Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Seg Fault on Ubuntu 22 (using OpenSSL3); Does not exist on Ubuntu 20 (using OpenSSL 1.1) and Windows #74345

Closed
1 task done
RobbieLePommie opened this issue Aug 22, 2022 · 6 comments
Closed
1 task done

Seg Fault on Ubuntu 22 (using OpenSSL3); Does not exist on Ubuntu 20 (using OpenSSL 1.1) and Windows #74345

RobbieLePommie opened this issue Aug 22, 2022 · 6 comments
Labels
area-System.Security needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration
Milestone
Future

Comments

@RobbieLePommie
Copy link

RobbieLePommie commented Aug 22, 2022
edited by bartonjs

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

Summary:

Periodic (seemingly random) but frequent Segmentation Faults when running code on Ubuntu 22; code is fine on Ubuntu 20 and Windows.

Details:

After upgrading Ubuntu 22; dotnet application results in Segmentation Fault.

A trace shows this appears to come immediately after a socket send message (sendmsg) command with .NET ThreadPool[40301]: segfault at 10 ip 00007fefec22c6b0 sp 00007fefbf7f9f80 error 4 in libcrypto.so.3[7fefec11d000+25d000] in the logs. Note: there are multiple prior successful sendmsg commands; so may more may not be related.

Trace shows it could be related to MD5()

StackTrace:

#0  0x00007fff2c5786b0 in MD5_Update () from /lib/x86_64-linux-gnu/libcrypto.so.3
#1  0x00007fff81296fa4 in ?? ()
#2  0x00007ffee177f850 in ?? ()
#3  0x0061005000740075 in ?? ()
#4  0x000000000003e59b in ?? ()
#5  0x00007ffff7955f28 in ?? () from /usr/lib/dotnet/dotnet6-6.0.108/shared/Microsoft.NETCore.App/6.0.8/libcoreclr.so
#6  0x00007ffee1781c50 in ?? ()
#7  0x00007fff81c0dd58 in ?? ()
#8  0x00007fff81c0dd58 in ?? ()
#9  0x00007ffee177f850 in ?? ()
#10 0x00007fff81296fa4 in ?? ()
#11 0x00007ffee177f8f0 in ?? ()
#12 0x00007ffee177f8f0 in ?? ()
#13 0x00007fff81c0dd58 in ?? ()
#14 0x00007fff501de090 in ?? ()
#15 0x00007fff5185d760 in ?? ()
#16 0x00007fff00000001 in ?? ()
#17 0x00007fff501de038 in ?? ()
#18 0x0000000000000000 in ?? ()

Possible cause:

Similar bugs in other applications (e.g. FreeRADIUS/freeradius-server#4539) have been made because of an upgrade from OpenSSL1.1 to OpenSSL3 in Ubuntu 20 -> Ubuntu 22

Expected Behavior

No Seg Fault.

Steps To Reproduce

No response

Exceptions (if any)

No response

.NET Version

6.0.7 and 6.0.8

Anything else?

DotNet was in installed both through

First install:

dotnet --info

global.json file:
  Not found

Host:
  Version:      6.0.7
  Architecture: x64
  Commit:       0ec02c8c96

.NET SDKs installed:
  No SDKs were found.

.NET runtimes installed:
  Microsoft.AspNetCore.App 6.0.7 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 6.0.7 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

Download .NET:
  https://aka.ms/dotnet-download

Learn about .NET Runtimes and SDKs:
  https://aka.ms/dotnet/runtimes-sdk-info

(Also happens after upgrade to 6.0.8)
@dotnet-issue-labeler
Copy link

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

@ghost ghost added the untriaged New issue has not been triaged by the area owner label Aug 22, 2022
@javiercn javiercn transferred this issue from dotnet/aspnetcore Aug 22, 2022
@ghost
Copy link

ghost commented Aug 22, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

Summary:

Periodic (seemingly random) but frequent Segmentation Faults when running code on Ubuntu 22; code is fine on Ubuntu 20 and Windows.

Details:

After upgrading Ubuntu 22; dotnet application results in Segmentation Fault.

A trace shows this appears to come immediately after a socket send message (sendmsg) command with .NET ThreadPool[40301]: segfault at 10 ip 00007fefec22c6b0 sp 00007fefbf7f9f80 error 4 in libcrypto.so.3[7fefec11d000+25d000] in the logs. Note: there are multiple prior successful sendmsg commands; so may more may not be related.

Trace shows it could be related to MD5()

StackTrace:

#0 0x00007fff2c5786b0 in MD5_Update () from /lib/x86_64-linux-gnu/libcrypto.so.3
dotnet/aspnetcore#1 0x00007fff81296fa4 in ?? ()
dotnet/aspnetcore#2 0x00007ffee177f850 in ?? ()
dotnet/aspnetcore#3 0x0061005000740075 in ?? ()
dotnet/aspnetcore#4 0x000000000003e59b in ?? ()
dotnet/aspnetcore#5 0x00007ffff7955f28 in ?? () from /usr/lib/dotnet/dotnet6-6.0.108/shared/Microsoft.NETCore.App/6.0.8/libcoreclr.so
dotnet/aspnetcore#6 0x00007ffee1781c50 in ?? ()
dotnet/aspnetcore#7 0x00007fff81c0dd58 in ?? ()
dotnet/aspnetcore#8 0x00007fff81c0dd58 in ?? ()
dotnet/aspnetcore#9 0x00007ffee177f850 in ?? ()
dotnet/aspnetcore#10 0x00007fff81296fa4 in ?? ()
dotnet/aspnetcore#11 0x00007ffee177f8f0 in ?? ()
dotnet/aspnetcore#12 0x00007ffee177f8f0 in ?? ()
dotnet/aspnetcore#13 0x00007fff81c0dd58 in ?? ()
dotnet/aspnetcore#14 0x00007fff501de090 in ?? ()
dotnet/aspnetcore#15 0x00007fff5185d760 in ?? ()
dotnet/aspnetcore#16 0x00007fff00000001 in ?? ()
dotnet/aspnetcore#17 0x00007fff501de038 in ?? ()
dotnet/aspnetcore#18 0x0000000000000000 in ?? ()

Possible cause:

Similar bugs in other applications (e.g. FreeRADIUS/freeradius-server#4539) have been made because of an upgrade from OpenSSL1.1 to OpenSSL3 in Ubuntu 20 -> Ubuntu 22

Expected Behavior

No Seg Fault.

Steps To Reproduce

No response

Exceptions (if any)

No response

.NET Version

6.0.7 and 6.0.8

Anything else?

DotNet was in installed both through

First install:

dotnet --info

global.json file:
  Not found

Host:
  Version:      6.0.7
  Architecture: x64
  Commit:       0ec02c8c96

.NET SDKs installed:
  No SDKs were found.

.NET runtimes installed:
  Microsoft.AspNetCore.App 6.0.7 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 6.0.7 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

Download .NET:
  https://aka.ms/dotnet-download

Learn about .NET Runtimes and SDKs:
  https://aka.ms/dotnet/runtimes-sdk-info

(Also happens after upgrade to 6.0.8)

Author: RobbieLePommie
Assignees: -
Labels:

area-System.Security, untriaged
Milestone: -

@bartonjs
Copy link
Member

As far as I can tell, .NET never directly calls MD5_Update (our MD5 class would get there through EVP_DigestUpdate, which I would expect to be a resolved name in the callstack).

Is your application P/Invoking into OpenSSL directly, or possibly using a library that does?

Without a repro there's not going to be a lot we can do here.

@bartonjs bartonjs added the needs-author-action An issue or pull request that requires more info or actions from the author. label Aug 22, 2022
@ghost
Copy link

ghost commented Aug 22, 2022

This issue has been marked needs-author-action and may be missing some important information.

@ghost ghost removed the untriaged New issue has not been triaged by the area owner label Aug 22, 2022
@bartonjs bartonjs added this to the Future milestone Aug 22, 2022
@RobbieLePommie
Copy link
Author

I feared there would not be enough but thanks for reviewing.

There is no security stuff/ssl at all in the one library I'm using, which is why I reported to DotNet. No includes etc either. I'll ask/report there anyway in case I missed it.

Only functions are through System.Security.Cryptography (including CryptoStream, HMACMD5.ComputeHash(), MD5.ComputerHash(), AES.* etc).

Please close if nothing obvious, and if I ever can create a repro solution I'll update.

@ghost ghost added needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration and removed needs-author-action An issue or pull request that requires more info or actions from the author. labels Aug 22, 2022
@RobbieLePommie RobbieLePommie closed this as not planned Won't fix, can't repro, duplicate, stale Aug 22, 2022
@RobbieLePommie
Copy link
Author

@bartonjs To bring this to an end; eventually tracked down that I was using MD5 as if thread safe, but it is not thread safe. Replaced with a static System.Security.Cryptography.MD5.HashData() (static, so can only be used on the one thread) and problem appears to have gone. Pure fluke it was Ubuntu 22 and not other OSes.

This led to to the solution:


Exception thrown: 'System.TimeoutException' in System.Private.CoreLib.dll
Exception thrown: 'System.Net.Sockets.SocketException' in System.Net.Sockets.dll
Exception thrown: 'System.Net.Sockets.SocketException' in System.Net.Sockets.dll
An unhandled exception of type 'System.ArgumentNullException' occurred in System.Private.CoreLib.dll
SafeHandle cannot be null.

Thanks for responding.

@ghost ghost locked as resolved and limited conversation to collaborators Sep 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Security needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration
Projects
None yet
Milestone
Future
Development

No branches or pull requests
3 participants
@vcsjones @RobbieLePommie @bartonjs