Bug 2181903

Summary: [abrt] firefox: __memcpy_avx_unaligned_erms(): firefox killed by SIGSEGV
Product: [Fedora] Fedora Reporter: emre.f.sucu
Component: firefoxAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 39CC: emre.f.sucu, erack, gecko-bugs-nobody, jhorak, klaas, pjasicek, rstrode, sandmann
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/b34e05cd414d9ab7160de075029460489d9fab1
Whiteboard: abrt_hash:405961f740149189550c512d20a69501f6633843;VARIANT_ID=workstation;
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: proc_pid_status
none
File: maps
none
File: limits
none
File: environ
none
File: open_fds
none
File: os_info
none
File: cpuinfo
none
File: core_backtrace
none
File: exploitable
none
File: var_log_messages
none
File: backtrace none

Description emre.f.sucu 2023-03-26 19:16:16 UTC 
Version-Release number of selected component:
firefox-110.0-3.fc39

Additional info:
reporter:       libreport-2.17.9
type:           CCpp
reason:         firefox killed by SIGSEGV
journald_cursor: s=97fa1143cc6b4aa19c0d6394dec158b9;i=103e54;b=5aa877c1eae2429588b927ad840864e9;m=430b57865;t=5f7d20f35b553;x=c1a90eba16bc40df
executable:     /usr/lib64/firefox/firefox
cmdline:        /usr/lib64/firefox/firefox -contentproc -childID 276 -isForBrowser -prefsLen 39968 -prefMapSize 232505 -jsInitLen 246560 -parentBuildID 20230214102540 -appDir /usr/lib64/firefox/browser {b724ee63-3649-4e9a-9da6-1ea9a18c93ad} 5752 tab
cgroup:         0::/user.slice/user-1000.slice/user/app.slice/app-gnome-firefox-5752.scope/29043
rootdir:        /proc/29045/fdinfo
uid:            1000
mountinfo:      
kernel:         6.3.0-0.rc3.429.vanilla.fc39.x86_64
package:        firefox-110.0-3.fc39
runlevel:       N 5
backtrace_rating: 4
crash_function: __memcpy_avx_unaligned_erms

Truncated backtrace:
Thread no. 0 (61 frames)
 #0 __memcpy_avx_unaligned_erms at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:761
 #1 memcpy at /usr/include/bits/string_fortified.h:29
 #2 AssignRangeAlgorithm<true, true>::implementation<mozilla::Index<mozilla::MergedListUnits>, mozilla::Index<mozilla::MergedListUnits>, unsigned long, unsigned long> at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/nsTArray.h:672
 #4 nsTArray_Impl<mozilla::Index<mozilla::MergedListUnits>, nsTArrayInfallibleAllocator>::AssignRange<mozilla::Index<mozilla::MergedListUnits> > at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/nsTArray.h:2420
 #5 nsTArray_Impl<mozilla::Index<mozilla::MergedListUnits>, nsTArrayInfallibleAllocator>::AppendElementsInternal<nsTArrayInfallibleAllocator, mozilla::Index<mozilla::MergedListUnits> > at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/nsTArray.h:2630
 #6 nsTArray<mozilla::Index<mozilla::MergedListUnits> >::AppendElements<mozilla::Index<mozilla::MergedListUnits> const> at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/nsTArray.h:2787
 #7 mozilla::DirectedAcyclicGraph<mozilla::MergedListUnits>::AddNode at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListHelpers.h:110
 #8 mozilla::MergeState::AddNewNode at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:682
 #9 mozilla::MergeState::ProcessItemFromNewList at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:500
 #10 mozilla::RetainedDisplayListBuilder::MergeDisplayLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:848
 #11 mozilla::MergeState::MergeChildLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:527
 #12 mozilla::MergeState::ProcessItemFromNewList at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:496
 #13 mozilla::RetainedDisplayListBuilder::MergeDisplayLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:848
 #14 mozilla::MergeState::MergeChildLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:527
 #15 mozilla::MergeState::ProcessItemFromNewList at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:496
 #16 mozilla::RetainedDisplayListBuilder::MergeDisplayLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:848
 #17 mozilla::MergeState::MergeChildLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:527
 #18 mozilla::MergeState::ProcessItemFromNewList at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:496
 #19 mozilla::RetainedDisplayListBuilder::MergeDisplayLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:848
 #20 mozilla::RetainedDisplayListBuilder::AttemptPartialUpdate at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:1681
 #21 nsLayoutUtils::PaintFrame at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsLayoutUtils.cpp:3347
 #22 mozilla::PresShell::PaintInternal at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/mozilla/gfx/RectAbsolute.h:43
 #23 mozilla::PresShell::PaintAndRequestComposite at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/PresShell.cpp:6335
 #24 nsViewManager::ProcessPendingUpdatesPaint at /usr/src/debug/firefox-110.0-3.fc39.x86_64/view/nsViewManager.cpp:433
 #25 nsViewManager::ProcessPendingUpdatesForView at /usr/src/debug/firefox-110.0-3.fc39.x86_64/view/nsViewManager.cpp:368
 #26 nsViewManager::ProcessPendingUpdates at /usr/src/debug/firefox-110.0-3.fc39.x86_64/view/nsViewManager.cpp:941
 #28 nsRefreshDriver::Tick at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:2806
 #29 mozilla::RefreshDriverTimer::TickDriver at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:374
 #30 mozilla::RefreshDriverTimer::TickRefreshDrivers at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:352
 #31 mozilla::RefreshDriverTimer::Tick at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:368
 #32 mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:912
 #33 mozilla::VsyncRefreshDriverTimer::TickRefreshDriver at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:826
 #34 mozilla::VsyncRefreshDriverTimer::NotifyVsyncOnMainThread at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:747
 #35 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsyncTimerOnMainThread at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:593
 #36 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:550
 #37 mozilla::dom::VsyncMainChild::RecvNotify at /usr/src/debug/firefox-110.0-3.fc39.x86_64/dom/ipc/VsyncMainChild.cpp:68
 #38 mozilla::dom::PVsyncChild::OnMessageReceived at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/ipc/ipdl/PVsyncChild.cpp:220
 #39 mozilla::dom::PContentChild::OnMessageReceived at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/ipc/ipdl/PContentChild.cpp:8716
 #40 mozilla::ipc::MessageChannel::DispatchAsyncMessage at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/glue/MessageChannel.cpp:1800
 #41 mozilla::ipc::MessageChannel::DispatchMessage at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/glue/MessageChannel.cpp:1725
 #42 mozilla::ipc::MessageChannel::RunMessage at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/mozilla/CompactPair.h:87
 #44 mozilla::ipc::MessageChannel::MessageTask::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/mozilla/ipc/MessageChannel.h:549
 #45 mozilla::RunnableTask::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/TaskController.cpp:539
 #46 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/TaskController.cpp:852
 #47 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/TaskController.cpp:684
 #48 mozilla::TaskController::ProcessPendingMTTask at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/TaskController.cpp:462
 #49 operator() at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/TaskController.cpp:191
 #50 mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::<lambda()> >::Run(void) at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/nsThreadUtils.h:546
 #51 nsThread::ProcessNextEvent at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/nsCOMPtr.h:851
 #52 NS_ProcessNextEvent at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/nsThreadUtils.cpp:473
 #53 mozilla::ipc::MessagePump::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/glue/MessagePump.cpp:107
 #54 MessageLoop::RunInternal at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/mozilla/RefPtr.h:280
 #55 MessageLoop::RunHandler at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/chromium/src/base/message_loop.cc:374
 #56 MessageLoop::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/chromium/src/base/message_loop.cc:356
 #57 nsBaseAppShell::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/widget/nsBaseAppShell.cpp:148
 #58 XRE_RunAppShell at /usr/src/debug/firefox-110.0-3.fc39.x86_64/toolkit/xre/nsEmbedFunctions.cpp:743
 #59 MessageLoop::RunInternal at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/mozilla/RefPtr.h:280
 #60 MessageLoop::RunHandler at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/chromium/src/base/message_loop.cc:374
 #61 MessageLoop::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/chromium/src/base/message_loop.cc:356
 #62 XRE_InitChildProcess at /usr/src/debug/firefox-110.0-3.fc39.x86_64/toolkit/xre/nsEmbedFunctions.cpp:676
 #63 content_process_main at /usr/src/debug/firefox-110.0-3.fc39.x86_64/browser/app/../../ipc/contentproc/plugin-container.cpp:57
Comment 1 emre.f.sucu 2023-03-26 19:16:20 UTC 
Created attachment 1953794 [details]
File: proc_pid_status
Comment 2 emre.f.sucu 2023-03-26 19:16:21 UTC 
Created attachment 1953795 [details]
File: maps
Comment 3 emre.f.sucu 2023-03-26 19:16:23 UTC 
Created attachment 1953796 [details]
File: limits
Comment 4 emre.f.sucu 2023-03-26 19:16:24 UTC 
Created attachment 1953797 [details]
File: environ
Comment 5 emre.f.sucu 2023-03-26 19:16:26 UTC 
Created attachment 1953798 [details]
File: open_fds
Comment 6 emre.f.sucu 2023-03-26 19:16:28 UTC 
Created attachment 1953799 [details]
File: os_info
Comment 7 emre.f.sucu 2023-03-26 19:16:29 UTC 
Created attachment 1953800 [details]
File: cpuinfo
Comment 8 emre.f.sucu 2023-03-26 19:16:32 UTC 
Created attachment 1953801 [details]
File: core_backtrace
Comment 9 emre.f.sucu 2023-03-26 19:16:33 UTC 
Created attachment 1953802 [details]
File: exploitable
Comment 10 emre.f.sucu 2023-03-26 19:16:35 UTC 
Created attachment 1953803 [details]
File: var_log_messages
Comment 11 emre.f.sucu 2023-03-26 19:16:37 UTC 
Created attachment 1953804 [details]
File: backtrace
Comment 12 Fedora Release Engineering 2023-08-16 07:12:29 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle.
Changing version to 39.