2022-10 LCU seems to have broken workload

[ghost]

Describe the bug We run a set of onprem Azure Pipelines agents via swarm mode using a custom image containing the latest VS2019 Build Tools and a number of MSI-based dependencies; this image is rebuilt monthly when the base image is updated.

Following the installation of KB5018421 on the hosts and rebuilding the image, when the pipeline agent tries to MSBuild a solution the container terminates unexpectedly with status Exited (2147483697), with a matching error condition reported in Event Viewer.

To Reproduce In the container, MSBuild a solution containing C# projects.

(Our build process has a fair few moving parts and the solution contains 150+ projects, isolating this to a simple rep case may take more time than we have available. Our scenario used to work cleanly, and other steps running in the container such as git clone and PowerShell scripts seem to be working fine as before.)

Expected behavior Expected the build process to remain as it was before the update -- build errors to be reported via Azure DevOps rather than container termination.

Configuration:

• Edition: Windows Server 2022 (under VMware)
• Base Image being used: mcr.microsoft.com/dotnet/framework/runtime:3.5-windowsservercore-ltsc2022
• Container engine: docker (Mirantis)
• Container Engine version: 22.10.13
• Isolation: process

Additional context

• The issue first appeared on v22.10.9 (installed some time ago via DockerMsftProvider) after the LCU installed; the MCR version was installed over this but did not resolve the issue
• The source code being built is unmodified from a version that built successfully prior to the LCU installation
• No configured limits for CPU/RAM (that we know of); docker container inspect seems to confirm all limits are null/zero
• The pipelines agent is launched from a PowerShell script inside a try-finally block, where the finally writes a message that the agent has exited -- this message does not appear in docker service logs, nor does any other error
• Switching the host of the launch script to PowerShell Core allows the build to progress further, but the container still exits prematurely (with the same exit code)
• Switching MSBuild to not use max CPUs seems to allow the build to progress further, but the container still exits prematurely

We're at something of a loss with this one; a guess is that something is killing the entrypoint process, but it's unclear what or how, or how to proceed with further diagnostics.

[ghost]

Can also rep this with the latest Moby runtime on a clean host VM.

[ghost]

This issue appears to have been resolved by the 2022-11 updated base image.

It turns out (via LogMonitor) the underlying error was a crash in LSASS.exe from netlogon.dll inside the container, possibly related to running the containers with a domain-joined gMSA, which would then trigger the "reboot in 60 seconds" behaviour which terminated the container unexpectedly.