Skip to content

Instantly share code, notes, and snippets.

@pnkfelix

pnkfelix/1. lldb fault

Last active March 26, 2018 15:13
Show Gist options
  • Save pnkfelix/fdab1b374d49e8850073a357d4f492f4 to your computer and use it in GitHub Desktop.
Save pnkfelix/fdab1b374d49e8850073a357d4f492f4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
1. lldb fault
$ lldb target/release/tokio-timer-segfault
(lldb) target create "target/release/tokio-timer-segfault"
Current executable set to 'target/release/tokio-timer-segfault' (x86_64).
(lldb) r
Process 31133 launched: '/Users/fklock/Dev/Mozilla/issue49010/tokio-timer-segfault/target/release/tokio-timer-segfault' (x86_64)
running segfault module ...
ok
running seqfault crate ...
Process 31133 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
frame #0: 0x0000000100001359 tokio-timer-segfault`segfault_crate::next_timeout::h4601082dd48b3945 + 137
tokio-timer-segfault`segfault_crate::next_timeout::h4601082dd48b3945:
-> 0x100001359 <+137>: movq (%r8), %rax
0x10000135c <+140>: movq %rax, 0x8(%rdi)
0x100001360 <+144>: movl $0x1, %eax
0x100001365 <+149>: movq %rax, (%rdi)
Target 0: (tokio-timer-segfault) stopped.
Raw
2. lldb backtrace
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
* frame #0: 0x0000000100001359 tokio-timer-segfault`segfault_crate::next_timeout::h4601082dd48b3945 + 137
frame #1: 0x0000000100000e10 tokio-timer-segfault`tokio_timer_segfault::main::h126825c1fd095fa9 + 464
frame #2: 0x0000000100001226 tokio-timer-segfault`std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::h56bbbef07e210f03 + 6
frame #3: 0x000000010000d548 tokio-timer-segfault`std::panicking::try::do_call::ha42114f2a39e7ad2 [inlined] std::rt::lang_start_internal::_$u7b$$u7b$closure$u7d$$u7d$::h978ff6d1781ac8cb at rt.rs:59 [opt]
frame #4: 0x000000010000d53c tokio-timer-segfault`std::panicking::try::do_call::ha42114f2a39e7ad2 at panicking.rs:306 [opt]
frame #5: 0x000000010001928f tokio-timer-segfault`__rust_maybe_catch_panic at lib.rs:102 [opt]
frame #6: 0x000000010000db5e tokio-timer-segfault`std::rt::lang_start_internal::h32401450c836f72c [inlined] std::panicking::try::hdecdd5826e5c06f1 at panicking.rs:285 [opt]
frame #7: 0x000000010000db2b tokio-timer-segfault`std::rt::lang_start_internal::h32401450c836f72c [inlined] std::panic::catch_unwind::hdc6d961db340f35e at panic.rs:361 [opt]
frame #8: 0x000000010000db2b tokio-timer-segfault`std::rt::lang_start_internal::h32401450c836f72c at rt.rs:58 [opt]
frame #9: 0x0000000100000efc tokio-timer-segfault`main + 44
frame #10: 0x00007fff6315b115 libdyld.dylib`start + 1
Raw
3. lldb register dump
(lldb) register read
General Purpose Registers:
rax = 0x0000000101246c80
rbx = 0x0000000101225340
rcx = 0x0000000101246c80
rdx = 0x0000000100600170
rdi = 0x00007ffeefbff718
rsi = 0x0000000101236c80
rbp = 0x00007ffeefbff700
rsp = 0x00007ffeefbff700
r8 = 0x0000000000000000
r9 = 0x0000000101246c70
r10 = 0x0000000000001000
r11 = 0x0000000000000000
r12 = 0x0000000100136000
r13 = 0x0000000000000000
r14 = 0x0000000100046760 tokio-timer-segfault`str.0 + 32
r15 = 0x0000000100051310
rip = 0x0000000100001359 tokio-timer-segfault`segfault_crate::next_timeout::h4601082dd48b3945 + 137
rflags = 0x0000000000010246
cs = 0x000000000000002b
fs = 0x0000000000000000
gs = 0x0000000000000000
Raw
4. lldb disassembly
(lldb) dis
tokio-timer-segfault`segfault_crate::next_timeout::h4601082dd48b3945:
0x1000012d0 <+0>: pushq %rbp
0x1000012d1 <+1>: movq %rsp, %rbp
0x1000012d4 <+4>: movq 0x10(%rsi), %rax
0x1000012d8 <+8>: testq %rax, %rax
0x1000012db <+11>: je 0x10000136d ; <+157>
0x1000012e1 <+17>: movq (%rsi), %rsi
0x1000012e4 <+20>: shlq $0x4, %rax
0x1000012e8 <+24>: addq %rsi, %rax
0x1000012eb <+27>: movq %rsi, %rcx
0x1000012ee <+30>: addq $0x10, %rcx
0x1000012f2 <+34>: xorl %r8d, %r8d
0x1000012f5 <+37>: testq %r8, %r8
0x1000012f8 <+40>: jne 0x100001337 ; <+103>
0x1000012fa <+42>: jmp 0x100001308 ; <+56>
0x1000012fc <+44>: movq %rcx, %rsi
0x1000012ff <+47>: leaq 0x10(%rcx), %rcx
0x100001303 <+51>: testq %r8, %r8
0x100001306 <+54>: jne 0x100001337 ; <+103>
0x100001308 <+56>: cmpq $0x1, (%rsi)
0x10000130c <+60>: je 0x10000134d ; <+125>
0x10000130e <+62>: nop
0x100001310 <+64>: cmpq %rcx, %rax
0x100001313 <+67>: je 0x100001359 ; <+137>
0x100001315 <+69>: cmpq $0x1, (%rcx)
0x100001319 <+73>: leaq 0x10(%rcx), %rcx
0x10000131d <+77>: jne 0x100001310 ; <+64>
0x10000131f <+79>: leaq -0x10(%rcx), %rsi
0x100001323 <+83>: jmp 0x10000134d ; <+125>
0x100001325 <+85>: nopw %cs:(%rax,%rax)
0x100001330 <+96>: movq %rcx, %rsi
0x100001333 <+99>: addq $0x10, %rcx
0x100001337 <+103>: cmpq $0x1, (%rsi)
0x10000133b <+107>: jne 0x100001346 ; <+118>
0x10000133d <+109>: movq (%r8), %rdx
0x100001340 <+112>: cmpq 0x8(%rsi), %rdx
0x100001344 <+116>: jae 0x10000134d ; <+125>
0x100001346 <+118>: cmpq %rcx, %rax
0x100001349 <+121>: jne 0x100001330 ; <+96>
0x10000134b <+123>: jmp 0x100001359 ; <+137>
0x10000134d <+125>: movq %rsi, %r8
0x100001350 <+128>: addq $0x8, %r8
0x100001354 <+132>: cmpq %rax, %rcx
0x100001357 <+135>: jne 0x1000012fc ; <+44>
-> 0x100001359 <+137>: movq (%r8), %rax
0x10000135c <+140>: movq %rax, 0x8(%rdi)
0x100001360 <+144>: movl $0x1, %eax
0x100001365 <+149>: movq %rax, (%rdi)
0x100001368 <+152>: movq %rdi, %rax
0x10000136b <+155>: popq %rbp
0x10000136c <+156>: retq
0x10000136d <+157>: xorl %eax, %eax
0x10000136f <+159>: movq %rax, (%rdi)
0x100001372 <+162>: movq %rdi, %rax
0x100001375 <+165>: popq %rbp
0x100001376 <+166>: retq
0x100001377 <+167>: nop
0x100001378 <+168>: nop
0x100001379 <+169>: nop
0x10000137a <+170>: nop
0x10000137b <+171>: nop
0x10000137c <+172>: nop
0x10000137d <+173>: nop
0x10000137e <+174>: nop
0x10000137f <+175>: nop
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment