Closed Bug 1779364 Opened 2 years ago Closed 2 years ago

Crash in [@ wl_proxy_destroy | moz_container_wayland_frame_callback_handler] when dragging and dropping tabs

Categories

(Core :: Graphics, defect, P1)

Product:
Core
Component:
Graphics
Platform:
Unspecified
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
104 Branch
Tracking Flags:
Tracking Status
firefox-esr91 --- unaffected
firefox-esr102 --- unaffected
firefox102 --- unaffected
firefox103 --- unaffected
firefox104 + fixed

People

(Reporter: marco, Assigned: jimb)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/57b66c19-9b18-445a-bb23-616cf0220713

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0 libwayland-client.so.0 wl_proxy_destroy src/wayland-client.c:544
1 libxul.so moz_container_wayland_frame_callback_handler widget/gtk/MozContainerWayland.cpp:247
2 libxul.so RunnableFunction<void  ipc/chromium/src/base/task.h:324
3 libxul.so mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:851
4 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1205
5 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:85
6 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:355
7 libxul.so nsBaseAppShell::Run widget/nsBaseAppShell.cpp:150
8 libxul.so nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:295
9 libxul.so XREMain::XRE_mainRun toolkit/xre/nsAppRunner.cpp:5719
Summary: Crash in [@ wl_proxy_destroy | moz_container_wayland_frame_callback_handler] → Crash in [@ wl_proxy_destroy | moz_container_wayland_frame_callback_handler] when dragging and dropping tabs
OS: Unspecified → Linux

Set release status flags based on info from the regressing bug 1778767

status-firefox102: --- → unaffected
status-firefox103: --- → unaffected
status-firefox104: --- → affected
status-firefox-esr102: --- → unaffected
status-firefox-esr91: --- → unaffected

:jimb, since you are the author of the regressor, bug 1778767, could you take a look?
For more information, please visit auto_nag documentation.

Flags: needinfo?(jimb)

Regressor has been backed out from central and requested new desktop nightlies: https://hg.mozilla.org/mozilla-central/rev/04b02c492dab34ec35205f2338b27dc9469969fc

I can reproduce this.

Assignee: nobody → jimb
Flags: needinfo?(jimb)
Priority: -- → P1

The problem is entirely obvious. I carelessly left some experimental code in the final patch for bug 1778767 which does not use the new MozClearPointer helper function, and does not check for a null pointer before passing it to wl_callback_destroy.

I have a revised patch for this up in bug 1778767.

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox104: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 104 Branch
You need to log in before you can comment on or make changes to this bug.