1609535 - Reliable SIGILL on startup in libxul.so on aarch64 desktop firefox-esr

Status: RESOLVED INVALID

(Toolkit :: Startup and Profile System, defect)

Description

[Nick Thomas]

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux aarch64; rv:70.0) Gecko/20100101 Firefox/70.0

Steps to reproduce:

Updated to latest firefox-esr on my (aarch64) pinebook pro laptop running Debian Bullseye.

Being a tier 2 architecture, I use distribution packages for firefox-esr. I updated from a working firefox-esr v68(.4.0?)esr to v68.4.1esr. Compilation times on this laptop are reported to be around ten hours.

Actual results:

Firefox began to reliably crash with a SIGILL exception in libxul.so

This happens even if I start with a new profile, or in safe mode.

I managed to install debugging symbols and acquire a backtrace and disassembly output.

Backtrace:

#0  0x0000fffff2aaf1f0 in e843419@07fb_00070e4f_34c () at ./build-browser/dist/include/nsCOMPtr.h:367
#1  0x0000fffff2aaeff8 in nsCOMPtr_base::~nsCOMPtr_base() (this=0xffffffffd8f8, __in_chrg=<optimized out>)
    at ./build-browser/dist/include/nsCOMPtr.h:331
#2  0x0000fffff2aaeff8 in nsCOMPtr<nsICategoryManager>::~nsCOMPtr() (this=0xffffffffd8f8, __in_chrg=<optimized out>)
    at ./build-browser/dist/include/nsCOMPtr.h:381
#3  0x0000fffff2aaeff8 in nsCommandLine::EnumerateHandlers(nsresult (*)(nsICommandLineHandler*, nsICommandLine*, void*), void*)
    (this=this@entry=0xffffe6aa8040, aCallback=aCallback@entry=0xfffff2aad7d0 <EnumRun(nsICommandLineHandler*, nsICommandLine*, void*)>, aClosure=aClosure@entry=0x0) at ./toolkit/components/commandlines/nsCommandLine.cpp:424
#4  0x0000fffff2ab0228 in nsCommandLine::Run() (this=0xffffe6aa8040) at ./toolkit/components/commandlines/nsCommandLine.cpp:503
#5  0x0000fffff2c4498c in XREMain::XRE_mainRun() (this=this@entry=0xffffffffdc18) at ./build-browser/dist/include/nsCOMPtr.h:841
#6  0x0000fffff2c44f70 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&)
    (this=this@entry=0xffffffffdc18, argc=argc@entry=1, argv=argv@entry=0xffffffffef18, aConfig=...) at ./toolkit/xre/nsAppRunner.cpp:4750
#7  0x0000fffff2c45478 in XRE_main(int, char**, mozilla::BootstrapConfig const&) (argc=1, argv=0xffffffffef18, aConfig=...)
    at ./toolkit/xre/nsAppRunner.cpp:4831
#8  0x0000aaaaaaab0958 in do_main(int, char**, char**) (argc=<optimized out>, argv=<optimized out>, envp=0xffffffffef28)
    at ./build-browser/dist/include/mozilla/UniquePtr.h:308
#9  0x0000aaaaaaab009c in main(int, char**, char**) (argc=1, argv=0xffffffffef18, envp=0xffffffffef28) at ./browser/app/nsBrowserApp.cpp:296

Disassembly:

(gdb) disassemble /s
Dump of assembler code for function e843419@07fb_00070e4f_34c:
./build-browser/dist/include/nsCOMPtr.h:
367     ./build-browser/dist/include/nsCOMPtr.h: No such file or directory.
=> 0x0000fffff2aaf1f0 <+0>:     .inst   0x00000000 ; undefined
   0x0000fffff2aaf1f4 <+4>:     b       0xfffff2aaf008 <nsCommandLine::EnumerateHandlers(nsresult (*)(nsICommandLineHandler*, nsICommandLine*, void*), void*)+848>
End of assembler dump.
(gdb) disassemble /m
Dump of assembler code for function e843419@07fb_00070e4f_34c:
367     in ./build-browser/dist/include/nsCOMPtr.h
   0x0000fffff2aaf1cc <+1300>:  ldr     x1, [x0]
   0x0000fffff2aaf1d0 <+1304>:  ldr     x1, [x1, #16]
   0x0000fffff2aaf1d4 <+1308>:  blr     x1
   0x0000fffff2aaf1d8 <+1312>:  b       0xfffff2aaee14 <nsCommandLine::EnumerateHandlers(nsresult (*)(nsICommandLineHandler*, nsICommandLine*, void*), void*)+348>
   0x0000fffff2aaf1dc <+1316>:  stp     x25, x26, [sp, #48]
   0x0000fffff2aaf1e0 <+1320>:  stp     x27, x28, [sp, #64]
   0x0000fffff2aaf1e4 <+1324>:  bl      0xffffefa82c80 <__stack_chk_fail@plt>
   0x0000fffff2aaf1e8:  b       0xfffff2ab01e8 <nsCommandLine::Run()>
   0x0000fffff2aaf1ec:  nop
=> 0x0000fffff2aaf1f0 <+0>:     .inst   0x00000000 ; undefined
   0x0000fffff2aaf1f4 <+4>:     b       0xfffff2aaf008 <nsCommandLine::EnumerateHandlers(nsresult (*)(nsICommandLineHandler*, nsICommandLine*, void*), void*)+848>
   0x0000fffff2aaf1f8:  .inst   0x00000000 ; undefined
   0x0000fffff2aaf1fc:  .inst   0x00000000 ; undefined
   0x0000fffff2aaf200:  .inst   0x00000000 ; undefined
   0x0000fffff2aaf204:  .inst   0x00000000 ; undefined
   0x0000fffff2aaf208:  .inst   0x00000000 ; undefined
   0x0000fffff2aaf20c:  .inst   0x00000000 ; undefined
   0x0000fffff2aaf210:  .inst   0x00000000 ; undefined

Expected results:

The update should not have introduced a startup crash bug :)

I've opened a debian distribution bug here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948708 - but this seems much more likely to be an upstream issue?

I saw a number of other issues on this bugzilla relating to SIGILL on Pentium and on mobile phones, but nothing that seemed to be a duplicate of this issue.

Happy to provide more information if requested, since I can reliably reproduce.

Comment 1

[Daniel Bodea [:danibodea]]

We cannot attempt to reproduce this issue because we don't have an ARM device with Linux OS. However, I will set this bug's component as (Core) Graphics because other bugs related to libxul.so or SIGILL also had this component. If incorrect, please set a more appropriate one, rather than resetting it to Untriaged on General.

Thank you for your contribution!

Comment 2

[Emma Humphries ☕️🎸🧞‍♀️✨ (she/they) [:emceeaich] (Pacific Time) use needinfo]

Pinging Glandium as he's been dealing with our ARM64 builds.

Comment 3

[Mike Hommey [:glandium]]

Someone reported in the Debian bug that this was fixed in 68.5.0esr. This smells like it might have been a compiler issue.