Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1578429
Summary: | firefox crashes at ContextToFP() on ppc64le | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Menanteau Guy <menantea> | ||||
Component: | firefox | Assignee: | Martin Stransky <stransky> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 28 | CC: | alexl, dan, gecko-bugs-nobody, hannsj_uhl, jhorak, john.j5live, kengert, pjasicek, rhughes, rstrode, sandmann, stransky | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | ppc64le | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2018-05-16 11:56:14 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1071880 | ||||||
Attachments: |
|
Yes, that's because of jemalloc. You can try jemalloc disabled builds: https://koji.fedoraproject.org/koji/taskinfo?taskID=26989530 Also there's a crash at js/src/wasm/WasmSignalHandlers.cpp, ContextToPC() does not have handler for ppc64le and other arches here. bt: #0 0x00003fffb1f49edc in ContextToPC(ucontext_t*) (context=0x3fffffff5a60) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/wasm/WasmSignalHandlers.cpp:441 #1 0x00003fffb1f4acf4 in RedirectJitCodeToInterruptCheck(JSContext*, ucontext_t*) (cx=0x1004b37f0, context=0x3fffffff5a60) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/wasm/WasmSignalHandlers.cpp:1553 #2 0x00003fffb1f4aeac in JitInterruptHandler(int, siginfo_t*, void*) (signum=26, info=0x3fffffff67d8, context=0x3fffffff5a60) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/wasm/WasmSignalHandlers.cpp:1601 #3 0x00003fffb7f90478 in <signal handler called> () at arch/powerpc/kernel/vdso64/sigtramp.S #4 0x00003fffb136e7a8 in js::detail::DefineComparisonOps<js::PreBarriered<jsid> >::get(js::PreBarriered<jsid> const&) (v=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/gc/Barrier.h:977 #5 0x00003fffb13382cc in operator==<js::PreBarriered<jsid> >(js::PreBarriered<jsid> const&, js::PreBarriered<jsid>::ElementType const&) (a=..., b=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/objdir/dist/include/js/RootingAPI.h:1541 #6 0x00003fffb1278648 in js::Shape::searchLinear(jsid) (this=0x3fff5f62ba10, id=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/Shape.h:1623 #7 0x00003fffb1a1bb14 in js::Shape::searchNoHashify(js::Shape*, jsid) (start=0x3fff5f62ba10, id=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/Shape-inl.h:391 #8 0x00003fffb1a55c6c in js::NativeObject::lookupPure(jsid) (this=0x3fff99e8e120, id=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/NativeObject.cpp:289 #9 0x00003fffb0ea07c4 in js::NativeObject::lookupPure(js::PropertyName*) (this=0x3fff99e8e120, name=0x3fff99e28640) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/NativeObject.h:836 #10 0x00003fffb0eaa050 in js::GlobalObject::maybeGetIntrinsicValue(JSContext*, JS::Handle<js::GlobalObject*>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>, bool*) (cx=0x1004b37f0, global=..., name=..., vp=..., exists=0x3fffffff6ccf) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/GlobalObject.h:711 #11 0x00003fffb0eaa13c in js::GlobalObject::getIntrinsicValue(JSContext*, JS::Handle<js::GlobalObject*>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) (cx=0x1004b37f0, global=..., name=..., value=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/GlobalObject.h:726 #12 0x00003fffb0eb4da0 in js::GetIntrinsicOperation(JSContext*, unsigned char*, JS::MutableHandle<JS::Value>) (cx=0x1004b37f0, pc=0x10065b718 "\217\001", vp=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/Interpreter-inl.h:293 #13 0x00003fffb0ed1028 in Interpret(JSContext*, js::RunState&) (cx=0x1004b37f0, state=...) at /home/komat/rpmbuild/BUILD/firefox-60.0/js/src/vm/Interpreter.cpp:3237 #14 0x00003fffb0ebcf98 in js::RunScript(JSContext*, js::RunState&) (cx=0x1004b37f0, state=...) 406 #if defined(_M_X64) || defined(__x86_64__) 407 # define PC_sig(p) RIP_sig(p) 408 # define FP_sig(p) RBP_sig(p) 409 # define SP_sig(p) RSP_sig(p) 410 #elif defined(_M_IX86) || defined(__i386__) 411 # define PC_sig(p) EIP_sig(p) 412 # define FP_sig(p) EBP_sig(p) 413 # define SP_sig(p) ESP_sig(p) 414 #elif defined(__arm__) 415 # define FP_sig(p) R11_sig(p) 416 # define SP_sig(p) R13_sig(p) 417 # define LR_sig(p) R14_sig(p) 418 # define PC_sig(p) R15_sig(p) 419 #elif defined(__aarch64__) 420 # define PC_sig(p) EPC_sig(p) 421 # define FP_sig(p) RFP_sig(p) 422 # define SP_sig(p) R31_sig(p) 423 # define LR_sig(p) RLR_sig(p) 424 #elif defined(__mips__) 425 # define PC_sig(p) EPC_sig(p) 426 # define FP_sig(p) RFP_sig(p) 427 # define SP_sig(p) RSP_sig(p) 428 # define LR_sig(p) R31_sig(p) 429 #endif Missing other arches definitions. 430 431 #if defined(PC_sig) && defined(FP_sig) && defined(SP_sig) 432 # define KNOWS_MACHINE_STATE 433 #endif 434 445 static uint8_t* 446 ContextToFP(CONTEXT* context) 447 { 448 #ifdef KNOWS_MACHINE_STATE 449 return reinterpret_cast<uint8_t*>(FP_sig(context)); 450 #else 451 MOZ_CRASH(); <<< 452 #endif 453 } The bug describe in comment 1 is more relative to the bug #1498561. I just updated it. I will try with patch of bug #1498561 and jemalloc disabled. Thanks for the info. Let's track it at Bug 1498561. *** This bug has been marked as a duplicate of bug 1498561 *** |
Created attachment 1436812 [details] gdb backtrace Unable to start firefox-60.0-4 on a qemu ppc64le machine. I installed a f27 fedora qemu ppc64le machine with last updates. When I start a firefox-60.0-4 I get a Segmentation fault. Same problem on f28. on the console I have: [363497.629997] firefox[32007]: unhandled signal 11 at 0000000000000000 nip 000000010000d514 lr 000000010000d790 code 1 when I use gdb (I run firefox thru a shh -X session), I do: gdb -tui /usr/lib64/firefox/firefox (gdb) run --no-remote Program received signal SIGSEGV, Segmentation fault. RedBlackTree<arena_chunk_map_t, ArenaAvailTreeTrait>::TreeNode::SetColor ( aColor=Red, this=<synthetic pointer>) at /usr/src/debug/firefox-60.0-4.f27.ppc64le/memory/build/rb.h:203 |192 NodeColor Color() │ │193 { │ │194 return mNode ? Trait::GetTreeNode(mNode).Color() : NodeColor:│ │195 } │ │196 │ │197 bool IsRed() { return Color() == NodeColor::Red; } │ │198 │ │199 bool IsBlack() { return Color() == NodeColor::Black; } │ │200 │ │201 void SetColor(NodeColor aColor) │ │202 { │ >│203 MOZ_RELEASE_ASSERT(mNode); │ │204 Trait::GetTreeNode(mNode).SetColor(aColor); │ │205 } │ │206 │ │207 T* Get() { return mNode; } │ │208 │ │209 MOZ_IMPLICIT operator bool() { return !!mNode; } │ │210 │ │211 bool operator==(TreeNode& aOther) { return mNode == aOther.mNod│ │212 │ │213 private: │ │214 T* mNode; │ │215 };