Closed Bug 1885205 Opened 7 months ago Closed 7 months ago

MOZ_CRASH(Unrecognized jump instruction.) at jit/arm64/Assembler-arm64.cpp:499

Categories

(Core :: JavaScript Engine: JIT, defect)

ARM64
macOS
defect

Tracking

()

RESOLVED DUPLICATE of bug 1857207
Tracking Status
firefox125 --- affected

People

(Reporter: gkw, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: reporter-external)

Attachments

(1 file, 1 obsolete file)

Attached file ASan stack

I don't have a good testcase for this. If this is not s-s, please feel free to open up.

I've attached an ASan stack trace, as this may be related to bug 1857207.

Run with --fuzzing-safe --wasm-compiler=baseline --no-asmjs --fast-warmup --trial-inlining-warmup-threshold=0 --execute="setJitCompilerOption(\"ion.forceinlineCaches\",1)" --ion-warmup-threshold=0 --ion-edgecase-analysis=off --blinterp-eager --blinterp-warmup-threshold=1 --more-compartments --nursery-strings=off --spectre-mitigations=on --ion-offthread-compile=off --gc-zeal=25,160 --baseline-warmup-threshold=0, compile with AR=ar sh ../configure --enable-address-sanitizer --enable-fuzzing --disable-jemalloc --with-ccache --enable-nspr-build --enable-ctypes --enable-gczeal --enable-rust-simd --disable-tests, tested on m-c rev 4f7a5399c1cc.

Setting s-s to be safe in case the ASan stack reveals anything. Matt, you mentioned in bug 1857207 comment 4 that more information is needed, do you see any in the stack?

Flags: sec-bounty?
Group: core-security → javascript-core-security

This is the same unconditional assert as Bug 1857207, let's track that there.

Group: javascript-core-security
Status: NEW → RESOLVED
Closed: 7 months ago
Duplicate of bug: 1857207
Resolution: --- → DUPLICATE
Flags: sec-bounty? → sec-bounty-

Comment on attachment 9392113 [details]
WIP: Bug 1885205 - Debug instrumentation patch for gary

Revision D205122 was moved to bug 1857207. Setting attachment 9392113 [details] to obsolete.

Attachment #9392113 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: