950540 - Assertion failure: MOZ_ASSUME_UNREACHABLE("unsupported relocation") at Assembler-arm.cpp:767

Status: RESOLVED INCOMPLETE

(Core :: JavaScript Engine, defect)

Description

[Eric Chou [:ericchou] [:echou]]

= Device =
Unagi

= Build =
Gecko: b2g-inbound (changeset: 160566:4ee7ef9e51c5)
Gaia: master (commit 6c964e445cf49978f59ce39672eedad9b17e16c4)

Debug build is enabled.

= STR =
Go to Settings app -> Cellular & Data -> Data settings -> APN (or 'Identifier', 'Password', which has a text field for user input) -> Enter text in the text field

= Expected Behaviour =
Can enter text successfully.

= Actual Behaviour =
Assertion failure. In addition, It can't enter home screen even after 'adb reboot'.

= Backtrace =
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1435.1679]
0x421bd3a6 in getPtr32Target<js::jit::InstructionIterator> (
    start=<value optimized out>, dest=0x49bfe760, style=0x49bfe75c)
    at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/arm/Assembler-arm.cpp:767
767	    MOZ_ASSUME_UNREACHABLE("unsupported relocation");
(gdb) bt
#0  0x421bd3a6 in getPtr32Target<js::jit::InstructionIterator> (
    start=<value optimized out>, dest=0x49bfe760, style=0x49bfe75c)
    at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/arm/Assembler-arm.cpp:767
#1  0x421bd582 in js::jit::Assembler::patchDataWithValueCheck (label=..., 
    newValue=..., expectedValue=...)
    at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/arm/Assembler-arm.cpp:2538
#2  0x421bd60a in js::jit::Assembler::patchDataWithValueCheck (label=..., 
    newValue=..., expectedValue=...)
    at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/arm/Assembler-arm.cpp:2552
#3  0x424f2564 in js::jit::CodeGenerator::link (this=<value optimized out>, 
    cx=<value optimized out>, constraints=<value optimized out>)
    at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/CodeGenerator.cpp:6072
#4  0x420dcf2a in IonCompile (cx=0x40366c70, script=..., 
    osrFrame=0x49d1b078, osrPc=<value optimized out>, constructing=false, 
    executionMode=js::SequentialExecution)
    at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/Ion.cpp:1751
#5  Compile (cx=0x40366c70, script=..., osrFrame=0x49d1b078, 
    osrPc=<value optimized out>, constructing=false, 
    executionMode=js::SequentialExecution)
    at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/Ion.cpp:1914
#6  0x420dd22c in js::jit::CompileFunctionForBaseline (cx=0x40366c70, 
    script=..., frame=0x49bfead0, isConstructing=<value optimized out>)
    at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/Ion.cpp:2085
#7  0x424b35ee in EnsureCanEnterIon (cx=0x40366c70, 
    stub=<value optimized out>, frame=0x49bfead0, infoPtr=0x49bfea8c)
    at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/BaselineIC.cpp:764
#8  DoUseCountFallback (cx=0x40366c70, stub=<value optimized out>, 
    frame=0x49bfead0, infoPtr=0x49bfea8c)
    at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/BaselineIC.cpp:929
#9  0x4569c454 in ?? ()
#10 0x4569c454 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb)

Comment 1

[Marty Rosenberg [:mjrosenb]]

This is almost certainly my fault.  Looking into it.

Comment 2

[Kartikaya Gupta (email:kats@mozilla.staktrace.com)]

I see this crash as well when opening the Contacts app on B2G.

Is there a workaround we can apply, or a patch we can back out locally to get past this error?

Comment 3

[Myk Melez [:myk] [@mykmelez]]

This also affects Android (Fennec), which crashes at this assertion when you load marketplace.firefox.com.

Comment 4

[Kartikaya Gupta (email:kats@mozilla.staktrace.com)]

CC'ing some other people who have touched Assember-arm.cpp recently; maybe they can shed more light on how to work around this. It's completely blocking me on a number of bugs.

Comment 6

[Botond Ballo [:botond]]

Note that a workaround for this is to build in non-debug mode.