x00000001053f9e45
    x4: 0x0000000000000070   x5: 0x0000000000000073   x6: 0x0000000000000000   x7: 0x0000000000000ce0
    x8: 0x000000016b8c30b8   x9: 0x00000001054935f8  x10: 0x000000010547b000  x11: 0x000000010548876f
   x12: 0x0000000000000065  x13: 0x0000000000000073  x14: 0x0000000000058a70  x15: 0x0000000000000000
   x16: 0x00000001053fc34c  x17: 0x6ae100016b8c3080  x18: 0x0000000000000000  x19: 0x000000016b8c30d8
   x20: 0x000000010453c000  x21: 0x000000016b8c3080  x22: 0x00000001053f8000  x23: 0x000000016b8c3238
   x24: 0x000000016b8c3210  x25: 0x0000000000000000  x26: 0x0000000000000000  x27: 0x0000000000000000
   x28: 0x0000000000000000   fp: 0x000000016b8c3070   lr: 0x704d0001053fc2ac
    sp: 0x000000016b8c2fe0   pc: 0x00000001053fa204 cpsr: 0x80001000
   far: 0x000000010453c000  esr: 0x92000007 (Data Abort) byte read Translation fault

Binary Images:
       0x1053f8000 -        0x10548ffff  (*) <324e4ad9-e01f-3183-b09f-3e20b326643a> ???
       0x10453c000 -        0x10496bfff  (*) <c997b1c5-ddd5-3528-ad7e-10651d0ec9a7> ???
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???

Error Formulating Crash Report:
dyld_process_snapshot_get_shared_cache failed

EOF

-----------
Full Report
-----------

{"app_name":"gotraceui","timestamp":"2023-12-21 17:38:48.00 +0400","app_version":"","slice_uuid":"c997b1c5-ddd5-3528-ad7e-10651d0ec9a7","build_version":"","platform":0,"share_with_app_devs":0,"is_first_party":1,"bug_type":"309","os_version":"macOS 14.2 (23C64)","roots_installed":0,"incident_id":"B24BF945-E2FF-40F5-8CB0-8AC849FB6BB1","name":"gotraceui"}
{
  "uptime" : 200000,
  "procRole" : "Unspecified",
  "version" : 2,
  "userID" : 503,
  "deployVersion" : 210,
  "modelCode" : "Mac14,15",
  "coalitionID" : 3977,
  "osVersion" : {
    "train" : "macOS 14.2",
    "build" : "23C64",
    "releaseType" : "User"
  },
  "captureTime" : "2023-12-21 17:38:48.7905 +0400",
  "codeSigningMonitor" : 1,
  "incident" : "B24BF945-E2FF-40F5-8CB0-8AC849FB6BB1",
  "pid" : 48433,
  "translated" : false,
  "cpuType" : "ARM-64",
  "roots_installed" : 0,
  "bug_type" : "309",
  "procLaunch" : "2023-12-21 17:38:48.7890 +0400",
  "procStartAbsTime" : 4988817264661,
  "procExitAbsTime" : 4988817296094,
  "procName" : "gotraceui",
  "procPath" : "\/Users\/USER\/*\/gotraceui",
  "parentProc" : "zsh",
  "parentPid" : 44587,
  "coalitionName" : "com.googlecode.iterm2",
  "crashReporterKey" : "5B7B7B6C-9868-0FDA-A407-8AA6703D4834",
  "responsiblePid" : 5136,
  "responsibleProc" : "iTerm2",
  "codeSigningID" : "a.out",
  "codeSigningTeamID" : "",
  "codeSigningFlags" : 587334144,
  "codeSigningValidationCategory" : 0,
  "codeSigningTrustLevel" : 4294967295,
  "instructionByteStream" : {"beforePC":"+mcFqfhfBqn2Vwep9E8Iqf17Can9QwKR9QMCqvMDAar0AwCq\/\/8AOQ==","atPC":"CABAuelZn1Kp3b9yHwEJa+AAAFTJWZ9Sqd2\/ch8BCWthAQBUiQOAUg=="},
  "wakeTime" : 3536,
  "sleepWakeUUID" : "75C5F419-185C-480B-B8DC-008304F56B5C",
  "sip" : "enabled",
  "vmRegionInfo" : "0x10453c000 is in 0x10453c000-0x10496c000;  bytes after start: 0  bytes before end: 4390911\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  __TEXT                      10453c000-10496c000    [ 4288K] r-x\/r-x SM=COW  \n      __DATA_CONST                10496c000-104c88000    [ 3184K] rw-\/rw- SM=COW  ",
  "exception" : {"codes":"0x0000000000000032, 0x000000010453c000","rawCodes":[50,4367564800],"type":"EXC_BAD_ACCESS","signal":"SIGKILL (Code Signature Invalid)","subtype":"UNKNOWN_0x32 at 0x000000010453c000"},
  "termination" : {"flags":0,"code":2,"namespace":"CODESIGNING","indicator":"Invalid Page"},
  "vmregioninfo" : "0x10453c000 is in 0x10453c000-0x10496c000;  bytes after start: 0  bytes before end: 4390911\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  __TEXT                      10453c000-10496c000    [ 4288K] r-x\/r-x SM=COW  \n      __DATA_CONST                10496c000-104c88000    [ 3184K] rw-\/rw- SM=COW  ",
  "extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":0,"thread_set_state":22,"task_for_pid":1},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":0},
  "faultingThread" : 0,
  "threads" : [{"triggered":true,"id":4302728,"threadState":{"x":[{"value":4367564800},{"value":6099316952},{"value":6099316864},{"value":4383022661},{"value":112},{"value":115},{"value":0},{"value":3296},{"value":6099316920},{"value":4383651320,"symbolLocation":0,"symbol":"__block_descriptor_tmp.61"},{"value":4383551488,"symbolLocation":20,"symbol":"objc_visitor::ProtocolList::getProtocolField(objc_visitor::Visitor const&, unsigned long long) const (.cold.2)"},{"value":4383606639},{"value":101},{"value":115},{"value":363120},{"value":0},{"value":4383032140,"symbolLocation":0,"symbol":"invocation function for block in dyld3::MachOFile::forEachSupportedPlatform(void (dyld3::Platform, unsigned int, unsigned int) block_pointer) const"},{"value":7701436843879575680},{"value":0},{"value":6099316952},{"value":4367564800},{"value":6099316864},{"value":4383014912},{"value":6099317304},{"value":6099317264},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":8092124109837681324},"cpsr":{"value":2147487744},"fp":{"value":6099316848},"sp":{"value":6099316704},"esr":{"value":2449473543,"description":"(Data Abort) byte read Translation fault"},"pc":{"value":4383023620,"matchesCrashFrame":1},"far":{"value":4367564800}},"frames":[{"imageOffset":8708,"symbol":"dyld3::MachOFile::forEachLoadCommand(Diagnostics&, void (load_command const*, bool&) block_pointer) const","symbolLocation":52,"imageIndex":0},{"imageOffset":17068,"symbol":"dyld3::MachOFile::forEachSupportedPlatform(void (dyld3::Platform, unsigned int, unsigned int) block_pointer) const","symbolLocation":160,"imageIndex":0},{"imageOffset":369380,"symbol":"dyld3::MachOFile::isBuiltForSimulator() const","symbolLocation":124,"imageIndex":0},{"imageOffset":23432,"symbol":"start","symbolLocation":992,"imageIndex":0}]}],
  "usedImages" : [
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 4383014912,
    "size" : 622592,
    "uuid" : "324e4ad9-e01f-3183-b09f-3e20b326643a",
    "name" : ""
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 4367564800,
    "size" : 4390912,
    "uuid" : "c997b1c5-ddd5-3528-ad7e-10651d0ec9a7",
    "name" : ""
  },
  {
    "size" : 0,
    "source" : "A",
    "base" : 0,
    "uuid" : "00000000-0000-0000-0000-000000000000"
  }
],
  "vmSummary" : "ReadOnly portion of Libraries: Total=6208K resident=0K(0%) swapped_out_or_unallocated=6208K(100%)\nWritable regions: Total=8608K written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=8608K(100%)\n\n                                VIRTUAL   REGION \nREGION TYPE                        SIZE    COUNT (non-coalesced) \n===========                     =======  ======= \nSTACK GUARD                       56.0M        1 \nStack                             8176K        1 \n__DATA                            2800K        3 \n__DATA_CONST                      3216K        2 \n__DATA_DIRTY                        16K        1 \n__LINKEDIT                        1312K        2 \n__TEXT                            4896K        2 \n===========                     =======  ======= \nTOTAL                             76.0M       12 \n",
  "legacyInfo" : {
  "threadTriggered" : {

  }
},
  "logWritingSignature" : "c0220cb8517cd988d5d7c092af1ecbaa30fa9d1b",
  "trialInfo" : {
  "rollouts" : [
    {
      "rolloutId" : "6410af69ed1e1e7ab93ed169",
      "factorPackIds" : {

      },
      "deploymentId" : 240000010
    },
    {
      "rolloutId" : "61675b89201f677a9a4cbd65",
      "factorPackIds" : {
        "HEALTH_FEATURE_AVAILABILITY" : "65287aa4be905e686a05f0a2"
      },
      "deploymentId" : 240000079
    }
  ],
  "experiments" : [

  ]
},
  "reportNotes" : [
  "dyld_process_snapshot_get_shared_cache failed"
]
}

[danp]

Can you please try:

rm gotraceui
gotip build ./cmd/gotraceui
./gotraceui

Sometimes the signing/blessing bits get confused, especially if a file has been replaced in-place. Such as what happened to me in #56599. Explicitly rm'ing it helps reset things. That could also explain why gotip run works.

[sylr]

Rm'ing or specifying a new name does not work:

$ gotip build -o a.out ./cmd/gotraceui
# honnef.co/go/gotraceui/cmd/gotraceui
ld: warning: ignoring duplicate libraries: '-lobjc'
$ ./a.out
[1]    2128 killed     ./a.out

[danp]

Thanks! Maybe related to #63997 (#63997 (comment))? Output from go env and echo $PATH may help.

[sylr]

So I bisected my PATH and the issue for me comes from /opt/homebrew/opt/llvm/bin being present.

[seankhliao]

sounds like it's a dup of #63997