ARM64: Crash in wasm/import-export.js

RESOLVED FIXED in Firefox 67

Status

()

defect
P2
normal
RESOLVED FIXED
5 months ago
4 months ago

People

(Reporter: sstangl, Assigned: nbp)

Tracking

(Blocks 1 bug, {crash})

unspecified
mozilla67
ARM64
Unspecified
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr60 wontfix, firefox64 wontfix, firefox65 wontfix, firefox66 disabled, firefox67 fixed)

Details

(Whiteboard: [arm64:m3])

Attachments

(1 attachment)

Reporter

Description

5 months ago

When run on ARM64 hardware, this test fails: wasm/import-export.js

The arguments passed are as follows:

--ion-eager --ion-offthread-compile=off --more-compartments wasm/import-export.js
--ion-eager --ion-offthread-compile=off --ion-check-range-analysis --ion-extra-checks --no-sse3 --no-threads wasm/import-export.js

The crash signature is as follows:

Thread 1 "js" received signal SIGTRAP, Trace/breakpoint trap.
0x000005b3f780fde4 in ?? ()
(gdb) bt
#0  0x000005b3f780fde4 in ?? ()
#1  0x40fffe095ee5f060 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) x/8i $pc-12
   0x5b3f780fdd8:	blr	x16
   0x5b3f780fddc:	tst	x28, #0xf
   0x5b3f780fde0:	b.eq	0x5b3f780fde8  // b.none
=> 0x5b3f780fde4:	brk	#0x0
   0x5b3f780fde8:	cmp	x29, #0xbad
   0x5b3f780fdec:	b.eq	0x5b3f7814a10  // b.none
   0x5b3f780fdf0:	add	x28, x28, #0x20
   0x5b3f780fdf4:	mov	x16, #0x800000000000        	// #14073748835532

[arm64:m3] because we should fix reproducible test crashes before letting ARM64 Fennec Nightly ride the trains to Beta.

Keywords: crash
Whiteboard: [arm64:m3]
Assignee

Updated

4 months ago
Depends on: 1526959
Assignee

Updated

4 months ago
Assignee: nobody → nicolas.b.pierron
Status: NEW → ASSIGNED
Assignee

Updated

4 months ago
Duplicate of this bug: 1522303

Comment 4

4 months ago
Pushed by npierron@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ce68e72b6fb6
ARM64: Restore the Pseudo stack pointer before asserting that it has the correct alignment. r=sstangl

Comment 5

4 months ago
bugherder
Status: ASSIGNED → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
You need to log in before you can comment on or make changes to this bug.