Dump generation segfaults in DAC and doesn't complete

[mikem8361]

Description

The DAC enum memory region code used by dump generation segfaults in the DAC. This is preventing generating triage and heap dumps in 6.0.

Configuration

Windows, Linux and MacOS

Regression?

This problem has always been there, but it was uncovered recently when we did more testing on triage and heap dumps.

Other information

The segfault on Linux (the one on MacOS is similar):

* thread #1, name = 'createdump', stop reason = signal SIGSEGV: invalid address (fault address: 0x256)
* frame #0: 0x00007fffffff81a0 0x00007ffff7e35674 libmscordaccore.so`Module::GetPathForErrorMessages() [inlined] Module::GetFile(this=0x0000000000000246) const at ceeload.h:1695
frame #1: 0x00007fffffff81a0 0x00007ffff7e35674 libmscordaccore.so`Module::GetPathForErrorMessages(this=0x0000000000000246) + 4 at ceeload.cpp:13433
frame #2: 0x00007fffffff81b0 0x00007ffff7e5fcf5 libmscordaccore.so`void ThrowBadFormatWorkerT<Module>(unsigned int, Module*) [inlined] char16_t const* GetPathForErrorMessagesT<Module>(pImgObj=<unavailable>) + 13 at exceptmacros.h:504
frame #3: 0x00007fffffff81b0 0x00007ffff7e5fce8 libmscordaccore.so`void ThrowBadFormatWorkerT<Module>(resID=8265, pImgObj=<unavailable>) + 8 at exceptmacros.h:518
frame #4: 0x00007fffffff81d0 0x00007ffff7e5ad8e libmscordaccore.so`SigPointer::GetTypeHandleThrowing(this=<unavailable>, pModule=0x00007ffff776ec00, pTypeContext=<unavailable>, fLoadTypes=<unavailable>, level=<unavailable>, dropGenericArgumentLevel=232, pSubst=0x0000000000000000, pZapSigContext=0x0000000000000000, pMTInterfaceMapOwner=0x0000000000000000) const + 4126 at siginfo.cpp:1698
frame #5: 0x00007fffffff8290 0x00007ffff7dc312f libmscordaccore.so`ClrDataFrame::ValueFromDebugInfo(MetaSig*, bool, unsigned int, unsigned int, IXCLRDataValue**) [inlined] MetaSig::GetLastTypeHandleThrowing(this=<unavailable>, fLoadTypes=<unavailable>, level=<unavailable>, dropGenericArgumentLevel=<unavailable>) const + 399 at siginfo.hpp:937
frame #6: 0x00007fffffff8290 0x00007ffff7dc30fd libmscordaccore.so`ClrDataFrame::ValueFromDebugInfo(this=0x0000555555d654f0, sig=<unavailable>, isArg=false, sigIndex=<unavailable>, varInfoSlot=<unavailable>, _value=0x00007fffffff84f8) + 349 at stack.cpp:1388
frame #7: 0x00007fffffff8350 0x00007ffff7dc3ff5 libmscordaccore.so`ClrDataFrame::GetExactGenericArgsToken(this=0x0000555555d654f0, genericToken=0x00007fffffff84f8) + 181 at stack.cpp:1092
frame #8: 0x00007fffffff83c0 0x00007ffff7d93303 libmscordaccore.so`ClrDataAccess::EnumMemWalkStackHelper(this=<unavailable>, flags=CLRDATA_ENUM_MEM_HEAP, pStackWalk=0x0000555555d64090, pThread=<unavailable>) + 2723 at enummem.cpp:906
frame #9: 0x00007fffffff9680 0x00007ffff7d9033f libmscordaccore.so`ClrDataAccess::EnumMemDumpAllThreadsStack(this=0x00005555555f5140, flags=CLRDATA_ENUM_MEM_HEAP) + 2575 at enummem.cpp:1210
frame #10: 0x00007fffffff9c70 0x00007ffff7d8e79f libmscordaccore.so`ClrDataAccess::EnumMemoryRegionsWorkerHeap(this=0x00005555555f5140, flags=CLRDATA_ENUM_MEM_HEAP) + 415 at enummem.cpp:335
frame #11: 0x00007fffffff9cd0 0x00007ffff7d95af9 libmscordaccore.so`ClrDataAccess::EnumMemoryRegionsWrapper(this=0x00005555555f5140, flags=CLRDATA_ENUM_MEM_HEAP) + 121 at enummem.cpp:1880
frame #12: 0x00007fffffff9d20 0x00007ffff7d95d44 libmscordaccore.so`ClrDataAccess::EnumMemoryRegions(this=0x00005555555f5140, callback=<unavailable>, miniDumpFlags=268837, flags=<unavailable>) + 228 at enummem.cpp:1968
frame #13: 0x00007fffffff9d80 0x000055555555f9a2 createdump`CrashInfo::EnumerateMemoryRegionsWithDAC(this=0x00005555555920f0, minidumpType=MiniDumpWithDataSegs | MiniDumpWithHandleData | MiniDumpWithUnloadedModules | MiniDumpWithPrivateReadWriteMemory | MiniDumpWithFullMemoryInfo | MiniDumpWithThreadInfo | MiniDumpWithTokenInformation) + 258 at crashinfo.cpp:247
frame #14: 0x00007fffffff9de0 0x000055555555f77c createdump`CrashInfo::GatherCrashInfo(this=<unavailable>, minidumpType=<unavailable>) + 668 at crashinfo.cpp:194
frame #15: 0x00007fffffff9e30 0x000055555555eae3 createdump`CreateDump(dumpPathTemplate="/tmp/coredump.%p", pid=30883, dumpType="minidump with heap", minidumpType=MiniDumpWithDataSegs | MiniDumpWithHandleData | MiniDumpWithUnloadedModules | MiniDumpWithPrivateReadWriteMemory | MiniDumpWithFullMemoryInfo | MiniDumpWithThreadInfo | MiniDumpWithTokenInformation, crashReport=true, crashThread=0, signal=0) + 227 at createdumpunix.cpp:35
frame #16: 0x00007fffffffded0 0x000055555555e1a7 createdump`main(argc=<unavailable>, argv=<unavailable>) + 823 at main.cpp:167
frame #17: 0x00007fffffffdf40 0x00007ffff77fa0b3 libc.so.6`__libc_start_main + 243
frame #18: 0x00007fffffffe010 0x000055555555b271 createdump`_start + 41

Tagging subscribers to this area: @tommcdon
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Description

The DAC enum memory region code used by dump generation segfaults in the DAC. This is preventing generating triage and heap dumps in 6.0.

Configuration

Windows, Linux and MacOS

Regression?

This problem has always been there, but it was uncovered recently when we did more testing on triage and heap dumps.

Other information

The segfault on Linux (the one on MacOS is similar):

* thread #1, name = 'createdump', stop reason = signal SIGSEGV: invalid address (fault address: 0x256)
* frame #0: 0x00007fffffff81a0 0x00007ffff7e35674 libmscordaccore.so`Module::GetPathForErrorMessages() [inlined] Module::GetFile(this=0x0000000000000246) const at ceeload.h:1695
frame #1: 0x00007fffffff81a0 0x00007ffff7e35674 libmscordaccore.so`Module::GetPathForErrorMessages(this=0x0000000000000246) + 4 at ceeload.cpp:13433
frame #2: 0x00007fffffff81b0 0x00007ffff7e5fcf5 libmscordaccore.so`void ThrowBadFormatWorkerT<Module>(unsigned int, Module*) [inlined] char16_t const* GetPathForErrorMessagesT<Module>(pImgObj=<unavailable>) + 13 at exceptmacros.h:504
frame #3: 0x00007fffffff81b0 0x00007ffff7e5fce8 libmscordaccore.so`void ThrowBadFormatWorkerT<Module>(resID=8265, pImgObj=<unavailable>) + 8 at exceptmacros.h:518
frame #4: 0x00007fffffff81d0 0x00007ffff7e5ad8e libmscordaccore.so`SigPointer::GetTypeHandleThrowing(this=<unavailable>, pModule=0x00007ffff776ec00, pTypeContext=<unavailable>, fLoadTypes=<unavailable>, level=<unavailable>, dropGenericArgumentLevel=232, pSubst=0x0000000000000000, pZapSigContext=0x0000000000000000, pMTInterfaceMapOwner=0x0000000000000000) const + 4126 at siginfo.cpp:1698
frame #5: 0x00007fffffff8290 0x00007ffff7dc312f libmscordaccore.so`ClrDataFrame::ValueFromDebugInfo(MetaSig*, bool, unsigned int, unsigned int, IXCLRDataValue**) [inlined] MetaSig::GetLastTypeHandleThrowing(this=<unavailable>, fLoadTypes=<unavailable>, level=<unavailable>, dropGenericArgumentLevel=<unavailable>) const + 399 at siginfo.hpp:937
frame #6: 0x00007fffffff8290 0x00007ffff7dc30fd libmscordaccore.so`ClrDataFrame::ValueFromDebugInfo(this=0x0000555555d654f0, sig=<unavailable>, isArg=false, sigIndex=<unavailable>, varInfoSlot=<unavailable>, _value=0x00007fffffff84f8) + 349 at stack.cpp:1388
frame #7: 0x00007fffffff8350 0x00007ffff7dc3ff5 libmscordaccore.so`ClrDataFrame::GetExactGenericArgsToken(this=0x0000555555d654f0, genericToken=0x00007fffffff84f8) + 181 at stack.cpp:1092
frame #8: 0x00007fffffff83c0 0x00007ffff7d93303 libmscordaccore.so`ClrDataAccess::EnumMemWalkStackHelper(this=<unavailable>, flags=CLRDATA_ENUM_MEM_HEAP, pStackWalk=0x0000555555d64090, pThread=<unavailable>) + 2723 at enummem.cpp:906
frame #9: 0x00007fffffff9680 0x00007ffff7d9033f libmscordaccore.so`ClrDataAccess::EnumMemDumpAllThreadsStack(this=0x00005555555f5140, flags=CLRDATA_ENUM_MEM_HEAP) + 2575 at enummem.cpp:1210
frame #10: 0x00007fffffff9c70 0x00007ffff7d8e79f libmscordaccore.so`ClrDataAccess::EnumMemoryRegionsWorkerHeap(this=0x00005555555f5140, flags=CLRDATA_ENUM_MEM_HEAP) + 415 at enummem.cpp:335
frame #11: 0x00007fffffff9cd0 0x00007ffff7d95af9 libmscordaccore.so`ClrDataAccess::EnumMemoryRegionsWrapper(this=0x00005555555f5140, flags=CLRDATA_ENUM_MEM_HEAP) + 121 at enummem.cpp:1880
frame #12: 0x00007fffffff9d20 0x00007ffff7d95d44 libmscordaccore.so`ClrDataAccess::EnumMemoryRegions(this=0x00005555555f5140, callback=<unavailable>, miniDumpFlags=268837, flags=<unavailable>) + 228 at enummem.cpp:1968
frame #13: 0x00007fffffff9d80 0x000055555555f9a2 createdump`CrashInfo::EnumerateMemoryRegionsWithDAC(this=0x00005555555920f0, minidumpType=MiniDumpWithDataSegs | MiniDumpWithHandleData | MiniDumpWithUnloadedModules | MiniDumpWithPrivateReadWriteMemory | MiniDumpWithFullMemoryInfo | MiniDumpWithThreadInfo | MiniDumpWithTokenInformation) + 258 at crashinfo.cpp:247
frame #14: 0x00007fffffff9de0 0x000055555555f77c createdump`CrashInfo::GatherCrashInfo(this=<unavailable>, minidumpType=<unavailable>) + 668 at crashinfo.cpp:194
frame #15: 0x00007fffffff9e30 0x000055555555eae3 createdump`CreateDump(dumpPathTemplate="/tmp/coredump.%p", pid=30883, dumpType="minidump with heap", minidumpType=MiniDumpWithDataSegs | MiniDumpWithHandleData | MiniDumpWithUnloadedModules | MiniDumpWithPrivateReadWriteMemory | MiniDumpWithFullMemoryInfo | MiniDumpWithThreadInfo | MiniDumpWithTokenInformation, crashReport=true, crashThread=0, signal=0) + 227 at createdumpunix.cpp:35
frame #16: 0x00007fffffffded0 0x000055555555e1a7 createdump`main(argc=<unavailable>, argv=<unavailable>) + 823 at main.cpp:167
frame #17: 0x00007fffffffdf40 0x00007ffff77fa0b3 libc.so.6`__libc_start_main + 243
frame #18: 0x00007fffffffe010 0x000055555555b271 createdump`_start + 41

Author:	mikem8361
Assignees:	mikem8361
Labels:	area-Diagnostics-coreclr
Milestone:	6.0.0