Open tysmith opened 1 year ago
can you run with rr -F record
and when you get the emergency debugger instructions, use them to connect to the crashed tracee, and get a backtrace/registers?
I am seeing the crash with rr replay
. So run with rr -F replay
right, or am I confused?
sorry, that's right
might want to disasm $rip-0x40,+0x80
as well
(gdb) bt
#0 0xf7f55364 in pthread_create@@GLIBC_2.1 () from /lib/i386-linux-gnu/libpthread.so.0
#1 0x5681afb4 in pthread_create ()
#2 0x56a5aa57 in mozilla::TimeStamp::ComputeProcessUptime() ()
#3 0x56a590b9 in mozilla::TimeStamp::ProcessCreation() ()
#4 0x56977f37 in mozilla::baseprofiler::CorePS::CorePS() ()
#5 0x569006f9 in mozilla::baseprofiler::CorePS::Create(mozilla::baseprofiler::PSAutoLock const&)
()
#6 0x568c5bfa in mozilla::baseprofiler::profiler_init(void*) ()
#7 0x5687a82f in mozilla::baseprofiler::AutoProfilerInit::AutoProfilerInit() ()
#8 0x56877401 in main ()
(gdb) i r
eax 0xf62ffba0 -164627552
ecx 0xf7f6d000 -134819840
edx 0xf7f6d170 -134819472
ebx 0xf52ffba0 -181404768
esp 0xfff68be0 0xfff68be0
ebp 0xfff68c68 0xfff68c68
esi 0xf52ffb40 -181404864
edi 0xf7fd0040 -134414272
eip 0xf7f55364 0xf7f55364 <pthread_create@@GLIBC_2.1+2596>
eflags 0x210282 [ SF IF RF ID ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
(gdb) disassemble $eip-0x40,+0x80
Dump of assembler code from 0xf7f55324 to 0xf7f553a4:
0xf7f55324 <pthread_create@@GLIBC_2.1+2532>: sarb $0xf0,0x1(%edx)
0xf7f5532b <pthread_create@@GLIBC_2.1+2539>: cmpxchg %edx,0x21d0(%ecx)
0xf7f55332 <pthread_create@@GLIBC_2.1+2546>: jne 0xf7f557a7 <pthread_create@@GLIBC_2.1+3687>
0xf7f55338 <pthread_create@@GLIBC_2.1+2552>: mov -0x50(%ebp),%esi
0xf7f5533b <pthread_create@@GLIBC_2.1+2555>: mov -0x4c(%ebp),%ecx
0xf7f5533e <pthread_create@@GLIBC_2.1+2558>: lea 0x60(%esi),%ebx
0xf7f55341 <pthread_create@@GLIBC_2.1+2561>: mov %ebx,%eax
0xf7f55343 <pthread_create@@GLIBC_2.1+2563>: mov %ebx,-0x88(%ebp)
0xf7f55349 <pthread_create@@GLIBC_2.1+2569>: or $0x1,%eax
0xf7f5534c <pthread_create@@GLIBC_2.1+2572>: mov %eax,0x21cc(%ecx)
0xf7f55352 <pthread_create@@GLIBC_2.1+2578>: mov 0x170(%ecx),%eax
0xf7f55358 <pthread_create@@GLIBC_2.1+2584>: lea 0x170(%ecx),%edx
0xf7f5535e <pthread_create@@GLIBC_2.1+2590>: mov %edx,0x64(%esi)
0xf7f55361 <pthread_create@@GLIBC_2.1+2593>: mov %eax,0x60(%esi)
=> 0xf7f55364 <pthread_create@@GLIBC_2.1+2596>: mov %ebx,0x4(%eax)
0xf7f55367 <pthread_create@@GLIBC_2.1+2599>: mov %ebx,0x170(%ecx)
0xf7f5536d <pthread_create@@GLIBC_2.1+2605>: movl $0x0,0x21cc(%ecx)
0xf7f55377 <pthread_create@@GLIBC_2.1+2615>: xor %esi,%esi
0xf7f55379 <pthread_create@@GLIBC_2.1+2617>: mov %esi,%eax
0xf7f5537b <pthread_create@@GLIBC_2.1+2619>: xchg %eax,0x21d0(%ecx)
0xf7f55381 <pthread_create@@GLIBC_2.1+2625>: cmp $0x1,%eax
0xf7f55384 <pthread_create@@GLIBC_2.1+2628>: jg 0xf7f55783 <pthread_create@@GLIBC_2.1+3651>
0xf7f5538a <pthread_create@@GLIBC_2.1+2634>: testb $0x1,0x850(%edi)
0xf7f55391 <pthread_create@@GLIBC_2.1+2641>: je 0xf7f54c86 <pthread_create@@GLIBC_2.1+838>
0xf7f55397 <pthread_create@@GLIBC_2.1+2647>: mov -0x84(%ebp),%ebx
0xf7f5539d <pthread_create@@GLIBC_2.1+2653>: test %ebx,%ebx
0xf7f5539f <pthread_create@@GLIBC_2.1+2655>: jne 0xf7f54c86 <pthread_create@@GLIBC_2.1+838>
those symbols don't look right, but I dunno. Might need to pack this trace and upload it somewhere for analysis.
This happened when replaying a recording of a 32-bit process.
I am using commit 0348e30.