= Device = Unagi = Build = Gecko: b2g-inbound (changeset: 160566:4ee7ef9e51c5) Gaia: master (commit 6c964e445cf49978f59ce39672eedad9b17e16c4) Debug build is enabled. = STR = Go to Settings app -> Cellular & Data -> Data settings -> APN (or 'Identifier', 'Password', which has a text field for user input) -> Enter text in the text field = Expected Behaviour = Can enter text successfully. = Actual Behaviour = Assertion failure. In addition, It can't enter home screen even after 'adb reboot'. = Backtrace = Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1435.1679] 0x421bd3a6 in getPtr32Target<js::jit::InstructionIterator> ( start=<value optimized out>, dest=0x49bfe760, style=0x49bfe75c) at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/arm/Assembler-arm.cpp:767 767 MOZ_ASSUME_UNREACHABLE("unsupported relocation"); (gdb) bt #0 0x421bd3a6 in getPtr32Target<js::jit::InstructionIterator> ( start=<value optimized out>, dest=0x49bfe760, style=0x49bfe75c) at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/arm/Assembler-arm.cpp:767 #1 0x421bd582 in js::jit::Assembler::patchDataWithValueCheck (label=..., newValue=..., expectedValue=...) at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/arm/Assembler-arm.cpp:2538 #2 0x421bd60a in js::jit::Assembler::patchDataWithValueCheck (label=..., newValue=..., expectedValue=...) at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/arm/Assembler-arm.cpp:2552 #3 0x424f2564 in js::jit::CodeGenerator::link (this=<value optimized out>, cx=<value optimized out>, constraints=<value optimized out>) at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/CodeGenerator.cpp:6072 #4 0x420dcf2a in IonCompile (cx=0x40366c70, script=..., osrFrame=0x49d1b078, osrPc=<value optimized out>, constructing=false, executionMode=js::SequentialExecution) at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/Ion.cpp:1751 #5 Compile (cx=0x40366c70, script=..., osrFrame=0x49d1b078, osrPc=<value optimized out>, constructing=false, executionMode=js::SequentialExecution) at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/Ion.cpp:1914 #6 0x420dd22c in js::jit::CompileFunctionForBaseline (cx=0x40366c70, script=..., frame=0x49bfead0, isConstructing=<value optimized out>) at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/Ion.cpp:2085 #7 0x424b35ee in EnsureCanEnterIon (cx=0x40366c70, stub=<value optimized out>, frame=0x49bfead0, infoPtr=0x49bfea8c) at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/BaselineIC.cpp:764 #8 DoUseCountFallback (cx=0x40366c70, stub=<value optimized out>, frame=0x49bfead0, infoPtr=0x49bfea8c) at /home/eric30/Mozilla/mercurial/b2g-inbound/js/src/jit/BaselineIC.cpp:929 #9 0x4569c454 in ?? () #10 0x4569c454 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb)

This is almost certainly my fault. Looking into it.

I see this crash as well when opening the Contacts app on B2G. Is there a workaround we can apply, or a patch we can back out locally to get past this error?

This also affects Android (Fennec), which crashes at this assertion when you load marketplace.firefox.com.

CC'ing some other people who have touched Assember-arm.cpp recently; maybe they can shed more light on how to work around this. It's completely blocking me on a number of bugs.

Note that a workaround for this is to build in non-debug mode.