Closed Bug 961306 Opened 11 years ago Closed 11 years ago

Intermittent ASAN TEST-UNEXPECTED-FAIL | jaeger/bug652314.js | --no-baseline --no-ion --no-ti

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: KWierso, Unassigned)

Details

(Keywords: intermittent-failure)

https://tbpl.mozilla.org/php/getParsedLog.php?id=33189261&tree=Fx-Team slave: bld-linux64-ec2-432 TEST-PASS | js/src/jit-test/tests/jaeger/bug652305.js | --no-baseline --no-ion --no-ti TEST-PASS | js/src/jit-test/tests/jaeger/bug652314.js | TEST-PASS | js/src/jit-test/tests/jaeger/bug652314.js | --ion-eager --ion-parallel-compile=off TEST-PASS | js/src/jit-test/tests/jaeger/bug652314.js | --ion-eager --ion-parallel-compile=off --ion-check-range-analysis --no-sse3 TEST-PASS | js/src/jit-test/tests/jaeger/bug652314.js | --baseline-eager TEST-PASS | js/src/jit-test/tests/jaeger/bug652314.js | --baseline-eager --no-ti --no-fpu TEST-PASS | js/src/jit-test/tests/jaeger/bug652314.js | --no-baseline --no-ion TEST-PASS | js/src/jit-test/tests/jaeger/bug652590.js | --ion-eager --ion-parallel-compile=off TEST-PASS | js/src/jit-test/tests/jaeger/bug652590.js | TEST-PASS | js/src/jit-test/tests/jaeger/bug652590.js | --ion-eager --ion-parallel-compile=off --ion-check-range-analysis --no-sse3 FAIL - jaeger/bug652314.js TEST-UNEXPECTED-FAIL | js/src/jit-test/tests/jaeger/bug652314.js | --no-baseline --no-ion --no-ti INFO exit-status : 1 INFO timed-out : False INFO stdout > INFO stderr 2> ================================================================= INFO stderr 2> ==8376==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fff698c9148 at pc 0x8df64c bp 0x7fff698c90c0 sp 0x7fff698c90b8 INFO stderr 2> WRITE of size 8 at 0x7fff698c9148 thread T0 INFO stderr 2> #0 0x8df64b in js::jit::VMFunction::VMFunction(void*, unsigned int, unsigned int, unsigned int, unsigned long, js::jit::DataType, js::jit::VMFunction::RootType, js::jit::DataType, js::ExecutionMode, unsigned int) /builds/slave/fx-team-l64-asan-d-00000000000/build/js/src/../../js/src/jit/VMFunctions.h:218 INFO stderr 2> #1 0x8f2e1c in js::jit::FunctionInfo<bool (*)(js::ThreadSafeContext*, JSString*, double*)>::FunctionInfo(bool (*)(js::ThreadSafeContext*, JSString*, double*), js::jit::PopValues) /builds/slave/fx-team-l64-asan-d-00000000000/build/js/src/../../js/src/jit/VMFunctions.h:503 INFO stderr 2> #2 0x827768 in __cxx_global_var_init512 /builds/slave/fx-team-l64-asan-d-00000000000/build/js/src/../../js/src/jit/CodeGenerator.cpp:162 INFO stderr 2> #3 0x82e993 in global constructors keyed to a /builds/slave/fx-team-l64-asan-d-00000000000/build/obj-firefox/js/src/js/src/../../js/src/Unified_cpp_js_src2.cpp:421 INFO stderr 2> #4 0x12c3abc in __libc_csu_init (/builds/slave/fx-team-l64-asan-d-00000000000/build/obj-firefox/js/src/js/src/shell/js+0x12c3abc) INFO stderr 2> #5 0x7f267edf0c6f in __libc_start_main (/lib64/libc.so.6+0x1ec6f) INFO stderr 2> #6 0x4efd3c in _start (/builds/slave/fx-team-l64-asan-d-00000000000/build/obj-firefox/js/src/js/src/shell/js+0x4efd3c) INFO stderr 2> Address 0x7fff698c9148 is located in stack of thread T0 at offset 40 in frame INFO stderr 2> #0 0x82769f in __cxx_global_var_init512 /builds/slave/fx-team-l64-asan-d-00000000000/build/js/src/../../js/src/jit/CodeGenerator.cpp:162 INFO stderr 2> This frame has 4 object(s): INFO stderr 2> [32, 96) '' INFO stderr 2> [128, 132) '' INFO stderr 2> [192, 256) '' INFO stderr 2> [288, 292) '' INFO stderr 2> HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext INFO stderr 2> (longjmp and C++ exceptions *are* supported) INFO stderr 2> SUMMARY: AddressSanitizer: heap-buffer-overflow /builds/slave/fx-team-l64-asan-d-00000000000/build/js/src/../../js/src/jit/VMFunctions.h:218 js::jit::VMFunction::VMFunction(void*, unsigned int, unsigned int, unsigned int, unsigned long, js::jit::DataType, js::jit::VMFunction::RootType, js::jit::DataType, js::ExecutionMode, unsigned int) INFO stderr 2> Shadow bytes around the buggy address: INFO stderr 2> 0x10006d3111d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa INFO stderr 2> 0x10006d3111e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa INFO stderr 2> 0x10006d3111f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa INFO stderr 2> 0x10006d311200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa INFO stderr 2> 0x10006d311210: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa INFO stderr 2> =>0x10006d311220: fa fa fa fa f1 f1 f1 f1 fa[fa]fa fa fa fa fa fa INFO stderr 2> 0x10006d311230: f2 f2 f2 f2 04 f4 f4 f4 f2 f2 f2 f2 00 00 00 00 INFO stderr 2> 0x10006d311240: 00 00 00 00 f2 f2 f2 f2 04 f4 f4 f4 f3 f3 f3 f3 INFO stderr 2> 0x10006d311250: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa INFO stderr 2> 0x10006d311260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa INFO stderr 2> 0x10006d311270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa INFO stderr 2> Shadow byte legend (one shadow byte represents 8 application bytes): INFO stderr 2> Addressable: 00 INFO stderr 2> Partially addressable: 01 02 03 04 05 06 07 INFO stderr 2> Heap left redzone: fa INFO stderr 2> Heap right redzone: fb INFO stderr 2> Freed heap region: fd INFO stderr 2> Stack left redzone: f1 INFO stderr 2> Stack mid redzone: f2 INFO stderr 2> Stack right redzone: f3 INFO stderr 2> Stack partial redzone: f4 INFO stderr 2> Stack after return: f5 INFO stderr 2> Stack use after scope: f8 INFO stderr 2> Global redzone: f9 INFO stderr 2> Global init order: f6 INFO stderr 2> Poisoned by user: f7 INFO stderr 2> ASan internal: fe INFO stderr 2> ==8376==ABORTING INFO stderr 2> TEST-PASS | js/src/jit-test/tests/jaeger/bug652590.js | --baseline-eager TEST-PASS | js/src/jit-test/tests/jaeger/bug652590.js | --baseline-eager --no-ti --no-fpu TEST-PASS | js/src/jit-test/tests/jaeger/bug652590.js | --no-baseline --no-ion TEST-PASS | js/src/jit-test/tests/jaeger/bug652590.js | --no-baseline --no-ion --no-ti TEST-PASS | js/src/jit-test/tests/jaeger/bug653243.js |
Closing bugs where TBPLbot has previously commented, but have now not been modified for >3 months & do not contain the whiteboard strings for disabled/annotated tests or use the keyword leave-open. Filter on: mass-intermittent-bug-closure-2014-07
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.