runtime: SIGSEGV crash at x64 linux alpine-net6 docker in NetSecurityNative_ImportPrincipalName

Description

My app crashes with SIGSEGV on net6.0-rc2. shortly after start without any stderr messages. Stack trace shows reason deep in native runtime code

Actual behavior

gdb trace

#0  0x00007f3ce7cbb3fc in NetSecurityNative_ImportPrincipalName () from /usr/share/dotnet/shared/Microsoft.NETCore.App/6.0.0-rc.2.21480.5/libSystem.Net.Security.Native.so
#1  0x00007f3e31d27b6a in ?? ()
#2  0x6376534c5153534d in ?? ()
#3  0x7665642d6c71732f in ?? ()
#4  0x3a7275746e6f6b2e in ?? ()
#5  0x0000000033333431 in ?? ()
#6  0xffffffffffffffff in ?? ()
#7  0x00007f3ea8caac7b in ?? () from /usr/share/dotnet/shared/Microsoft.NETCore.App/6.0.0-rc.2.21480.5/libcoreclr.so
#8  0x00007f3e31d27579 in ?? ()
#9  0x00007f3ceee31180 in ?? ()
#10 0x0000001ce7d2ac28 in ?? ()
#11 0x00007f3cee82b708 in ?? ()
#12 0x0000000000000000 in ?? ()

strace tail

open("/usr/share/dotnet/shared/Microsoft.NETCore.App/6.0.0-rc.2.21480.5/System.Net.Security.Native.so", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/app/runtimes/unix/lib/netcoreapp2.1/System.Net.Security.Native.so", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/System.Net.Security.Native.so", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/System.Net.Security.Native.so", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/usr/lib/System.Net.Security.Native.so", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/usr/share/dotnet/shared/Microsoft.NETCore.App/6.0.0-rc.2.21480.5/libSystem.Net.Security.Native.so", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 228
fcntl(228, F_SETFD, FD_CLOEXEC)         = 0
fstat(228, {st_mode=S_IFREG|0755, st_size=18480, ...}) = 0
read(228, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\20\0\0\0\0\0\0"..., 960) = 960
mmap(NULL, 24576, PROT_READ, MAP_PRIVATE, 228, 0) = 0x7f4461e88000
mmap(0x7f4461e89000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 228, 0x1000) = 0x7f4461e89000
mmap(0x7f4461e8b000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED, 228, 0x3000) = 0x7f4461e8b000
mmap(0x7f4461e8c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 228, 0x3000) = 0x7f4461e8c000
close(228)                              = 0
mprotect(0x7f4461e8c000, 4096, PROT_READ) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
rt_sigprocmask(SIG_UNBLOCK, [RT_3], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [RT_3], NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f4623717c8b}, NULL, 8) = 0
unlink("/tmp/clr-debug-pipe-155-5215008-in") = 0
unlink("/tmp/clr-debug-pipe-155-5215008-out") = 0
unlink("/tmp/dotnet-diagnostic-155-5215008-socket") = 0
rt_sigreturn({mask=[]})                 = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
+++ killed by SIGSEGV (core dumped) +++

Regression?

works on net5 alpline docker flawlessly

on win-x64 works fine with net5 or net6-rc2 runtime

Known Workarounds

No response

Configuration

dotnet --info

Host (useful for support):
  Version: 6.0.0-rc.2.21480.5
  Commit:  6b11d64e7e

.NET SDKs installed:
  No SDKs were found.

.NET runtimes installed:
  Microsoft.AspNetCore.App 6.0.0-rc.2.21480.10 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 6.0.0-rc.2.21480.5 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

Other information

No response

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 20
Comments: 29 (18 by maintainers)

Most upvoted comments

Note we’ve missed the cutoff for 6.0.1. The 6.0.2 patch won’t go out in Feb which is a long time away. So a fix like [1] in SqlClient might be ideal, even if temporary, as we can push that package separately.

cc @ajcvickers in case it is relevant to him.

danmoseley on Nov 30, 2021

Spent the day yesterday debugging the exact same issue, connecting to a Kerberos-enabled MSSQL server in a docker container, using Microsoft’s .NET 6.0 base image (mcr.microsoft.com/dotnet/sdk:6.0). We did find a workaround until the issue is resolved: making a Kerberised HTTP call prior to connecting to SQL Server fixes the issue:

// Make a dummy call to a Kerberos HTTP endpoint to initialise the Kerberos logic in SqlClient
var client = new HttpClient(new HttpClientHandler { UseDefaultCredentials = true });
await client.GetAsync("https://server1");

// Connect to the SQL Server as usual
const string connectionString = "Data Source=my_db_server;Integrated Security=True";
await using var connection = new SqlConnection(connectionString);
connection.Open();
...

nicodeslandes on Nov 12, 2021

FWIW, I’ve hit the same bug when attempting to authenticate with Kerberos to a MSSQL server. I’ve posted a simple reproduction here: https://gist.github.com/trexx/63bcb7e5a81fffce502a65c86bd77c55 Works when built against dotnet5.0. Switching to username and password auth bypasses the crash in dotnet6.0.

(lldb) disass -a $rip
libSystem.Net.Security.Native.so`NetSecurityNative_ImportPrincipalName:
    0x7ffff014b340 <+0>:   pushq  %rbp
    0x7ffff014b341 <+1>:   pushq  %r15
    0x7ffff014b343 <+3>:   pushq  %r14
    0x7ffff014b345 <+5>:   pushq  %r13
    0x7ffff014b347 <+7>:   pushq  %r12
    0x7ffff014b349 <+9>:   pushq  %rbx
    0x7ffff014b34a <+10>:  subq   $0x18, %rsp
    0x7ffff014b34e <+14>:  movq   %rcx, %r14
    0x7ffff014b351 <+17>:  movq   %rsi, %r12
    0x7ffff014b354 <+20>:  movq   %rdi, %r15
    0x7ffff014b357 <+23>:  movq   %fs:0x28, %rax
    0x7ffff014b360 <+32>:  movq   %rax, 0x10(%rsp)
    0x7ffff014b365 <+37>:  movl   %edx, %r13d
    0x7ffff014b368 <+40>:  movq   %rsi, %rdi
    0x7ffff014b36b <+43>:  movl   $0x2f, %esi
    0x7ffff014b370 <+48>:  movq   %r13, %rdx
    0x7ffff014b373 <+51>:  callq  0x7ffff014b050            ; symbol stub for: ___lldb_unnamed_symbol114
    0x7ffff014b378 <+56>:  testq  %rax, %rax
    0x7ffff014b37b <+59>:  je     0x7ffff014b3aa            ; <+106> at pal_gssapi.c
    0x7ffff014b37d <+61>:  movq   %rax, %rbp
    0x7ffff014b380 <+64>:  movq   %r13, %rdi
    0x7ffff014b383 <+67>:  callq  0x7ffff014b0a0            ; symbol stub for: ___lldb_unnamed_symbol119
    0x7ffff014b388 <+72>:  testq  %rax, %rax
    0x7ffff014b38b <+75>:  je     0x7ffff014b3fe            ; <+190> at pal_gssapi.c:275:24
    0x7ffff014b38d <+77>:  movq   %rax, %rbx
    0x7ffff014b390 <+80>:  movq   %rax, %rdi
    0x7ffff014b393 <+83>:  movq   %r12, %rsi
    0x7ffff014b396 <+86>:  movq   %r13, %rdx
    0x7ffff014b399 <+89>:  callq  0x7ffff014b080            ; symbol stub for: ___lldb_unnamed_symbol117
    0x7ffff014b39e <+94>:  subq   %r12, %rbp
    0x7ffff014b3a1 <+97>:  movb   $0x40, (%rbx,%rbp)
    0x7ffff014b3a5 <+101>: movq   %rbx, %r12
    0x7ffff014b3a8 <+104>: jmp    0x7ffff014b3ac            ; <+108> at pal_gssapi.c:280:33
    0x7ffff014b3aa <+106>: xorl   %ebx, %ebx
    0x7ffff014b3ac <+108>: movq   %r13, (%rsp)
    0x7ffff014b3b0 <+112>: movq   %r12, 0x8(%rsp)
    0x7ffff014b3b5 <+117>: movq   0x2cf4(%rip), %rax        ; GSS_C_NT_HOSTBASED_SERVICE_ptr
->  0x7ffff014b3bc <+124>: movq   (%rax), %rdx
    0x7ffff014b3bf <+127>: movq   %rsp, %rsi
    0x7ffff014b3c2 <+130>: movq   %r15, %rdi
    0x7ffff014b3c5 <+133>: movq   %r14, %rcx
    0x7ffff014b3c8 <+136>: callq  *0x2cd2(%rip)             ; gss_import_name_ptr
    0x7ffff014b3ce <+142>: movl   %eax, %ebp
    0x7ffff014b3d0 <+144>: testq  %rbx, %rbx
    0x7ffff014b3d3 <+147>: je     0x7ffff014b3dd            ; <+157> at pal_gssapi.c
    0x7ffff014b3d5 <+149>: movq   %rbx, %rdi
    0x7ffff014b3d8 <+152>: callq  0x7ffff014b030            ; symbol stub for: ___lldb_unnamed_symbol112
    0x7ffff014b3dd <+157>: movq   %fs:0x28, %rax
    0x7ffff014b3e6 <+166>: cmpq   0x10(%rsp), %rax
    0x7ffff014b3eb <+171>: jne    0x7ffff014b41a            ; <+218> at pal_gssapi.c
    0x7ffff014b3ed <+173>: movl   %ebp, %eax
    0x7ffff014b3ef <+175>: addq   $0x18, %rsp
    0x7ffff014b3f3 <+179>: popq   %rbx
    0x7ffff014b3f4 <+180>: popq   %r12
    0x7ffff014b3f6 <+182>: popq   %r13
    0x7ffff014b3f8 <+184>: popq   %r14
    0x7ffff014b3fa <+186>: popq   %r15
    0x7ffff014b3fc <+188>: popq   %rbp
    0x7ffff014b3fd <+189>: retq
    0x7ffff014b3fe <+190>: movl   $0x0, (%r15)
    0x7ffff014b405 <+197>: movl   $0x20000, %ebp            ; imm = 0x20000
    0x7ffff014b40a <+202>: movq   %fs:0x28, %rax
    0x7ffff014b413 <+211>: cmpq   0x10(%rsp), %rax
    0x7ffff014b418 <+216>: je     0x7ffff014b3ed            ; <+173> at pal_gssapi.c:289:1
    0x7ffff014b41a <+218>: callq  0x7ffff014b040            ; symbol stub for: ___lldb_unnamed_symbol113

 Version:   6.0.100
 Commit:    9e8b04bbff

Runtime Environment:
 OS Name:     ubuntu
 OS Version:  21.10
 OS Platform: Linux
 RID:         ubuntu.21.10-x64
 Base Path:   /usr/share/dotnet/sdk/6.0.100/

Host (useful for support):
  Version: 6.0.0
  Commit:  4822e3c3aa

.NET SDKs installed:
  5.0.403 [/usr/share/dotnet/sdk]
  6.0.100 [/usr/share/dotnet/sdk]

.NET runtimes installed:
  Microsoft.AspNetCore.App 5.0.12 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 6.0.0 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 5.0.12 [/usr/share/dotnet/shared/Microsoft.NETCore.App]
  Microsoft.NETCore.App 6.0.0 [/usr/share/dotnet/shared/Microsoft.NETCore.App]```

trexx on Nov 11, 2021

https://github.com/dotnet/runtime/commit/3a66ebf408fd403ff7a272afb2fdc00b1ad8114e is not in .NET 6.0 RC2 (will only be in 7.0)

On Unix, UTF-8 is the default for string marshalling, so it would have been marshalling as UTF-8 before the change too.

elinor-fung on Oct 28, 2021