This bug is for crash report bp-93433b1e-7b1a-4d20-a038-faee50190729. ``` Top 10 frames of crashing thread: 0 libgdk-3.so.0.2404.4 gdk_broadway_get_last_seen_time 1 libffi.so.6.0.4 libffi.so.6.0.4@0x681d 2 libffi.so.6.0.4 libffi.so.6.0.4@0x61ee 3 libxul.so _fini 4 libgdk-3.so.0.2404.4 gdk_broadway_get_last_seen_time 5 libwayland-client.so.0.3.0 wl_array_copy 6 libgdk-3.so.0.2404.4 gdk_wayland_window_set_transient_for_exported 7 libwayland-client.so.0.3.0 wl_log_set_handler_client 8 libwayland-client.so.0.3.0 libwayland-client.so.0.3.0@0x5968 9 libwayland-client.so.0.3.0 wl_display_dispatch_queue_pending ``` This is a PHC report, manually symbolized PHC stacks: ``` Free stack: #0 gdk_window_geometry_changed #1 gdk_broadway_get_last_seen_time #2 (missing symbols for module libffi.so.6.0.4) #3 (missing symbols for module libffi.so.6.0.4) #4 wl_log_set_handler_client #5 ??? (unresolved symbol in libwayland-client.so.0.3.0) #6 wl_display_dispatch_queue_pending #7 gdk_wayland_display_query_registry #8 gdk_display_get_event #9 gdk_wayland_display_query_registry #10 g_main_context_dispatch #11 g_main_context_dispatch #12 g_main_context_iteration #13 nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) in file hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:1416771db267f77fa6bd28b2eaa214a706427f55 line 259 #14 nsThread::ProcessNextEvent(bool, bool*) in file hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:1416771db267f77fa6bd28b2eaa214a706427f55 line 1120 #15 <name omitted> in file hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:1416771db267f77fa6bd28b2eaa214a706427f55 line 486 Alloc stack: #0 <name omitted> in file hg:hg.mozilla.org/mozilla-central:memory/build/malloc_decls.h:1416771db267f77fa6bd28b2eaa214a706427f55 line 38 #1 g_malloc #2 g_slice_alloc #3 g_slice_alloc0 #4 gdk_event_new #5 gdk_broadway_get_last_seen_time #6 gdk_broadway_get_last_seen_time #7 (missing symbols for module libffi.so.6.0.4) #8 (missing symbols for module libffi.so.6.0.4) #9 wl_log_set_handler_client #10 ??? (unresolved symbol in libwayland-client.so.0.3.0) #11 wl_display_dispatch_queue_pending #12 gdk_wayland_display_query_registry #13 gdk_display_get_event #14 gdk_wayland_display_query_registry #15 g_main_context_dispatch ``` Judging from the stacks, this could be a bug in GDK, in particular in `gdk_broadway_get_last_seen_time` where an event is used after it was freed in `gdk_window_geometry_changed`.
Bug 1570612 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
This bug is for crash report bp-93433b1e-7b1a-4d20-a038-faee50190729. ``` Top 10 frames of crashing thread: 0 libgdk-3.so.0.2404.4 gdk_broadway_get_last_seen_time 1 libffi.so.6.0.4 libffi.so.6.0.4@0x681d 2 libffi.so.6.0.4 libffi.so.6.0.4@0x61ee 3 libxul.so _fini 4 libgdk-3.so.0.2404.4 gdk_broadway_get_last_seen_time 5 libwayland-client.so.0.3.0 wl_array_copy 6 libgdk-3.so.0.2404.4 gdk_wayland_window_set_transient_for_exported 7 libwayland-client.so.0.3.0 wl_log_set_handler_client 8 libwayland-client.so.0.3.0 libwayland-client.so.0.3.0@0x5968 9 libwayland-client.so.0.3.0 wl_display_dispatch_queue_pending ``` This is a PHC report, manually symbolized PHC stacks: ``` Free stack: #0 gdk_window_geometry_changed #1 gdk_broadway_get_last_seen_time #2 (missing symbols for module libffi.so.6.0.4) #3 (missing symbols for module libffi.so.6.0.4) #4 wl_log_set_handler_client #5 ??? (unresolved symbol in libwayland-client.so.0.3.0) #6 wl_display_dispatch_queue_pending #7 gdk_wayland_display_query_registry #8 gdk_display_get_event #9 gdk_wayland_display_query_registry #10 g_main_context_dispatch #11 g_main_context_dispatch #12 g_main_context_iteration #13 nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) in file hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:1416771db267f77fa6bd28b2eaa214a706427f55 line 259 #14 nsThread::ProcessNextEvent(bool, bool*) in file hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:1416771db267f77fa6bd28b2eaa214a706427f55 line 1120 #15 <name omitted> in file hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:1416771db267f77fa6bd28b2eaa214a706427f55 line 486 ``` ``` Alloc stack: #0 <name omitted> in file hg:hg.mozilla.org/mozilla-central:memory/build/malloc_decls.h:1416771db267f77fa6bd28b2eaa214a706427f55 line 38 #1 g_malloc #2 g_slice_alloc #3 g_slice_alloc0 #4 gdk_event_new #5 gdk_broadway_get_last_seen_time #6 gdk_broadway_get_last_seen_time #7 (missing symbols for module libffi.so.6.0.4) #8 (missing symbols for module libffi.so.6.0.4) #9 wl_log_set_handler_client #10 ??? (unresolved symbol in libwayland-client.so.0.3.0) #11 wl_display_dispatch_queue_pending #12 gdk_wayland_display_query_registry #13 gdk_display_get_event #14 gdk_wayland_display_query_registry #15 g_main_context_dispatch ``` Judging from the stacks, this could be a bug in GDK, in particular in `gdk_broadway_get_last_seen_time` where an event is used after it was freed in `gdk_window_geometry_changed`.