dotnet / runtime

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
https://docs.microsoft.com/dotnet/core/
MIT License
15.27k stars 4.73k forks source link

SIGSEGV when independent DSA keys are concurrently disposed #71738

Open vcsjones opened 2 years ago

vcsjones commented 2 years ago

On macOS Monterey, I would expect this program to run forever.

using System.Security.Cryptography;

DSA dsa;

void Work()
{
    while (true)
    {
        try
        {
            dsa = DSA.Create();
            dsa.ImportParameters(new DSAParameters
            {
                P = Convert.FromBase64String(@"
                    nEx7rLmUg+FLq23XB/8rVFU3Txktd4NYVppGrJMdRKi0FktEj39g7vM33rA0g8Xf
                    BurQu9HkcblSR25E5beYrMbU8pJD1ZqmrltbnnlB+PHX5Pgbu91BCr2d5UjAIfiA
                    qIlnySMuV0XSqbb1A3qyWGIx3ATXBaXN9mm+paF2itE="),
                Q = Convert.FromBase64String("vV0TbUwrTOkOoiyTJDxsaKWqWjE="),
                G = Convert.FromBase64String(@"
                    XZESzrsgUFaS697sgeQEnFKrhh3S6C+gfVG2wL9JBv636QsEq2uxpOMl/1VQxjqx
                    Cys3x9YFOkdY1xYdk4ayhco6LYVr81X/lRUtx0YZxpaTt10XgcnlLwx772pYCcOH
                    UlyyGxq3GYCA1cglXtS80gPHIYieOqmUhvBHXMYBCAg="),
                Y = Convert.FromBase64String(@"
                    e7NMNCxX/44GS2gUH+JyReWzdCUXcp6ax0PcF/XvIZ1mak74P8o8yqWseGa/10hR
                    CT92or4YBROsGtKqD/wqN0yJvVMkpPHHsWU9zs1Zt4CsQaZgUTw+vyjkw674OuyN
                    933pL+qQNvPuJcb/HK9ME2vSN/3Ki1lAqqKWuzcvggY="),
                X = Convert.FromBase64String(@"DQrQZHBuIxyLlLqtNqOULp/tlH0="),
            });
            dsa.Dispose();
        }
        catch (Exception)
        {
            // Managed exceptions are okay, looking for crashes.
        }
    }
}
Thread t1 = new Thread(Work);
Thread t2 = new Thread(Work);

t1.Start();
t2.Start();
t1.Join();
t2.Join();

It will quickly exit with status code 139, a segmentation fault.

I cannot reproduce this for RSA or ECDsa, only DSA.

The native stack trace is below. Unfortunately I've been struggling quite a bit to get dotnet-sos and dotnet-symbol to work on Apple Silicon, so no managed stack trace.

    frame #1: 0x00000001b2067ca8 Security`CssmManager::getModule(Security::Guid const&) + 28
    frame #2: 0x00000001b20676a0 Security`CSSM_ModuleAttach + 104
    frame #3: 0x00000001b2058c04 Security`Security::CssmClient::AttachmentImpl::activate() + 332
    frame #4: 0x00000001b2089f50 Security`Security::CssmClient::KeyImpl::deactivate() + 180
    frame #5: 0x00000001b21dd940 Security`Security::CssmClient::KeyImpl::~KeyImpl() + 84
    frame #6: 0x00000001b2089e84 Security`Security::CssmClient::KeyImpl::~KeyImpl() + 16
    frame #7: 0x00000001b21b6dd0 Security`Security::RefPointer::release_internal() + 112
    frame #8: 0x00000001b2058498 Security`Security::RefPointer::release() + 56
    frame #9: 0x00000001b21b6d34 Security`Security::RefPointer::~RefPointer() + 24
    frame #10: 0x00000001b2290304 Security`Security::KeychainCore::KeyItem::~KeyItem() + 140
    frame #11: 0x00000001b2089e5c Security`Security::KeychainCore::KeyItem::~KeyItem() + 16
    frame #12: 0x00000001b22bed74 Security`SecCDSAKeyDestroy(__SecKey*) + 328
    frame #13: 0x00000001b00fad78 CoreFoundation`_CFRelease + 232
    frame #14: 0x0000000280f56944
    frame #15: 0x00000002804ed554
    frame #16: 0x00000002804ed25c
    frame #17: 0x0000000280f56a28
    frame #18: 0x00000002804ed094
    frame #19: 0x00000001033af5c8 libcoreclr.dylib`CallDescrWorkerInternal + 132
    frame #20: 0x000000010321fc2c libcoreclr.dylib`DispatchCallSimple(unsigned long*, unsigned int, unsigned long, unsigned int) + 284
    frame #21: 0x00000001031a8cb4 libcoreclr.dylib`MethodTable::CallFinalizer(Object*) + 400
    frame #22: 0x0000000103260068 libcoreclr.dylib`FinalizerThread::FinalizeAllObjects() + 364
    frame #23: 0x0000000103260270 libcoreclr.dylib`FinalizerThread::FinalizerThreadWorker(void*) + 184
    frame #24: 0x00000001031eaaa0 libcoreclr.dylib`ManagedThreadBase_DispatchOuter(ManagedThreadCallState*) + 260
    frame #25: 0x00000001031eb074 libcoreclr.dylib`ManagedThreadBase::FinalizerBase(void (*)(void*)) + 36
    frame #26: 0x00000001032603ec libcoreclr.dylib`FinalizerThread::FinalizerThreadStart(void*) + 88
    frame #27: 0x00000001030fd380 libcoreclr.dylib`CorUnix::CPalThread::ThreadEntry(void*) + 380
    frame #28: 0x00000001aff5426c libsystem_pthread.dylib`_pthread_start + 148
ghost commented 2 years ago

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones See info in area-owners.md if you want to be subscribed.

Issue Details
On macOS Monterey, I would expect this program to run forever. ```C# using System.Security.Cryptography; DSA dsa; void Work() { while (true) { try { dsa = DSA.Create(); dsa.ImportParameters(new DSAParameters { P = Convert.FromBase64String(@" nEx7rLmUg+FLq23XB/8rVFU3Txktd4NYVppGrJMdRKi0FktEj39g7vM33rA0g8Xf BurQu9HkcblSR25E5beYrMbU8pJD1ZqmrltbnnlB+PHX5Pgbu91BCr2d5UjAIfiA qIlnySMuV0XSqbb1A3qyWGIx3ATXBaXN9mm+paF2itE="), Q = Convert.FromBase64String("vV0TbUwrTOkOoiyTJDxsaKWqWjE="), G = Convert.FromBase64String(@" XZESzrsgUFaS697sgeQEnFKrhh3S6C+gfVG2wL9JBv636QsEq2uxpOMl/1VQxjqx Cys3x9YFOkdY1xYdk4ayhco6LYVr81X/lRUtx0YZxpaTt10XgcnlLwx772pYCcOH UlyyGxq3GYCA1cglXtS80gPHIYieOqmUhvBHXMYBCAg="), Y = Convert.FromBase64String(@" e7NMNCxX/44GS2gUH+JyReWzdCUXcp6ax0PcF/XvIZ1mak74P8o8yqWseGa/10hR CT92or4YBROsGtKqD/wqN0yJvVMkpPHHsWU9zs1Zt4CsQaZgUTw+vyjkw674OuyN 933pL+qQNvPuJcb/HK9ME2vSN/3Ki1lAqqKWuzcvggY="), X = Convert.FromBase64String(@"DQrQZHBuIxyLlLqtNqOULp/tlH0="), }); dsa.Dispose(); } catch (Exception) { // Managed exceptions are okay, looking for crashes. } } } Thread t1 = new Thread(Work); Thread t2 = new Thread(Work); t1.Start(); t2.Start(); t1.Join(); t2.Join(); ``` It will quickly exit with status code 139, a segmentation fault. I cannot reproduce this for RSA or ECDsa, only DSA. The native stack trace is below. Unfortunately I've been struggling quite a bit to get dotnet-sos and dotnet-symbol to work on Apple Silicon, so no managed stack trace.
    frame #1: 0x00000001b2067ca8 Security`CssmManager::getModule(Security::Guid const&) + 28
    frame #2: 0x00000001b20676a0 Security`CSSM_ModuleAttach + 104
    frame #3: 0x00000001b2058c04 Security`Security::CssmClient::AttachmentImpl::activate() + 332
    frame #4: 0x00000001b2089f50 Security`Security::CssmClient::KeyImpl::deactivate() + 180
    frame #5: 0x00000001b21dd940 Security`Security::CssmClient::KeyImpl::~KeyImpl() + 84
    frame #6: 0x00000001b2089e84 Security`Security::CssmClient::KeyImpl::~KeyImpl() + 16
    frame #7: 0x00000001b21b6dd0 Security`Security::RefPointer::release_internal() + 112
    frame #8: 0x00000001b2058498 Security`Security::RefPointer::release() + 56
    frame #9: 0x00000001b21b6d34 Security`Security::RefPointer::~RefPointer() + 24
    frame #10: 0x00000001b2290304 Security`Security::KeychainCore::KeyItem::~KeyItem() + 140
    frame #11: 0x00000001b2089e5c Security`Security::KeychainCore::KeyItem::~KeyItem() + 16
    frame #12: 0x00000001b22bed74 Security`SecCDSAKeyDestroy(__SecKey*) + 328
    frame #13: 0x00000001b00fad78 CoreFoundation`_CFRelease + 232
    frame #14: 0x0000000280f56944
    frame #15: 0x00000002804ed554
    frame #16: 0x00000002804ed25c
    frame #17: 0x0000000280f56a28
    frame #18: 0x00000002804ed094
    frame #19: 0x00000001033af5c8 libcoreclr.dylib`CallDescrWorkerInternal + 132
    frame #20: 0x000000010321fc2c libcoreclr.dylib`DispatchCallSimple(unsigned long*, unsigned int, unsigned long, unsigned int) + 284
    frame #21: 0x00000001031a8cb4 libcoreclr.dylib`MethodTable::CallFinalizer(Object*) + 400
    frame #22: 0x0000000103260068 libcoreclr.dylib`FinalizerThread::FinalizeAllObjects() + 364
    frame #23: 0x0000000103260270 libcoreclr.dylib`FinalizerThread::FinalizerThreadWorker(void*) + 184
    frame #24: 0x00000001031eaaa0 libcoreclr.dylib`ManagedThreadBase_DispatchOuter(ManagedThreadCallState*) + 260
    frame #25: 0x00000001031eb074 libcoreclr.dylib`ManagedThreadBase::FinalizerBase(void (*)(void*)) + 36
    frame #26: 0x00000001032603ec libcoreclr.dylib`FinalizerThread::FinalizerThreadStart(void*) + 88
    frame #27: 0x00000001030fd380 libcoreclr.dylib`CorUnix::CPalThread::ThreadEntry(void*) + 380
    frame #28: 0x00000001aff5426c libsystem_pthread.dylib`_pthread_start + 148
Author: vcsjones
Assignees: -
Labels: `area-System.Security`, `os-mac-os-x`
Milestone: -
bartonjs commented 2 years ago

Maybe it's time to just mark DSA.Create() as [UnsupportedOS("macOS")] and rip out DSASecurityTransforms.

@GrabYourPitchforks, thoughts?

bartonjs commented 2 years ago

ImportFromPem_Pkcs8_UnrelatedPrecedingPem (https://github.com/dotnet/runtime/blob/0c4ee9e749167a2185f59b4a16c8a5c62e0ec5df/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs#L73-L94) doesn't have concurrency in it...

vcsjones commented 2 years ago

Oh, hm. Not sure how I misread that. Regardless, we can open a separate issue for that test failure then, if we want. But if we deprecate DSA on MacOS then it would have the same result.

filipnavara commented 2 years ago

DSA is the only algorithm that uses the old CSSM keys (aside from X509Certificate impl. calling into it). Given the fact that it was always limited to one size of key and key creation didn't work I would be fine with deprecating it. That said, it would be nice to understand the problem so the X509 classes don't run into it.

filipnavara commented 2 years ago

Native stack trace:

  * frame #0: 0x00000001bec8512c Security`std::__1::__tree_iterator<std::__1::__value_type<Security::Guid, Module*>, std::__1::__tree_node<std::__1::__value_type<Security::Guid, Module*>, void*>*, long> std::__1::__tree<std::__1::__value_type<Security::Guid, Module*>, std::__1::__map_value_compare<Security::Guid, std::__1::__value_type<Security::Guid, Module*>, std::__1::less<Security::Guid>, true>, std::__1::allocator<std::__1::__value_type<Security::Guid, Module*> > >::find<Security::Guid>(Security::Guid const&) + 16
    frame #1: 0x00000001bea7fca8 Security`CssmManager::getModule(Security::Guid const&) + 28
    frame #2: 0x00000001bea7f6a0 Security`CSSM_ModuleAttach + 104
    frame #3: 0x00000001bea70c04 Security`Security::CssmClient::AttachmentImpl::activate() + 332
    frame #4: 0x00000001beaa1f50 Security`Security::CssmClient::KeyImpl::deactivate() + 180
    frame #5: 0x00000001bebf5940 Security`Security::CssmClient::KeyImpl::~KeyImpl() + 84
    frame #6: 0x00000001beaa1e84 Security`Security::CssmClient::KeyImpl::~KeyImpl() + 16
    frame #7: 0x00000001bebcedd0 Security`Security::RefPointer<Security::CssmClient::ObjectImpl>::release_internal() + 112
    frame #8: 0x00000001bea70498 Security`Security::RefPointer<Security::CssmClient::ObjectImpl>::release() + 56
    frame #9: 0x00000001bebced34 Security`Security::RefPointer<Security::CssmClient::ObjectImpl>::~RefPointer() + 24
    frame #10: 0x00000001beca8304 Security`Security::KeychainCore::KeyItem::~KeyItem() + 140
    frame #11: 0x00000001beaa1e5c Security`Security::KeychainCore::KeyItem::~KeyItem() + 16
    frame #12: 0x00000001becd6d74 Security`SecCDSAKeyDestroy(__SecKey*) + 328
    frame #13: 0x00000001bcb12d78 CoreFoundation`_CFRelease + 232

Managed stack trace:

00000001701426A0 00000001bec8512c [InlinedCallFrame: 00000001701426a0] Interop+CoreFoundation.CFRelease(IntPtr)
00000001701426A0 0000000119053208 [InlinedCallFrame: 00000001701426a0] Interop+CoreFoundation.CFRelease(IntPtr)
0000000170142680 0000000119053208 ILStubClass.IL_STUB_PInvoke(IntPtr)
0000000170142760 000000011905310C System.Security.Cryptography.Apple.SafeSecKeyRefHandle.ReleaseHandle()
0000000170142780 00000001184863D8 System.Runtime.InteropServices.SafeHandle.InternalRelease(Boolean)
00000001701427C0 00000001184860D0 System.Runtime.InteropServices.SafeHandle.Dispose(Boolean)
00000001701427E0 0000000119052F28 System.Security.Cryptography.Apple.SafeSecKeyRefHandle.Dispose(Boolean)
0000000170142810 0000000118485F74 System.Runtime.InteropServices.SafeHandle.Finalize()
0000000170142E28 000000010348fab8 [DebuggerU2MCatchHandlerFrame: 0000000170142e28] 

The fact that this comes from finalization worries me. All the handles should have been disposed properly.

filipnavara commented 2 years ago

Ah, I see now that the managed catch is always triggered which explains why the handles are leaked. I didn't realize the DSA object is shared between the threads.

filipnavara commented 2 years ago

For completeness where eestack output:

(lldb) eestack
---------------------------------------------
Thread   1
TEB information is not available so a stack size of 0xFFFF is assumed
Current frame: libsystem_kernel.dylib!__psynch_cvwait + 0x8
ChildFP          RetAddr          Caller, Callee
000000016FDFD420 0000000102eac120 libcoreclr.dylib!CorUnix::CSynchCache<CorUnix::_WaitingThreadsListNode>::_USynchCacheStackNode* CorUnix::InternalNew<CorUnix::CSynchCache<CorUnix::_WaitingThreadsListNode>::_USynchCacheStackNode>() + 0x14, calling libcoreclr.dylib!CorUnix::InternalMalloc(unsigned long)
000000016FDFD490 0000000102eae228 libcoreclr.dylib!CorUnix::CPalSynchronizationManager::BlockThread(CorUnix::CPalThread*, unsigned int, bool, bool, CorUnix::ThreadWakeupReason*, unsigned int*) + 0x438, calling libcoreclr.dylib!CorUnix::CPalSynchronizationManager::ThreadNativeWait(CorUnix::_ThreadNativeWaitData*, unsigned int, CorUnix::ThreadWakeupReason*, unsigned int*)
000000016FDFD4A0 0000000102e9b960 libcoreclr.dylib!CorUnix::InternalLeaveCriticalSection(CorUnix::CPalThread*, _CRITICAL_SECTION*) + 0x324, calling libcoreclr.dylib!InterlockedCompareExchange
000000016FDFD4F0 0000000102eab5b0 libcoreclr.dylib!CorUnix::CSynchCache<CorUnix::CSynchWaitController>::Unlock(CorUnix::CPalThread*) + 0x24, calling libcoreclr.dylib!CorUnix::InternalLeaveCriticalSection(CorUnix::CPalThread*, _CRITICAL_SECTION*)
000000016FDFD510 0000000102eab4bc libcoreclr.dylib!CorUnix::CSynchCache<CorUnix::CSynchWaitController>::Add(CorUnix::CPalThread*, CorUnix::CSynchWaitController*) + 0xf8, calling libcoreclr.dylib!CorUnix::CSynchCache<CorUnix::CSynchWaitController>::Unlock(CorUnix::CPalThread*)
000000016FDFD550 0000000102ea5ddc libcoreclr.dylib!CorUnix::CPalSynchronizationManager::CacheAddWaitCtrlr(CorUnix::CPalThread*, CorUnix::CSynchWaitController*) + 0x2c, calling libcoreclr.dylib!CorUnix::CSynchCache<CorUnix::CSynchWaitController>::Add(CorUnix::CPalThread*, CorUnix::CSynchWaitController*)
000000016FDFD5D0 0000000102ebc078 libcoreclr.dylib!CorUnix::InternalWaitForMultipleObjectsEx(CorUnix::CPalThread*, unsigned int, void* const*, int, unsigned int, int, int) + 0x105c
000000016FDFD5F0 00000001030d8dc0 libcoreclr.dylib!ObjHeader::Validate(int) + 0x30, calling libcoreclr.dylib!ObjHeader::GetBaseObject()
000000016FDFD8D0 0000000102ebcbb8 libcoreclr.dylib!WaitForMultipleObjectsEx + 0x134, calling libcoreclr.dylib!CorUnix::InternalWaitForMultipleObjectsEx(CorUnix::CPalThread*, unsigned int, void* const*, int, unsigned int, int, int)
000000016FDFD960 00000001030ea160 libcoreclr.dylib!Thread::DoAppropriateAptStateWait(int, void**, int, unsigned int, WaitMode) + 0x60, calling libcoreclr.dylib!WaitForMultipleObjectsEx
000000016FDFD9A0 00000001030ea640 libcoreclr.dylib!Thread::DoAppropriateWaitWorker(int, void**, int, unsigned int, WaitMode) + 0x388, calling libcoreclr.dylib!Thread::DoAppropriateAptStateWait(int, void**, int, unsigned int, WaitMode)
000000016FDFD9B0 000000010307ccfc libcoreclr.dylib!Object::ValidateInner(int, int, int) + 0x690, calling libcoreclr.dylib!CAutoTryCleanup<CLRException::HandlerState>::~CAutoTryCleanup()
000000016FDFD9C0 0000000102efd0b0 libcoreclr.dylib!CAutoTryCleanup<CLRException::HandlerState>::~CAutoTryCleanup() + 0x20, calling libcoreclr.dylib!CLRException::HandlerState::CleanupTry()
000000016FDFD9E0 0000000102ee9348 libcoreclr.dylib!CAutoTryCleanup<CLRException::HandlerState>::~CAutoTryCleanup() + 0x1c, calling libcoreclr.dylib!CAutoTryCleanup<CLRException::HandlerState>::~CAutoTryCleanup()
000000016FDFDB00 00000001030f2978 libcoreclr.dylib!CounterDecrease(int volatile*) + 0x18, calling libcoreclr.dylib!InterlockedDecrement
000000016FDFDB20 00000001030e9c3c libcoreclr.dylib!Thread::DoAppropriateWait(int, void**, int, unsigned int, WaitMode, PendingSync*)::$_0::operator()(Thread::DoAppropriateWait(int, void**, int, unsigned int, WaitMode, PendingSync*)::__EEParam*) const + 0x54, calling libcoreclr.dylib!Thread::DoAppropriateWaitWorker(int, void**, int, unsigned int, WaitMode)
000000016FDFDB50 00000001030e1ff0 libcoreclr.dylib!Thread::DoAppropriateWait(int, void**, int, unsigned int, WaitMode, PendingSync*) + 0x12c, calling libcoreclr.dylib!Thread::DoAppropriateWait(int, void**, int, unsigned int, WaitMode, PendingSync*)::$_0::operator()(Thread::DoAppropriateWait(int, void**, int, unsigned int, WaitMode, PendingSync*)::__EEParam*) const
000000016FDFDB80 00000001030f2c48 libcoreclr.dylib!BaseWrapper<int volatile*, FunctionBase<int volatile*, &(CounterIncrease(int volatile*)), &(CounterDecrease(int volatile*))>, 0ul, &(int CompareDefault<int volatile*>(int volatile*, int volatile*))>::~BaseWrapper() + 0x1c, calling libcoreclr.dylib!BaseHolder<int volatile*, FunctionBase<int volatile*, &(CounterIncrease(int volatile*)), &(CounterDecrease(int volatile*))>, 0ul, &(int CompareDefault<int volatile*>(int volatile*, int volatile*))>::~BaseHolder()
000000016FDFDC40 00000001030e1d38 libcoreclr.dylib!Thread::JoinEx(unsigned int, WaitMode) + 0xfc, calling libcoreclr.dylib!Thread::DoAppropriateWait(int, void**, int, unsigned int, WaitMode, PendingSync*)
000000016FDFDC90 0000000103183444 libcoreclr.dylib!ThreadNative::DoJoin(REF<ThreadBaseObject>, int) + 0x1a8, calling libcoreclr.dylib!Thread::JoinEx(unsigned int, WaitMode)
000000016FDFDD10 00000001031830a4 libcoreclr.dylib!ThreadNative::Join(ThreadBaseObject*, int) + 0x264, calling libcoreclr.dylib!ThreadNative::DoJoin(REF<ThreadBaseObject>, int)
000000016FDFDF10 0000000118439a2c (MethodDesc 0000000119057f70 + 0x1c System.Threading.Thread.Join())
000000016FDFDF30 0000000103182eac libcoreclr.dylib!ThreadNative::Join(ThreadBaseObject*, int) + 0x6c, calling libcoreclr.dylib!LazyMachStateCaptureState
000000016FDFDF90 0000000118439a2c (MethodDesc 0000000119057f70 + 0x1c System.Threading.Thread.Join())
000000016FDFDFA0 00000001190a1938 (MethodDesc 00000001191fc278 + 0x1b0 Program.<Main>$(System.String[]))
000000016FDFDFB0 000000010348fab8 libcoreclr.dylib!CallDescrWorkerInternal + 0x84
000000016FDFE010 0000000103157ab8 libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int) + 0x13c, calling libcoreclr.dylib!CallDescrWorkerInternal
000000016FDFE020 0000000103157aac libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int) + 0x130, calling libcoreclr.dylib!NativeExceptionHolderBase::Push()
000000016FDFE090 000000010315862c libcoreclr.dylib!MethodDescCallSite::CallTargetWorker(unsigned long const*, unsigned long*, int) + 0x6d4, calling libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int)
000000016FDFE0A0 0000000102f100c4 libcoreclr.dylib!SigParser::GetElemType(CorElementType*) + 0x74, calling libcoreclr.dylib!SigParser::SkipBytes(unsigned int)
000000016FDFE0F0 0000000102f100c4 libcoreclr.dylib!SigParser::GetElemType(CorElementType*) + 0x74, calling libcoreclr.dylib!SigParser::SkipBytes(unsigned int)
000000016FDFE130 00000001034c4460 libcoreclr.dylib!SigParser::SkipExactlyOne() + 0x188, calling libcoreclr.dylib!SigParser::SkipExactlyOne()
000000016FDFE190 0000000102fdbc48 libcoreclr.dylib!ArgIteratorTemplate<ArgIteratorBase>::SizeOfFrameArgumentArray() + 0x18, calling libcoreclr.dylib!ArgIteratorTemplate<ArgIteratorBase>::SizeOfArgStack()
000000016FDFE2E0 00000001030b79bc libcoreclr.dylib!MetaSig::MetaSig(MethodDesc*, TypeHandle) + 0xc4, calling libcoreclr.dylib!MethodDesc::RequiresInstArg()
000000016FDFE430 0000000102eee354 libcoreclr.dylib!MethodDescCallSite::Call(unsigned long const*) + 0x28, calling libcoreclr.dylib!MethodDescCallSite::CallTargetWorker(unsigned long const*, unsigned long*, int)
000000016FDFE450 0000000102f155f8 libcoreclr.dylib!RunMainInternal(Param*) + 0x20c, calling libcoreclr.dylib!MethodDescCallSite::Call(unsigned long const*)
000000016FDFE4D0 00000001035e8268 libcoreclr.dylib!MDInternalRO::GetSigOfMethodDef(unsigned int, unsigned int*, unsigned char const**) + 0x118, calling libcoreclr.dylib!CMiniMdTemplate<CMiniMd>::getSignatureOfMethod(MethodRec*, unsigned char const**, unsigned int*)
000000016FDFE600 0000000102f153b8 libcoreclr.dylib!RunMain(MethodDesc*, short, int*, REF<PtrArray>*)::$_1::operator()(Param*) const::'lambda'(Param*)::operator()(Param*) const + 0x1c, calling libcoreclr.dylib!RunMainInternal(Param*)
000000016FDFE620 0000000102f104cc libcoreclr.dylib!RunMain(MethodDesc*, short, int*, REF<PtrArray>*)::$_1::operator()(Param*) const + 0x4c, calling libcoreclr.dylib!RunMain(MethodDesc*, short, int*, REF<PtrArray>*)::$_1::operator()(Param*) const::'lambda'(Param*)::operator()(Param*) const
000000016FDFE640 0000000102f1809c libcoreclr.dylib!NativeExceptionHolder<RunMain(MethodDesc*, short, int*, REF<PtrArray>*)::$_0>::NativeExceptionHolder(RunMain(MethodDesc*, short, int*, REF<PtrArray>*)::$_0*) + 0x24, calling libcoreclr.dylib!NativeExceptionHolder<RunMain(MethodDesc*, short, int*, REF<PtrArray>*)::$_0>::NativeExceptionHolder(RunMain(MethodDesc*, short, int*, REF<PtrArray>*)::$_0*)
000000016FDFE6A0 0000000102f102d0 libcoreclr.dylib!RunMain(MethodDesc*, short, int*, REF<PtrArray>*) + 0x1b8, calling libcoreclr.dylib!RunMain(MethodDesc*, short, int*, REF<PtrArray>*)::$_1::operator()(Param*) const
000000016FDFE780 0000000102f10778 libcoreclr.dylib!Assembly::ExecuteMainMethod(REF<PtrArray>*, int) + 0x100, calling libcoreclr.dylib!RunMain(MethodDesc*, short, int*, REF<PtrArray>*)
000000016FDFE790 0000000102ee9348 libcoreclr.dylib!CAutoTryCleanup<CLRException::HandlerState>::~CAutoTryCleanup() + 0x1c, calling libcoreclr.dylib!CAutoTryCleanup<CLRException::HandlerState>::~CAutoTryCleanup()
000000016FDFE880 0000000102ed9bbc libcoreclr.dylib!BaseHolder<char16_t*, FunctionBase<char16_t*, &(void DoNothing<char16_t*>(char16_t*)), &(void DeleteArray<char16_t>(char16_t**))>, 0ul, &(int CompareDefault<char16_t*>(char16_t*, char16_t*))>::BaseHolder(char16_t*) + 0x38, calling libcoreclr.dylib!BaseHolder<char16_t*, FunctionBase<char16_t*, &(void DoNothing<char16_t*>(char16_t*)), &(void DeleteArray<char16_t>(char16_t**))>, 0ul, &(int CompareDefault<char16_t*>(char16_t*, char16_t*))>::IsNull() const
000000016FDFE8B0 0000000102ed9b74 libcoreclr.dylib!BaseWrapper<char16_t*, FunctionBase<char16_t*, &(void DoNothing<char16_t*>(char16_t*)), &(void DeleteArray<char16_t>(char16_t**))>, 0ul, &(int CompareDefault<char16_t*>(char16_t*, char16_t*))>::BaseWrapper(char16_t*) + 0x24, calling libcoreclr.dylib!BaseHolder<char16_t*, FunctionBase<char16_t*, &(void DoNothing<char16_t*>(char16_t*)), &(void DeleteArray<char16_t>(char16_t**))>, 0ul, &(int CompareDefault<char16_t*>(char16_t*, char16_t*))>::BaseHolder(char16_t*)
000000016FDFE8D0 0000000102eda780 libcoreclr.dylib!BaseHolder<char16_t*, FunctionBase<char16_t*, &(void DoNothing<char16_t*>(char16_t*)), &(void DeleteArray<char16_t>(char16_t**))>, 0ul, &(int CompareDefault<char16_t*>(char16_t*, char16_t*))>::~BaseHolder() + 0x1c, calling libcoreclr.dylib!BaseHolder<char16_t*, FunctionBase<char16_t*, &(void DoNothing<char16_t*>(char16_t*)), &(void DeleteArray<char16_t>(char16_t**))>, 0ul, &(int CompareDefault<char16_t*>(char16_t*, char16_t*))>::Release()
000000016FDFE8F0 0000000102eda754 libcoreclr.dylib!BaseWrapper<char16_t*, FunctionBase<char16_t*, &(void DoNothing<char16_t*>(char16_t*)), &(void DeleteArray<char16_t>(char16_t**))>, 0ul, &(int CompareDefault<char16_t*>(char16_t*, char16_t*))>::~BaseWrapper() + 0x1c, calling libcoreclr.dylib!BaseHolder<char16_t*, FunctionBase<char16_t*, &(void DoNothing<char16_t*>(char16_t*)), &(void DeleteArray<char16_t>(char16_t**))>, 0ul, &(int CompareDefault<char16_t*>(char16_t*, char16_t*))>::~BaseHolder()
000000016FDFE910 0000000102eda728 libcoreclr.dylib!Wrapper<char16_t*, &(void DoNothing<char16_t*>(char16_t*)), &(void DeleteArray<char16_t>(char16_t**)), 0ul, &(int CompareDefault<char16_t*>(char16_t*, char16_t*)), true>::~Wrapper() + 0x1c, calling libcoreclr.dylib!BaseWrapper<char16_t*, FunctionBase<char16_t*, &(void DoNothing<char16_t*>(char16_t*)), &(void DeleteArray<char16_t>(char16_t**))>, 0ul, &(int CompareDefault<char16_t*>(char16_t*, char16_t*))>::~BaseWrapper()
000000016FDFE930 0000000102eda6fc libcoreclr.dylib!SpecializedWrapper<char16_t, &(void DeleteArray<char16_t>(char16_t*))>::~SpecializedWrapper() + 0x1c, calling libcoreclr.dylib!Wrapper<char16_t*, &(void DoNothing<char16_t*>(char16_t*)), &(void DeleteArray<char16_t>(char16_t**)), 0ul, &(int CompareDefault<char16_t*>(char16_t*, char16_t*)), true>::~Wrapper()
000000016FDFE950 0000000102ed9630 libcoreclr.dylib!SpecializedWrapper<char16_t, &(void DeleteArray<char16_t>(char16_t*))>::~SpecializedWrapper() + 0x1c, calling libcoreclr.dylib!SpecializedWrapper<char16_t, &(void DeleteArray<char16_t>(char16_t*))>::~SpecializedWrapper()
000000016FDFE970 000000010349ca38 libcoreclr.dylib!(anonymous namespace)::GetConfigDWORD(char16_t const*, unsigned int, unsigned int*, CLRConfig::LookupOptions) + 0x1c4, calling libcoreclr.dylib!SpecializedWrapper<char16_t, &(void DeleteArray<char16_t>(char16_t*))>::~SpecializedWrapper()
000000016FDFEA30 000000010349c800 libcoreclr.dylib!CLRConfig::GetConfigValue(CLRConfig::ConfigDWORDInfo const&, bool*) + 0x64, calling libcoreclr.dylib!(anonymous namespace)::GetConfigDWORD(char16_t const*, unsigned int, unsigned int*, CLRConfig::LookupOptions)
000000016FDFEA60 000000010349cafc libcoreclr.dylib!CLRConfig::GetConfigValue(CLRConfig::ConfigDWORDInfo const&) + 0x2c, calling libcoreclr.dylib!CLRConfig::GetConfigValue(CLRConfig::ConfigDWORDInfo const&, bool*)
000000016FDFEA90 0000000102f81e6c libcoreclr.dylib!CorHost2::ExecuteAssembly(unsigned int, char16_t const*, int, char16_t const**, unsigned int*) + 0x6b8, calling libcoreclr.dylib!Assembly::ExecuteMainMethod(REF<PtrArray>*, int)
000000016FDFEB40 0000000102e557f8 libcoreclr.dylib!UTF8ToUnicode + 0x158, calling libcoreclr.dylib!UTF8Encoding::GetChars(unsigned char*, int, char16_t*, int)
000000016FDFEBF0 0000000102e18e8c libcoreclr.dylib!Volatile<int>::operator int() const + 0x18, calling libcoreclr.dylib!Volatile<int>::Load() const
000000016FDFEC20 0000000102eddfe8 libcoreclr.dylib!BaseHolder<char16_t const*, FunctionBase<char16_t const*, &(void DoNothing<char16_t const*>(char16_t const*)), &(void DeleteArray<char16_t const>(char16_t const**))>, 0ul, &(int CompareDefault<char16_t const*>(char16_t const*, char16_t const*))>::Acquire() + 0x64, calling libcoreclr.dylib!FunctionBase<char16_t const*, &(void DoNothing<char16_t const*>(char16_t const*)), &(void DeleteArray<char16_t const>(char16_t const**))>::DoAcquire()
000000016FDFED00 0000000102edc890 libcoreclr.dylib!SpecializedWrapper<char16_t const, &(void DeleteArray<char16_t const>(char16_t const*))>::SpecializedWrapper(char16_t const*) + 0x24, calling libcoreclr.dylib!SpecializedWrapper<char16_t const, &(void DeleteArray<char16_t const>(char16_t const*))>::SpecializedWrapper(char16_t const*)
000000016FDFED30 0000000102edcfe0 libcoreclr.dylib!coreclr_execute_assembly + 0x114
000000016FDFEE10 00000001002a5510 libhostpolicy.dylib!run_app_for_context(hostpolicy_context_t const&, int, char const**) + 0x430, calling libhostpolicy.dylib!coreclr_t::execute_assembly(int, char const**, char const*, unsigned int*)
000000016FDFEED8 00000001002a6184 libhostpolicy.dylib!corehost_main, calling libhostpolicy.dylib!_Unwind_Resume
000000016FDFEF10 00000001002a6274 libhostpolicy.dylib!corehost_main + 0xf0, calling libhostpolicy.dylib!run_app_for_context(hostpolicy_context_t const&, int, char const**)
000000016FDFF060 000000010040c85c libhostfxr.dylib!fx_muxer_t::handle_exec_host_command(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, host_startup_info_t const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::unordered_map<known_options, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > >, known_options_hash, std::__1::equal_to<known_options>, std::__1::allocator<std::__1::pair<known_options const, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > > > > const&, int, char const**, int, host_mode_t, bool, char*, int, int*) + 0x530
000000016FDFF120 00000001002a7524 libhostpolicy.dylib!corehost_unload, calling libhostpolicy.dylib!_Unwind_Resume
000000016FDFF138 00000001002a6184 libhostpolicy.dylib!corehost_main, calling libhostpolicy.dylib!_Unwind_Resume
000000016FDFF140 00000001002a6820 libhostpolicy.dylib!corehost_main_with_output_buffer, calling libhostpolicy.dylib!_Unwind_Resume
000000016FDFF1C0 000000010040b950 libhostfxr.dylib!fx_muxer_t::execute(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, int, char const**, host_startup_info_t const&, char*, int, int*) + 0x35c, calling libhostfxr.dylib!fx_muxer_t::handle_exec_host_command(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, host_startup_info_t const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::unordered_map<known_options, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > >, known_options_hash, std::__1::equal_to<known_options>, std::__1::allocator<std::__1::pair<known_options const, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > > > > const&, int, char const**, int, host_mode_t, bool, char*, int, int*)
000000016FDFF288 0000000100409cec libhostfxr.dylib!hostfxr_set_error_writer, calling libhostfxr.dylib!_Unwind_Resume
000000016FDFF2D0 000000010040853c libhostfxr.dylib!hostfxr_main_startupinfo + 0x98, calling libhostfxr.dylib!fx_muxer_t::execute(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, int, char const**, host_startup_info_t const&, char*, int, int*)
000000016FDFF358 00000001004084a4 libhostfxr.dylib!hostfxr_main_startupinfo, calling libhostfxr.dylib!_Unwind_Resume
000000016FDFF380 000000010000d4d0 dotnet!exe_start(int, char const**) + 0x498
000000016FDFF4B0 000000010000d688 dotnet!main + 0xa0, calling dotnet!exe_start(int, char const**)
000000016FDFF4F8 000000010000d5e8 dotnet!main, calling dotnet!_Unwind_Resume
000000016FDFF620 000000010002d0f8 dyld!__Block_byref_object_copy_, calling dyld!__assert_rtn
---------------------------------------------
Thread   7
TEB information is not available so a stack size of 0xFFFF is assumed
Current frame: 00000001bec8512c
ChildFP          RetAddr          Caller, Callee
0000000170142580 0000000102fddf4c libcoreclr.dylib!InlinedCallFrame::~InlinedCallFrame() + 0x1c, calling libcoreclr.dylib!InlinedCallFrame::~InlinedCallFrame()
00000001701425B0 0000000102ef8cd0 libcoreclr.dylib!Volatile<Thread::ThreadState>::operator Thread::ThreadState() const + 0x18, calling libcoreclr.dylib!Volatile<Thread::ThreadState>::Load() const
00000001701425D0 0000000102ef8c9c libcoreclr.dylib!Thread::IsExecutingOnAltStack() + 0x34, calling libcoreclr.dylib!Volatile<Thread::ThreadState>::operator Thread::ThreadState() const
0000000170142600 0000000102ef8bc8 libcoreclr.dylib!Thread::GetFrame() + 0x40, calling libcoreclr.dylib!Thread::IsExecutingOnAltStack()
0000000170142680 00000001190b3124 (MethodDesc 00000001193949a0 + 0x34 System.Security.Cryptography.Apple.SafeSecKeyRefHandle.ReleaseHandle()), calling 0000000118f585b8
00000001701426C0 00000001190b3220 (MethodDesc 000000011947cd38 + 0xa0 ILStubClass.IL_STUB_PInvoke(IntPtr))
0000000170142760 00000001184e63d8 (MethodDesc 000000011914a160 + 0x108 System.Runtime.InteropServices.SafeHandle.InternalRelease(Boolean))
0000000170142780 00000001184e60d0 (MethodDesc 000000011914a030 + 0x40 System.Runtime.InteropServices.SafeHandle.Dispose(Boolean))
00000001701427C0 00000001190b2f40 (MethodDesc 0000000119394a10 + 0xb0 System.Security.Cryptography.Apple.SafeSecKeyRefHandle.Dispose(Boolean))
00000001701427E0 00000001184e5f74 (MethodDesc 0000000119149e78 + 0x34 System.Runtime.InteropServices.SafeHandle.Finalize())
0000000170142810 000000010348fab8 libcoreclr.dylib!CallDescrWorkerInternal + 0x84
0000000170142830 0000000103157ab8 libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int) + 0x13c, calling libcoreclr.dylib!CallDescrWorkerInternal
0000000170142840 0000000103157aac libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int) + 0x130, calling libcoreclr.dylib!NativeExceptionHolderBase::Push()
00000001701428B0 0000000103157ec4 libcoreclr.dylib!DispatchCallSimple(unsigned long*, unsigned int, unsigned long, unsigned int) + 0xd0, calling libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int)
00000001701428F0 0000000102f525d4 libcoreclr.dylib!MethodTable::GetSlot(unsigned int) + 0xd4, calling libcoreclr.dylib!MethodTable::GetSlotPtrRaw(unsigned int)
0000000170142940 00000001034d5ee8 libcoreclr.dylib!StressLog::LogMsg(unsigned int, unsigned int, int, char const*, ...) + 0xfc, calling libcoreclr.dylib!ThreadStressLog::LogMsg(unsigned int, int, char const*, char*)
0000000170142990 00000001030684b4 libcoreclr.dylib!MethodTable::CallFinalizer(Object*) + 0x230, calling libcoreclr.dylib!DispatchCallSimple(unsigned long*, unsigned int, unsigned long, unsigned int)
0000000170142A50 00000001031e6864 libcoreclr.dylib!CallFinalizer(Object*) + 0x250, calling libcoreclr.dylib!MethodTable::CallFinalizer(Object*)
0000000170142A80 0000000103483774 libcoreclr.dylib!WKS::GCHeap::GetNextFinalizableObject() + 0x2c, calling libcoreclr.dylib!WKS::CFinalize::GetNextFinalizableObject(int)
0000000170142AA0 00000001034860e8 libcoreclr.dylib!WKS::GCHeap::GetNextFinalizable() + 0x24, calling libcoreclr.dylib!WKS::GCHeap::GetNextFinalizableObject()
0000000170142AC0 00000001031e6994 libcoreclr.dylib!FinalizerThread::FinalizeAllObjects() + 0x98, calling libcoreclr.dylib!CallFinalizer(Object*)
0000000170142AF0 00000001031e7060 libcoreclr.dylib!FinalizerThread::FinalizerThreadWorker(void*) + 0x2a0, calling libcoreclr.dylib!FinalizerThread::FinalizeAllObjects()
0000000170142B30 00000001030f45dc libcoreclr.dylib!ManagedThreadBase_DispatchInner(ManagedThreadCallState*) + 0x24
0000000170142B50 00000001030f40b0 libcoreclr.dylib!ManagedThreadBase_DispatchMiddle(ManagedThreadCallState*) + 0x6c, calling libcoreclr.dylib!ManagedThreadBase_DispatchInner(ManagedThreadCallState*)
0000000170142BC0 0000000102e18e8c libcoreclr.dylib!Volatile<int>::operator int() const + 0x18, calling libcoreclr.dylib!Volatile<int>::Load() const
0000000170142C00 0000000102ef8cd0 libcoreclr.dylib!Volatile<Thread::ThreadState>::operator Thread::ThreadState() const + 0x18, calling libcoreclr.dylib!Volatile<Thread::ThreadState>::Load() const
0000000170142C20 0000000102ef8c9c libcoreclr.dylib!Thread::IsExecutingOnAltStack() + 0x34, calling libcoreclr.dylib!Volatile<Thread::ThreadState>::operator Thread::ThreadState() const
0000000170142D00 00000001030f3eb0 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const::'lambda'(Param*)::operator()(Param*) const + 0x20, calling libcoreclr.dylib!ManagedThreadBase_DispatchMiddle(ManagedThreadCallState*)
0000000170142D20 00000001030f3bd4 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const + 0x64, calling libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const::'lambda'(Param*)::operator()(Param*) const
0000000170142D40 00000001030f3db4 libcoreclr.dylib!DebuggerU2MCatchHandlerFrame::DebuggerU2MCatchHandlerFrame() + 0x1c, calling libcoreclr.dylib!DebuggerU2MCatchHandlerFrame::DebuggerU2MCatchHandlerFrame()
0000000170142DA0 00000001030f07e8 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*) + 0xd0, calling libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const
0000000170142E50 00000001030f06c8 libcoreclr.dylib!ManagedThreadBase_NoADTransition(void (*)(void*), UnhandledExceptionLocation) + 0x44, calling libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)
0000000170142EA0 00000001030f093c libcoreclr.dylib!ManagedThreadBase::FinalizerBase(void (*)(void*)) + 0x1c, calling libcoreclr.dylib!ManagedThreadBase_NoADTransition(void (*)(void*), UnhandledExceptionLocation)
0000000170142EC0 00000001031e7278 libcoreclr.dylib!FinalizerThread::FinalizerThreadStart(void*) + 0x180, calling libcoreclr.dylib!ManagedThreadBase::FinalizerBase(void (*)(void*))
0000000170142ED0 0000000102e5324c libcoreclr.dylib!LOADCallDllMain + 0x33c, calling libcoreclr.dylib!UnlockModuleList
0000000170142EE0 0000000102eb1bf4 libcoreclr.dylib!CorUnix::CPalSynchronizationManager::DispatchPendingAPCs(CorUnix::CPalThread*) + 0x74, calling libcoreclr.dylib!CorUnix::CPalThread::Unlock(CorUnix::CPalThread*)
0000000170142F50 0000000102ecd818 libcoreclr.dylib!CorUnix::CPalThread::ThreadEntry(void*) + 0x274
---------------------------------------------
Thread   8
TEB information is not available so a stack size of 0xFFFF is assumed
Current frame: libcoreclr.dylib!Volatile<Thread::ThreadState>::operator Thread::ThreadState() const + 0x18
ChildFP          RetAddr          Caller, Callee
00000001701CD960 0000000102ef8c9c libcoreclr.dylib!Thread::IsExecutingOnAltStack() + 0x34, calling libcoreclr.dylib!Volatile<Thread::ThreadState>::operator Thread::ThreadState() const
00000001701CD990 0000000102ef8bc8 libcoreclr.dylib!Thread::GetFrame() + 0x40, calling libcoreclr.dylib!Thread::IsExecutingOnAltStack()
00000001701CD9B0 0000000102efd0b0 libcoreclr.dylib!CAutoTryCleanup<CLRException::HandlerState>::~CAutoTryCleanup() + 0x20, calling libcoreclr.dylib!CLRException::HandlerState::CleanupTry()
00000001701CD9C0 0000000102ef8b5c libcoreclr.dylib!CLRException::HandlerState::HandlerState(Thread*) + 0x5c, calling libcoreclr.dylib!Thread::GetFrame()
00000001701CD9F0 0000000102ee92e8 libcoreclr.dylib!CLRException::HandlerState::HandlerState(Thread*) + 0x24, calling libcoreclr.dylib!CLRException::HandlerState::HandlerState(Thread*)
00000001701CDA20 000000010307c6ac libcoreclr.dylib!Object::ValidateInner(int, int, int) + 0x40, calling libcoreclr.dylib!CLRException::HandlerState::HandlerState(Thread*)
00000001701CDC60 000000010307be64 libcoreclr.dylib!Object::Validate(int, int, int) + 0xc8, calling libcoreclr.dylib!Object::ValidateInner(int, int, int)
00000001701CDCA0 0000000102edea14 libcoreclr.dylib!ObjectFromHandle(OBJECTHANDLE__*) + 0x8c, calling libcoreclr.dylib!Object::Validate(int, int, int)
00000001701CDCE0 000000010315d068 libcoreclr.dylib!CLRException::IsPreallocatedExceptionObject(OBJECTREF) + 0x90, calling libcoreclr.dylib!ObjectFromHandle(OBJECTHANDLE__*)
00000001701CDD10 000000010307c11c libcoreclr.dylib!OBJECTREF::OBJECTREF(OBJECTREF const&) + 0x24, calling libcoreclr.dylib!OBJECTREF::OBJECTREF(OBJECTREF const&)
00000001701CDD40 00000001030ed298 libcoreclr.dylib!Thread::SetLastThrownObject(OBJECTREF, int) + 0x21c, calling libcoreclr.dylib!CLRException::IsPreallocatedExceptionObject(OBJECTREF)
00000001701CDD60 0000000102f901b8 libcoreclr.dylib!Thread::ObjectRefNew(OBJECTREF const*) + 0x14, calling libcoreclr.dylib!GetThreadNULLOk()
00000001701CDDE0 00000001030ed42c libcoreclr.dylib!Thread::SafeSetLastThrownObject(OBJECTREF) + 0xa4, calling libcoreclr.dylib!Thread::SetLastThrownObject(OBJECTREF, int)
00000001701CDE10 000000010344ed18 libcoreclr.dylib!WKS::gc_heap::find_segment(unsigned char*, int) + 0x1c, calling libcoreclr.dylib!WKS::seg_mapping_table_segment_of(unsigned char*)
00000001701CDE50 000000010347f308 libcoreclr.dylib!WKS::GCHeap::IsHeapPointer(void*, bool) + 0x38, calling libcoreclr.dylib!WKS::gc_heap::find_segment(unsigned char*, int)
00000001701CDE90 000000010307e008 libcoreclr.dylib!OBJECTREF::OBJECTREF(OBJECTREF const&) + 0x10c, calling libcoreclr.dylib!Thread::ObjectRefNew(OBJECTREF const*)
00000001701CDEF0 0000000102fb981c libcoreclr.dylib!RaiseTheExceptionInternalOnly(OBJECTREF, int, int)::$_1::operator()(RaiseTheExceptionInternalOnly(OBJECTREF, int, int)::Param*) const + 0x58, calling libcoreclr.dylib!Thread::SafeSetLastThrownObject(OBJECTREF)
00000001701CDF30 0000000102fca374 libcoreclr.dylib!NativeExceptionHolder<RaiseTheExceptionInternalOnly(OBJECTREF, int, int)::$_0>::NativeExceptionHolder(RaiseTheExceptionInternalOnly(OBJECTREF, int, int)::$_0*) + 0x24, calling libcoreclr.dylib!NativeExceptionHolder<RaiseTheExceptionInternalOnly(OBJECTREF, int, int)::$_0>::NativeExceptionHolder(RaiseTheExceptionInternalOnly(OBJECTREF, int, int)::$_0*)
00000001701CDF90 0000000102fb94fc libcoreclr.dylib!RaiseTheExceptionInternalOnly(OBJECTREF, int, int) + 0x544, calling libcoreclr.dylib!RaiseTheExceptionInternalOnly(OBJECTREF, int, int)::$_1::operator()(RaiseTheExceptionInternalOnly(OBJECTREF, int, int)::Param*) const
00000001701CE070 0000000103418cc8 libcoreclr.dylib!WKS::seg_mapping_table_segment_of(unsigned char*) + 0x60, calling libcoreclr.dylib!WKS::ro_segment_lookup(unsigned char*)
00000001701CE150 000000010347f308 libcoreclr.dylib!WKS::GCHeap::IsHeapPointer(void*, bool) + 0x38, calling libcoreclr.dylib!WKS::gc_heap::find_segment(unsigned char*, int)
00000001701CE170 0000000102f901b8 libcoreclr.dylib!Thread::ObjectRefNew(OBJECTREF const*) + 0x14, calling libcoreclr.dylib!GetThreadNULLOk()
00000001701CE1C0 000000010307c11c libcoreclr.dylib!OBJECTREF::OBJECTREF(OBJECTREF const&) + 0x24, calling libcoreclr.dylib!OBJECTREF::OBJECTREF(OBJECTREF const&)
00000001701CE1F0 000000010322f4c0 libcoreclr.dylib!IL_Throw(Object*) + 0x35c, calling libcoreclr.dylib!RaiseTheExceptionInternalOnly(OBJECTREF, int, int)
00000001701CE200 00000001184fdccc (MethodDesc 0000000119501718 + 0x18c System.Resources.RuntimeResourceSet.GetObject(System.String, Boolean, Boolean)), calling (MethodDesc 0000000119501718 + 0x498 System.Resources.RuntimeResourceSet.GetObject(System.String, Boolean, Boolean))
00000001701CE300 00000001030d83e4 libcoreclr.dylib!ObjHeader::LeaveObjMonitorHelper(Thread*) + 0xb0, calling libcoreclr.dylib!InterlockedCompareExchange
00000001701CE380 000000010322d4cc libcoreclr.dylib!JIT_MonExit_Portable + 0x44, calling libcoreclr.dylib!Object::LeaveObjMonitorHelper(Thread*)
00000001701CE498 000000010322f1b4 libcoreclr.dylib!IL_Throw(Object*) + 0x50, calling libcoreclr.dylib!LazyMachStateCaptureState
00000001701CE4D0 00000001190a3398 (MethodDesc 000000011938ade0 + 0x98 System.Security.Cryptography.DSAImplementation+DSASecurityTransforms.ThrowIfDisposed()), calling 00000001190a02a8
00000001701CE4E0 00000001190b2684 (MethodDesc 000000011938ae60 + 0x4c System.Security.Cryptography.DSAImplementation+DSASecurityTransforms.SetKey(System.Security.Cryptography.SecKeyPair))
00000001701CE510 00000001190a31f8 (MethodDesc 000000011938aed8 + 0x550 System.Security.Cryptography.DSAImplementation+DSASecurityTransforms.ImportParameters(System.Security.Cryptography.DSAParameters))
00000001701CE550 00000001190a2050 (MethodDesc 000000011930f078 + 0x260 Program+<>c__DisplayClass0_0.<<Main>$>g__Work|0())
00000001701CE780 0000000118437f5c (MethodDesc 00000001190566d8 + 0xfc System.Threading.Thread.StartCallback())
00000001701CE8D0 000000010348fab8 libcoreclr.dylib!CallDescrWorkerInternal + 0x84
00000001701CE8D8 0000000102ef8b6c libcoreclr.dylib!CLRException::HandlerState::HandlerState(Thread*) + 0x6c, calling libcoreclr.dylib!Thread::PreemptiveGCDisabled()
00000001701CE910 0000000103157ab8 libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int) + 0x13c, calling libcoreclr.dylib!CallDescrWorkerInternal
00000001701CE920 0000000103157aac libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int) + 0x130, calling libcoreclr.dylib!NativeExceptionHolderBase::Push()
00000001701CE990 0000000103157ec4 libcoreclr.dylib!DispatchCallSimple(unsigned long*, unsigned int, unsigned long, unsigned int) + 0xd0, calling libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int)
00000001701CEA40 000000010307bbe0 libcoreclr.dylib!OBJECTREF::operator->() + 0x94, calling libcoreclr.dylib!ENABLESTRESSHEAP()
00000001701CEA70 0000000103181204 libcoreclr.dylib!ThreadNative::KickOffThread_Worker(void*) + 0x128, calling libcoreclr.dylib!DispatchCallSimple(unsigned long*, unsigned int, unsigned long, unsigned int)
00000001701CEAE0 0000000102ef8b6c libcoreclr.dylib!CLRException::HandlerState::HandlerState(Thread*) + 0x6c, calling libcoreclr.dylib!Thread::PreemptiveGCDisabled()
00000001701CEB20 00000001030f45dc libcoreclr.dylib!ManagedThreadBase_DispatchInner(ManagedThreadCallState*) + 0x24
00000001701CEB40 00000001030f40b0 libcoreclr.dylib!ManagedThreadBase_DispatchMiddle(ManagedThreadCallState*) + 0x6c, calling libcoreclr.dylib!ManagedThreadBase_DispatchInner(ManagedThreadCallState*)
00000001701CEB60 0000000102e9b960 libcoreclr.dylib!CorUnix::InternalLeaveCriticalSection(CorUnix::CPalThread*, _CRITICAL_SECTION*) + 0x324, calling libcoreclr.dylib!InterlockedCompareExchange
00000001701CEB90 0000000102e18e8c libcoreclr.dylib!Volatile<int>::operator int() const + 0x18, calling libcoreclr.dylib!Volatile<int>::Load() const
00000001701CEBF0 0000000102ef8cd0 libcoreclr.dylib!Volatile<Thread::ThreadState>::operator Thread::ThreadState() const + 0x18, calling libcoreclr.dylib!Volatile<Thread::ThreadState>::Load() const
00000001701CEC10 0000000102ef8c9c libcoreclr.dylib!Thread::IsExecutingOnAltStack() + 0x34, calling libcoreclr.dylib!Volatile<Thread::ThreadState>::operator Thread::ThreadState() const
00000001701CECF0 00000001030f3eb0 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const::'lambda'(Param*)::operator()(Param*) const + 0x20, calling libcoreclr.dylib!ManagedThreadBase_DispatchMiddle(ManagedThreadCallState*)
00000001701CED10 00000001030f3bd4 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const + 0x64, calling libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const::'lambda'(Param*)::operator()(Param*) const
00000001701CED30 00000001030f3db4 libcoreclr.dylib!DebuggerU2MCatchHandlerFrame::DebuggerU2MCatchHandlerFrame() + 0x1c, calling libcoreclr.dylib!DebuggerU2MCatchHandlerFrame::DebuggerU2MCatchHandlerFrame()
00000001701CED90 00000001030f07e8 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*) + 0xd0, calling libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const
00000001701CEE40 00000001030f08e4 libcoreclr.dylib!ManagedThreadBase_FullTransition(void (*)(void*), void*, UnhandledExceptionLocation) + 0x38, calling libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)
00000001701CEE90 00000001030f08a0 libcoreclr.dylib!ManagedThreadBase::KickOff(void (*)(void*), void*) + 0x24, calling libcoreclr.dylib!ManagedThreadBase_FullTransition(void (*)(void*), void*, UnhandledExceptionLocation)
00000001701CEEB0 0000000103181368 libcoreclr.dylib!ThreadNative::KickOffThread(void*) + 0x134, calling libcoreclr.dylib!ManagedThreadBase::KickOff(void (*)(void*), void*)
00000001701CEF50 0000000102ecd818 libcoreclr.dylib!CorUnix::CPalThread::ThreadEntry(void*) + 0x274
00000001701CEF90 0000000103181234 libcoreclr.dylib!ThreadNative::KickOffThread(void*), calling libcoreclr.dylib!__stack_chk_fail
---------------------------------------------
Thread   9
TEB information is not available so a stack size of 0xFFFF is assumed
Current frame: dyld!dyld3::MachOLoaded::findClosestSymbol(unsigned long long, char const**, unsigned long long*) const + 0x19c
ChildFP          RetAddr          Caller, Callee
0000000170258488 00000001bea73ac4 00000001bea73ac4, calling 00000001bea75038
0000000170258540 00000001bea73ac4 00000001bea73ac4, calling 00000001bea75038
0000000170258678 00000001bed400f0 00000001bed400f0, calling 00000001bed55d68
0000000170258680 00000001bed40428 00000001bed40428, calling 00000001bed40074
0000000170258688 00000001bed404f8 00000001bed404f8, calling 00000001bed402c8
0000000170258690 00000001bea75590 00000001bea75590, calling 00000001bed404cc
0000000170258698 00000001bea73ac4 00000001bea73ac4, calling 00000001bea75038
00000001702586A0 00000001bed0d558 00000001bed0d558, calling 00000001bea734d4
00000001702586C0 00000001bea726fc 00000001bea726fc, calling 00000001bea72988
00000001702586C8 00000001bea715b8 00000001bea715b8, calling 00000001bea7268c
00000001702586D0 00000001bec08b78 00000001bec08b78, calling 00000001bea71294
00000001702586D8 00000001becc16d0 00000001becc16d0, calling 00000001bec08b28
00000001702586E0 00000001becc1e30 00000001becc1e30, calling 00000001becc0e1c
00000001702586E8 00000001004c0b1c libSystem.Security.Cryptography.Native.Apple.dylib!AppleCryptoNative_SecKeyImportEphemeral + 0x130, calling libSystem.Security.Cryptography.Native.Apple.dylib!SecItemImport
00000001702586F0 00000001190a9c1c (MethodDesc 0000000119459c40 + 0x10c ILStubClass.IL_STUB_PInvoke(Byte*, Int32, Int32, IntPtr*, Int32*))
00000001702586F8 00000001190a9940 (MethodDesc 000000011939ffb8 + 0x108 Interop+AppleCrypto.AppleCryptoNative_SecKeyImportEphemeral(Byte ByRef, Int32, Int32, System.Security.Cryptography.Apple.SafeSecKeyRefHandle ByRef, Int32 ByRef)), calling 0000000118f53dc8
0000000170258700 00000001190a97b4 (MethodDesc 000000011939ff78 + 0x9c Interop+AppleCrypto.AppleCryptoNative_SecKeyImportEphemeral(System.ReadOnlySpan`1<Byte>, Int32, System.Security.Cryptography.Apple.SafeSecKeyRefHandle ByRef, Int32 ByRef))
0000000170258708 00000001190a955c (MethodDesc 000000011939fff8 + 0x134 Interop+AppleCrypto.ImportEphemeralKey(System.ReadOnlySpan`1<Byte>, Boolean))
0000000170258710 00000001190a3898 (MethodDesc 000000011938af80 + 0x4d8 System.Security.Cryptography.DSAImplementation+DSASecurityTransforms.ImportKey(System.Security.Cryptography.DSAParameters))
0000000170258718 00000001190a319c (MethodDesc 000000011938aed8 + 0x4f4 System.Security.Cryptography.DSAImplementation+DSASecurityTransforms.ImportParameters(System.Security.Cryptography.DSAParameters))
0000000170258720 00000001190a2050 (MethodDesc 000000011930f078 + 0x260 Program+<>c__DisplayClass0_0.<<Main>$>g__Work|0())
0000000170258728 0000000118437f5c (MethodDesc 00000001190566d8 + 0xfc System.Threading.Thread.StartCallback())
0000000170258730 000000010348fab8 libcoreclr.dylib!CallDescrWorkerInternal + 0x84
0000000170258738 0000000103157ab8 libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int) + 0x13c, calling libcoreclr.dylib!CallDescrWorkerInternal
0000000170258740 0000000103157ec4 libcoreclr.dylib!DispatchCallSimple(unsigned long*, unsigned int, unsigned long, unsigned int) + 0xd0, calling libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int)
0000000170258748 0000000103181204 libcoreclr.dylib!ThreadNative::KickOffThread_Worker(void*) + 0x128, calling libcoreclr.dylib!DispatchCallSimple(unsigned long*, unsigned int, unsigned long, unsigned int)
0000000170258750 00000001030f45dc libcoreclr.dylib!ManagedThreadBase_DispatchInner(ManagedThreadCallState*) + 0x24
0000000170258758 00000001030f40b0 libcoreclr.dylib!ManagedThreadBase_DispatchMiddle(ManagedThreadCallState*) + 0x6c, calling libcoreclr.dylib!ManagedThreadBase_DispatchInner(ManagedThreadCallState*)
0000000170258760 00000001030f3eb0 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const::'lambda'(Param*)::operator()(Param*) const + 0x20, calling libcoreclr.dylib!ManagedThreadBase_DispatchMiddle(ManagedThreadCallState*)
0000000170258768 00000001030f3bd4 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const + 0x64, calling libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const::'lambda'(Param*)::operator()(Param*) const
0000000170258770 00000001030f07e8 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*) + 0xd0, calling libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const
0000000170259838 0000000170259900 0000000170259900, calling 000000016def9900
0000000170259920 00000001bea730cc 00000001bea730cc, calling 00000001bed55578
000000017025A020 0000000102ef8bc8 libcoreclr.dylib!Thread::GetFrame() + 0x40, calling libcoreclr.dylib!Thread::IsExecutingOnAltStack()
000000017025A090 00000001190a9c1c (MethodDesc 0000000119459c40 + 0x10c ILStubClass.IL_STUB_PInvoke(Byte*, Int32, Int32, IntPtr*, Int32*))
000000017025A0A0 00000001190a9940 (MethodDesc 000000011939ffb8 + 0x108 Interop+AppleCrypto.AppleCryptoNative_SecKeyImportEphemeral(Byte ByRef, Int32, Int32, System.Security.Cryptography.Apple.SafeSecKeyRefHandle ByRef, Int32 ByRef)), calling 0000000118f53dc8
000000017025A0E0 00000001190a9c1c (MethodDesc 0000000119459c40 + 0x10c ILStubClass.IL_STUB_PInvoke(Byte*, Int32, Int32, IntPtr*, Int32*))
000000017025A1C0 00000001190a97b4 (MethodDesc 000000011939ff78 + 0x9c Interop+AppleCrypto.AppleCryptoNative_SecKeyImportEphemeral(System.ReadOnlySpan`1<Byte>, Int32, System.Security.Cryptography.Apple.SafeSecKeyRefHandle ByRef, Int32 ByRef))
000000017025A260 00000001190a955c (MethodDesc 000000011939fff8 + 0x134 Interop+AppleCrypto.ImportEphemeralKey(System.ReadOnlySpan`1<Byte>, Boolean))
000000017025A2B0 00000001190a3898 (MethodDesc 000000011938af80 + 0x4d8 System.Security.Cryptography.DSAImplementation+DSASecurityTransforms.ImportKey(System.Security.Cryptography.DSAParameters))
000000017025A3C0 00000001190a319c (MethodDesc 000000011938aed8 + 0x4f4 System.Security.Cryptography.DSAImplementation+DSASecurityTransforms.ImportParameters(System.Security.Cryptography.DSAParameters))
000000017025A550 00000001190a2050 (MethodDesc 000000011930f078 + 0x260 Program+<>c__DisplayClass0_0.<<Main>$>g__Work|0())
000000017025A780 0000000118437f5c (MethodDesc 00000001190566d8 + 0xfc System.Threading.Thread.StartCallback())
000000017025A8D0 000000010348fab8 libcoreclr.dylib!CallDescrWorkerInternal + 0x84
000000017025A910 0000000103157ab8 libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int) + 0x13c, calling libcoreclr.dylib!CallDescrWorkerInternal
000000017025A920 0000000103157aac libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int) + 0x130, calling libcoreclr.dylib!NativeExceptionHolderBase::Push()
000000017025A990 0000000103157ec4 libcoreclr.dylib!DispatchCallSimple(unsigned long*, unsigned int, unsigned long, unsigned int) + 0xd0, calling libcoreclr.dylib!CallDescrWorkerWithHandler(CallDescrData*, int)
000000017025AA40 000000010307bbe0 libcoreclr.dylib!OBJECTREF::operator->() + 0x94, calling libcoreclr.dylib!ENABLESTRESSHEAP()
000000017025AA70 0000000103181204 libcoreclr.dylib!ThreadNative::KickOffThread_Worker(void*) + 0x128, calling libcoreclr.dylib!DispatchCallSimple(unsigned long*, unsigned int, unsigned long, unsigned int)
000000017025AAE0 0000000102ef8b6c libcoreclr.dylib!CLRException::HandlerState::HandlerState(Thread*) + 0x6c, calling libcoreclr.dylib!Thread::PreemptiveGCDisabled()
000000017025AB20 00000001030f45dc libcoreclr.dylib!ManagedThreadBase_DispatchInner(ManagedThreadCallState*) + 0x24
000000017025AB40 00000001030f40b0 libcoreclr.dylib!ManagedThreadBase_DispatchMiddle(ManagedThreadCallState*) + 0x6c, calling libcoreclr.dylib!ManagedThreadBase_DispatchInner(ManagedThreadCallState*)
000000017025AB60 0000000102e9b960 libcoreclr.dylib!CorUnix::InternalLeaveCriticalSection(CorUnix::CPalThread*, _CRITICAL_SECTION*) + 0x324, calling libcoreclr.dylib!InterlockedCompareExchange
000000017025AB90 0000000102e18e8c libcoreclr.dylib!Volatile<int>::operator int() const + 0x18, calling libcoreclr.dylib!Volatile<int>::Load() const
000000017025ABF0 0000000102ef8cd0 libcoreclr.dylib!Volatile<Thread::ThreadState>::operator Thread::ThreadState() const + 0x18, calling libcoreclr.dylib!Volatile<Thread::ThreadState>::Load() const
000000017025AC10 0000000102ef8c9c libcoreclr.dylib!Thread::IsExecutingOnAltStack() + 0x34, calling libcoreclr.dylib!Volatile<Thread::ThreadState>::operator Thread::ThreadState() const
000000017025ACF0 00000001030f3eb0 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const::'lambda'(Param*)::operator()(Param*) const + 0x20, calling libcoreclr.dylib!ManagedThreadBase_DispatchMiddle(ManagedThreadCallState*)
000000017025AD10 00000001030f3bd4 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const + 0x64, calling libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const::'lambda'(Param*)::operator()(Param*) const
000000017025AD30 00000001030f3db4 libcoreclr.dylib!DebuggerU2MCatchHandlerFrame::DebuggerU2MCatchHandlerFrame() + 0x1c, calling libcoreclr.dylib!DebuggerU2MCatchHandlerFrame::DebuggerU2MCatchHandlerFrame()
000000017025AD90 00000001030f07e8 libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*) + 0xd0, calling libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::$_6::operator()(ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)::TryArgs*) const
000000017025AE40 00000001030f08e4 libcoreclr.dylib!ManagedThreadBase_FullTransition(void (*)(void*), void*, UnhandledExceptionLocation) + 0x38, calling libcoreclr.dylib!ManagedThreadBase_DispatchOuter(ManagedThreadCallState*)
000000017025AE90 00000001030f08a0 libcoreclr.dylib!ManagedThreadBase::KickOff(void (*)(void*), void*) + 0x24, calling libcoreclr.dylib!ManagedThreadBase_FullTransition(void (*)(void*), void*, UnhandledExceptionLocation)
000000017025AEB0 0000000103181368 libcoreclr.dylib!ThreadNative::KickOffThread(void*) + 0x134, calling libcoreclr.dylib!ManagedThreadBase::KickOff(void (*)(void*), void*)
000000017025AF50 0000000102ecd818 libcoreclr.dylib!CorUnix::CPalThread::ThreadEntry(void*) + 0x274
000000017025AF90 0000000103181234 libcoreclr.dylib!ThreadNative::KickOffThread(void*), calling libcoreclr.dylib!__stack_chk_fail
vcsjones commented 2 years ago

Okay, multithreading and concurrency is not related. Just letting DSA objects get finalized will crash.

Simpler repro (takes longer to crash, but still happens pretty quickly)

using System.Security.Cryptography;

while (true)
{
    DSA dsa = DSA.Create();
    dsa.ImportParameters(new DSAParameters
    {
        P = Convert.FromBase64String(@"
            nEx7rLmUg+FLq23XB/8rVFU3Txktd4NYVppGrJMdRKi0FktEj39g7vM33rA0g8Xf
            BurQu9HkcblSR25E5beYrMbU8pJD1ZqmrltbnnlB+PHX5Pgbu91BCr2d5UjAIfiA
            qIlnySMuV0XSqbb1A3qyWGIx3ATXBaXN9mm+paF2itE="),
        Q = Convert.FromBase64String("vV0TbUwrTOkOoiyTJDxsaKWqWjE="),
        G = Convert.FromBase64String(@"
            XZESzrsgUFaS697sgeQEnFKrhh3S6C+gfVG2wL9JBv636QsEq2uxpOMl/1VQxjqx
            Cys3x9YFOkdY1xYdk4ayhco6LYVr81X/lRUtx0YZxpaTt10XgcnlLwx772pYCcOH
            UlyyGxq3GYCA1cglXtS80gPHIYieOqmUhvBHXMYBCAg="),
        Y = Convert.FromBase64String(@"
            e7NMNCxX/44GS2gUH+JyReWzdCUXcp6ax0PcF/XvIZ1mak74P8o8yqWseGa/10hR
            CT92or4YBROsGtKqD/wqN0yJvVMkpPHHsWU9zs1Zt4CsQaZgUTw+vyjkw674OuyN
            933pL+qQNvPuJcb/HK9ME2vSN/3Ki1lAqqKWuzcvggY="),
        X = Convert.FromBase64String(@"DQrQZHBuIxyLlLqtNqOULp/tlH0="),
    });

    GC.Collect();
}
bartonjs commented 2 years ago

The fact that this comes from finalization worries me. All the handles should have been disposed properly.

If both threads hit the line _keys = newKeys at the same time, one of the two newKeys values will be lost to the GC/finalizer.

filipnavara commented 2 years ago

Simpler repro (takes longer to crash, but still happens pretty quickly)

"longer" is an understatement. Running that on .NET 7 didn't crash for 2 hours now 😅

vcsjones commented 2 years ago

"longer" is an understatement. Running that on .NET 7 didn't crash for 2 hours now

Hm. Crashed for me in about 30 seconds. Will get a dump when I am back at the computer.

But I was running it under .NET 6.

vcsjones commented 2 years ago

So, with the "simple" repro, I can get it to crash pretty easily but only on Apple Silicon for .NET 6 and .NET 7. I cannot get it to crash on x86_64.

@filipnavara were you using x86_64?

Native backtrace on AMD64:

* thread #7, stop reason = ESR_EC_DABORT_EL0 (fault address: 0xb2)
  * frame #0: 0x00000001b8da512c Security`std::__1::__tree_iterator, std::__1::__tree_node, void*>*, long> std::__1::__tree, std::__1::__map_value_compare, std::__1::less, true>, std::__1::allocator > >::find(Security::Guid const&) + 16
    frame #1: 0x00000001b8b9fca8 Security`CssmManager::getModule(Security::Guid const&) + 28
    frame #2: 0x00000001b8b9f6a0 Security`CSSM_ModuleAttach + 104
    frame #3: 0x00000001b8b90c04 Security`Security::CssmClient::AttachmentImpl::activate() + 332
    frame #4: 0x00000001b8bc1f50 Security`Security::CssmClient::KeyImpl::deactivate() + 180
    frame #5: 0x00000001b8d15940 Security`Security::CssmClient::KeyImpl::~KeyImpl() + 84
    frame #6: 0x00000001b8bc1e84 Security`Security::CssmClient::KeyImpl::~KeyImpl() + 16
    frame #7: 0x00000001b8ceedd0 Security`Security::RefPointer::release_internal() + 112
    frame #8: 0x00000001b8b90498 Security`Security::RefPointer::release() + 56
    frame #9: 0x00000001b8ceed34 Security`Security::RefPointer::~RefPointer() + 24
    frame #10: 0x00000001b8dc8304 Security`Security::KeychainCore::KeyItem::~KeyItem() + 140
    frame #11: 0x00000001b8bc1e5c Security`Security::KeychainCore::KeyItem::~KeyItem() + 16
    frame #12: 0x00000001b8df6d74 Security`SecCDSAKeyDestroy(__SecKey*) + 328
    frame #13: 0x00000001b6c32d78 CoreFoundation`_CFRelease + 232
    frame #14: 0x0000000280d8e308
    frame #15: 0x0000000280d8d910
    frame #16: 0x0000000280d8e13c
    frame #17: 0x0000000102e9f5c8 libcoreclr.dylib`CallDescrWorkerInternal + 132
    frame #18: 0x0000000102d0fc2c libcoreclr.dylib`DispatchCallSimple(unsigned long*, unsigned int, unsigned long, unsigned int) + 284
    frame #19: 0x0000000102c98cb4 libcoreclr.dylib`MethodTable::CallFinalizer(Object*) + 400
    frame #20: 0x0000000102d50068 libcoreclr.dylib`FinalizerThread::FinalizeAllObjects() + 364
    frame #21: 0x0000000102d50270 libcoreclr.dylib`FinalizerThread::FinalizerThreadWorker(void*) + 184
    frame #22: 0x0000000102cdaaa0 libcoreclr.dylib`ManagedThreadBase_DispatchOuter(ManagedThreadCallState*) + 260
    frame #23: 0x0000000102cdb074 libcoreclr.dylib`ManagedThreadBase::FinalizerBase(void (*)(void*)) + 36
    frame #24: 0x0000000102d503ec libcoreclr.dylib`FinalizerThread::FinalizerThreadStart(void*) + 88
    frame #25: 0x0000000102bed380 libcoreclr.dylib`CorUnix::CPalThread::ThreadEntry(void*) + 380
    frame #26: 0x00000001b6a8c26c libsystem_pthread.dylib`_pthread_start + 148
filipnavara commented 2 years ago

were you using x86_64?

ARM64 on Apple M1. Still running, still no crash...

The native stack trace is identical to the one I saw earlier.

vcsjones commented 2 years ago

ARM64 on Apple M1. Still

Bit of a tangent but where did you get a libsosplugin.dylib for M1? Asking for a friend. 😄

Or did you build it yourself?

filipnavara commented 2 years ago

Bit of a tangent but where did you get a libsosplugin.dylib for M1? Asking for a friend. 😄

A little birdie taught me a trick... :)

dotnet tool install -g dotnet-sos
dotnet ~/.dotnet/tools/.store/dotnet-sos/6.0.316601/dotnet-sos/6.0.316601/tools/netcoreapp3.1/any/dotnet-sos.dll install

The install command takes optional --architecture arm64 switch so dotnet-sos install --architecture arm64 should work too if you have .NET Core 3.1 runtime installed. I refuse to install anything older than .NET 6 though.

vcsjones commented 2 years ago

The install command takes optional --architecture arm64

It... would have been nice if it defaulted to ARM64 on an ARM64 machine. Nonetheless, I have a working SOS plugin now. Sparkles and thank you!

filipnavara commented 2 years ago

The install command takes optional --architecture arm64

It... would have been nice if it defaulted to ARM64 on an ARM64 machine. Nonetheless, I have a working SOS plugin now. Sparkles and thank you!

It totally would but I already complained about it one too many times here - https://github.com/dotnet/sdk/issues/26417 - and it looks like there will be some guidance on how to solve this properly in future.

filipnavara commented 2 years ago

I suspect that this is a bug in the Apple code. Most of CssmManager methods are guarded by mutex. It is suspiciously missing in CssmManager::getModule. Concurrent calls that modify the module map can cause getModule to crash.

filipnavara commented 2 years ago

Reported to Apple Feedback as FB10581430.

vcsjones commented 2 years ago

Interesting. This may have been the cause of some other exceptions or crashes we've seen, such as https://github.com/dotnet/runtime/issues/42568.

filipnavara commented 2 years ago

Here's a fairly trivial way to trigger it:

#include <pthread.h>
#include <Security/Security.h>

static const char *public_key = "-----BEGIN DSA PUBLIC KEY-----\n"
"MIHxMIGoBgcqhkjOOAQBMIGcAkEAvPM8vp7lHRrWFhpso2I/Wrq1qV8TSl7/YITH\n"
"7cHsINCP/xrZZpTlx14pKNkKwEEf3t3bdkKY97NQKRJ+cIRyawIVAMDJQP8l7EVy\n"
"fcqtVnJjJupPIccxAkBhLjwIRUNerlWb0kW357ABc4+65XB90lQIdcwVLGqRsx9A\n"
"wKoeeMUEyVdQhjJMnclvYJU+xqnl2AP9224QOGGLA0QAAkEAkFQyL1jGMfEjer1O\n"
"QjBq7knMY8zHEUVNRbPXBNS5QenFg07rgMUFL/Bj6/876pWvubwpDAcXkiK+SR3A\n"
"FRF/VA==\n"
"-----END DSA PUBLIC KEY-----\n";

static void *thread_start(void *arg)
{
    while (1)
    {
        CFDataRef publicKeyData = CFDataCreateWithBytesNoCopy(NULL, (const UInt8 *)public_key, strlen(public_key), kCFAllocatorNull);
        SecItemImportExportKeyParameters params = {};
        SecExternalItemType keyType = kSecItemTypePublicKey;
        SecExternalFormat keyFormat = kSecFormatPEMSequence;
        CFArrayRef importArray = NULL;

        SecItemImport((CFDataRef)publicKeyData,
                        NULL,
                        &keyFormat,
                        &keyType,
                        0,
                        &params,
                        NULL,
                        &importArray);

        CFRelease(publicKeyData);
        CFRelease(importArray);
    }
}

int main(int argc, char *argv[])
{
    pthread_attr_t attr;
    pthread_t t1, t2;

    pthread_attr_init(&attr);
    pthread_create(&t1, &attr, &thread_start, NULL);
    pthread_create(&t2, &attr, &thread_start, NULL);

    while (1) { }

    return 0;
}

Compile with gcc dsa.c -o dsa -framework Security -framework Foundation.

vcsjones commented 2 years ago

aside from X509Certificate impl. calling into it

Can this be hit by X509Certificate2.GetRSAPrivateKey() for RSA keys?

filipnavara commented 2 years ago

Can this be hit by X509Certificate2.GetRSAPrivateKey() for RSA keys?

Cursory look says that it can... but let's try.

filipnavara commented 2 years ago

The test above crashes for RSA keys imported through SecItemImport. That doesn't necessarily answer your question but it implies that at least CopyWithPrivateKey could be affected. GetRSAPrivateKey would also use CSSM keys so very likely it can run into the same situation too but I would need more elaborate test to confirm.

bartonjs commented 2 years ago

How much of the shim would we need to mutex if we feel we need to work around it? Seems like it's not just our CFRelease call; but if it's just that we can't CFRelease a SecKeyRef during a SecItemImport then maybe we can mutex/semaphore those operations.

filipnavara commented 2 years ago

How much of the shim would we need to mutex if we feel we need to work around it?

There's no easy answer to that I am afraid. At minimum pal_dsa.c, pal_x509_macos.c and anything that gets SecKeyRef from X509 APIs and manipulates it. This is further complicated by the fact that SecKeyRef can be either a CSSM key or an iOS-style key. Additionally, some of the API could internally work with the keys and we have no control over that. That's unlikely but possibly many methods in pal_x509.c and pal_x509chain.c may be affected as well.

If you think it's worth investigating I can look at the Apple code in more detail.

bartonjs commented 2 years ago

OK, so you think it's not as easy as

internal partial class Interop
{
    internal partial class AppleCrypto
    {
        private static readonly object s_cssmLock = new object();

        partial class SafeSecKeyRefHandle
        {
            public bool ReleaseHandle()
            {
                lock (s_cssmLock)
                {
                    Interop.CoreFoundation.CFRelease(handle);
                }

                SetHandle(IntPtr.Zero);
                return true;
            }
        }

        internal static SafeSecKeyRefHandle ImportEphemeralKey(ReadOnlySpan<byte> keyBlob, bool hasPrivateKey)
        {
            Debug.Assert(keyBlob != null);

            SafeSecKeyRefHandle keyHandle;
            int osStatus;

            int ret;

            lock (s_cssmLock)
            {
                ret = AppleCryptoNative_SecKeyImportEphemeral(
                    keyBlob,
                    hasPrivateKey ? 1 : 0,
                    out keyHandle,
                    out osStatus);
            }

            if (ret == 1 && !keyHandle.IsInvalid)
            {
                return keyHandle;
            }

            if (ret == 0)
            {
                throw CreateExceptionForOSStatus(osStatus);
            }

            Debug.Fail($"SecKeyImportEphemeral returned {ret}");
            throw new CryptographicException();
        }

        // maybe one or two other things
    }
}

but is possibly "lock everything using SafeKeyRef" and maybe also SecCertRef and SecIdentityRef?

bartonjs commented 2 years ago

At one or two methods I'd say we can just lock it. But at more than that it feels like we might want to wait for Apple's answer :smile:

vcsjones commented 2 years ago

I hope the answer is "no" but I am going to ask anyway because I am on an iPad for most of the week... this CSSM module map isn't shared between processes, is it?

Or, more specifically, if those threads turned in to separate processes, it would not reproduce?

Looking at my backtrace more in my "simpler" reproduction, it's still a multi threading issue - the finalizer is the other thread. So while there is no explicit threading going on, the finalizer and the main thread are racing this CSSM issue.

filipnavara commented 2 years ago

...is possibly "lock everything using SafeKeyRef" and maybe also SecCertRef and SecIdentityRef?

Yep. The issue can happen with any place where the CSSM module is loaded/unloaded. SecItemImport is the most obvious one but certainly not the only one. Any place where SecKeyRef gets created (eg. materialized from X509 certificate) or released (eg. releasing SecIdentityRef indirectly releases associated key) is prone to potentially hit this.

I had different workaround in mind - loading all CSSM modules as part of initialization and keeping them alive forever. That way the lack of the lock would not be observable because the hash map would no longer be modified. I abandoned this idea when I realized that there's more than 2 CSSM modules. The list of actually usable CSSM modules is likely finite (the public API is deprecated since macOS 10.7) and limited but it's not obvious how limited.

I hope the answer is "no" but I am going to ask anyway because I am on an iPad for most of the week... this CSSM module map isn't shared between processes, is it?

No, thankfully not.

Or, more specifically, if those threads turned in to separate processes, it would not reproduce?

It would not.

Looking at my backtrace more in my "simpler" reproduction, it's still a multi threading issue - the finalizer is the other thread. So while there is no explicit threading going on, the finalizer and the main thread are racing this CSSM issue.

Correct. It is multi-threading issue. CFRelease does a non-locked lookup in a hash map. The CSSM modules likely get unloaded with last key usage and loaded again when necessary.

vcsjones commented 2 years ago

For what it's worth, it looks like Chromium has noticed this issue:

https://chromium.googlesource.com/chromium/src/+/refs/heads/main/crypto/mac_security_services_lock.h#16

// The Mac OS X certificate and key management wrappers over CSSM are not // thread-safe. In particular, code that accesses the CSSM database is // problematic.

If you look at usages of GetMacSecurityServicesLock throughout Chromium, they do quite a bit of locking.

filipnavara commented 2 years ago

Thanks for opening this can of worms:

https://github.com/chromium/chromium/commit/d169b909bc613f7923b17953bf2d369a590e780e

It appears that using CSSM functions on a SecCertificate may attach CSSM-ness to that object. Therefore, expand the scope of the GetMacSecurityServicesLock for the entire lifetime of the SecCertificate created by GetMacNormalizedIssuer.

Currently all the crashes under GetMacNormalizedIssuer appear to be due to issue 1301842, but issue 1301845 noted crashes where certificates are being freed by this function on the non-crashing thread, so this may help with that.

bartonjs commented 2 years ago

Playing on @filipnavara's earlier supposition about the last reference being the problem, then I wonder if we can do something like hold a DSA public+private keypair in a static from DSASecurityTransforms (maybe even going so far as to marking them as SetHandleAsInvalid() so they don't ever release) would stop the exception.

For @vcsjones' test, that'd be just hold one imported DSA key outside the loop, and then the crash may go away.

We might end up with one for DSA, one for ECDH, one for ECDSA, and one for RSA, but that's better than locking?

filipnavara commented 2 years ago

That's basically the same idea as holding references to all CSSM modules, expressed in high-level API terminology.

(You may not need one key per type, perhaps even one would be enough but it's not immediately obvious which CSSM module does what)

vcsjones commented 2 years ago

I wonder if we can do something like hold a DSA public+private keypair in a static from DSASecurityTransforms (maybe even going so far as to marking them as SetHandleAsInvalid() so they don't ever release) would stop the e

This still crashes almost instantly

using System.Security.Cryptography;

internal class Program
{
    private static readonly DSAParameters _dsaParameters = new()
    {
        P = Convert.FromBase64String(@"
    nEx7rLmUg+FLq23XB/8rVFU3Txktd4NYVppGrJMdRKi0FktEj39g7vM33rA0g8Xf
    BurQu9HkcblSR25E5beYrMbU8pJD1ZqmrltbnnlB+PHX5Pgbu91BCr2d5UjAIfiA
    qIlnySMuV0XSqbb1A3qyWGIx3ATXBaXN9mm+paF2itE="),
        Q = Convert.FromBase64String("vV0TbUwrTOkOoiyTJDxsaKWqWjE="),
        G = Convert.FromBase64String(@"
    XZESzrsgUFaS697sgeQEnFKrhh3S6C+gfVG2wL9JBv636QsEq2uxpOMl/1VQxjqx
    Cys3x9YFOkdY1xYdk4ayhco6LYVr81X/lRUtx0YZxpaTt10XgcnlLwx772pYCcOH
    UlyyGxq3GYCA1cglXtS80gPHIYieOqmUhvBHXMYBCAg="),
        Y = Convert.FromBase64String(@"
    e7NMNCxX/44GS2gUH+JyReWzdCUXcp6ax0PcF/XvIZ1mak74P8o8yqWseGa/10hR
    CT92or4YBROsGtKqD/wqN0yJvVMkpPHHsWU9zs1Zt4CsQaZgUTw+vyjkw674OuyN
    933pL+qQNvPuJcb/HK9ME2vSN/3Ki1lAqqKWuzcvggY="),
        X = Convert.FromBase64String(@"DQrQZHBuIxyLlLqtNqOULp/tlH0="),
    };

    private static readonly DSA _cssmDsaKeepAlive;

    static Program()
    {
        _cssmDsaKeepAlive = DSA.Create();
        _cssmDsaKeepAlive.ImportParameters(_dsaParameters);
        _cssmDsaKeepAlive.CreateSignature(new byte[20]);
    }

    private static void Main(string[] args)
    {
        void Work()
        {
            while (true)
            {
                DSA dsa = DSA.Create();
                dsa.ImportParameters(_dsaParameters);
                dsa.Dispose();
            }
        }
        Thread t1 = new Thread(Work);
        Thread t2 = new Thread(Work);

        t1.Start();
        t2.Start();
        t1.Join();
        t2.Join();
        GC.KeepAlive(_cssmDsaKeepAlive);
    }
}

Maybe the SecKeyPair is still internally getting collected somehow, but first try seems to suggest that is not a sufficient fix.

Even with my example using just the finalizer as the concurrent thread still crashes.