DAC fails to enumerate heap objects on .NET 7+ due to GC Regions

[asundheim]

Description

During heap object walking via ICorDebugHeapEnum::Next, DacHeapWalker::MoveToNextObject() fails to properly get the current segment / generation, causing it to skip calling GetSegmentAndAllocRange() for gen0 objects, so if it ends up in a dead area, it won't get itself back out and will fail to return objects to the enumerator.

SOS says the object under inspection is gen0, but when stopped on the access violation from DacHeapWalker::GetSize the check isGen0 in MoveToNextObject claims it's gen2, causing it not to call GetSegmentAndAllocRange()

Reproduction Steps

Known repros on clr versions 7.0.1423.51910, 8.0.23.53103. Setting DOTNET_GCRegionSize to a small value should increase the likelihood that even a template app can trigger the issue.

Expected behavior

Objects are returned via the enumerator.

Actual behavior

Enumerator gets stuck, and no further progress can be made.

Regression?

Seems to be only the latest versions of the runtime, heap walking has not had this issue before.

Known Workarounds

No response

Configuration

No response

Other information

DacHeapWalker::MoveToNextObject()

[asundheim]

@leculver

Tagging subscribers to this area: @tommcdon
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Description

During heap object walking via ICorDebugHeapEnum::Next, DacHeapWalker::MoveToNextObject() fails to properly get the current segment / generation, causing it to skip calling GetSegmentAndAllocRange() for gen0 objects, so if it ends up in a dead area, it won't get itself back out and will fail to return objects to the enumerator.

SOS says the object under inspection is gen0, but when stopped on the access violation from DacHeapWalker::GetSize the check isGen0 in MoveToNextObject claims it's gen2, causing it not to call GetSegmentAndAllocRange()

Reproduction Steps

Known repros on clr versions 7.0.1423.51910, 8.0.23.53103. Setting DOTNET_GCRegionSize to a small value should increase the likelihood that even a template app can trigger the issue.

Expected behavior

Objects are returned via the enumerator.

Actual behavior

Enumerator gets stuck, and no further progress can be made.

Regression?

Seems to be only the latest versions of the runtime, heap walking has not had this issue before.

Known Workarounds

No response

Configuration

No response

Other information

DacHeapWalker::MoveToNextObject()

Author:	asundheim
Assignees:	-
Labels:	area-Diagnostics-coreclr, untriaged
Milestone:	-

[tommcdon]

@hoyosjs @cshung @mikem8361

[cshung]

@asundheim, it looks like you have gone through some debugging and have already found out the root cause, would you mind helping us to get it fixed?

[asundheim]

@asundheim, it looks like you have gone through some debugging and have already found out the root cause, would you mind helping us to get it fixed?

I'd be happy to help, or at the very least test out a fix, but I'm at a loss for what has actually changed to cause this.