Segfault in minipal_resolve_dllimport

[andrewlock]

Description

#112565 Reported the below crash, which was fixed in #117523 for .NET 10 preview 7.

@AaronRobinsonMSFT asked that we verify the fix in #117523 works, before backporting to .NET 9.

We can confirm that we have been running with .NET 10 preview 7 in our CI for several weeks, and have seen no more cases of the crash, so it looks like it is resolved. I would have commented on the original issue, but that has now been locked

Original report:

We caught the following crash in our CI:

#0 __syscall_cp_asm () at src/thread/aarch64/syscall_cp.s:28
#1 0x0000ffffbd5d77ac in __syscall_cp_c (nr=260, u=<optimized out>, v=<optimized out>, w=<optimized out>, x=<optimized out>, y=<optimized out>, z=<optimized out>) at src/thread/pthread_cancel.c:33
#2 0x0000ffffbd5c2424 in waitpid (pid=<optimized out>, status=<optimized out>, options=<optimized out>) at src/process/waitpid.c:6
#3 0x0000ffffbd078b40 in PROCCreateCrashDump (argv=..., errorMessageBuffer=0x0, errorMessageBuffer@entry=0xffbf1b847870 "", cbErrorMessageBuffer=0, cbErrorMessageBuffer@entry=461666416, serialize=<optimized out>) at /__w/1/s/src/coreclr/pal/src/thread/process.cpp:2308
#4 0x0000ffffbd079e4c in PROCCreateCrashDumpIfEnabled (signal=<optimized out>, siginfo=<optimized out>, serialize=false) at /__w/1/s/src/coreclr/pal/src/thread/process.cpp:2524
#5 0x0000ffffbd04e358 in invoke_previous_action (action=0xffffbd159d48 <g_previous_sigsegv>, code=code@entry=11, siginfo=siginfo@entry=0xffbf1b847da0, context=context@entry=0xffbf1b847e20, signalRestarts=<optimized out>) at /__w/1/s/src/coreclr/pal/src/exception/signal.cpp:427
#6 0x0000ffffbd04d804 in sigsegv_handler (code=11, siginfo=0xffbf1b847da0, context=0xffbf1b847e20) at /__w/1/s/src/coreclr/pal/src/exception/signal.cpp:677
#7 <signal handler called>
#8 0x0000ffffbd5d4df8 in strcmp (l=0x0, r=0xffffbcb1baf4 "ArgIterator_Init") at src/string/strcmp.c:5
#9 0x0000ffffbcded04c in minipal_resolve_dllimport (tableLength=294, name=0x0, resolutionTable=<optimized out>) at /__w/1/s/src/native/minipal/entrypoints.h:25
#10 QCallResolveDllImport (name=0x0) at /__w/1/s/src/coreclr/vm/qcallentrypoints.cpp:452
#11 0x0000ffffbcd79280 in (anonymous namespace)::NDirectLink (pMD=pMD@entry=0xffffb5b90858) at /__w/1/s/src/coreclr/vm/dllimport.cpp:5518
#12 0x0000ffffbcd794cc in NDirectImportWorker (pMD=0xffffb5b90858) at /__w/1/s/src/coreclr/vm/dllimport.cpp:5913
#13 0x0000ffffbceea024 in NDirectImportThunk () at /__w/1/s/src/coreclr/vm/arm64/asmhelpers.S:142
#14 0x0000ffffb4dd52cc in ?? ()
#15 0xb5763ec00000ffbf in ?? ()

Managed callstack:

OS Thread Id: 0x36f6 (12)
Child SP IP Call Site
0000FFBF1B02F2A8 0000ffffbd5d6c8c [InlinedCallFrame: 0000ffbf1b02f2a8]
0000FFBF1B02F2A8 0000ffffb4dd52a4 [InlinedCallFrame: 0000ffbf1b02f2a8]
0000FFBF1B02F250 0000ffffb4dd52a4 System.Runtime.EH.DispatchEx(System.Runtime.StackFrameIterator ByRef, ExInfo ByRef) [/_/src/coreclr/nativeaot/Runtime.Base/src/System/Runtime/ExceptionHandling.cs @ 761]
0000FFBF1B02F3B0 0000ffffb4dd4c28 System.Runtime.EH.RhThrowEx(System.Object, ExInfo ByRef) [/_/src/coreclr/nativeaot/Runtime.Base/src/System/Runtime/ExceptionHandling.cs @ 645]
0000FFBF1B030D80 0000ffffbceeaa40 [HelperMethodFrame: 0000ffbf1b030d80]
0000FFBF1B030ED0 0000ffffb4cac7dc System.ThrowHelper.ThrowObjectDisposedException(System.Object) [/_/src/libraries/System.Private.CoreLib/src/System/ThrowHelper.cs @ 452]
0000FFBF1B030EF0 0000ffffb4c9319c System.ObjectDisposedException.ThrowIf(Boolean, System.Object) [/_/src/libraries/System.Private.CoreLib/src/System/ObjectDisposedException.cs @ 61]
0000FFBF1B030F00 0000ffffb7bda650 System.Net.Sockets.Socket.AcceptAsync(System.Net.Sockets.SocketAsyncEventArgs, System.Threading.CancellationToken) [/_/src/libraries/System.Net.Sockets/src/System/Net/Sockets/Socket.cs @ 2678]
0000FFBF1B030F40 0000ffffb7f9d174 System.Net.HttpEndPointListener.Accept(System.Net.Sockets.SocketAsyncEventArgs) [/_/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpEndPointListener.cs @ 89]
0000FFBF1B030F70 0000ffffb4d71660 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) [/_/src/libraries/System.Private.CoreLib/src/System/Threading/ExecutionContext.cs @ 179]
0000FFBF1B030FC0 0000ffffb7be90ec System.Net.Sockets.SocketAsyncEventArgs.AcceptCompletionCallback(IntPtr, System.Memory`1, System.Net.Sockets.SocketError) [/_/src/libraries/System.Net.Sockets/src/System/Net/Sockets/SocketAsyncEventArgs.Unix.cs @ 30]
0000FFBF1B031000 0000ffffb4d80224 System.Threading.ThreadPoolWorkQueue.Dispatch() [/_/src/libraries/System.Private.CoreLib/src/System/Threading/ThreadPoolWorkQueue.cs @ 1120]
0000FFBF1B031080 0000ffffb4d8c3b4 System.Threading.PortableThreadPool+WorkerThread.WorkerThreadStart() [/_/src/libraries/System.Private.CoreLib/src/System/Threading/PortableThreadPool.WorkerThread.cs @ 128]
0000FFBF1B0312F8 0000ffffbceeaa40 [DebuggerU2MCatchHandlerFrame: 0000ffbf1b0312f8]

We can see that NDirectLink is called with pMD=0xffffb5b90858, but in QCallResolveDllImport the name is empty, leading to the segfault.
I checked in the memory dump and the MethodDesc looks fine:

0:012> !dumpmd 0xffffb5b90858
Method Name: System.Runtime.ExceptionServices.InternalCalls.<RhpSfiNext>g____PInvoke|1_0(System.Runtime.StackFrameIterator*, UInt32*, Boolean*, Boolean*)
Class: 0000ffffb5b90958
MethodTable: 0000ffffb5b90958
mdToken: 0000000006007308
Module: 0000ffffb4a94000
IsJitted: no
Current CodeAddr: ffffffffffffffff
Version History:
ILCodeVersion: 0000000000000000
ReJIT ID: 0
IL Addr: 0000000000000000
CodeAddr: 0000000000000000 (Optimized)
NativeCodeVersion: 0000000000000000

Reproduction Steps

Not sure. The only sure thing is that the crash happened when throwing a managed exception.

Expected behavior

No crash

Actual behavior

Segfault

Regression?

No response

Known Workarounds

No response

Configuration

.NET 9.0.1
Alpine, ARM64

Other information

• At the time of the crash, another thread is jitting method:

Thread 19 (LWP 14076):
#0  LinearScan::RegisterSelection::try_REG_ORDER (this=0xffbf18d31498) at /__w/1/s/src/coreclr/jit/lsra.cpp:13017
#1  LinearScan::RegisterSelection::selectMinimal (this=0xffbf18d31498, currentInterval=0xffbf18b65f88, refPosition=0xffbf18b65fe8) at /__w/1/s/src/coreclr/jit/lsra.cpp:14005
#2  LinearScan::allocateRegMinimal (this=0xffbf18d2f648, currentInterval=0xffbf18b65f88, refPosition=0xffbf18b65fe8) at /__w/1/s/src/coreclr/jit/lsra.cpp:3022
#3  LinearScan::allocateRegistersMinimal (this=0xffbf18d2f648) at /__w/1/s/src/coreclr/jit/lsra.cpp:5437
#4  LinearScan::doLinearScan (this=0xffbf18d2f648) at /__w/1/s/src/coreclr/jit/lsra.cpp:1497
#5  0x0000ffbf1ca47a6c in Compiler::compCompile(void**, unsigned int*, JitFlags*)::$_4::operator()() const (this=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:5320
#6  ActionPhase<Compiler::compCompile(void**, unsigned int*, JitFlags*)::$_4>::DoPhase() (this=<optimized out>) at /__w/1/s/src/coreclr/jit/phase.h:69
#7  0x0000ffbf1ca7633c in Phase::Run (this=0xffbf19767070) at /__w/1/s/src/coreclr/jit/phase.cpp:61
#8  DoPhase<Compiler::compCompile(void**, unsigned int*, JitFlags*)::$_4>(Compiler*, Phases, Compiler::compCompile(void**, unsigned int*, JitFlags*)::$_4) (_compiler=0xffbf18bbce88, _phase=PHASE_LINEAR_SCAN, _action=...) at /__w/1/s/src/coreclr/jit/phase.h:83
#9  Compiler::compCompile (this=0xffbf18bbce88, methodCodePtr=0xffbf19768108, methodCodeSize=0xffbf1976827c, compileFlags=0xffbf19768130) at /__w/1/s/src/coreclr/jit/compiler.cpp:5322
#10 Compiler::compCompileHelper (this=0xffbf18bbce88, classPtr=<optimized out>, methodInfo=<optimized out>, methodCodePtr=0xffbf19768108, methodCodeSize=0xffbf1976827c, compileFlags=0xffbf19768130, compHnd=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:7396
#11 Compiler::compCompile(CORINFO_MODULE_STRUCT_*, void**, unsigned int*, JitFlags*)::$_0::operator()(Compiler::compCompile(CORINFO_MODULE_STRUCT_*, void**, unsigned int*, JitFlags*)::__JITParam*) const (this=<optimized out>, __JITpParam=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:6533
#12 Compiler::compCompile (this=0xffbf18bbce88, classPtr=<optimized out>, methodCodePtr=0xffbf19768108, methodCodeSize=0xffbf1976827c, compileFlags=0xffbf19768130) at /__w/1/s/src/coreclr/jit/compiler.cpp:6552
#13 jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_0::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const::{lambda(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_0::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const::__JITParam*)#1}::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_0::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const::__JITParam*) const (this=<optimized out>, __JITpParam=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:8036
#14 jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_0::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const (this=<optimized out>, __JITpParam=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:8060
#15 jitNativeCode (methodHnd=0xffffb86520b0, classPtr=0xffffb6063fa8, compHnd=<optimized out>, methodInfo=<optimized out>, methodCodePtr=<optimized out>, methodCodeSize=<optimized out>, compileFlags=<optimized out>, inlineInfoPtr=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:8062
#16 0x0000ffbf1ca73bf4 in CILJit::compileMethod (this=<optimized out>, compHnd=0xffbf19768460, methodInfo=0xffbf197682c0, flags=<optimized out>, entryAddress=0xffbf19768280, nativeSizeOfCode=0xffbf18d30dd8) at /__w/1/s/src/coreclr/jit/ee_il_dll.cpp:291
#17 0x0000ffffbccbec94 in invokeCompileMethodHelper (jitMgr=0xffffb472cdb0, comp=0xffbf19768460, info=0xffbf197682c0, jitFlags=..., nativeEntry=<optimized out>, nativeSizeOfCode=<optimized out>) at /__w/1/s/src/coreclr/vm/jitinterface.cpp:12464
#18 0x0000ffffbccbee34 in invokeCompileMethod (jitMgr=0x1, jitMgr@entry=0xffffb472cdb0, comp=0xffbf18d2f648, comp@entry=0xffbf19768460, info=0x0, info@entry=0xffbf197682c0, jitFlags=..., nativeEntry=0xffbf18b67448, nativeEntry@entry=0xffbf19768280, nativeSizeOfCode=0xffbf18d30dd8, nativeSizeOfCode@entry=0xffbf1976827c) at /__w/1/s/src/coreclr/vm/jitinterface.cpp:12527
#19 0x0000ffffbccbf7f0 in UnsafeJitFunction (config=config@entry=0xffbf19768a40, ILHeader=ILHeader@entry=0xffbf19768798, pJitFlags=pJitFlags@entry=0xffbf19768680, pSizeOfCode=pSizeOfCode@entry=0xffbf197687d4) at /__w/1/s/src/coreclr/vm/jitinterface.cpp:12971
#20 0x0000ffffbccf7730 in MethodDesc::JitCompileCodeLocked (this=this@entry=0xffffb86520b0, pConfig=pConfig@entry=0xffbf19768a40, pilHeader=pilHeader@entry=0xffbf19768798, pEntry=pEntry@entry=0xffbf18ff5000, pSizeOfCode=pSizeOfCode@entry=0xffbf197687d4) at /__w/1/s/src/coreclr/vm/prestub.cpp:937
#21 0x0000ffffbccf711c in MethodDesc::JitCompileCodeLockedEventWrapper (this=this@entry=0xffffb86520b0, pConfig=pConfig@entry=0xffbf19768a40, pEntry=pEntry@entry=0xffbf18ff5000) at /__w/1/s/src/coreclr/vm/prestub.cpp:818
#22 0x0000ffffbccf67c4 in MethodDesc::JitCompileCode (this=this@entry=0xffffb86520b0, pConfig=pConfig@entry=0xffbf19768a40) at /__w/1/s/src/coreclr/vm/prestub.cpp:705
#23 0x0000ffffbccf6320 in MethodDesc::PrepareILBasedCode (this=0xffffb86520b0, pConfig=0xffbf19768a40) at /__w/1/s/src/coreclr/vm/prestub.cpp:431
#24 0x0000ffffbcc6d3c4 in CodeVersionManager::PublishVersionableCodeIfNecessary (this=0xffffb47249b4, pMethodDesc=0xffffb86520b0, callerGCMode=CallerGCMode::Coop, doBackpatchRef=0xffbf19768b30, doFullBackpatchRef=<optimized out>) at /__w/1/s/src/coreclr/vm/codeversion.cpp:1747
#25 0x0000ffffbccfac58 in MethodDesc::DoPrestub (this=this@entry=0xffffb86520b0, pDispatchingMT=pDispatchingMT@entry=0x0, callerGCMode=callerGCMode@entry=CallerGCMode::Coop) at /__w/1/s/src/coreclr/vm/prestub.cpp:2869
#26 0x0000ffffbccfa798 in PreStubWorker (pTransitionBlock=<optimized out>, pMD=0xffffb86520b0) at /__w/1/s/src/coreclr/vm/prestub.cpp:2698
#27 0x0000ffffbceea0a4 in ThePreStub () at /__w/1/s/src/coreclr/vm/arm64/asmhelpers.S:165
#28 0x0000ffffb83e7c7c in ?? ()
#29 0x0000ffbfb5d66940 in ?? ()
#30 0x0000ffffb6244300 in ?? ()

• The application runs with a profiler. The profiler is not supposed to touch any of the methods involved in the crash, however it does rewrite parts of the p/invoke map (I'm mentioning this since it seems like the name is populated from pInternalImport->GetPinvokeMap).

[dotnet-policy-service]

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/interop-contrib
See info in area-owners.md if you want to be subscribed.

[AaronRobinsonMSFT]

@AaronRobinsonMSFT asked that we verify the fix in #117523 works, before backporting to .NET 9.

That is awesome news! Thank you @andrewlock.

[AaronRobinsonMSFT]

@andrewlock You can follow #119967 for the status of the port to .NET 9.

[andrewlock]

@andrewlock You can follow #119967 for the status of the port to .NET 9.

Perfect, thank you!