1576330 – [aarch64] ESR60 segfault in arena_t::SplitRun

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1576330 - [aarch64] ESR60 segfault in arena_t::SplitRun

Summary: [aarch64] ESR60 segfault in arena_t::SplitRun

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	firefox
Sub Component:
Version:	7.6
Hardware:	aarch64
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Martin Stransky
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1556893
TreeView+	depends on / blocked

Reported:	2018-05-09 08:41 UTC by Tomas Pelka
Modified:	2018-06-25 08:08 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-06-25 08:08:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Tomas Pelka 2018-05-09 08:41:30 UTC

New FF 60ESR segfault at start

Version-Release number of selected component (if applicable):
firefox-60.0-4.el7_5

How reproducible:
100%

Steps to Reproduce:
1. start firefox
2.
3.

Actual results:
segfault at startup


Expected results:


Additional info:
$ firefox -g -d gdb
  LD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox/plugins:/usr/lib64/firefox
DISPLAY=:1
FONTCONFIG_PATH=/etc/fonts:/usr/lib64/firefox/res/Xft
DYLD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox
     LIBRARY_PATH=
       SHLIB_PATH=/usr/lib64/firefox:/usr/lib64/firefox
          LIBPATH=/usr/lib64/firefox:/usr/lib64/firefox
       ADDON_PATH=
      MOZ_PROGRAM=/usr/lib64/firefox/firefox
      MOZ_TOOLKIT=
        moz_debug=1
     moz_debugger=gdb
moz_debugger_args=
/bin/gdb  --args /usr/lib64/firefox/firefox
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-110.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "aarch64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib64/firefox/firefox...Reading symbols from /usr/lib/debug/usr/lib64/firefox/firefox-bin.debug...done.
done.
(gdb) set logging on
Copying output to gdb.txt.
(gdb) set logging file ff.bt
(gdb) r
Starting program: /usr/lib64/firefox/firefox 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
arena_t::SplitRun (this=this@entry=0xffffbe200000, 
    aRun=aRun@entry=0xffffbbb10000, aSize=aSize@entry=65536, 
    aLarge=aLarge@entry=false, aZero=aZero@entry=false)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2320
2320	  old_ndirty = chunk->ndirty;
(gdb) thread apply all bt full

Thread 1 (Thread 0xffffbe804e90 (LWP 11913)):
#0  arena_t::SplitRun (this=this@entry=0xffffbe200000, 
    aRun=aRun@entry=0xffffbbb10000, aSize=aSize@entry=65536, 
    aLarge=aLarge@entry=false, aZero=aZero@entry=false)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2320
        old_ndirty = <optimized out>
        run_ind = <optimized out>
        total_pages = <optimized out>
        need_pages = <optimized out>
        rem_pages = <optimized out>
        i = <optimized out>
#1  0x0000aaaaaaaac2f0 in arena_t::AllocRun (this=0xffffbe200000, aSize=65536, 
    aLarge=aLarge@entry=false, aZero=aZero@entry=false)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2546
        run = 0xffffbbb10000
        key = {link = {mLeft = <optimized out>, 
            mRightAndColor = <optimized out>}, bits = 65552}
#2  0x0000aaaaaaaadc90 in arena_t::GetNonFullBinRun (this=<optimized out>, 
    aBin=0xffffbe200790)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2796
        run = <optimized out>
        i = <optimized out>
---Type <return> to continue, or q <return> to quit---
        remainder = <optimized out>
        aBin = 0xffffbe200790
#3  0x0000aaaaaaaaf5dc in MallocSmall (aZero=true, aSize=<optimized out>, 
    this=0xffffbe200000)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2942
        bin = 0xffffbe200790
        run = <optimized out>
        sizeClass = {mType = SizeClass::Quantum, mSize = 512}
#4  Malloc (aZero=true, aSize=<optimized out>, this=0xffffbe200000)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2999
No locals.
#5  calloc (aSize=1, aNum=1, this=<synthetic pointer>)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:4178
        arena = 0xffffbe200000
        ret = 0xffffbe200790
#6  calloc (arg2=1, arg1=1)
    at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38
No locals.
#7  calloc (arg1=arg1@entry=1, arg2=<optimized out>)
    at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38
No locals.
#8  0x0000ffffbcda5260 in g_malloc0 (n_bytes=<optimized out>) at gmem.c:124
        mem = <optimized out>
---Type <return> to continue, or q <return> to quit---
#9  0x0000ffffbcda548c in g_malloc0_n (n_blocks=<optimized out>, 
    n_block_bytes=n_block_bytes@entry=8) at gmem.c:355
No locals.
#10 0x0000ffffbcd8c5f4 in g_hash_table_resize (
    hash_table=hash_table@entry=0xffffbe191780) at ghash.c:589
        __n = <optimized out>
        __s = 8
        __p = <optimized out>
        new_keys = <optimized out>
        new_values = <optimized out>
        new_hashes = <optimized out>
        old_size = 32
        i = <optimized out>
#11 0x0000ffffbcd8cdc4 in g_hash_table_maybe_resize (hash_table=0xffffbe191780)
    at ghash.c:649
        noccupied = <optimized out>
        size = <optimized out>
#12 g_hash_table_insert_node (hash_table=0xffffbe191780, 
    node_index=<optimized out>, key_hash=<optimized out>, 
    new_key=<optimized out>, new_value=<optimized out>, 
    keep_new_key=<optimized out>, reusing_key=<optimized out>) at ghash.c:984
        already_exists = 0
        old_hash = 0
---Type <return> to continue, or q <return> to quit---
        key_to_free = <optimized out>
        value_to_free = 0x0
#13 0x0000ffffbcdb0250 in quark_new (string=0xffffbcecfbd0 "GParamLong")
    at gquark.c:298
        quarks_new = <optimized out>
#14 quark_from_string (duplicate=0, string=0xffffbcecfbd0 "GParamLong")
    at gquark.c:186
        duplicate = 0
        string = 0xffffbcecfbd0 "GParamLong"
        quark = <optimized out>
#15 g_intern_static_string (string=string@entry=0xffffbcecfbd0 "GParamLong")
    at gquark.c:356
        result = <optimized out>
#16 0x0000ffffbceafb64 in _g_param_spec_types_init () at gparamspecs.c:1277
        pspec_info = {instance_size = 96, n_preallocs = 16, 
          instance_init = 0xffffbceae9d0 <param_long_init>, value_type = 32, 
          finalize = 0x0, 
          value_set_default = 0xffffbceae9e8 <param_long_set_default>, 
          value_validate = 0xffffbceae9f4 <param_long_validate>, 
          values_cmp = 0xffffbceaea20 <param_long_values_cmp>}
        type = <optimized out>
        spec_types = 0xffffbc4a02a8
        spec_types_bound = 0xffffbc4a0338
---Type <return> to continue, or q <return> to quit---
        __FUNCTION__ = "_g_param_spec_types_init"
#17 0x0000ffffbce9b2c4 in gobject_init () at gtype.c:4443
        info = {class_size = 0, base_init = 0x0, base_finalize = 0x0, 
          class_init = 0x0, class_finalize = 0x0, class_data = 0x0, 
          instance_size = 0, n_preallocs = 0, instance_init = 0x0, 
          value_table = 0x0}
        node = <optimized out>
        type = 8
        env_string = <optimized out>
#18 gobject_init_ctor () at gtype.c:4488
No locals.
#19 0x0000ffffbe7de320 in call_init (env=0xffffffffed68, argv=0xffffffffed58, 
    argc=1, l=<optimized out>) at dl-init.c:82
        j = <optimized out>
        jm = <optimized out>
        addrs = <optimized out>
        init_array = <optimized out>
        env = 0xffffffffed68
        argv = 0xffffffffed58
        argc = 1
        l = <optimized out>
#20 _dl_init (main_map=main_map@entry=0xffffbe141800, argc=1, 
    argv=0xffffffffed58, env=0xffffffffed68) at dl-init.c:131
---Type <return> to continue, or q <return> to quit---
        preinit_array = <optimized out>
        preinit_array_size = <optimized out>
        i = 37
#21 0x0000ffffbe7e2918 in dl_open_worker (a=a@entry=0xffffffffc860)
    at dl-open.c:560
        args = 0xffffffffc860
        file = <optimized out>
        mode = <optimized out>
        call_map = <optimized out>
        dst = <optimized out>
        new = 0xffffbe141800
        r = 0xffffbe801138 <_r_debug>
        reloc_mode = <optimized out>
        nmaps = <optimized out>
        l = <optimized out>
        maps = <optimized out>
        relocation_in_progress = 1
        any_tls = <optimized out>
        first_static_tls = <optimized out>
#22 0x0000ffffbe7de13c in _dl_catch_error (
    objname=objname@entry=0xffffffffc840, 
    errstring=errstring@entry=0xffffffffc850, 
    mallocedp=mallocedp@entry=0xffffffffc830, 
---Type <return> to continue, or q <return> to quit---
    operate=operate@entry=0xffffbe7e2514 <dl_open_worker>, 
    args=args@entry=0xffffffffc860) at dl-error.c:177
        errcode = 0
        old = 0xffffffffc940
        c = {objname = 0x2cfffffdb0 <Address 0x2cfffffdb0 out of bounds>, 
          errstring = 0x0, malloced = 20, env = {{__jmpbuf = {281474976695920, 
                281473877803008, 2147483905, 281473877803008, 281473877803008, 
                281474976697160, 1, 281473876889508, 187649984593496, 0, 
                281474976695824, 5152925335405849442, 0, 5152925336488103022, 
                0, 0, 0, 0, 0, 0, 0, 0}, __mask_was_saved = 20, 
              __saved_mask = {__val = {55834574304, 0, 1116691496980, 
                  55834574296, 0, 1219770712084, 55834574288, 0, 
                  1322849927188, 55834574280, 281474976696256, 
                  281473877679996, 18446744073709551614, 281473877803008, 
                  1529008357376, 55834574264}}}}}
        catchp = 0xffffbe805630
#23 0x0000ffffbe7e1fd4 in _dl_open (
    file=0xffffffffcb48 "/usr/lib64/firefox/libmozgtk.so", mode=-2147483391, 
    caller_dlopen=0xaaaaaaac7e58 <XPCOMGlueLoad(char const*)+336>, nsid=-2, 
    argc=1, argv=<optimized out>, env=<optimized out>) at dl-open.c:650
        args = {file = 0xffffffffcb48 "/usr/lib64/firefox/libmozgtk.so", 
          mode = -2147483391, 
          caller_dlopen = 0xaaaaaaac7e58 <XPCOMGlueLoad(char const*)+336>, 
---Type <return> to continue, or q <return> to quit---
          caller_dl_open = 0xffffbe720fa4 <dlopen_doit+108>, 
          map = 0xffffbe141800, nsid = 0, argc = 1, argv = 0xffffffffed58, 
          env = 0xffffffffed68}
        objname = 0x0
        errstring = 0x0
        malloced = false
        errcode = <optimized out>
#24 0x0000ffffbe720fa4 in dlopen_doit (a=a@entry=0xffffffffcad0) at dlopen.c:66
        args = 0xffffffffcad0
#25 0x0000ffffbe7de13c in _dl_catch_error (objname=0xffffbe110170, 
    errstring=0xffffbe110178, mallocedp=0xffffbe110168, 
    operate=0xffffbe720f38 <dlopen_doit>, args=0xffffffffcad0)
    at dl-error.c:177
        errcode = 0
        old = 0x0
        c = {objname = 0x0, errstring = 0x0, malloced = false, env = {{
              __jmpbuf = {281474976696640, 281473877016576, 281474976697040, 
                281473876889400, 187649984688128, 19, 187649984692224, 
                281473870729216, 0, 0, 281474976696544, 5152925335405849442, 
                0, 5152925336488100510, 0, 0, 0, 0, 0, 0, 0, 0}, 
              __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 0, 0, 0, 0, 
                  281474976696976, 281473876891088, 281474976701256, 
                  281473877016576, 281474976697040, 281473876889400, 0, 0, 0, 
---Type <return> to continue, or q <return> to quit---
                  0}}}}}
        catchp = 0xffffbe805630
#26 0x0000ffffbe721614 in _dlerror_run (
    operate=operate@entry=0xffffbe720f38 <dlopen_doit>, 
    args=args@entry=0xffffffffcad0) at dlerror.c:163
        result = 0xffffbe110160
#27 0x0000ffffbe72104c in __dlopen (file=<optimized out>, mode=<optimized out>)
    at dlopen.c:87
        args = {file = 0xffffffffcb48 "/usr/lib64/firefox/libmozgtk.so", 
          mode = 257, new = 0x0, 
          caller = 0xaaaaaaac7e58 <XPCOMGlueLoad(char const*)+336>}
#28 0x0000aaaaaaac7e58 in GetLibHandle (
    aDependentLib=0xffffffffcb48 "/usr/lib64/firefox/libmozgtk.so")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:105
        libHandle = <optimized out>
#29 ReadDependentCB (
    aDependentLib=0xffffffffcb48 "/usr/lib64/firefox/libmozgtk.so")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:157
No locals.
#30 XPCOMGlueLoad (
    aXPCOMFile=aXPCOMFile@entry=0xffffbe110140 "/usr/lib64/firefox/libxul.so")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:333
        l = <optimized out>
---Type <return> to continue, or q <return> to quit---
        xpcomDir = "/usr/lib64/firefox/libmozgtk.so\000.so\000t", '\000' <repeats 83 times>, "h\021\200\276\377\377\000\000\002\000\000\000\000\000\000\000\320\316\377\377\377\377\000\000\000\000\000\000\000\000\000\000\020\314\377\377\377\377\000\000x\250}\276\377\377\000\000\320:\200\276\377\377\000\000`?\200\276\377\377\000\000\000\000\000\000\000\000\000\000\060?\200\276\377\377\000\000"...
        cursor = 0xffffffffcb5b "libmozgtk.so"
        flist = {mValue = 0xffffbe120400}
        buffer = "libmozgtk.so\000\000so\000\000\252\252\252\252\000\000\000\360\255\252\252\252\000\000\001\000\000\000\000\000\000\000X\355\377\377\377\377\000\000,X\252\252\252\252\000\000\000\000\000\000\000\000\000\000/proc/self/exe\000\000/usr/lib64/firefox/firefox", '\000' <repeats 2974 times>...
#31 0x0000aaaaaaac8028 in mozilla::GetBootstrap (
    aXPCOMFile=0xffffbe110120 "/usr/lib64/firefox/firefox")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:399
        gSliceInit = {mHadGSlice = true}
        base_len = 19
        file = {
          mTuple = {<mozilla::detail::PairHelper<char*, mozilla::detail::FreePolicy<char>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::detail::FreePolicy<char>> = {<No data fields>}, 
              mFirstA = 0xffffbe110140 "/usr/lib64/firefox/libxul.so"}, <No data fields>}}
        b = {
---Type <return> to continue, or q <return> to quit---
          mTuple = {<mozilla::detail::PairHelper<mozilla::Bootstrap*, mozilla::Bootstrap::BootstrapDelete, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::Bootstrap::BootstrapDelete> = {<No data fields>}, 
              mFirstA = 0x0}, <No data fields>}}
#32 0x0000aaaaaaaa5840 in InitXPCOMGlue ()
    at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:243
        exePath = {
          mTuple = {<mozilla::detail::PairHelper<char*, mozilla::detail::FreePolicy<char>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::detail::FreePolicy<char>> = {<No data fields>}, 
              mFirstA = 0xffffbe110120 "/usr/lib64/firefox/firefox"}, <No data fields>}}
#33 0x0000aaaaaaaa53f8 in main (argc=1, argv=0xffffffffed58, 
    envp=0xffffffffed68)
    at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:293
        rv = <optimized out>
        result = <optimized out>
(gdb) 
(gdb) q
A debugging session is active.

	Inferior 1 [process 11913] will be killed.

Quit anyway? (y or n) y
[test2@hp-moonshot-02-c08 ~]$ cat
cat        catchsegv  catman     
[test2@hp-moonshot-02-c08 ~]$ cat 
.bash_logout   .cache/        Desktop/       .esd_auth      .ICEauthority  Music/         Templates/     .Xauthority
.bash_profile  .config/       Documents/     gdb.txt        .local/        Pictures/      Videos/        
.bashrc        .dbus/         Downloads/     .gvfs/         .mozilla/      Public/        .vnc/          
[test2@hp-moonshot-02-c08 ~]$ cat gdb.txt 
Starting program: /usr/lib64/firefox/firefox 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
arena_t::SplitRun (this=this@entry=0xffffbe200000, 
    aRun=aRun@entry=0xffffbbb10000, aSize=aSize@entry=65536, 
    aLarge=aLarge@entry=false, aZero=aZero@entry=false)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2320
2320	  old_ndirty = chunk->ndirty;

Thread 1 (Thread 0xffffbe804e90 (LWP 11913)):
#0  arena_t::SplitRun (this=this@entry=0xffffbe200000, 
    aRun=aRun@entry=0xffffbbb10000, aSize=aSize@entry=65536, 
    aLarge=aLarge@entry=false, aZero=aZero@entry=false)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2320
        old_ndirty = <optimized out>
        run_ind = <optimized out>
        total_pages = <optimized out>
        need_pages = <optimized out>
        rem_pages = <optimized out>
        i = <optimized out>
#1  0x0000aaaaaaaac2f0 in arena_t::AllocRun (this=0xffffbe200000, aSize=65536, 
    aLarge=aLarge@entry=false, aZero=aZero@entry=false)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2546
        run = 0xffffbbb10000
        key = {link = {mLeft = <optimized out>, 
            mRightAndColor = <optimized out>}, bits = 65552}
#2  0x0000aaaaaaaadc90 in arena_t::GetNonFullBinRun (this=<optimized out>, 
    aBin=0xffffbe200790)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2796
        run = <optimized out>
        i = <optimized out>
        remainder = <optimized out>
        aBin = 0xffffbe200790
#3  0x0000aaaaaaaaf5dc in MallocSmall (aZero=true, aSize=<optimized out>, 
    this=0xffffbe200000)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2942
        bin = 0xffffbe200790
        run = <optimized out>
        sizeClass = {mType = SizeClass::Quantum, mSize = 512}
#4  Malloc (aZero=true, aSize=<optimized out>, this=0xffffbe200000)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:2999
No locals.
#5  calloc (aSize=1, aNum=1, this=<synthetic pointer>)
    at /usr/src/debug/firefox-60.0/memory/build/mozjemalloc.cpp:4178
        arena = 0xffffbe200000
        ret = 0xffffbe200790
#6  calloc (arg2=1, arg1=1)
    at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38
No locals.
#7  calloc (arg1=arg1@entry=1, arg2=<optimized out>)
    at /usr/src/debug/firefox-60.0/memory/build/malloc_decls.h:38
No locals.
#8  0x0000ffffbcda5260 in g_malloc0 (n_bytes=<optimized out>) at gmem.c:124
        mem = <optimized out>
#9  0x0000ffffbcda548c in g_malloc0_n (n_blocks=<optimized out>, 
    n_block_bytes=n_block_bytes@entry=8) at gmem.c:355
No locals.
#10 0x0000ffffbcd8c5f4 in g_hash_table_resize (
    hash_table=hash_table@entry=0xffffbe191780) at ghash.c:589
        __n = <optimized out>
        __s = 8
        __p = <optimized out>
        new_keys = <optimized out>
        new_values = <optimized out>
        new_hashes = <optimized out>
        old_size = 32
        i = <optimized out>
#11 0x0000ffffbcd8cdc4 in g_hash_table_maybe_resize (hash_table=0xffffbe191780)
    at ghash.c:649
        noccupied = <optimized out>
        size = <optimized out>
#12 g_hash_table_insert_node (hash_table=0xffffbe191780, 
    node_index=<optimized out>, key_hash=<optimized out>, 
    new_key=<optimized out>, new_value=<optimized out>, 
    keep_new_key=<optimized out>, reusing_key=<optimized out>) at ghash.c:984
        already_exists = 0
        old_hash = 0
        key_to_free = <optimized out>
        value_to_free = 0x0
#13 0x0000ffffbcdb0250 in quark_new (string=0xffffbcecfbd0 "GParamLong")
    at gquark.c:298
        quarks_new = <optimized out>
#14 quark_from_string (duplicate=0, string=0xffffbcecfbd0 "GParamLong")
    at gquark.c:186
        duplicate = 0
        string = 0xffffbcecfbd0 "GParamLong"
        quark = <optimized out>
#15 g_intern_static_string (string=string@entry=0xffffbcecfbd0 "GParamLong")
    at gquark.c:356
        result = <optimized out>
#16 0x0000ffffbceafb64 in _g_param_spec_types_init () at gparamspecs.c:1277
        pspec_info = {instance_size = 96, n_preallocs = 16, 
          instance_init = 0xffffbceae9d0 <param_long_init>, value_type = 32, 
          finalize = 0x0, 
          value_set_default = 0xffffbceae9e8 <param_long_set_default>, 
          value_validate = 0xffffbceae9f4 <param_long_validate>, 
          values_cmp = 0xffffbceaea20 <param_long_values_cmp>}
        type = <optimized out>
        spec_types = 0xffffbc4a02a8
        spec_types_bound = 0xffffbc4a0338
        __FUNCTION__ = "_g_param_spec_types_init"
#17 0x0000ffffbce9b2c4 in gobject_init () at gtype.c:4443
        info = {class_size = 0, base_init = 0x0, base_finalize = 0x0, 
          class_init = 0x0, class_finalize = 0x0, class_data = 0x0, 
          instance_size = 0, n_preallocs = 0, instance_init = 0x0, 
          value_table = 0x0}
        node = <optimized out>
        type = 8
        env_string = <optimized out>
#18 gobject_init_ctor () at gtype.c:4488
No locals.
#19 0x0000ffffbe7de320 in call_init (env=0xffffffffed68, argv=0xffffffffed58, 
    argc=1, l=<optimized out>) at dl-init.c:82
        j = <optimized out>
        jm = <optimized out>
        addrs = <optimized out>
        init_array = <optimized out>
        env = 0xffffffffed68
        argv = 0xffffffffed58
        argc = 1
        l = <optimized out>
#20 _dl_init (main_map=main_map@entry=0xffffbe141800, argc=1, 
    argv=0xffffffffed58, env=0xffffffffed68) at dl-init.c:131
        preinit_array = <optimized out>
        preinit_array_size = <optimized out>
        i = 37
#21 0x0000ffffbe7e2918 in dl_open_worker (a=a@entry=0xffffffffc860)
    at dl-open.c:560
        args = 0xffffffffc860
        file = <optimized out>
        mode = <optimized out>
        call_map = <optimized out>
        dst = <optimized out>
        new = 0xffffbe141800
        r = 0xffffbe801138 <_r_debug>
        reloc_mode = <optimized out>
        nmaps = <optimized out>
        l = <optimized out>
        maps = <optimized out>
        relocation_in_progress = 1
        any_tls = <optimized out>
        first_static_tls = <optimized out>
#22 0x0000ffffbe7de13c in _dl_catch_error (
    objname=objname@entry=0xffffffffc840, 
    errstring=errstring@entry=0xffffffffc850, 
    mallocedp=mallocedp@entry=0xffffffffc830, 
    operate=operate@entry=0xffffbe7e2514 <dl_open_worker>, 
    args=args@entry=0xffffffffc860) at dl-error.c:177
        errcode = 0
        old = 0xffffffffc940
        c = {objname = 0x2cfffffdb0 <Address 0x2cfffffdb0 out of bounds>, 
          errstring = 0x0, malloced = 20, env = {{__jmpbuf = {281474976695920, 
                281473877803008, 2147483905, 281473877803008, 281473877803008, 
                281474976697160, 1, 281473876889508, 187649984593496, 0, 
                281474976695824, 5152925335405849442, 0, 5152925336488103022, 
                0, 0, 0, 0, 0, 0, 0, 0}, __mask_was_saved = 20, 
              __saved_mask = {__val = {55834574304, 0, 1116691496980, 
                  55834574296, 0, 1219770712084, 55834574288, 0, 
                  1322849927188, 55834574280, 281474976696256, 
                  281473877679996, 18446744073709551614, 281473877803008, 
                  1529008357376, 55834574264}}}}}
        catchp = 0xffffbe805630
#23 0x0000ffffbe7e1fd4 in _dl_open (
    file=0xffffffffcb48 "/usr/lib64/firefox/libmozgtk.so", mode=-2147483391, 
    caller_dlopen=0xaaaaaaac7e58 <XPCOMGlueLoad(char const*)+336>, nsid=-2, 
    argc=1, argv=<optimized out>, env=<optimized out>) at dl-open.c:650
        args = {file = 0xffffffffcb48 "/usr/lib64/firefox/libmozgtk.so", 
          mode = -2147483391, 
          caller_dlopen = 0xaaaaaaac7e58 <XPCOMGlueLoad(char const*)+336>, 
          caller_dl_open = 0xffffbe720fa4 <dlopen_doit+108>, 
          map = 0xffffbe141800, nsid = 0, argc = 1, argv = 0xffffffffed58, 
          env = 0xffffffffed68}
        objname = 0x0
        errstring = 0x0
        malloced = false
        errcode = <optimized out>
#24 0x0000ffffbe720fa4 in dlopen_doit (a=a@entry=0xffffffffcad0) at dlopen.c:66
        args = 0xffffffffcad0
#25 0x0000ffffbe7de13c in _dl_catch_error (objname=0xffffbe110170, 
    errstring=0xffffbe110178, mallocedp=0xffffbe110168, 
    operate=0xffffbe720f38 <dlopen_doit>, args=0xffffffffcad0)
    at dl-error.c:177
        errcode = 0
        old = 0x0
        c = {objname = 0x0, errstring = 0x0, malloced = false, env = {{
              __jmpbuf = {281474976696640, 281473877016576, 281474976697040, 
                281473876889400, 187649984688128, 19, 187649984692224, 
                281473870729216, 0, 0, 281474976696544, 5152925335405849442, 
                0, 5152925336488100510, 0, 0, 0, 0, 0, 0, 0, 0}, 
              __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 0, 0, 0, 0, 
                  281474976696976, 281473876891088, 281474976701256, 
                  281473877016576, 281474976697040, 281473876889400, 0, 0, 0, 
                  0}}}}}
        catchp = 0xffffbe805630
#26 0x0000ffffbe721614 in _dlerror_run (
    operate=operate@entry=0xffffbe720f38 <dlopen_doit>, 
    args=args@entry=0xffffffffcad0) at dlerror.c:163
        result = 0xffffbe110160
#27 0x0000ffffbe72104c in __dlopen (file=<optimized out>, mode=<optimized out>)
    at dlopen.c:87
        args = {file = 0xffffffffcb48 "/usr/lib64/firefox/libmozgtk.so", 
          mode = 257, new = 0x0, 
          caller = 0xaaaaaaac7e58 <XPCOMGlueLoad(char const*)+336>}
#28 0x0000aaaaaaac7e58 in GetLibHandle (
    aDependentLib=0xffffffffcb48 "/usr/lib64/firefox/libmozgtk.so")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:105
        libHandle = <optimized out>
#29 ReadDependentCB (
    aDependentLib=0xffffffffcb48 "/usr/lib64/firefox/libmozgtk.so")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:157
No locals.
#30 XPCOMGlueLoad (
    aXPCOMFile=aXPCOMFile@entry=0xffffbe110140 "/usr/lib64/firefox/libxul.so")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:333
        l = <optimized out>
        xpcomDir = "/usr/lib64/firefox/libmozgtk.so\000.so\000t", '\000' <repeats 83 times>, "h\021\200\276\377\377\000\000\002\000\000\000\000\000\000\000\320\316\377\377\377\377\000\000\000\000\000\000\000\000\000\000\020\314\377\377\377\377\000\000x\250}\276\377\377\000\000\320:\200\276\377\377\000\000`?\200\276\377\377\000\000\000\000\000\000\000\000\000\000\060?\200\276\377\377\000\000"...
        cursor = 0xffffffffcb5b "libmozgtk.so"
        flist = {mValue = 0xffffbe120400}
        buffer = "libmozgtk.so\000\000so\000\000\252\252\252\252\000\000\000\360\255\252\252\252\000\000\001\000\000\000\000\000\000\000X\355\377\377\377\377\000\000,X\252\252\252\252\000\000\000\000\000\000\000\000\000\000/proc/self/exe\000\000/usr/lib64/firefox/firefox", '\000' <repeats 2974 times>...
#31 0x0000aaaaaaac8028 in mozilla::GetBootstrap (
    aXPCOMFile=0xffffbe110120 "/usr/lib64/firefox/firefox")
    at /usr/src/debug/firefox-60.0/xpcom/glue/standalone/nsXPCOMGlue.cpp:399
        gSliceInit = {mHadGSlice = true}
        base_len = 19
        file = {
          mTuple = {<mozilla::detail::PairHelper<char*, mozilla::detail::FreePolicy<char>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::detail::FreePolicy<char>> = {<No data fields>}, 
              mFirstA = 0xffffbe110140 "/usr/lib64/firefox/libxul.so"}, <No data fields>}}
        b = {
          mTuple = {<mozilla::detail::PairHelper<mozilla::Bootstrap*, mozilla::Bootstrap::BootstrapDelete, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::Bootstrap::BootstrapDelete> = {<No data fields>}, 
              mFirstA = 0x0}, <No data fields>}}
#32 0x0000aaaaaaaa5840 in InitXPCOMGlue ()
    at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:243
        exePath = {
          mTuple = {<mozilla::detail::PairHelper<char*, mozilla::detail::FreePolicy<char>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::detail::FreePolicy<char>> = {<No data fields>}, 
              mFirstA = 0xffffbe110120 "/usr/lib64/firefox/firefox"}, <No data fields>}}
#33 0x0000aaaaaaaa53f8 in main (argc=1, argv=0xffffffffed58, 
    envp=0xffffffffed68)
    at /usr/src/debug/firefox-60.0/browser/app/nsBrowserApp.cpp:293
        rv = <optimized out>
        result = <optimized out>
A debugging session is active.

	Inferior 1 [process 11913] will be killed.

Comment 1 Martin Stransky 2018-05-11 11:15:38 UTC

Bug 1573377 is going to be fixed by 52.8 ESR release, it's not related to this bug.

Comment 2 Martin Stransky 2018-05-16 11:03:19 UTC

Please try https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=16312463 when finishes.

Comment 3 Tomas Pelka 2018-05-17 13:34:54 UTC

OK with -7 build works fine except of bz1574501.

Comment 4 Martin Stransky 2018-05-18 07:04:53 UTC

This bug is against unreleased/testing builds, closing as we're not going to use this #BZ for any public purpose.

Comment 5 Tomas Pelka 2018-06-22 21:06:47 UTC

It is back with  firefox-60.1.0-3.el7_5

Comment 6 Martin Stransky 2018-06-24 12:46:02 UTC

New builds are on the way:
https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=16850727

Comment 7 Tomas Pelka 2018-06-25 08:08:45 UTC

Gone with firefox-60.1.0-4.el7_5

Note You need to log in before you can comment on or make changes to this bug.