1576265 – [ppc64le] ESR50 segfault in mozjemalloc

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1576265 - [ppc64le] ESR50 segfault in mozjemalloc

Summary: [ppc64le] ESR50 segfault in mozjemalloc

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	firefox
Sub Component:
Version:	7.6
Hardware:	ppc64le
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Martin Stransky
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1556893
TreeView+	depends on / blocked

Reported:	2018-05-09 07:14 UTC by Tomas Pelka
Modified:	2018-05-18 07:05 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-05-18 07:05:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Tomas Pelka 2018-05-09 07:14:40 UTC

Description of problem:
New FF 60ESR segfault at start

Version-Release number of selected component (if applicable):
firefox-60.0-4.el7_5

How reproducible:
100%

Steps to Reproduce:
1. start firefox
2.
3.

Actual results:
segfault

Expected results:


Additional info:
Starting program: /usr/lib64/firefox/firefox 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x000000010000e5ac in arena_t::SplitRun (this=0x3fffb7900000, aRun=0x3fffb4d10000, aSize=65536, aLarge=false, aZero=false)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2322
2322	  total_pages = (chunk->map[run_ind].bits & ~gPageSizeMask) >> gPageSize2Pow;

Thread 1 (Thread 0x3fffb7ff5410 (LWP 9469)):
#0  0x000000010000e5ac in arena_t::SplitRun(arena_run_t*, unsigned long, bool, bool) (this=0x3fffb7900000, aRun=0x3fffb4d10000, aSize=65536, aLarge=false, aZero=false) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2322
        old_ndirty = <optimized out>
        run_ind = <optimized out>
        total_pages = <optimized out>
        need_pages = <optimized out>
        rem_pages = <optimized out>
        i = <optimized out>
#1  0x000000010000e95c in arena_t::AllocRun(unsigned long, bool, bool) (this=0x3fffb7900000, aSize=65536, aLarge=false, aZero=false)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2546
        run = 0x3fffb4d10000
        key = {link = {mLeft = <optimized out>, mRightAndColor = <optimized out>}, bits = 65552}
#2  0x0000000100010c40 in arena_t::GetNonFullBinRun(arena_bin_t*) (this=<optimized out>, aBin=0x3fffb7900328)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2796
        run = <optimized out>
        i = <optimized out>
        remainder = <optimized out>
        aBin = 0x3fffb7900328
#3  0x0000000100012d3c in calloc(size_t, size_t) (aZero=true, aSize=<optimized out>, this=0x3fffb7900000)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2942
        bin = 0x3fffb7900328
        run = <optimized out>
        sizeClass = {mType = SizeClass::Quantum, mSize = 192}
        arena = 0x3fffb7900000
        ret = 0xb8
#4  0x0000000100012d3c in calloc(size_t, size_t) (aZero=true, aSize=<optimized out>, this=0x3fffb7900000)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2999
        arena = 0x3fffb7900000
        ret = 0xb8
#5  0x0000000100012d3c in calloc(size_t, size_t) (aSize=<optimized out>, aNum=<optimized out>, this=<synthetic pointer>)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:4178
        arena = 0x3fffb7900000
        ret = 0xb8
#6  0x0000000100012d3c in calloc(size_t, size_t) (arg2=<optimized out>, arg1=<optimized out>)
    at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38
#7  0x0000000100012d3c in calloc(size_t, size_t) (arg1=<optimized out>, arg2=<optimized out>)
    at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38
#8  0x00003fffb60bbdac in g_malloc0 () at /lib64/libglib-2.0.so.0
#9  0x00003fffb61e98e0 in _g_param_spec_types_init () at /lib64/libgobject-2.0.so.0
#10 0x00003fffb61cb944 in gobject_init_ctor () at /lib64/libgobject-2.0.so.0
#11 0x00003fffb7fc6344 in _dl_init_internal () at /lib64/ld64.so.2
#12 0x00003fffb7fcc7e4 in dl_open_worker () at /lib64/ld64.so.2
#13 0x00003fffb7fc6090 in _dl_catch_error () at /lib64/ld64.so.2
#14 0x00003fffb7fcb9cc in _dl_open () at /lib64/ld64.so.2
#15 0x00003fffb7ed1138 in dlopen_doit () at /lib64/libdl.so.2
#16 0x00003fffb7fc6090 in _dl_catch_error () at /lib64/ld64.so.2
#17 0x00003fffb7ed1c18 in _dlerror_run () at /lib64/libdl.so.2
#18 0x00003fffb7ed1238 in dlopen@@GLIBC_2.17 () at /lib64/libdl.so.2
#19 0x0000000100034520 in XPCOMGlueLoad(char const*) (aDependentLib=0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:105
        libHandle = <optimized out>
        l = <optimized out>
        xpcomDir = "/usr/lib64/firefox/libmozgtk.so\000.so\000t\000\000\000\320?\377\267\377?\000\000Tp\243\267\377?\000\000\340\307\377\377\377?\000\000\066\064/mpich\230\265\373\267\377?\000\000gcc_s.so\024\000\000\000\003\000\000\000\000~\377\267\377?\000\000\020\000\000\000\001\000\000\000\066\064/mpich/lib/libm.so.6\000\000\003\b\000\000\000\000\000\000\273H\002\000\000\000\000\000\001\000\000\000\000\000\000\000\355\201", '\000' <repeats 22 times>, "\220\257!\000\000\000\000\000\000\000\001\000\000\000\000\000"...
        cursor = 0x3fffffffc2bb "libmozgtk.so"
        flist = {mValue = 0x3fffb7820400}
        buffer = "libmozgtk.so\000\000so\000\000\377\377\377?\000\000\070\323\377\377\377?\000\000\070\323\377\377\377?\000\000\000\323\377\377\377?\000\000\000\000\000\000\000\000\000\000\320\026\001\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "\270\343\377\377\377?\000\000P\343\377\377\377?\000\000\000\000\000\000\000\000\000\000tZ\000\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "/proc/self/exe\000\000/usr/lib64/firefox/firefox", '\000' <repeats 3310 times>...
#20 0x0000000100034520 in XPCOMGlueLoad(char const*) (aDependentLib=0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:157
        l = <optimized out>
        xpcomDir = "/usr/lib64/firefox/libmozgtk.so\000.so\000t\000\000\000\320?\377\267\377?\000\000Tp\243\267\377?\000\000\340\307\377\377\377?\000\000\066\064/mpich\230\265\373\267\377?\000\000gcc_s.so\024\000\000\000\003\000\000\000\000~\377\267\377?\000\000\020\000\000\000\001\000\000\000\066\064/mpich/lib/libm.so.6\000\000\003\b\000\000\000\000\000\000\273H\002\000\000\000\000\000\001\000\000\000\000\000\000\000\355\201", '\000' <repeats 22 times>, "\220\257!\000\000\000\000\000\000\000\001\000\000\000\000\000"...
        cursor = 0x3fffffffc2bb "libmozgtk.so"
        flist = {mValue = 0x3fffb7820400}
        buffer = "libmozgtk.so\000\000so\000\000\377\377\377?\000\000\070\323\377\377\377?\000\000\070\323\377\377\377?\000\000\000\323\377\377\377?\000\000\000\000\000\000\000\000\000\000\320\026\001\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "\270\343\377\377\377?\000\000P\343\377\377\377?\000\000\000\000\000\000\000\000\000\000tZ\000\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "/proc/self/exe\000\000/usr/lib64/firefox/firefox", '\000' <repeats 3310 times>...
#21 0x0000000100034520 in XPCOMGlueLoad(char const*) (aXPCOMFile=0x3fffb7810140 "/usr/lib64/firefox/libxul.so")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:333
        l = <optimized out>
        xpcomDir = "/usr/lib64/firefox/libmozgtk.so\000.so\000t\000\000\000\320?\377\267\377?\000\000Tp\243\267\377?\000\000\340\307\377\377\377?\000\000\066\064/mpich\230\265\373\267\377?\000\000gcc_s.so\024\000\000\000\003\000\000\000\000~\377\267\377?\000\000\020\000\000\000\001\000\000\000\066\064/mpich/lib/libm.so.6\000\000\003\b\000\000\000\000\000\000\273H\002\000\000\000\000\000\001\000\000\000\000\000\000\000\355\201", '\000' <repeats 22 times>, "\220\257!\000\000\000\000\000\000\000\001\000\000\000\000\000"...
        cursor = 0x3fffffffc2bb "libmozgtk.so"
        flist = {mValue = 0x3fffb7820400}
        buffer = "libmozgtk.so\000\000so\000\000\377\377\377?\000\000\070\323\377\377\377?\000\000\070\323\377\377\377?\000\000\000\323\377\377\377?\000\000\000\000\000\000\000\000\000\000\320\026\001\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "\270\343\377\377\377?\000\000P\343\377\377\377?\000\000\000\000\000\000\000\000\000\000tZ\000\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "/proc/self/exe\000\000/usr/lib64/firefox/firefox", '\000' <repeats 3310 times>...
#22 0x00000001000347b4 in mozilla::GetBootstrap(char const*) (aXPCOMFile=0x3fffb7810120 "/usr/lib64/firefox/firefox")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:399
        gSliceInit = <optimized out>
        base_len = 19
        file = 
              {mTuple = {<mozilla::detail::PairHelper<char*, mozilla::detail::FreePolicy<char>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::detail::FreePolicy<char>> = {<No data fields>}, mFirstA = 0x3fffb7810140 "/usr/lib64/firefox/libxul.so"}, <No data fields>}}
        b = 
              {mTuple = {<mozilla::detail::PairHelper<mozilla::Bootstrap*, mozilla::Bootstrap::BootstrapDelete, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::Bootstrap::BootstrapDelete> = {<No data fields>}, mFirstA = 0x35}, <No data fields>}}
#23 0x0000000100005b18 in InitXPCOMGlue() () at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:243
        exePath = 
              {mTuple = {<mozilla::detail::PairHelper<char*, mozilla::detail::FreePolicy<char>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::detail::FreePolicy<char>> = {<No data fields>}, mFirstA = 0x3fffb7810120 "/usr/lib64/firefox/firefox"}, <No data fields>}}
#24 0x00000001000054ac in main(int, char**, char**) (argc=<optimized out>, argv=0x3fffffffe828, envp=0x3fffffffe838)
    at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:293
        rv = <optimized out>
        result = <optimized out>
A debugging session is active.

	Inferior 1 [process 9469] will be killed.

Quit anyway? (y or n) 

Thread 1 (Thread 0x3fffb7ff5410 (LWP 21033)):
#0  0x000000010000e5ac in arena_t::SplitRun(arena_run_t*, unsigned long, bool, bool) (this=0x3fffb7900000, aRun=0x3fffb4d10000, aSize=65536, aLarge=false, aZero=false) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2322
        old_ndirty = <optimized out>
        run_ind = <optimized out>
        total_pages = <optimized out>
        need_pages = <optimized out>
        rem_pages = <optimized out>
        i = <optimized out>
#1  0x000000010000e95c in arena_t::AllocRun(unsigned long, bool, bool) (this=0x3fffb7900000, aSize=65536, aLarge=false, aZero=false) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2546
        run = 0x3fffb4d10000
        key = {link = {mLeft = <optimized out>, mRightAndColor = <optimized out>}, bits = 65552}
#2  0x0000000100010c40 in arena_t::GetNonFullBinRun(arena_bin_t*) (this=<optimized out>, aBin=0x3fffb7900328) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2796
        run = <optimized out>
        i = <optimized out>
        remainder = <optimized out>
        aBin = 0x3fffb7900328
#3  0x0000000100012d3c in calloc(size_t, size_t) (aZero=true, aSize=<optimized out>, this=0x3fffb7900000) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2942
        bin = 0x3fffb7900328
        run = <optimized out>
        sizeClass = {mType = SizeClass::Quantum, mSize = 192}
        arena = 0x3fffb7900000
        ret = 0xb8
#4  0x0000000100012d3c in calloc(size_t, size_t) (aZero=true, aSize=<optimized out>, this=0x3fffb7900000) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2999
        arena = 0x3fffb7900000
        ret = 0xb8
#5  0x0000000100012d3c in calloc(size_t, size_t) (aSize=<optimized out>, aNum=<optimized out>, this=<synthetic pointer>) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:4178
        arena = 0x3fffb7900000
        ret = 0xb8
#6  0x0000000100012d3c in calloc(size_t, size_t) (arg2=<optimized out>, arg1=<optimized out>) at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38
#7  0x0000000100012d3c in calloc(size_t, size_t) (arg1=<optimized out>, arg2=<optimized out>) at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38
#8  0x00003fffb60bbdac in g_malloc0 (n_bytes=<optimized out>) at gmem.c:124
        mem = <optimized out>
#9  0x00003fffb61e98e0 in _g_param_spec_types_init () at gparamspecs.c:1170
        __p = <optimized out>
        type = <optimized out>
        spec_types = <optimized out>
        spec_types_bound = <optimized out>
        __FUNCTION__ = "_g_param_spec_types_init"
#10 0x00003fffb61cb944 in gobject_init_ctor () at gtype.c:4443
        info = {class_size = 0, base_init = 0x0, base_finalize = 0x0, class_init = 0x0, class_finalize = 0x0, class_data = 0x0, instance_size = 0, n_preallocs = 0, instance_init = 0x0, value_table = 0x0}
        node = <optimized out>
        type = 8
        env_string = <optimized out>
#11 0x00003fffb61cb944 in gobject_init_ctor () at gtype.c:4488
#12 0x00003fffb7fc6344 in _dl_init (env=<optimized out>, argv=<optimized out>, argc=<optimized out>, l=<optimized out>) at dl-init.c:82
        j = <optimized out>
        jm = <optimized out>
        addrs = <optimized out>
        init_array = <optimized out>
        l = <optimized out>
        preinit_array = <optimized out>
        preinit_array_size = <optimized out>
        i = <optimized out>
#13 0x00003fffb7fc6344 in _dl_init (main_map=0x3fffb7841800, argc=<optimized out>, argv=0x3fffffffe828, env=0x3fffffffe838) at dl-init.c:131
        preinit_array = <optimized out>
        preinit_array_size = <optimized out>
        i = <optimized out>
#14 0x00003fffb7fcc7e4 in dl_open_worker (a=0x3fffffffbd80) at dl-open.c:560
        args = 0x3fffffffbd80
        file = <optimized out>
        mode = -2147483391
        call_map = <optimized out>
        dst = <optimized out>
        new = 0x3fffb7841800
        r = 0x3fffb7ff10c8 <_r_debug>
        reloc_mode = <optimized out>
        nmaps = <optimized out>
        l = <optimized out>
        maps = <optimized out>
        relocation_in_progress = 1
        any_tls = <optimized out>
        first_static_tls = <optimized out>
#15 0x00003fffb7fc6090 in _dl_catch_error (objname=0x3fffffffbde0, errstring=0x3fffffffbdd0, mallocedp=0x3fffffffbdf0, operate=0x3fffb7fcc070 <dl_open_worker>, args=0x3fffffffbd80) at dl-error.c:177
        errcode = <optimized out>
        old = 0x3fffffffbec0
        c = 
                  {objname = 0x0, errstring = 0x0, malloced = 240, env = {{__jmpbuf = {70368744159808, 70367536184832, 70367535980644, 0, 0, 0, 0, 0, 0, 0, 70368744171560, 70368744171576, 4295181600, 70367534977336, 1, 70368744161960, 70367536152576, 70367536154888, -2147483391, -2, 70368744160608, 2882383214117126143, 0 <repeats 42 times>}, __mask_was_saved = 2145386504, __saved_mask = {__val = {0, 6917529029251694592, 10459891610503086080, 2145386504, 0, 6917529029251694592, 10459891610503086080, 2145386504, 0, 6917529029251694592, 10459891610503086080, 2145386504, 0, 6917529029251694592, 10459891610503086080, 2145386504}}}}}
        catchp = 0x3fffb7ff5c00
#16 0x00003fffb7fcb9cc in _dl_open (file=0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so", mode=<optimized out>, caller_dlopen=0x100034520 <XPCOMGlueLoad(char const*)+416>, nsid=-2, argc=<optimized out>, argv=0x3fffffffe828, env=0x3fffffffe838) at dl-open.c:650
        args = 
          {file = 0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so", mode = -2147483391, caller_dlopen = 0x100034520 <XPCOMGlueLoad(char const*)+416>, caller_dl_open = 0x3fffb7ed1138 <dlopen_doit+152>, map = 0x3fffb7841800, nsid = 0, argc = 1, argv = 0x3fffffffe828, env = 0x3fffffffe838}
        objname = 0xe84bfff07d6802a6 <Address 0xe84bfff07d6802a6 out of bounds>
        errstring = 0x1f328 <Address 0x1f328 out of bounds>
        malloced = 20
        errcode = <optimized out>
#17 0x00003fffb7ed1138 in dlopen_doit (a=0x3fffffffc220) at dlopen.c:66
        args = 0x3fffffffc220
#18 0x00003fffb7fc6090 in _dl_catch_error (objname=0x3fffb7810170, errstring=0x3fffb7810178, mallocedp=0x3fffb7810168, operate=0x3fffb7ed10a0 <dlopen_doit>, args=0x3fffffffc220) at dl-error.c:177
        errcode = <optimized out>
        old = 0x0
        c = 
                  {objname = 0xd4ffffff9c <Address 0xd4ffffff9c out of bounds>, errstring = 0x0, malloced = true, env = {{__jmpbuf = {70368744160928, 70367536184832, 70367535980644, 0 <repeats 11 times>, 70367528095744, 0, 19, 70367534977184, 70368744161824, 70367535104160, 70367527895392, 5188226223330820095, 0 <repeats 42 times>}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 15 times>, 70368744161728}}}}}
        catchp = 0x3fffb7ff5c00
#19 0x00003fffb7ed1c18 in _dlerror_run (operate=0x3fffb7ed10a0 <dlopen_doit>, args=0x3fffffffc220) at dlerror.c:163
        result = 0x3fffb7810160
#20 0x00003fffb7ed1238 in __dlopen (file=<optimized out>, mode=<optimized out>) at dlopen.c:87
        args = {file = 0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so", mode = 257, new = 0x3fffffffc2a8, caller = 0x100034520 <XPCOMGlueLoad(char const*)+416>}
#21 0x0000000100034520 in XPCOMGlueLoad(char const*) (aDependentLib=0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so") at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:105
        libHandle = <optimized out>
        l = <optimized out>
        xpcomDir = "/usr/lib64/firefox/libmozgtk.so\000.so\000t\000\000\000\320?\377\267\377?\000\000Tp\243\267\377?\000\000\340\307\377\377\377?\000\000\066\064/mpich\230\265\373\267\377?\000\000gcc_s.so\024\000\000\000\003\000\000\000\000~\377\267\377?\000\000\020\000\000\000\001\000\000\000\066\064/mpich/lib/libm.so.6\000\000\003\b\000\000\000\000\000\000\273H\002\000\000\000\000\000\001\000\000\000\000\000\000\000\355\201", '\000' <repeats 22 times>, "\220\257!\000\000\000\000\000\000\000\001\000\000\000\000\000"...
        cursor = 0x3fffffffc2bb "libmozgtk.so"
        flist = {mValue = 0x3fffb7820400}
        buffer = "libmozgtk.so\000\000so\000\000\377\377\377?\000\000\070\323\377\377\377?\000\000\070\323\377\377\377?\000\000\000\323\377\377\377?\000\000\000\000\000\000\000\000\000\000\320\026\001\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "\270\343\377\377\377?\000\000P\343\377\377\377?\000\000\000\000\000\000\000\000\000\000tZ\000\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "/proc/self/exe\000\000/usr/lib64/firefox/firefox", '\000' <repeats 3310 times>...
#22 0x0000000100034520 in XPCOMGlueLoad(char const*) (aDependentLib=0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so") at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:157
        l = <optimized out>
        xpcomDir = "/usr/lib64/firefox/libmozgtk.so\000.so\000t\000\000\000\320?\377\267\377?\000\000Tp\243\267\377?\000\000\340\307\377\377\377?\000\000\066\064/mpich\230\265\373\267\377?\000\000gcc_s.so\024\000\000\000\003\000\000\000\000~\377\267\377?\000\000\020\000\000\000\001\000\000\000\066\064/mpich/lib/libm.so.6\000\000\003\b\000\000\000\000\000\000\273H\002\000\000\000\000\000\001\000\000\000\000\000\000\000\355\201", '\000' <repeats 22 times>, "\220\257!\000\000\000\000\000\000\000\001\000\000\000\000\000"...
        cursor = 0x3fffffffc2bb "libmozgtk.so"
        flist = {mValue = 0x3fffb7820400}
        buffer = "libmozgtk.so\000\000so\000\000\377\377\377?\000\000\070\323\377\377\377?\000\000\070\323\377\377\377?\000\000\000\323\377\377\377?\000\000\000\000\000\000\000\000\000\000\320\026\001\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "\270\343\377\377\377?\000\000P\343\377\377\377?\000\000\000\000\000\000\000\000\000\000tZ\000\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "/proc/self/exe\000\000/usr/lib64/firefox/firefox", '\000' <repeats 3310 times>...
#23 0x0000000100034520 in XPCOMGlueLoad(char const*) (aXPCOMFile=0x3fffb7810140 "/usr/lib64/firefox/libxul.so") at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:333
        l = <optimized out>
        xpcomDir = "/usr/lib64/firefox/libmozgtk.so\000.so\000t\000\000\000\320?\377\267\377?\000\000Tp\243\267\377?\000\000\340\307\377\377\377?\000\000\066\064/mpich\230\265\373\267\377?\000\000gcc_s.so\024\000\000\000\003\000\000\000\000~\377\267\377?\000\000\020\000\000\000\001\000\000\000\066\064/mpich/lib/libm.so.6\000\000\003\b\000\000\000\000\000\000\273H\002\000\000\000\000\000\001\000\000\000\000\000\000\000\355\201", '\000' <repeats 22 times>, "\220\257!\000\000\000\000\000\000\000\001\000\000\000\000\000"...
        cursor = 0x3fffffffc2bb "libmozgtk.so"
        flist = {mValue = 0x3fffb7820400}
        buffer = "libmozgtk.so\000\000so\000\000\377\377\377?\000\000\070\323\377\377\377?\000\000\070\323\377\377\377?\000\000\000\323\377\377\377?\000\000\000\000\000\000\000\000\000\000\320\026\001\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "\270\343\377\377\377?\000\000P\343\377\377\377?\000\000\000\000\000\000\000\000\000\000tZ\000\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "/proc/self/exe\000\000/usr/lib64/firefox/firefox", '\000' <repeats 3310 times>...
#24 0x00000001000347b4 in mozilla::GetBootstrap(char const*) (aXPCOMFile=0x3fffb7810120 "/usr/lib64/firefox/firefox") at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:399
        gSliceInit = <optimized out>
        base_len = 19
        file = 
              {mTuple = {<mozilla::detail::PairHelper<char*, mozilla::detail::FreePolicy<char>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::detail::FreePolicy<char>> = {<No data fields>}, mFirstA = 0x3fffb7810140 "/usr/lib64/firefox/libxul.so"}, <No data fields>}}
        b = {mTuple = {<mozilla::detail::PairHelper<mozilla::Bootstrap*, mozilla::Bootstrap::BootstrapDelete, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::Bootstrap::BootstrapDelete> = {<No data fields>}, mFirstA = 0x33}, <No data fields>}}
#25 0x0000000100005b18 in InitXPCOMGlue() () at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:243
        exePath = 
              {mTuple = {<mozilla::detail::PairHelper<char*, mozilla::detail::FreePolicy<char>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::detail::FreePolicy<char>> = {<No data fields>}, mFirstA = 0x3fffb7810120 "/usr/lib64/firefox/firefox"}, <No data fields>}}
#26 0x00000001000054ac in main(int, char**, char**) (argc=<optimized out>, argv=0x3fffffffe828, envp=0x3fffffffe838) at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:293
        rv = <optimized out>
        result = <optimized out>
The program being debugged has been started already.
Start it from the beginning? (y or n) Starting program: /usr/lib64/firefox/firefox 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x000000010000e5ac in arena_t::SplitRun (this=0x3fffb7900000, aRun=0x3fffb4d10000, aSize=65536, aLarge=false, aZero=false) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2322
2322	  total_pages = (chunk->map[run_ind].bits & ~gPageSizeMask) >> gPageSize2Pow;

Thread 1 (Thread 0x3fffb7ff5410 (LWP 21107)):
#0  0x000000010000e5ac in arena_t::SplitRun(arena_run_t*, unsigned long, bool, bool) (this=0x3fffb7900000, aRun=0x3fffb4d10000, aSize=65536, aLarge=false, aZero=false) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2322
        old_ndirty = <optimized out>
        run_ind = <optimized out>
        total_pages = <optimized out>
        need_pages = <optimized out>
        rem_pages = <optimized out>
        i = <optimized out>
#1  0x000000010000e95c in arena_t::AllocRun(unsigned long, bool, bool) (this=0x3fffb7900000, aSize=65536, aLarge=false, aZero=false) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2546
        run = 0x3fffb4d10000
        key = {link = {mLeft = <optimized out>, mRightAndColor = <optimized out>}, bits = 65552}
#2  0x0000000100010c40 in arena_t::GetNonFullBinRun(arena_bin_t*) (this=<optimized out>, aBin=0x3fffb7900328) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2796
        run = <optimized out>
        i = <optimized out>
        remainder = <optimized out>
        aBin = 0x3fffb7900328
#3  0x0000000100012d3c in calloc(size_t, size_t) (aZero=true, aSize=<optimized out>, this=0x3fffb7900000) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2942
        bin = 0x3fffb7900328
        run = <optimized out>
        sizeClass = {mType = SizeClass::Quantum, mSize = 192}
        arena = 0x3fffb7900000
        ret = 0xb8
#4  0x0000000100012d3c in calloc(size_t, size_t) (aZero=true, aSize=<optimized out>, this=0x3fffb7900000) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2999
        arena = 0x3fffb7900000
        ret = 0xb8
#5  0x0000000100012d3c in calloc(size_t, size_t) (aSize=<optimized out>, aNum=<optimized out>, this=<synthetic pointer>) at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:4178
        arena = 0x3fffb7900000
        ret = 0xb8
#6  0x0000000100012d3c in calloc(size_t, size_t) (arg2=<optimized out>, arg1=<optimized out>) at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38
#7  0x0000000100012d3c in calloc(size_t, size_t) (arg1=<optimized out>, arg2=<optimized out>) at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38
#8  0x00003fffb60bbdac in g_malloc0 (n_bytes=<optimized out>) at gmem.c:124
        mem = <optimized out>
#9  0x00003fffb61e98e0 in _g_param_spec_types_init () at gparamspecs.c:1170
        __p = <optimized out>
        type = <optimized out>
        spec_types = <optimized out>
        spec_types_bound = <optimized out>
        __FUNCTION__ = "_g_param_spec_types_init"
#10 0x00003fffb61cb944 in gobject_init_ctor () at gtype.c:4443
        info = {class_size = 0, base_init = 0x0, base_finalize = 0x0, class_init = 0x0, class_finalize = 0x0, class_data = 0x0, instance_size = 0, n_preallocs = 0, instance_init = 0x0, value_table = 0x0}
        node = <optimized out>
        type = 8
        env_string = <optimized out>
#11 0x00003fffb61cb944 in gobject_init_ctor () at gtype.c:4488
#12 0x00003fffb7fc6344 in _dl_init (env=<optimized out>, argv=<optimized out>, argc=<optimized out>, l=<optimized out>) at dl-init.c:82
        j = <optimized out>
        jm = <optimized out>
        addrs = <optimized out>
        init_array = <optimized out>
        l = <optimized out>
        preinit_array = <optimized out>
        preinit_array_size = <optimized out>
        i = <optimized out>
#13 0x00003fffb7fc6344 in _dl_init (main_map=0x3fffb7841800, argc=<optimized out>, argv=0x3fffffffe828, env=0x3fffffffe838) at dl-init.c:131
        preinit_array = <optimized out>
        preinit_array_size = <optimized out>
        i = <optimized out>
#14 0x00003fffb7fcc7e4 in dl_open_worker (a=0x3fffffffbd80) at dl-open.c:560
        args = 0x3fffffffbd80
        file = <optimized out>
        mode = -2147483391
        call_map = <optimized out>
        dst = <optimized out>
        new = 0x3fffb7841800
        r = 0x3fffb7ff10c8 <_r_debug>
        reloc_mode = <optimized out>
        nmaps = <optimized out>
        l = <optimized out>
        maps = <optimized out>
        relocation_in_progress = 1
        any_tls = <optimized out>
        first_static_tls = <optimized out>
#15 0x00003fffb7fc6090 in _dl_catch_error (objname=0x3fffffffbde0, errstring=0x3fffffffbdd0, mallocedp=0x3fffffffbdf0, operate=0x3fffb7fcc070 <dl_open_worker>, args=0x3fffffffbd80) at dl-error.c:177
        errcode = <optimized out>
        old = 0x3fffffffbec0
        c = 
                  {objname = 0x0, errstring = 0x0, malloced = 240, env = {{__jmpbuf = {70368744159808, 70367536184832, 70367535980644, 0, 0, 0, 0, 0, 0, 0, 70368744171560, 70368744171576, 4295181600, 70367534977336, 1, 70368744161960, 70367536152576, 70367536154888, -2147483391, -2, 70368744160608, 2882383214117126143, 0 <repeats 42 times>}, __mask_was_saved = 2145386504, __saved_mask = {__val = {0, 6917529029251694592, 10459891610503086080, 2145386504, 0, 6917529029251694592, 10459891610503086080, 2145386504, 0, 6917529029251694592, 10459891610503086080, 2145386504, 0, 6917529029251694592, 10459891610503086080, 2145386504}}}}}
        catchp = 0x3fffb7ff5c00
#16 0x00003fffb7fcb9cc in _dl_open (file=0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so", mode=<optimized out>, caller_dlopen=0x100034520 <XPCOMGlueLoad(char const*)+416>, nsid=-2, argc=<optimized out>, argv=0x3fffffffe828, env=0x3fffffffe838) at dl-open.c:650
        args = 
          {file = 0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so", mode = -2147483391, caller_dlopen = 0x100034520 <XPCOMGlueLoad(char const*)+416>, caller_dl_open = 0x3fffb7ed1138 <dlopen_doit+152>, map = 0x3fffb7841800, nsid = 0, argc = 1, argv = 0x3fffffffe828, env = 0x3fffffffe838}
        objname = 0xe84bfff07d6802a6 <Address 0xe84bfff07d6802a6 out of bounds>
        errstring = 0x1f328 <Address 0x1f328 out of bounds>
        malloced = 20
        errcode = <optimized out>
#17 0x00003fffb7ed1138 in dlopen_doit (a=0x3fffffffc220) at dlopen.c:66
        args = 0x3fffffffc220
#18 0x00003fffb7fc6090 in _dl_catch_error (objname=0x3fffb7810170, errstring=0x3fffb7810178, mallocedp=0x3fffb7810168, operate=0x3fffb7ed10a0 <dlopen_doit>, args=0x3fffffffc220) at dl-error.c:177
        errcode = <optimized out>
        old = 0x0
        c = 
                  {objname = 0xd4ffffff9c <Address 0xd4ffffff9c out of bounds>, errstring = 0x0, malloced = true, env = {{__jmpbuf = {70368744160928, 70367536184832, 70367535980644, 0 <repeats 11 times>, 70367528095744, 0, 19, 70367534977184, 70368744161824, 70367535104160, 70367527895392, 5188226223330820095, 0 <repeats 42 times>}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 15 times>, 70368744161728}}}}}
        catchp = 0x3fffb7ff5c00
#19 0x00003fffb7ed1c18 in _dlerror_run (operate=0x3fffb7ed10a0 <dlopen_doit>, args=0x3fffffffc220) at dlerror.c:163
        result = 0x3fffb7810160
#20 0x00003fffb7ed1238 in __dlopen (file=<optimized out>, mode=<optimized out>) at dlopen.c:87
        args = {file = 0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so", mode = 257, new = 0x3fffffffc2a8, caller = 0x100034520 <XPCOMGlueLoad(char const*)+416>}
#21 0x0000000100034520 in XPCOMGlueLoad(char const*) (aDependentLib=0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so") at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:105
        libHandle = <optimized out>
        l = <optimized out>
        xpcomDir = "/usr/lib64/firefox/libmozgtk.so\000.so\000t\000\000\000\320?\377\267\377?\000\000Tp\243\267\377?\000\000\340\307\377\377\377?\000\000\066\064/mpich\230\265\373\267\377?\000\000gcc_s.so\024\000\000\000\003\000\000\000\000~\377\267\377?\000\000\020\000\000\000\001\000\000\000\066\064/mpich/lib/libm.so.6\000\000\003\b\000\000\000\000\000\000\273H\002\000\000\000\000\000\001\000\000\000\000\000\000\000\355\201", '\000' <repeats 22 times>, "\220\257!\000\000\000\000\000\000\000\001\000\000\000\000\000"...
        cursor = 0x3fffffffc2bb "libmozgtk.so"
        flist = {mValue = 0x3fffb7820400}
        buffer = "libmozgtk.so\000\000so\000\000\377\377\377?\000\000\070\323\377\377\377?\000\000\070\323\377\377\377?\000\000\000\323\377\377\377?\000\000\000\000\000\000\000\000\000\000\320\026\001\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "\270\343\377\377\377?\000\000P\343\377\377\377?\000\000\000\000\000\000\000\000\000\000tZ\000\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "/proc/self/exe\000\000/usr/lib64/firefox/firefox", '\000' <repeats 3310 times>...
#22 0x0000000100034520 in XPCOMGlueLoad(char const*) (aDependentLib=0x3fffffffc2a8 "/usr/lib64/firefox/libmozgtk.so") at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:157
        l = <optimized out>
        xpcomDir = "/usr/lib64/firefox/libmozgtk.so\000.so\000t\000\000\000\320?\377\267\377?\000\000Tp\243\267\377?\000\000\340\307\377\377\377?\000\000\066\064/mpich\230\265\373\267\377?\000\000gcc_s.so\024\000\000\000\003\000\000\000\000~\377\267\377?\000\000\020\000\000\000\001\000\000\000\066\064/mpich/lib/libm.so.6\000\000\003\b\000\000\000\000\000\000\273H\002\000\000\000\000\000\001\000\000\000\000\000\000\000\355\201", '\000' <repeats 22 times>, "\220\257!\000\000\000\000\000\000\000\001\000\000\000\000\000"...
        cursor = 0x3fffffffc2bb "libmozgtk.so"
        flist = {mValue = 0x3fffb7820400}
        buffer = "libmozgtk.so\000\000so\000\000\377\377\377?\000\000\070\323\377\377\377?\000\000\070\323\377\377\377?\000\000\000\323\377\377\377?\000\000\000\000\000\000\000\000\000\000\320\026\001\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "\270\343\377\377\377?\000\000P\343\377\377\377?\000\000\000\000\000\000\000\000\000\000tZ\000\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "/proc/self/exe\000\000/usr/lib64/firefox/firefox", '\000' <repeats 3310 times>...
#23 0x0000000100034520 in XPCOMGlueLoad(char const*) (aXPCOMFile=0x3fffb7810140 "/usr/lib64/firefox/libxul.so") at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:333
        l = <optimized out>
        xpcomDir = "/usr/lib64/firefox/libmozgtk.so\000.so\000t\000\000\000\320?\377\267\377?\000\000Tp\243\267\377?\000\000\340\307\377\377\377?\000\000\066\064/mpich\230\265\373\267\377?\000\000gcc_s.so\024\000\000\000\003\000\000\000\000~\377\267\377?\000\000\020\000\000\000\001\000\000\000\066\064/mpich/lib/libm.so.6\000\000\003\b\000\000\000\000\000\000\273H\002\000\000\000\000\000\001\000\000\000\000\000\000\000\355\201", '\000' <repeats 22 times>, "\220\257!\000\000\000\000\000\000\000\001\000\000\000\000\000"...
        cursor = 0x3fffffffc2bb "libmozgtk.so"
        flist = {mValue = 0x3fffb7820400}
        buffer = "libmozgtk.so\000\000so\000\000\377\377\377?\000\000\070\323\377\377\377?\000\000\070\323\377\377\377?\000\000\000\323\377\377\377?\000\000\000\000\000\000\000\000\000\000\320\026\001\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "\270\343\377\377\377?\000\000P\343\377\377\377?\000\000\000\000\000\000\000\000\000\000tZ\000\000\001\000\000\000\000\177\005\000\001", '\000' <repeats 11 times>, "/proc/self/exe\000\000/usr/lib64/firefox/firefox", '\000' <repeats 3310 times>...
#24 0x00000001000347b4 in mozilla::GetBootstrap(char const*) (aXPCOMFile=0x3fffb7810120 "/usr/lib64/firefox/firefox") at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:399
        gSliceInit = <optimized out>
        base_len = 19
        file = 
              {mTuple = {<mozilla::detail::PairHelper<char*, mozilla::detail::FreePolicy<char>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::detail::FreePolicy<char>> = {<No data fields>}, mFirstA = 0x3fffb7810140 "/usr/lib64/firefox/libxul.so"}, <No data fields>}}
        b = {mTuple = {<mozilla::detail::PairHelper<mozilla::Bootstrap*, mozilla::Bootstrap::BootstrapDelete, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::Bootstrap::BootstrapDelete> = {<No data fields>}, mFirstA = 0x2d}, <No data fields>}}
#25 0x0000000100005b18 in InitXPCOMGlue() () at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:243
        exePath = 
              {mTuple = {<mozilla::detail::PairHelper<char*, mozilla::detail::FreePolicy<char>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::detail::FreePolicy<char>> = {<No data fields>}, mFirstA = 0x3fffb7810120 "/usr/lib64/firefox/firefox"}, <No data fields>}}
#26 0x00000001000054ac in main(int, char**, char**) (argc=<optimized out>, argv=0x3fffffffe828, envp=0x3fffffffe838) at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:293
        rv = <optimized out>
        result = <optimized out>
A debugging session is active.

	Inferior 1 [process 21107] will be killed.

Quit anyway? (y or n)

Comment 1 Martin Stransky 2018-05-16 12:21:05 UTC

New test builds are available here: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=16314298

Comment 2 Martin Stransky 2018-05-16 12:21:48 UTC

Please test when the builds are finished.

Comment 3 Tomas Pelka 2018-05-17 13:35:08 UTC

OK with -7 build works fine except of bz1574501.

Comment 4 Martin Stransky 2018-05-18 07:05:18 UTC

This bug is against unreleased/testing builds, closing as we're not going to use this #BZ for any public purpose.

Note You need to log in before you can comment on or make changes to this bug.