Bug 2183620

Summary: [abrt] firefox: FT_Stream_ReadULong(): firefox killed by SIGBUS
Product: [Fedora] Fedora Reporter: Jeremy Linton <jeremy.linton>
Component: firefoxAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 38CC: erack, gecko-bugs-nobody, jeremy.linton, jhorak, klaas, pjasicek, rstrode, sandmann
Target Milestone: ---   
Target Release: ---   
Hardware: aarch64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/73726ac14bdebb8983f5cdc14f94325187d4948
Whiteboard: abrt_hash:73d89a91bf3f11b3b9ddc293d969a67acce13575;VARIANT_ID=workstation;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-05-21 14:35:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 245418    
Attachments:
Description Flags
File: proc_pid_status
none
File: maps
none
File: limits
none
File: environ
none
File: open_fds
none
File: mountinfo
none
File: os_info
none
File: cpuinfo
none
File: core_backtrace
none
File: exploitable
none
File: backtrace none

Description Jeremy Linton 2023-03-31 20:26:01 UTC 
Description of problem:
Start firefox it runs for a couple moments and then crashes. 

This is a arm64 neoverse-N1 (n1sdp) platform with an AMD RNA2 GPU (rx6600) with the latest F38 build.

Version-Release number of selected component:
firefox-111.0.1-1.fc38

Additional info:
reporter:       libreport-2.17.9
type:           CCpp
reason:         firefox killed by SIGBUS
journald_cursor: s=c757d6e2e87d4246a0bf5add6d727e75;i=6778;b=6829b3a0f6444bb0a19c7699f63e10ff;m=5e48ae1;t=5f837c200a1be;x=4ce0557be66ad5a0
executable:     /usr/lib64/firefox/firefox
cmdline:        /usr/lib64/firefox/firefox
cgroup:         0::/user.slice/user-1000.slice/user/app.slice/app-gnome-firefox-3448.scope/3448
rootdir:        /
uid:            1000
kernel:         6.3.0-rc4+
package:        firefox-111.0.1-1.fc38
runlevel:       N 5
backtrace_rating: 4
crash_function: FT_Stream_ReadULong

Truncated backtrace:
Thread no. 0 (36 frames)
 #0 FT_Stream_ReadULong at /usr/src/debug/freetype-2.13.0-2.fc38.aarch64/src/base/ftstream.c:655
 #1 sfnt_open_font at /usr/src/debug/freetype-2.13.0-2.fc38.aarch64/src/sfnt/sfobjs.c:380
 #2 sfnt_init_face at /usr/src/debug/freetype-2.13.0-2.fc38.aarch64/src/sfnt/sfobjs.c:552
 #3 tt_face_init at /usr/src/debug/freetype-2.13.0-2.fc38.aarch64/src/truetype/ttobjs.c:687
 #4 open_face at /usr/src/debug/freetype-2.13.0-2.fc38.aarch64/src/base/ftobjs.c:1549
 #5 ft_open_face_internal at /usr/src/debug/freetype-2.13.0-2.fc38.aarch64/src/base/ftobjs.c:2637
 #6 FT_New_Face at /usr/src/debug/freetype-2.13.0-2.fc38.aarch64/src/base/ftobjs.c:1615
 #7 mozilla::gfx::Factory::NewFTFace at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/gfx/2d/Factory.cpp:662
 #8 mozilla::gfx::Factory::NewSharedFTFace at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/gfx/2d/Factory.cpp:671
 #9 CreateFaceForPattern at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/gfx/thebes/gfxFcPlatformFontList.cpp:329
 #10 gfxFontconfigFontEntry::GetFTFace at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/objdir/dist/include/mozilla/RefPtr.h:280
 #11 gfxFontconfigFontEntry::CopyFontTable at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/gfx/thebes/gfxFcPlatformFontList.cpp:1021
 #12 gfxFontEntry::GetFontTable at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/gfx/thebes/gfxFontEntry.cpp:585
 #14 gfxFontconfigFontEntry::GetFontTable at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/gfx/thebes/gfxFcPlatformFontList.cpp:523
 #15 gfxFontEntry::AutoTable::AutoTable at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/gfx/thebes/gfxFontEntry.h:311
 #16 gfxFontconfigFontEntry::ReadCMAP at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/gfx/thebes/gfxFcPlatformFontList.cpp:431
 #17 gfxPlatformFontList::InitializeFamily at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/gfx/thebes/gfxPlatformFontList.cpp:1738
 #18 LoadCmapsRunnable::Run at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/gfx/thebes/gfxPlatformFontList.cpp:1395
 #19 mozilla::RunnableTask::Run at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/xpcom/threads/TaskController.cpp:539
 #20 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/xpcom/threads/TaskController.cpp:852
 #21 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/xpcom/threads/TaskController.cpp:726
 #22 mozilla::TaskController::ProcessPendingMTTask at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/xpcom/threads/TaskController.cpp:462
 #23 operator() at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/xpcom/threads/TaskController.cpp:188
 #24 mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::<lambda()> >::Run(void) at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/xpcom/threads/nsThreadUtils.h:546
 #25 nsThread::ProcessNextEvent at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/objdir/dist/include/nsCOMPtr.h:851
 #26 NS_ProcessNextEvent at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/xpcom/threads/nsThreadUtils.cpp:477
 #27 mozilla::ipc::MessagePump::Run at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/ipc/glue/MessagePump.cpp:85
 #28 MessageLoop::RunInternal at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/objdir/dist/include/mozilla/RefPtr.h:280
 #29 MessageLoop::RunHandler at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/ipc/chromium/src/base/message_loop.cc:374
 #30 MessageLoop::Run at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/ipc/chromium/src/base/message_loop.cc:356
 #31 nsBaseAppShell::Run at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/widget/nsBaseAppShell.cpp:148
 #32 nsAppStartup::Run at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/objdir/dist/include/nsCOMPtr.h:851
 #33 XREMain::XRE_mainRun at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/toolkit/xre/nsAppRunner.cpp:5651
 #34 XREMain::XRE_main at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/toolkit/xre/nsAppRunner.cpp:5851
 #35 XRE_main at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/toolkit/xre/nsAppRunner.cpp:5907
 #36 do_main at /usr/src/debug/firefox-111.0.1-1.fc38.aarch64/browser/app/nsBrowserApp.cpp:226
Comment 1 Jeremy Linton 2023-03-31 20:26:05 UTC 
Created attachment 1954966 [details]
File: proc_pid_status
Comment 2 Jeremy Linton 2023-03-31 20:26:07 UTC 
Created attachment 1954967 [details]
File: maps
Comment 3 Jeremy Linton 2023-03-31 20:26:08 UTC 
Created attachment 1954968 [details]
File: limits
Comment 4 Jeremy Linton 2023-03-31 20:26:10 UTC 
Created attachment 1954969 [details]
File: environ
Comment 5 Jeremy Linton 2023-03-31 20:26:11 UTC 
Created attachment 1954970 [details]
File: open_fds
Comment 6 Jeremy Linton 2023-03-31 20:26:13 UTC 
Created attachment 1954971 [details]
File: mountinfo
Comment 7 Jeremy Linton 2023-03-31 20:26:14 UTC 
Created attachment 1954972 [details]
File: os_info
Comment 8 Jeremy Linton 2023-03-31 20:26:16 UTC 
Created attachment 1954973 [details]
File: cpuinfo
Comment 9 Jeremy Linton 2023-03-31 20:26:18 UTC 
Created attachment 1954974 [details]
File: core_backtrace
Comment 10 Jeremy Linton 2023-03-31 20:26:19 UTC 
Created attachment 1954975 [details]
File: exploitable
Comment 11 Jeremy Linton 2023-03-31 20:26:21 UTC 
Created attachment 1954976 [details]
File: backtrace
Comment 12 Aoife Moloney 2024-05-07 16:03:44 UTC 
This message is a reminder that Fedora Linux 38 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 38 on 2024-05-21.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '38'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version. Note that the version field may be hidden.
Click the "Show advanced fields" button if you do not see it.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 38 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.
Comment 13 Aoife Moloney 2024-05-21 14:35:07 UTC 
Fedora Linux 38 entered end-of-life (EOL) status on 2024-05-21.

Fedora Linux 38 is no longer maintained, which means that it
will not receive any further security or bug fix updates. As a result we
are closing this bug.

If you can reproduce this bug against a currently maintained version of Fedora Linux
please feel free to reopen this bug against that version. Note that the version
field may be hidden. Click the "Show advanced fields" button if you do not see
the version field.

If you are unable to reopen this bug, please file a new report against an
active release.

Thank you for reporting this bug and we are sorry it could not be fixed.