Hide Forgot
Description of problem: New FF 60ESR segfault at start Version-Release number of selected component (if applicable): firefox-60.0-4.el7_5 How reproducible: 100% Steps to Reproduce: 1. start firefox 2. 3. Actual results: segfault Expected results: Additional info: Starting program: /usr/lib64/firefox/firefox [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Detaching after fork from child process 4213. Program received signal SIGSEGV, Segmentation fault. SetColor (aColor=Red, this=<synthetic pointer>) at /usr/src/debug/firefox-60.0/memory/build/rb.h:203 203 MOZ_RELEASE_ASSERT(mNode); Thread 1 (Thread 0x3fffb7ff5760 (LWP 4210)): #0 SetColor (aColor=Red, this=<synthetic pointer>) at /usr/src/debug/firefox-60.0/memory/build/rb.h:203 No locals. #1 RedBlackTree<arena_chunk_map_t, ArenaAvailTreeTrait>::MoveRedRight ( this=<optimized out>, aNode=...) at /usr/src/debug/firefox-60.0/memory/build/rb.h:668 node = {mNode = 0x0} rbp_mrr_t = <optimized out> #2 0x000000010001182c in RedBlackTree<arena_chunk_map_t, ArenaAvailTreeTrait>::Remove (this=0x3fffb7800080, aNode=...) at /usr/src/debug/firefox-60.0/memory/build/rb.h:562 rbp_r_s = {u = { mBytes = "\000\000?\377\264p\001\270", '\000' <repeats 15 times>, mDummy = 70367476449720}} rbp_r_p = {mNode = 0x3fffb47001b8} rbp_r_c = {mNode = 0x3fffb4800110} rbp_r_xp = {mNode = 0x0} rbp_r_t = {mNode = 0x0} rbp_r_u = <optimized out> rbp_r_cmp = <optimized out> #3 0x0000000100013180 in Remove (aNode=0x3fffb4800038, this=0x3fffb7800080) at /usr/src/debug/firefox-60.0/memory/build/rb.h:144 No locals. #4 arena_t::SplitRun (this=this@entry=0x3fffb7800000, aRun=aRun@entry=0x3fffb4810000, aSize=aSize@entry=524288, aLarge=aLarge@entry=false, aZero=<optimized out>) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2368 old_ndirty = 0 run_ind = 1 total_pages = 1073722497 need_pages = 8 rem_pages = 1073722489 i = <optimized out> #5 0x0000000100013458 in arena_t::AllocRun (this=0x3fffb7800000, aSize=524288, aLarge=aLarge@entry=false, aZero=aZero@entry=false) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2546 run = 0x3fffb4810000 key = {link = {mLeft = <optimized out>, mRightAndColor = <optimized out>}, bits = 524304} #6 0x0000000100015770 in arena_t::GetNonFullBinRun (this=<optimized out>, aBin=0x3fffb7800868) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2796 run = <optimized out> i = <optimized out> remainder = <optimized out> aBin = 0x3fffb7800868 #7 0x000000010001780c in MallocSmall (aZero=true, aSize=<optimized out>, this=0x3fffb7800000) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2942 bin = 0x3fffb7800868 run = <optimized out> sizeClass = {mType = SizeClass::SubPage, mSize = 8192} #8 Malloc (aZero=true, aSize=<optimized out>, this=0x3fffb7800000) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2999 No locals. #9 calloc (aSize=<optimized out>, aNum=<optimized out>, this=<synthetic pointer>) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:4178 arena = 0x3fffb7800000 checkedSize = {mValue = <optimized out>, mIsValid = false} ret = 0x1248 #10 calloc (arg2=<optimized out>, arg1=<optimized out>) at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38 No locals. #11 calloc (arg1=<optimized out>, arg2=<optimized out>) at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38 No locals. #12 0x00003fffb6936e48 in XOpenDisplay (display=0x3fffffffffda ":1") at OpenDis.c:115 dpy = <optimized out> i = <optimized out> j = <optimized out> k = <optimized out> display_name = 0x3fffffffffda ":1" setup = 0x0 iscreen = 1 prefix = <optimized out> vendorlen = <optimized out> u = <optimized out> setuplength = <optimized out> usedbytes = 0 mask = <optimized out> conn_buf_size = <optimized out> xlib_buffer_size = <optimized out> #13 0x00003fffb6b2bc30 in _gdk_x11_display_open (display_name=<optimized out>) at gdkdisplay-x11.c:1562 xdisplay = <optimized out> display = <optimized out> display_x11 = <optimized out> attr = {title = 0x3fffb7744000 "", event_mask = 16383, x = -12000, y = 16383, width = -38, height = 16383, wclass = (unknown: 3065402796), visual = 0x3fffb5f97d00, window_type = 16383, cursor = 0x3fffb6bf7900, wmclass_name = 0x3fffffffd120 "", wmclass_class = 0x0, override_redirect = 16383, type_hint = 3051801976} argc = <optimized out> argv = {0x3fffffffd560 ""} class_hint = <optimized out> pid = 70368744165664 ignore = 0 maj = 1 min = 16383 __FUNCTION__ = "_gdk_x11_display_open" #14 0x00003fffb6ae9698 in gdk_display_manager_open_display ( manager=<optimized out>, name=0x3fffffffffda ":1") at gdkdisplaymanager.c:472 backend = 0x3fffb48104f0 "*" any = 1 backend_list = <optimized out> display = 0x0 backends = 0x3fffb7770940 i = <optimized out> allow_any = <optimized out> __FUNCTION__ = "gdk_display_manager_open_display" #15 0x00003fffb6ae6a34 in gdk_display_open (display_name=0x3fffffffffda ":1") at gdkdisplay.c:1966 No locals. #16 0x00003fffb21e6a58 in XREMain::XRE_mainStartup ( this=this@entry=0x3fffffffd638, aExitFlag=aExitFlag@entry=0x3fffffffd560) at /usr/src/debug/firefox-60.0/toolkit/xre/nsAppRunner.cpp:4076 display_name = <optimized out> saveDisplayArg = false rv = <optimized out> desktopStartupIDEnv = <optimized out> useXI2 = <optimized out> newInstance = <optimized out> canRun = false version = {<nsTString<char>> = {<nsTSubstring<char>> = {<mozilla::detail::nsTStringRepr<char>> = {mData = 0x3fffb54a0628 "", mLength = 16383, mDataFlags = (mozilla::detail::TERMINATED | mozilla::detail::VOIDED | mozilla::detail::SHARED | mozilla::detail::OWNED | mozilla::detail::LITERAL | unknown: 45824), mClassFlags = (unknown: 24832)}, static kMaxCapacity = 2147483637}, <No data fields>}, static kStorageSize = 64, mInlineCapacity = 8, mStorage = "\000!\000\002\000\000?\377\377\377\324 \000\273[\340VĒ£\033\000\000?\377\263\062Q\240\000\000\000\001\000!\000\002\000\000?\377\377\377\326\070\000\000?\377\263\266?\000\000\000?\377\265J\006@\000\000?\377"} osABI = {<mozilla::detail::nsTStringRepr<char>> = { mData = 0x100057f00 "", mLength = 16383, mDataFlags = (mozilla::detail::TERMINATED | mozilla::detail::VOIDED | mozilla::detail::SHARED | mozilla::detail::OWNED | mozilla::detail::INLINE | mozilla::detail::LITERAL | unknown: 65472), mClassFlags = (unknown: 54256)}, <No data fields>} flagFile = {<nsCOMPtr_base> = { mRawPtr = 0xbb5be056c7a31b}, <No data fields>} cachesOK = <optimized out> startupCacheValid = <optimized out> #17 0x00003fffb21eb328 in XRE_mainStartup (aExitFlag=0x3fffffffd560, this=0x3fffffffd638) at /usr/src/debug/firefox-60.0/toolkit/xre/nsAppRunner.cpp:4941 No locals. #18 XREMain::XRE_main (this=this@entry=0x3fffffffd638, argc=argc@entry=1, argv=argv@entry=0x3fffffffee28, aConfig=...) at /usr/src/debug/firefox-60.0/toolkit/xre/nsAppRunner.cpp:4955 rv = <optimized out> binFile = {<nsCOMPtr_base> = { mRawPtr = 0x3fffb54a04c0}, <No data fields>} exit = false result = <optimized out> appInitiatedRestart = <optimized out> #19 0x00003fffb21ebd00 in XRE_main (argc=<optimized out>, argv=0x3fffffffee28, aConfig=...) at /usr/src/debug/firefox-60.0/toolkit/xre/nsAppRunner.cpp:5062 main = {mNativeApp = {<nsCOMPtr_base> = { mRawPtr = 0x0}, <No data fields>}, mProfileSvc = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mProfD = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mProfLD = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mProfileLock = {<nsCOMPtr_base> = { mRawPtr = 0x0}, <No data fields>}, mRemoteService = {<nsCOMPtr_base> = { mRawPtr = 0x0}, <No data fields>}, mRemoteLock = {<PRCListStr> = {next = 0x3fffffffd668, prev = 0x3fffffffd668}, mHaveLock = false, mReplacedLockTime = 0, mLockFile = {<nsCOMPtr_base> = { mRawPtr = 0x0}, <No data fields>}, static mPidLockList = { next = 0x3fffb4694138 <nsProfileLock::mPidLockList>, prev = 0x3fffb4694138 <nsProfileLock::mPidLockList>}, mPidLockFileName = 0x0, mLockFileDesc = -1}, mRemoteLockDir = {<nsCOMPtr_base> = { mRawPtr = 0x0}, <No data fields>}, mScopedXPCOM = { mTuple = {<mozilla::detail::PairHelper<ScopedXPCOMStartup*, mozilla::DefaultDelete<ScopedXPCOMStartup>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::DefaultDelete<ScopedXPCOMStartup>> = {<No data fields>}, mFirstA = 0x0}, <No data fields>}}, mAppData = { mTuple = {<mozilla::detail::PairHelper<mozilla::XREAppData*, mozilla::DefaultDelete<mozilla::XREAppData>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::DefaultDelete<mozilla::XREAppData>> = {<No data fields>}, mFirstA = 0x3fffb5490500}, <No data fields>}}, mDirProvider = {<nsIDirectoryServiceProvider2> = {<nsIDirectoryServiceProvider> = {<nsISupports> = { _vptr.nsISupports = 0x3fffb36fbdf8 <vtable for nsXREDirProvider+16>}, <No data fields>}, <No data fields>}, <nsIProfileStartup> = {<nsISupports> = { _vptr.nsISupports = 0x3fffb36fbe40 <vtable for nsXREDirProvider+88>}, <No data fields>}, mAppProvider = {<nsCOMPtr_base> = { mRawPtr = 0x0}, <No data fields>}, mGREDir = {<nsCOMPtr_base> = { mRawPtr = 0x3fffb54a0640}, <No data fields>}, mGREBinDir = {<nsCOMPtr_base> = { mRawPtr = 0x3fffb54a0700}, <No data fields>}, mXULAppDir = {<nsCOMPtr_base> = { mRawPtr = 0x3fffb54a0580}, <No data fields>}, mProfileDir = {<nsCOMPtr_base> = { mRawPtr = 0x0}, <No data fields>}, mProfileLocalDir = {<nsCOMPtr_base> = { mRawPtr = 0x0}, <No data fields>}, mProfileNotified = false, mPrefsInitialized = false, mAppBundleDirectories = {<nsCOMArray_base> = { mArray = {<nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = { mHdr = 0x3fffb46a1f08 <nsTArrayHeader::sEmptyHdr>}, <nsTArray_TypedBase<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, static NoIndex = <optimized out>}, <No data fields>}}, <No data fields>}}, mProfileName = {<nsTString<char>> = {<nsTSubstring<char>> = {<mozilla::detail::nsTStringRepr<char>> = {mData = 0x3fffffffd71c "", mLength = 0, mDataFlags = (mozilla::detail::TERMINATED | mozilla::detail::INLINE), mClassFlags = (mozilla::detail::INLINE | mozilla::detail::NULL_TERMINATED)}, static kMaxCapacity = 2147483637}, <No data fields>}, static kStorageSize = 64, mInlineCapacity = 63, mStorage = '\000' <repeats 62 times>, "?\377"}, mDesktopStartupID = {<nsTString<char>> = {<nsTSubstring<char>> = {<mozilla::detail::nsTStringRepr<char>> = {mData = 0x3fffffffd774 "", mLength = 0, mDataFlags = (mozilla::detail::TERMINATED | mozilla::detail::INLINE), mClassFlags = (mozilla::detail::INLINE | mozilla::detail::NULL_TERMINATED)}, static kMaxCapacity = 2147483637}, <No data fields>}, static kStorageSize = 64, mInlineCapacity = 63, mStorage = "\000\377\327\360", '\000' <repeats 11 times>, "\001\000\001a\350", '\000' <repeats 16 times>, "libxul.so\000\000o\000\000so", '\000' <repeats 11 times>}, mStartOffline = false, mShuttingDown = false, mDisableRemote = false, mGdkDisplay = 0x0} result = <optimized out> #20 0x00003fffb21edb6c in mozilla::BootstrapImpl::XRE_main ( this=<optimized out>, argc=<optimized out>, argv=<optimized out>, aConfig=...) at /usr/src/debug/firefox-60.0/toolkit/xre/Bootstrap.cpp:49 No locals. #21 0x000000010000a6c8 in do_main (argc=<optimized out>, argc@entry=1, argv=argv@entry=0x3fffffffee28, envp=envp@entry=0x3fffffffee38) at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:231 appDataFile = 0x0 config = {appData = 0x10004dcc0 <sAppData>, appDataPath = 0x100039800 "browser"} #22 0x0000000100009d40 in main (argc=<optimized out>, argv=0x3fffffffee28, envp=0x3fffffffee38) at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:304 start = <optimized out> rv = <optimized out> result = <optimized out> $1 = void A debugging session is active. Inferior 1 [process 4210] will be killed. Quit anyway? (y or n)
New test builds are available here: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=16314298
Please test when the builds are finished.
OK with -7 build works fine except of bz1574501.
This bug is against unreleased/testing builds, closing as we're not going to use this #BZ for any public purpose.