Version-Release number of selected component: firefox-110.0-3.fc39 Additional info: reporter: libreport-2.17.9 type: CCpp reason: firefox killed by SIGSEGV journald_cursor: s=97fa1143cc6b4aa19c0d6394dec158b9;i=103e54;b=5aa877c1eae2429588b927ad840864e9;m=430b57865;t=5f7d20f35b553;x=c1a90eba16bc40df executable: /usr/lib64/firefox/firefox cmdline: /usr/lib64/firefox/firefox -contentproc -childID 276 -isForBrowser -prefsLen 39968 -prefMapSize 232505 -jsInitLen 246560 -parentBuildID 20230214102540 -appDir /usr/lib64/firefox/browser {b724ee63-3649-4e9a-9da6-1ea9a18c93ad} 5752 tab cgroup: 0::/user.slice/user-1000.slice/user/app.slice/app-gnome-firefox-5752.scope/29043 rootdir: /proc/29045/fdinfo uid: 1000 mountinfo: kernel: 6.3.0-0.rc3.429.vanilla.fc39.x86_64 package: firefox-110.0-3.fc39 runlevel: N 5 backtrace_rating: 4 crash_function: __memcpy_avx_unaligned_erms Truncated backtrace: Thread no. 0 (61 frames) #0 __memcpy_avx_unaligned_erms at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:761 #1 memcpy at /usr/include/bits/string_fortified.h:29 #2 AssignRangeAlgorithm<true, true>::implementation<mozilla::Index<mozilla::MergedListUnits>, mozilla::Index<mozilla::MergedListUnits>, unsigned long, unsigned long> at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/nsTArray.h:672 #4 nsTArray_Impl<mozilla::Index<mozilla::MergedListUnits>, nsTArrayInfallibleAllocator>::AssignRange<mozilla::Index<mozilla::MergedListUnits> > at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/nsTArray.h:2420 #5 nsTArray_Impl<mozilla::Index<mozilla::MergedListUnits>, nsTArrayInfallibleAllocator>::AppendElementsInternal<nsTArrayInfallibleAllocator, mozilla::Index<mozilla::MergedListUnits> > at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/nsTArray.h:2630 #6 nsTArray<mozilla::Index<mozilla::MergedListUnits> >::AppendElements<mozilla::Index<mozilla::MergedListUnits> const> at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/nsTArray.h:2787 #7 mozilla::DirectedAcyclicGraph<mozilla::MergedListUnits>::AddNode at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListHelpers.h:110 #8 mozilla::MergeState::AddNewNode at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:682 #9 mozilla::MergeState::ProcessItemFromNewList at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:500 #10 mozilla::RetainedDisplayListBuilder::MergeDisplayLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:848 #11 mozilla::MergeState::MergeChildLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:527 #12 mozilla::MergeState::ProcessItemFromNewList at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:496 #13 mozilla::RetainedDisplayListBuilder::MergeDisplayLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:848 #14 mozilla::MergeState::MergeChildLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:527 #15 mozilla::MergeState::ProcessItemFromNewList at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:496 #16 mozilla::RetainedDisplayListBuilder::MergeDisplayLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:848 #17 mozilla::MergeState::MergeChildLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:527 #18 mozilla::MergeState::ProcessItemFromNewList at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:496 #19 mozilla::RetainedDisplayListBuilder::MergeDisplayLists at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:848 #20 mozilla::RetainedDisplayListBuilder::AttemptPartialUpdate at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/painting/RetainedDisplayListBuilder.cpp:1681 #21 nsLayoutUtils::PaintFrame at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsLayoutUtils.cpp:3347 #22 mozilla::PresShell::PaintInternal at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/mozilla/gfx/RectAbsolute.h:43 #23 mozilla::PresShell::PaintAndRequestComposite at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/PresShell.cpp:6335 #24 nsViewManager::ProcessPendingUpdatesPaint at /usr/src/debug/firefox-110.0-3.fc39.x86_64/view/nsViewManager.cpp:433 #25 nsViewManager::ProcessPendingUpdatesForView at /usr/src/debug/firefox-110.0-3.fc39.x86_64/view/nsViewManager.cpp:368 #26 nsViewManager::ProcessPendingUpdates at /usr/src/debug/firefox-110.0-3.fc39.x86_64/view/nsViewManager.cpp:941 #28 nsRefreshDriver::Tick at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:2806 #29 mozilla::RefreshDriverTimer::TickDriver at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:374 #30 mozilla::RefreshDriverTimer::TickRefreshDrivers at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:352 #31 mozilla::RefreshDriverTimer::Tick at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:368 #32 mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:912 #33 mozilla::VsyncRefreshDriverTimer::TickRefreshDriver at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:826 #34 mozilla::VsyncRefreshDriverTimer::NotifyVsyncOnMainThread at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:747 #35 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsyncTimerOnMainThread at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:593 #36 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync at /usr/src/debug/firefox-110.0-3.fc39.x86_64/layout/base/nsRefreshDriver.cpp:550 #37 mozilla::dom::VsyncMainChild::RecvNotify at /usr/src/debug/firefox-110.0-3.fc39.x86_64/dom/ipc/VsyncMainChild.cpp:68 #38 mozilla::dom::PVsyncChild::OnMessageReceived at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/ipc/ipdl/PVsyncChild.cpp:220 #39 mozilla::dom::PContentChild::OnMessageReceived at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/ipc/ipdl/PContentChild.cpp:8716 #40 mozilla::ipc::MessageChannel::DispatchAsyncMessage at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/glue/MessageChannel.cpp:1800 #41 mozilla::ipc::MessageChannel::DispatchMessage at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/glue/MessageChannel.cpp:1725 #42 mozilla::ipc::MessageChannel::RunMessage at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/mozilla/CompactPair.h:87 #44 mozilla::ipc::MessageChannel::MessageTask::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/mozilla/ipc/MessageChannel.h:549 #45 mozilla::RunnableTask::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/TaskController.cpp:539 #46 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/TaskController.cpp:852 #47 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/TaskController.cpp:684 #48 mozilla::TaskController::ProcessPendingMTTask at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/TaskController.cpp:462 #49 operator() at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/TaskController.cpp:191 #50 mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::<lambda()> >::Run(void) at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/nsThreadUtils.h:546 #51 nsThread::ProcessNextEvent at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/nsCOMPtr.h:851 #52 NS_ProcessNextEvent at /usr/src/debug/firefox-110.0-3.fc39.x86_64/xpcom/threads/nsThreadUtils.cpp:473 #53 mozilla::ipc::MessagePump::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/glue/MessagePump.cpp:107 #54 MessageLoop::RunInternal at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/mozilla/RefPtr.h:280 #55 MessageLoop::RunHandler at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/chromium/src/base/message_loop.cc:374 #56 MessageLoop::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/chromium/src/base/message_loop.cc:356 #57 nsBaseAppShell::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/widget/nsBaseAppShell.cpp:148 #58 XRE_RunAppShell at /usr/src/debug/firefox-110.0-3.fc39.x86_64/toolkit/xre/nsEmbedFunctions.cpp:743 #59 MessageLoop::RunInternal at /usr/src/debug/firefox-110.0-3.fc39.x86_64/objdir/dist/include/mozilla/RefPtr.h:280 #60 MessageLoop::RunHandler at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/chromium/src/base/message_loop.cc:374 #61 MessageLoop::Run at /usr/src/debug/firefox-110.0-3.fc39.x86_64/ipc/chromium/src/base/message_loop.cc:356 #62 XRE_InitChildProcess at /usr/src/debug/firefox-110.0-3.fc39.x86_64/toolkit/xre/nsEmbedFunctions.cpp:676 #63 content_process_main at /usr/src/debug/firefox-110.0-3.fc39.x86_64/browser/app/../../ipc/contentproc/plugin-container.cpp:57
Created attachment 1953794 [details] File: proc_pid_status
Created attachment 1953795 [details] File: maps
Created attachment 1953796 [details] File: limits
Created attachment 1953797 [details] File: environ
Created attachment 1953798 [details] File: open_fds
Created attachment 1953799 [details] File: os_info
Created attachment 1953800 [details] File: cpuinfo
Created attachment 1953801 [details] File: core_backtrace
Created attachment 1953802 [details] File: exploitable
Created attachment 1953803 [details] File: var_log_messages
Created attachment 1953804 [details] File: backtrace
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle. Changing version to 39.