search

rr-debugger / rr

Record and Replay Framework
http://rr-project.org/
Other
9.2k stars 585 forks source link

Recording 32-bit firefox on Ubuntu hits an mmap assert #2957

Open shravanrn opened 3 years ago

shravanrn commented 3 years ago

I'm using rr to record a 32-bit build of Firefox, on an Ubuntu 20.04.3 LTS system, however I hit an assert about mmap (log below).

Info

Recorded code: custom build of Firefox (from the main mozilla-central repo with commits from around Aug 1st) OS: Ubuntu 20.04.4 LTS Processor: Intel Skylake 6700K

Any help would be much appreciated! Please let me know if you need any more information.

Error log

[FATAL /home/roc/rr/rr/src/AutoRemoteSyscalls.cc:558:infallible_mmap_syscall()] 
 (task 22886 (rec:22476) at time 181)
 -> Assertion `addr == ret' failed to hold. MAP_FIXED at 0xdcbf7000 but got 0xfffffff7
Tail of trace dump:
{
  real_time:1410.479791 global_time:161, event:`SYSCALL: read' (state:EXITING_SYSCALL) tid:22476, ticks:19809
eax:0x200 ecx:0xffc62aa0 edx:0x200 ebx:0x3 esp:0xffc628b4 ebp:0xffc62918 esi:0xf7fbd000 edi:0xffc62a9c eip:0xf7fae564 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0x3
  { tid:22476, addr:0xffc62aa0, length:0x200 }
}
{
  real_time:1410.479826 global_time:162, event:`SYSCALL: fstat64' (state:ENTERING_SYSCALL) tid:22476, ticks:19869
eax:0xffffffda ecx:0xffc629d0 edx:0xf7fbd000 ebx:0x3 esp:0xffc62948 ebp:0xffc62a48 esi:0x56644786 edi:0xffc62a9c eip:0xf7fae0cf eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc5
}
{
  real_time:1410.479850 global_time:163, event:`SYSCALL: fstat64' (state:EXITING_SYSCALL) tid:22476, ticks:19869
eax:0x0 ecx:0xffc629d0 edx:0xf7fbd000 ebx:0x3 esp:0xffc62948 ebp:0xffc62a48 esi:0x56644786 edi:0xffc62a9c eip:0xf7fae0cf eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc5
  { tid:22476, addr:0xffc629d0, length:0x60 }
}
{
  real_time:1410.479886 global_time:164, event:`SYSCALL: mmap2' (state:ENTERING_SYSCALL) tid:22476, ticks:20058
eax:0xffffffda ecx:0x5b41 edx:0x1 ebx:0x0 esp:0xffc62820 ebp:0x0 esi:0x802 edi:0x3 eip:0xf7fae724 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc0
}
{
  real_time:1410.480042 global_time:165, event:`SYSCALL: mmap2' (state:EXITING_SYSCALL) tid:22476, ticks:20058
eax:0xf7ec3000 ecx:0x5b41 edx:0x1 ebx:0x0 esp:0xffc62820 ebp:0x0 esi:0x802 edi:0x3 eip:0xf7fae724 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc0
  { map_file:"/mnt/sata/ffbuilds/firefox_latest_debug32/config/external/nspr/ds/libplds4.so", addr:0xf7ec3000, length:0x6000, prot_flags:"r--p", file_offset:0x0, device:2049, inode:146542252, data_file:"/mnt/sata/ffbuilds/firefox_latest_debug32/config/external/nspr/ds/libplds4.so", data_offset:0x0, file_size:0x6b2c }
}
{
  real_time:1410.480076 global_time:166, event:`SYSCALL: mmap2' (state:ENTERING_SYSCALL) tid:22476, ticks:20067
eax:0xffffffda ecx:0x2000 edx:0x5 ebx:0xf7ec5000 esp:0xffc62820 ebp:0x1 esi:0x812 edi:0x3 eip:0xf7fae724 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc0
}
{
  real_time:1410.480130 global_time:167, event:`SYSCALL: mmap2' (state:EXITING_SYSCALL) tid:22476, ticks:20067
eax:0xf7ec5000 ecx:0x2000 edx:0x5 ebx:0xf7ec5000 esp:0xffc62820 ebp:0x1 esi:0x812 edi:0x3 eip:0xf7fae724 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc0
  { map_file:"/mnt/sata/ffbuilds/firefox_latest_debug32/config/external/nspr/ds/libplds4.so", addr:0xf7ec5000, length:0x2000, prot_flags:"r-xp", file_offset:0x1000, device:2049, inode:146542252, data_file:"/mnt/sata/ffbuilds/firefox_latest_debug32/config/external/nspr/ds/libplds4.so", data_offset:0x1000, file_size:0x6b2c }
}
{
  real_time:1410.480163 global_time:168, event:`SYSCALL: mmap2' (state:ENTERING_SYSCALL) tid:22476, ticks:20075
eax:0xffffffda ecx:0x1000 edx:0x3 ebx:0xf7ec7000 esp:0xffc62820 ebp:0x2 esi:0x812 edi:0x3 eip:0xf7fae724 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc0
}
{
  real_time:1410.480216 global_time:169, event:`SYSCALL: mmap2' (state:EXITING_SYSCALL) tid:22476, ticks:20075
eax:0xf7ec7000 ecx:0x1000 edx:0x3 ebx:0xf7ec7000 esp:0xffc62820 ebp:0x2 esi:0x812 edi:0x3 eip:0xf7fae724 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc0
  { map_file:"/mnt/sata/ffbuilds/firefox_latest_debug32/config/external/nspr/ds/libplds4.so", addr:0xf7ec7000, length:0x1000, prot_flags:"rw-p", file_offset:0x2000, device:2049, inode:146542252, data_file:"/mnt/sata/ffbuilds/firefox_latest_debug32/config/external/nspr/ds/libplds4.so", data_offset:0x2000, file_size:0x6b2c }
}
{
  real_time:1410.480249 global_time:170, event:`SYSCALL: mmap2' (state:ENTERING_SYSCALL) tid:22476, ticks:20083
eax:0xffffffda ecx:0x1000 edx:0x3 ebx:0xf7ec8000 esp:0xffc62820 ebp:0x2 esi:0x812 edi:0x3 eip:0xf7fae724 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc0
}
{
  real_time:1410.480299 global_time:171, event:`SYSCALL: mmap2' (state:EXITING_SYSCALL) tid:22476, ticks:20083
eax:0xf7ec8000 ecx:0x1000 edx:0x3 ebx:0xf7ec8000 esp:0xffc62820 ebp:0x2 esi:0x812 edi:0x3 eip:0xf7fae724 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc0
  { map_file:"/mnt/sata/ffbuilds/firefox_latest_debug32/config/external/nspr/ds/libplds4.so", addr:0xf7ec8000, length:0x1000, prot_flags:"rw-p", file_offset:0x2000, device:2049, inode:146542252, data_file:"/mnt/sata/ffbuilds/firefox_latest_debug32/config/external/nspr/ds/libplds4.so", data_offset:0x2000, file_size:0x6b2c }
}
{
  real_time:1410.480339 global_time:172, event:`SYSCALL: close' (state:ENTERING_SYSCALL) tid:22476, ticks:20182
eax:0xffffffda ecx:0xf7ec79c0 edx:0xf7fbd000 ebx:0x3 esp:0xffc62948 ebp:0xffc62a48 esi:0x0 edi:0xf7f8ede0 eip:0xf7fae28b eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0x6
}
{
  real_time:1410.480361 global_time:173, event:`SYSCALL: close' (state:EXITING_SYSCALL) tid:22476, ticks:20182
eax:0x0 ecx:0xf7ec79c0 edx:0xf7fbd000 ebx:0x3 esp:0xffc62948 ebp:0xffc62a48 esi:0x0 edi:0xf7f8ede0 eip:0xf7fae28b eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0x6
}
{
  real_time:1410.480396 global_time:174, event:`SYSCALL: openat' (state:ENTERING_SYSCALL) tid:22476, ticks:20477
eax:0xffffffda ecx:0xffc62910 edx:0x88000 ebx:0xffffff9c esp:0xffc62890 ebp:0xffc628f8 esi:0x0 edi:0xf7fbd000 eip:0xf7fae47e eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0x127
}
{
  real_time:1410.480439 global_time:175, event:`SYSCALL: openat' (state:EXITING_SYSCALL) tid:22476, ticks:20477
eax:0x3 ecx:0xffc62910 edx:0x88000 ebx:0xffffff9c esp:0xffc62890 ebp:0xffc628f8 esi:0x0 edi:0xf7fbd000 eip:0xf7fae47e eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0x127
}
{
  real_time:1410.480473 global_time:176, event:`SYSCALL: read' (state:ENTERING_SYSCALL) tid:22476, ticks:20479
eax:0xffffffda ecx:0xffc62a80 edx:0x200 ebx:0x3 esp:0xffc62894 ebp:0xffc628f8 esi:0xf7fbd000 edi:0xffc62a7c eip:0xf7fae564 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0x3
}
{
  real_time:1410.480503 global_time:177, event:`SYSCALL: read' (state:EXITING_SYSCALL) tid:22476, ticks:20479
eax:0x200 ecx:0xffc62a80 edx:0x200 ebx:0x3 esp:0xffc62894 ebp:0xffc628f8 esi:0xf7fbd000 edi:0xffc62a7c eip:0xf7fae564 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0x3
  { tid:22476, addr:0xffc62a80, length:0x200 }
}
{
  real_time:1410.480537 global_time:178, event:`SYSCALL: fstat64' (state:ENTERING_SYSCALL) tid:22476, ticks:20541
eax:0xffffffda ecx:0xffc629b0 edx:0xf7fbd000 ebx:0x3 esp:0xffc62928 ebp:0xffc62a28 esi:0x5664468f edi:0xffc62a7c eip:0xf7fae0cf eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc5
}
{
  real_time:1410.480561 global_time:179, event:`SYSCALL: fstat64' (state:EXITING_SYSCALL) tid:22476, ticks:20541
eax:0x0 ecx:0xffc629b0 edx:0xf7fbd000 ebx:0x3 esp:0xffc62928 ebp:0xffc62a28 esi:0x5664468f edi:0xffc62a7c eip:0xf7fae0cf eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc5
  { tid:22476, addr:0xffc629b0, length:0x60 }
}
{
  real_time:1410.480595 global_time:180, event:`SYSCALL: mmap2' (state:ENTERING_SYSCALL) tid:22476, ticks:20733
eax:0xffffffda ecx:0x1b2cbb39 edx:0x1 ebx:0x0 esp:0xffc627e0 ebp:0x0 esi:0x802 edi:0x3 eip:0xf7fae724 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc0
}
{
  real_time:1410.480734 global_time:181, event:`SYSCALL: mmap2' (state:EXITING_SYSCALL) tid:22476, ticks:20733
eax:0xdcbf7000 ecx:0x1b2cbb39 edx:0x1 ebx:0x0 esp:0xffc627e0 ebp:0x0 esi:0x802 edi:0x3 eip:0xf7fae724 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc0
  { map_file:"/mnt/sata/ffbuilds/firefox_latest_debug32/toolkit/library/build/libxul.so", addr:0xdcbf7000, length:0x1b2cc000, prot_flags:"r--p", file_offset:0x0, device:2049, inode:140317514, data_file:"/mnt/sata/ffbuilds/firefox_latest_debug32/toolkit/library/build/libxul.so", data_offset:0x0, file_size:0x83e3e9cc }
}
{
  real_time:1410.480768 global_time:182, event:`SYSCALL: mmap2' (state:ENTERING_SYSCALL) tid:22476, ticks:20742
eax:0xffffffda ecx:0x1242b000 edx:0x5 ebx:0xe564f000 esp:0xffc627e0 ebp:0x8a57 esi:0x812 edi:0x3 eip:0xf7fae724 eflags:0x246 xcs:0x23 xss:0x2b xds:0x2b xes:0x2b xfs:0x0 xgs:0x0 orig_eax:0xc0
}
=== Start rr backtrace:
rr(_ZN2rr13dump_rr_stackEv+0x28)[0x56d088]
rr(_ZN2rr9GdbServer15emergency_debugEPNS_4TaskE+0x225)[0x5bfcd5]
rr[0x59f5be]
rr(_ZN2rr18AutoRemoteSyscalls23infallible_mmap_syscallENS_10remote_ptrIvEEmiiim+0xcd)[0x4b2ecd]
rr(_ZN2rr18AutoRemoteSyscalls18finish_direct_mmapENS_10remote_ptrIvEEmiiRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEilR4statRS8_+0x1fd)[0x4b339d]
rr[0x597b29]
rr[0x599b91]
rr[0x50438b]
rr(_ZN2rr19rep_process_syscallEPNS_10ReplayTaskEPNS_15ReplayTraceStepE+0x3b)[0x50442b]
rr(_ZN2rr13ReplaySession28setup_replay_one_trace_frameEPNS_10ReplayTaskE+0x3aa)[0x50744a]
rr(_ZN2rr13ReplaySession11replay_stepERKNS0_15StepConstraintsE+0x12b)[0x509e4b]
rr(_ZN2rr14ReplayTimeline19replay_step_forwardENS_10RunCommandEl+0xc3)[0x5a8bc3]
rr(_ZN2rr9GdbServer14debug_one_stepERNS_10GdbRequestE+0x34c)[0x4f6a4c]
rr(_ZN2rr9GdbServer12serve_replayERKNS0_15ConnectionFlagsE+0x6cb)[0x5bdd2b]
rr[0x5720a6]
rr(_ZN2rr13ReplayCommand3runERSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EE+0x5f1)[0x55a981]
rr(main+0x353)[0x498163]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0x7f8d7fb1e0b3]
rr(_start+0x29)[0x498579]
=== End rr backtrace
Launch gdb with
  gdb '-l' '10000' '-ex' 'set sysroot /' '-ex' 'target extended-remote 127.0.0.1:22886' /mnt/sata/ffbuilds/firefox_latest_debug32/dist/bin/xpcshell
^CError detected on fd 12
Remote communication error.  Target disconnected.: Resource temporarily unavailable.
rocallahan commented 3 years ago

I think that's EBADF which is a bit strange.

You'd have to dig into rr to figure out which fd we tried to map in the tracee and whether that's valid in the tracee when we try to get the tracee to mmap it.

khuey commented 3 years ago

Are you using the rr from the distro? You should test with a build from the latest source if you are.

shravanrn commented 3 years ago

@khuey I'm using the rr 5.4 release from the releases page here. I will try building from the source to see if I can repro on the latest also

shravanrn commented 3 years ago

You'd have to dig into rr to figure out which fd we tried to map in the tracee and whether that's valid in the tracee when we try to get the tracee to mmap it.

@rocallahan hmm... Happy to give it a shot, although I may need a little more info on the steps i should take to do this. Alternately, if I attach an rr core dump or something similar, would this help identify the root cause?

rocallahan commented 3 years ago

You'll want to build from source first as Kyle suggested. After that, reproduce the bug, and when rr pauses as before, attach gdb to it and get a stack trace. In AutoRemoteSyscalls::finish_direct_mmap we'll want the value of fd. And that that point, grab the tid of the tracee (t->tid) and then lsof -p <tid>.

shravanrn commented 3 years ago

@rocallahan @khuey I see the same error on the rr built from the latest source as well.

I attached gdb to rr

AutoRemoteSyscalls::finish_direct_mmap we'll want the value of fd

This says -75. This definitely looks weird, as the value is negative...

grab the tid of the tracee (t->tid) and then lsof -p .

shr@shr-Desktop:~$ lsof -p 50471
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/121/gvfs
      Output information may be incomplete.
COMMAND     PID USER   FD   TYPE             DEVICE SIZE/OFF      NODE NAME
rr:xpcshe 50471  shr  cwd    DIR                8,1     4096  65408719 /mnt/sata/Code/mozilla-central
rr:xpcshe 50471  shr  rtd    DIR              259,1     4096         2 /
rr:xpcshe 50471  shr  txt    REG                8,1    13960  65735321 /mnt/sata/Code/rr-build/bin/rr_exec_stub_32
rr:xpcshe 50471  shr  mem    REG                8,1  7265112 169413630 /mnt/sata/ffbuilds/firefox_latest_debug32/dist/bin/xpcshell
rr:xpcshe 50471  shr  mem    REG                8,1    18544  68879637 /mnt/sata/Code/rr-build/lib/rr/librrpage_32.so
rr:xpcshe 50471  shr  DEL    REG              259,1             134451 /tmp/rr-shared-preload_thread_locals-50471-0
rr:xpcshe 50471  shr  mem    REG                8,1    27436 146542252 /mnt/sata/ffbuilds/firefox_latest_debug32/config/external/nspr/ds/libplds4.so
rr:xpcshe 50471  shr  mem    REG                8,1    49776 146542253 /mnt/sata/ffbuilds/firefox_latest_debug32/config/external/nspr/libc/libplc4.so
rr:xpcshe 50471  shr  mem    REG                8,1   638936 124324203 /mnt/sata/ffbuilds/firefox_latest_debug32/config/external/nspr/pr/libnspr4.so
rr:xpcshe 50471  shr  mem    REG              259,1   159712  13238949 /lib/i386-linux-gnu/libpthread-2.31.so
rr:xpcshe 50471  shr  mem    REG                8,1   323464  68879641 /mnt/sata/Code/rr-build/lib/rr/librrpreload_32.so
rr:xpcshe 50471  shr  mem    REG              259,1   180628  13238872 /lib/i386-linux-gnu/ld-2.31.so
rr:xpcshe 50471  shr    0u   CHR             136,10      0t0        13 /dev/pts/10
rr:xpcshe 50471  shr    1u   CHR             136,10      0t0        13 /dev/pts/10
rr:xpcshe 50471  shr    2u   CHR             136,10      0t0        13 /dev/pts/10
rr:xpcshe 50471  shr  999w   CHR                1,3      0t0         6 /dev/null
rr:xpcshe 50471  shr 1001u  unix 0x0000000000000000      0t0    203202 type=STREAM

I also attached gdb per the command given in the last line (i guess this attaches to the tracee?) and unfortunately didn't see anything useful 

>   gdb '-l' '10000' '-ex' 'set sysroot /' '-ex' 'target extended-remote 127.0.0.1:49310' /mnt/sata/ffbuilds/firefox_latest_debug32/dist/bin/xpcshell

0x70000011 in syscall_priv_untraced ()
(gdb) bt
#0  0x70000011 in syscall_priv_untraced ()
#1  0x00000000 in ?? ()
(gdb) info threads
  Id   Target Id                     Frame 
* 1    Thread 49223.49223 (xpcshell) 0x70000011 in syscall_priv_untraced ()
rocallahan commented 3 years ago

I don't see how it could be -75. AutoRemoteSyscalls::check_syscall_result should be called by infallible_syscall(syscall_number_for_openat(arch())), and check_syscall_result should trigger an assertion failure for ret == -75. Can you figure out why that didn't happen?

shravanrn commented 3 years ago

@rocallahan It seems this check is bypassed by an integer truncation issue. infallible_syscall gets a long ret value of 4294967221 which is more than 2^32. This is then checked as a long to print an error if the value is (-4096 < ret && ret < 0). However, finish_direct_mmap uses the result and converts it implicitly into an int which treats this value as -75, which subsequently triggers an error

I'm not sure why the call to infallible_syscall returns this value in the first place or whether this is a valid/invalid return for this syscall. Assuming it is useful, let me know if there is a way I can provide any info on the return from infallible_syscall

rocallahan commented 3 years ago

a long ret value of 4294967221 which is more than 2^32

It's actually less but I see your point. I guess on a 32-bit architecture we should be treating ret as 32-bit for that error check.

Looks like mmap is returning

       EOVERFLOW
              On 32-bit architecture together with the large file extension (i.e., using 64-bit off_t): the number of pages used for length plus number of
              pages used for offset would overflow unsigned long (32 bits).
rocallahan commented 3 years ago

So I think we need to know the parameters to AutoRemoteSyscalls::finish_direct_mmap, in particular backing_offset_pages and length in AutoRemoteSyscalls::finish_direct_mmap. Sounds like that's overflowing and I'm not sure why... backing_file_name and the actual length of that file in the trace (plus whatever else you can tell us about that file) would be useful too.

shravanrn commented 3 years ago

It's actually less but I see your point.

Ah right! :)

So I think we need to know the parameters to AutoRemoteSyscalls::finish_direct_mmap,

@rocallahan Pasting the parameters to finish_direct_mmap below.

rec_addr = {ptr = 3703197696} length = 455916345 prot = 1 flags = 2050 backing_file_name = "/mnt/sata/ffbuilds/firefox_latest_debug32/toolkit/library/build/libxul.so" backing_file_open_flags = 0 backing_offset_pages = 0 real_file = (stat &) @0x7ffc011e8980: {st_dev = 140720327265536, st_ino = 94373161760440, st_nlink = 140720327264688, st_mode = 4128824699, st_uid = 21972, st_gid = 0, __pad0 = 0, st_rdev = 94373161760440, st_size = 140720327264720, st_blksize = 94373161760440, st_blocks = 140720327265128, st_atim = {tv_sec = 94373161743456, tv_nsec = 140720327264784}, st_mtim = {tv_sec = 94373150256432, tv_nsec = 0}, st_ctim = {tv_sec = 94373161760432, tv_nsec = 94373152610728}, __glibc_reserved = {140720327265128, 94373161743456, 94373161743456}} real_file_name = ""

the actual length of that file in the trace (plus whatever else you can tell us about that file)

The file is a large shared library Size: 2212751820 i.e. 2.2 GB. Wondering if this is in some way a case of rr replay hitting a OOM?

I'm guessing you may know more about libxul.so than me given that rr was developed/tested with firefox, but essentially most of firefox code lives in this shared library. This shared library is loaded by relatively thin main binary (I think firefox is designed this way so that the multi-process architecture leverages OS support for shared object code page sharing). This library is from a local Firefox build that is compiled with -O0 -g which probably explains the size. Is there any additional info that you would need on this file?

rocallahan commented 3 years ago

I cannot explain why we'd get EOVERFLOW with those parameters. "the number of pages used for length plus number of pages used for offset" would only be 455916345/4096 which is certainly less than 2^32.

If you want to dig into this further, try writing a C program that executes mmap with those parameters (opening that specific file and then mapping it), build it as 32 bits, and see if it gets EOVERFLOW too.