High occurrence js/src/jit-test/tests/wasm/bigint/bigint.js | Unknown (code -11, args "--wasm-compiler=ion") [0.4 s] with crash [@ js::gc::IsInsideNursery]
Categories
(Core :: JavaScript: WebAssembly, defect, P5)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox78 | --- | fixed |
People
(Reporter: intermittent-bug-filer, Assigned: asumu)
Details
(Keywords: intermittent-failure)
Attachments
(1 file)
Filed by: ncsoregi [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer.html#?job_id=299769644&repo=autoland
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/X2Omur2uRm6iNwQbzqLY6w/runs/1/artifacts/public/logs/live_backing.log
Failure:
[task 2020-04-28T12:25:25.521Z] TEST-PASS | js/src/jit-test/tests/wasm/bigint/disabled.js | Success (code 59, args "--no-wasm-bigint") [0.2 s]
[task 2020-04-28T12:25:25.542Z] Exit code: -11
[task 2020-04-28T12:25:25.542Z] FAIL - wasm/bigint/bigint.js
[task 2020-04-28T12:25:25.542Z] TEST-UNEXPECTED-FAIL | js/src/jit-test/tests/wasm/bigint/bigint.js | Unknown (code -11, args "--wasm-compiler=ion") [0.4 s]
[task 2020-04-28T12:25:25.542Z] INFO exit-status : -11
[task 2020-04-28T12:25:25.542Z] INFO timed-out : False
[task 2020-04-28T12:25:25.548Z] TEST-PASS | js/src/jit-test/tests/wasm/bench/wasm_box2d.js | Success (code 0, args "--disable-wasm-huge-memory") [1.0 s]
Crash:
[task 2020-04-28T12:50:27.336Z] mozcrash checking /tmp for minidumps...
[task 2020-04-28T12:50:27.336Z] PROCESS-CRASH | mozcrash.py | application crashed [@ js::gc::IsInsideNursery]
[task 2020-04-28T12:50:27.336Z] Crash dump filename: /tmp/a0b15352-eb7a-42a5-b7d2579f-1a668a30.dmp
[task 2020-04-28T12:50:27.336Z] Operating system: Linux
[task 2020-04-28T12:50:27.336Z] 0.0.0 Linux 4.4.0-1014-aws #14taskcluster1-Ubuntu SMP Tue Apr 3 10:27:00 UTC 2018 x86_64
[task 2020-04-28T12:50:27.336Z] CPU: amd64
[task 2020-04-28T12:50:27.336Z] family 6 model 85 stepping 7
[task 2020-04-28T12:50:27.336Z] 1 CPU
[task 2020-04-28T12:50:27.336Z]
[task 2020-04-28T12:50:27.336Z] GPU: UNKNOWN
[task 2020-04-28T12:50:27.336Z]
[task 2020-04-28T12:50:27.336Z] Crash reason: SIGSEGV
[task 2020-04-28T12:50:27.336Z] Crash address: 0x7fffffffffe8
[task 2020-04-28T12:50:27.336Z] Process uptime: not available
[task 2020-04-28T12:50:27.336Z]
[task 2020-04-28T12:50:27.336Z] Thread 0 (crashed)
[task 2020-04-28T12:50:27.336Z] 0 js!js::gc::IsInsideNursery [HeapAPI.h:c11ba65c6475e730b6398eca2734473e77edd2d6 : 512 + 0x0]
[task 2020-04-28T12:50:27.336Z] rax = 0x0000000000000000 rdx = 0x0000555556e747b6
[task 2020-04-28T12:50:27.336Z] rcx = 0x0000000000000002 rbx = 0x00007fffffffc108
[task 2020-04-28T12:50:27.336Z] rsi = 0x00007fffffffc100 rdi = 0x00007fffffffffe8
[task 2020-04-28T12:50:27.336Z] rbp = 0x00007fffffffb4e0 rsp = 0x00007fffffffb4c8
[task 2020-04-28T12:50:27.336Z] r8 = 0x00007ffff4a0308e r9 = 0x00007ffff4a03083
[task 2020-04-28T12:50:27.336Z] r10 = 0x0000385c120ba150 r11 = 0x00000000ffffffff
[task 2020-04-28T12:50:27.336Z] r12 = 0x00007fffffffc100 r13 = 0x0000000000000000
[task 2020-04-28T12:50:27.336Z] r14 = 0x0000000000000001 r15 = 0x00007fffffffc100
[task 2020-04-28T12:50:27.336Z] rip = 0x00005555557c3443
[task 2020-04-28T12:50:27.336Z] Found by: given as instruction pointer in context
[task 2020-04-28T12:50:27.336Z] 1 js!js::TraceGenericPointerRoot [Marking.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 652 + 0x10]
[task 2020-04-28T12:50:27.336Z] rbp = 0x00007fffffffb530 rsp = 0x00007fffffffb4f0
[task 2020-04-28T12:50:27.336Z] rip = 0x0000555556142547
[task 2020-04-28T12:50:27.336Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.336Z] 2 js!js::jit::TraceJitActivations [JitFrames.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 899 + 0x16]
[task 2020-04-28T12:50:27.336Z] rbp = 0x00007fffffffb710 rsp = 0x00007fffffffb540
[task 2020-04-28T12:50:27.336Z] rip = 0x000055555643dae2
[task 2020-04-28T12:50:27.336Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.336Z] 3 js!js::gc::GCRuntime::traceRuntimeCommon [RootMarking.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 382 + 0xb]
[task 2020-04-28T12:50:27.336Z] rbp = 0x00007fffffffb7d0 rsp = 0x00007fffffffb720
[task 2020-04-28T12:50:27.336Z] rip = 0x0000555556145bae
[task 2020-04-28T12:50:27.336Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.336Z] 4 js!js::gc::GCRuntime::traceRuntimeForMinorGC [RootMarking.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 323 + 0xd]
[task 2020-04-28T12:50:27.336Z] rbp = 0x00007fffffffb800 rsp = 0x00007fffffffb7e0
[task 2020-04-28T12:50:27.336Z] rip = 0x0000555556146423
[task 2020-04-28T12:50:27.336Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.336Z] 5 js!js::Nursery::doCollection [Nursery.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 1101 + 0x12]
[task 2020-04-28T12:50:27.336Z] rbp = 0x00007fffffffb940 rsp = 0x00007fffffffb810
[task 2020-04-28T12:50:27.336Z] rip = 0x0000555556148680
[task 2020-04-28T12:50:27.336Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.336Z] 6 js!js::Nursery::collect [Nursery.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 983 + 0xe]
[task 2020-04-28T12:50:27.336Z] rbp = 0x00007fffffffbac0 rsp = 0x00007fffffffb950
[task 2020-04-28T12:50:27.336Z] rip = 0x000055555614920e
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z] 7 js!js::gc::GCRuntime::collectNursery [GC.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 7455 + 0xb]
[task 2020-04-28T12:50:27.337Z] rbp = 0x00007fffffffbb60 rsp = 0x00007fffffffbad0
[task 2020-04-28T12:50:27.337Z] rip = 0x00005555560c63b9
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z] 8 js!js::gc::GCRuntime::minorGC [GC.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 7429 + 0xa]
[task 2020-04-28T12:50:27.337Z] rbp = 0x00007fffffffbbd0 rsp = 0x00007fffffffbb70
[task 2020-04-28T12:50:27.337Z] rip = 0x00005555560c8ee1
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z] 9 js!js::gc::GCRuntime::runDebugGC [GC.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 7792 + 0x12]
[task 2020-04-28T12:50:27.337Z] rbp = 0x00007fffffffbc60 rsp = 0x00007fffffffbbe0
[task 2020-04-28T12:50:27.337Z] rip = 0x00005555561063ea
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z] 10 js!js::gc::GCRuntime::checkAllocatorState<(js::AllowGC)1> [Allocator.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 442 + 0x8]
[task 2020-04-28T12:50:27.337Z] rbp = 0x00007fffffffbc90 rsp = 0x00007fffffffbc70
[task 2020-04-28T12:50:27.337Z] rip = 0x000055555610667c
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z] 11 js!js::AllocateBigInt<(js::AllowGC)1> [Allocator.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 278 + 0x1e]
[task 2020-04-28T12:50:27.337Z] rbp = 0x00007fffffffbcd0 rsp = 0x00007fffffffbca0
[task 2020-04-28T12:50:27.337Z] rip = 0x0000555556106ad5
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z] 12 js!JS::BigInt::createUninitialized [BigIntType.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 148 + 0xb]
[task 2020-04-28T12:50:27.337Z] rbp = 0x00007fffffffbd10 rsp = 0x00007fffffffbce0
[task 2020-04-28T12:50:27.337Z] rip = 0x0000555555a79ead
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z] 13 js!JS::BigInt::parseLiteralDigits<unsigned char> [BigIntType.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 1578 + 0x1d]
[task 2020-04-28T12:50:27.337Z] rbp = 0x00007fffffffbe00 rsp = 0x00007fffffffbd20
[task 2020-04-28T12:50:27.337Z] rip = 0x0000555555a824c7
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z] 14 js!JS::BigInt::parseLiteral<unsigned char> [BigIntType.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 1640 + 0x1b]
[task 2020-04-28T12:50:27.337Z] rbp = 0x00007fffffffbef0 rsp = 0x00007fffffffbe10
[task 2020-04-28T12:50:27.337Z] rip = 0x0000555555a83ac7
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z] 15 js!js::StringToBigInt [BigIntType.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 3560 + 0x12]
[task 2020-04-28T12:50:27.337Z] rbp = 0x00007fffffffc090 rsp = 0x00007fffffffbf00
[task 2020-04-28T12:50:27.337Z] rip = 0x0000555555a84cc0
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z] 16 js!js::jit::DoStringToInt64 [VMFunctions.cpp:c11ba65c6475e730b6398eca2734473e77edd2d6 : 2017 + 0x5]
[task 2020-04-28T12:50:27.337Z] rbp = 0x00007fffffffc0b0 rsp = 0x00007fffffffc0a0
[task 2020-04-28T12:50:27.337Z] rip = 0x00005555561ec6e5
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z] 17 0x6e5494f0f3
[task 2020-04-28T12:50:27.337Z] rbp = 0x00007fffffffc101 rsp = 0x00007fffffffc0c0
[task 2020-04-28T12:50:27.337Z] rip = 0x0000006e5494f0f3
[task 2020-04-28T12:50:27.337Z] Found by: previous frame's frame pointer
[task 2020-04-28T12:50:27.337Z]
|
||
Comment 1•4 years ago
|
||
Seems related to Bug 1633632 - could have Bug 1608771 caused any of these failures?
|
||
Comment 2•4 years ago
|
||
Discussed on matrix, but let's backoug bug 1608771 for now to see if that helps.
|
Assignee | |
Comment 3•4 years ago
|
||
This diff adds a test using gczeal to trigger a GC crash caused by the BigInt/I64 conversion path in inlined Ion To Wasm calls.
The actual fixes for the crash are in bug 1633714.
|
||
Updated•4 years ago
|
| Comment hidden (Intermittent Failures Robot) |
Pushed by rmaries@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c353fa62a27b Add test for BigInt/I64 conversion crash on inlined Ion to Wasm calls r=lth,wingo
|
||
Comment 6•4 years ago
|
||
| bugherder | ||
Description
•