Created attachment 1436812 [details] gdb backtrace Unable to start firefox-60.0-4 on a qemu ppc64le machine. I installed a f27 fedora qemu ppc64le machine with last updates. When I start a firefox-60.0-4 I get a Segmentation fault. Same problem on f28. on the console I have: [363497.629997] firefox[32007]: unhandled signal 11 at 0000000000000000 nip 000000010000d514 lr 000000010000d790 code 1 when I use gdb (I run firefox thru a shh -X session), I do: gdb -tui /usr/lib64/firefox/firefox (gdb) run --no-remote Program received signal SIGSEGV, Segmentation fault. RedBlackTree<arena_chunk_map_t, ArenaAvailTreeTrait>::TreeNode::SetColor ( aColor=Red, this=<synthetic pointer>) at /usr/src/debug/firefox-60.0-4.f27.ppc64le/memory/build/rb.h:203 |192 NodeColor Color() │ │193 { │ │194 return mNode ? Trait::GetTreeNode(mNode).Color() : NodeColor:│ │195 } │ │196 │ │197 bool IsRed() { return Color() == NodeColor::Red; } │ │198 │ │199 bool IsBlack() { return Color() == NodeColor::Black; } │ │200 │ │201 void SetColor(NodeColor aColor) │ │202 { │ >│203 MOZ_RELEASE_ASSERT(mNode); │ │204 Trait::GetTreeNode(mNode).SetColor(aColor); │ │205 } │ │206 │ │207 T* Get() { return mNode; } │ │208 │ │209 MOZ_IMPLICIT operator bool() { return !!mNode; } │ │210 │ │211 bool operator==(TreeNode& aOther) { return mNode == aOther.mNod│ │212 │ │213 private: │ │214 T* mNode; │ │215 };
Yes, that's because of jemalloc. You can try jemalloc disabled builds: https://koji.fedoraproject.org/koji/taskinfo?taskID=26989530 Also there's a crash at js/src/wasm/WasmSignalHandlers.cpp, ContextToPC() does not have handler for ppc64le and other arches here. bt: #0 0x00003fffb1f49edc in ContextToPC(ucontext_t*) (context=0x3fffffff5a60) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/wasm/WasmSignalHandlers.cpp:441 #1 0x00003fffb1f4acf4 in RedirectJitCodeToInterruptCheck(JSContext*, ucontext_t*) (cx=0x1004b37f0, context=0x3fffffff5a60) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/wasm/WasmSignalHandlers.cpp:1553 #2 0x00003fffb1f4aeac in JitInterruptHandler(int, siginfo_t*, void*) (signum=26, info=0x3fffffff67d8, context=0x3fffffff5a60) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/wasm/WasmSignalHandlers.cpp:1601 #3 0x00003fffb7f90478 in <signal handler called> () at arch/powerpc/kernel/vdso64/sigtramp.S #4 0x00003fffb136e7a8 in js::detail::DefineComparisonOps<js::PreBarriered<jsid> >::get(js::PreBarriered<jsid> const&) (v=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/gc/Barrier.h:977 #5 0x00003fffb13382cc in operator==<js::PreBarriered<jsid> >(js::PreBarriered<jsid> const&, js::PreBarriered<jsid>::ElementType const&) (a=..., b=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/objdir/dist/include/js/RootingAPI.h:1541 #6 0x00003fffb1278648 in js::Shape::searchLinear(jsid) (this=0x3fff5f62ba10, id=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/Shape.h:1623 #7 0x00003fffb1a1bb14 in js::Shape::searchNoHashify(js::Shape*, jsid) (start=0x3fff5f62ba10, id=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/Shape-inl.h:391 #8 0x00003fffb1a55c6c in js::NativeObject::lookupPure(jsid) (this=0x3fff99e8e120, id=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/NativeObject.cpp:289 #9 0x00003fffb0ea07c4 in js::NativeObject::lookupPure(js::PropertyName*) (this=0x3fff99e8e120, name=0x3fff99e28640) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/NativeObject.h:836 #10 0x00003fffb0eaa050 in js::GlobalObject::maybeGetIntrinsicValue(JSContext*, JS::Handle<js::GlobalObject*>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>, bool*) (cx=0x1004b37f0, global=..., name=..., vp=..., exists=0x3fffffff6ccf) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/GlobalObject.h:711 #11 0x00003fffb0eaa13c in js::GlobalObject::getIntrinsicValue(JSContext*, JS::Handle<js::GlobalObject*>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) (cx=0x1004b37f0, global=..., name=..., value=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/GlobalObject.h:726 #12 0x00003fffb0eb4da0 in js::GetIntrinsicOperation(JSContext*, unsigned char*, JS::MutableHandle<JS::Value>) (cx=0x1004b37f0, pc=0x10065b718 "\217\001", vp=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/Interpreter-inl.h:293 #13 0x00003fffb0ed1028 in Interpret(JSContext*, js::RunState&) (cx=0x1004b37f0, state=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/Interpreter.cpp:3237 #14 0x00003fffb0ebcf98 in js::RunScript(JSContext*, js::RunState&) (cx=0x1004b37f0, state=...) 406 #if defined(_M_X64) || defined(__x86_64__) 407 # define PC_sig(p) RIP_sig(p) 408 # define FP_sig(p) RBP_sig(p) 409 # define SP_sig(p) RSP_sig(p) 410 #elif defined(_M_IX86) || defined(__i386__) 411 # define PC_sig(p) EIP_sig(p) 412 # define FP_sig(p) EBP_sig(p) 413 # define SP_sig(p) ESP_sig(p) 414 #elif defined(__arm__) 415 # define FP_sig(p) R11_sig(p) 416 # define SP_sig(p) R13_sig(p) 417 # define LR_sig(p) R14_sig(p) 418 # define PC_sig(p) R15_sig(p) 419 #elif defined(__aarch64__) 420 # define PC_sig(p) EPC_sig(p) 421 # define FP_sig(p) RFP_sig(p) 422 # define SP_sig(p) R31_sig(p) 423 # define LR_sig(p) RLR_sig(p) 424 #elif defined(__mips__) 425 # define PC_sig(p) EPC_sig(p) 426 # define FP_sig(p) RFP_sig(p) 427 # define SP_sig(p) RSP_sig(p) 428 # define LR_sig(p) R31_sig(p) 429 #endif Missing other arches definitions. 430 431 #if defined(PC_sig) && defined(FP_sig) && defined(SP_sig) 432 # define KNOWS_MACHINE_STATE 433 #endif 434 445 static uint8_t* 446 ContextToFP(CONTEXT* context) 447 { 448 #ifdef KNOWS_MACHINE_STATE 449 return reinterpret_cast<uint8_t*>(FP_sig(context)); 450 #else 451 MOZ_CRASH(); <<< 452 #endif 453 }
The bug describe in comment 1 is more relative to the bug #1498561. I just updated it.
I will try with patch of bug #1498561 and jemalloc disabled. Thanks for the info.
Let's track it at Bug 1498561. *** This bug has been marked as a duplicate of bug 1498561 ***