New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.NET 5 application on Linux fails to create CoreCLR, 0x80004005 #46462
Comments
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
cc @janvorli |
@Mgamerz is the error code printed in the |
I think you are right that the grsec is causing trouble here. From the strace.txt, I can see that the area that we are trying to change to Read+Write+Execute is inside libcoreclr.so and it was mapped as Read+Execute (from the strace.txt):
The mprotect address is in the range of the first mmap above. I believe it is this called by this code: runtime/src/coreclr/vm/threads.cpp Lines 1175 to 1176 in 8d7e074
This was tested with grsec in the past and it wasn't causing problems. I wonder if the pax tools could be missing on our build machines. That could result in the reported problem. We intentionally don't fail the build when the paxclt is missing to make the build possible on distros where paxtools are not present. @Mgamerz would you be able to try to run |
It does not appear that paxctl is installed on the system (or I cannot access the command - it just returns command not found).
I would ask the hosting provider, but they might ask a few questions they won't like the answer to. I doubt I'm supposed to be running .NET on their servers (they have resource limits, but I don't think this app would hit that resource limit as it's very quick to run). I doubt they would want me running anything beyond web pages without using their VPS tier which is significantly more $$$. The same HRESULT error message occurs on .NET Core 3.1.302 and 5.0.1. I just tested and it's also on 5.0.0. Let me know if there is more commands or investigative work I can do for you. |
Update: I downloaded the paxctl .deb file for Ubuntu 18.04, extracted it, then uploaded the binary onto my server. I ran that command, and now the program appears to work! It seems my webhost does not have paxctl on the system (or is purposely not visible to me). I will need to test a bit more to get it all worked out and setup (right now it just throws the missing parameter messages) but it seems like that fixes it. Hopefully the administrators don't ask why paxctl is now on the system (: |
Thank you for checking that! That seems to means that we are missing the paxctl on our build machines. |
Ah so paxctl patches the files? I haven't worked on hardened linux systems before, so even after reading, had little idea what it did. |
Yes, it sets some bits in the executable. See http://man.he.net/man1/paxctl |
I have a similar Issue, but not because of permissions.
After that even Shell does not start:
On CentOS 7 pwsh is a symlink ins /opt
This is towards the bottom of an strace, look for ENOSPC:
At that time there were 14k Entries in /tmp:
Mostly directories names as a5f5772f-2cd0-4e89-b861-89bea736bf54
After deleting them pwsh runs again. |
Unfortunately the same behaviour with LTS Version of PowerShell.
It was powershell-lts-7.0.6-1.rhel.7.x86_64 this time.
|
It seems this is likely a powershell issue rather than a .NET one. .NET does not create files like this. Can you please report this issue in the https://github.com/PowerShell/PowerShell repo? |
This issue has been automatically marked Please refer to our contribution guidelines for tips on what information might be required. |
This issue will now be closed since it had been marked |
Description
I'm running .NET 5 on a Linux host that I don't own (it's a shared environment). I know I'm not really supposed to do this... but here we are.
I downloaded the zip for .NET 5 for Linux, extracted it, and exported the DOTNET_ROOT and PATH variables for it. I can run
./dotnet
in the folder and the dotnet program runs, printing out information. It is installed at /home/username/net5.Trying to run a published .dll yields the following:
The same problem occurs when doing single-file mode.
To reproduce
I'm not sure how one could reproduce this without logging into the server instance, unfortunately. I have attached information I've seen others post in related closed issues below.
Configuration
Here's the output of
export
:Regression?
I tested .NET Core 3.1.302 and .NET 5.0.1. Both have same exact output. So I don't think it's a regression.
Other information
I ran an strace. It's really long, but I could not really interpret anything that failed in it.
Here's the last 70 lines. I've attached the whole thing as a file.
Full log:
strace.txt
The mprotect call at the end fails, and the grsec kernel page seems to talk about setting memory to read or execute. Could that be killing .NET startup? Another same topic from ages ago is listed here (dotnet/sdk#7204). On my server, it does not appear that it's using PaX (the paxctl commands did not resolve to anything - not sure though...)
The text was updated successfully, but these errors were encountered: