User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060205 Firefox/1.6a1 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060205 Firefox/1.6a1 Reproducible: Always Steps to Reproduce: 1.Open the browser 2.Right click in the address bar & 'Select All' 3.Close the browser Actual Results: Crash: run-mozilla.sh: line 131: 7341 Segmentation fault "$prog" ${1+"$@"} Expected Results: Without Tabnox there is no crash Talkback ID TB14817294K Also shows memory leaks

wow, i don't often see js_GC twice in a stack (oddly enough, i'm not sure that spidermonkey is not ok with this). Incident ID: 14817294 Stack Signature nsViewManager::~nsViewManager() 3c1269fd Product ID FirefoxTrunk Build ID 2006020604 Trigger Time 2006-02-06 05:50:44.0 Platform LinuxIntel Operating System Linux 2.6.11-13mdk Module firefox-bin + (00369fa1) URL visited Official Firefox Home page User Comments New Profile. Install Tabnox extension Start Firefox Right click in address bar & Select All Close browser Also memory leak - mlk Since Last Crash 0 sec Total Uptime 0 sec Trigger Reason SIGSEGV: Segmentation Fault: (signal 11) Source File, Line No. /builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/view/src/nsViewManager.cpp, line 848 Stack Trace nsViewManager::~nsViewManager() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/view/src/nsViewManager.cpp, line 848] nsViewManager::Release() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/view/src/nsViewManager.cpp, line 288] nsEditor::~nsEditor() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/editor/libeditor/base/nsEditor.cpp, line 246] nsPlaintextEditor::~nsPlaintextEditor() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/editor/libeditor/text/nsPlaintextEditor.cpp, line 111] nsEditor::Release() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/editor/libeditor/base/nsEditor.cpp, line 248] XPCJSRuntime::GCCallback() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/xpconnect/src/xpcjsruntime.cpp, line 562] DOMGCCallback() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 2205] js_GC() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsgc.c, line 2033] js_ForceGC() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsgc.c, line 1561] js_DestroyContext() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jscntxt.c, line 283] JS_DestroyContext() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsapi.c, line 934] nsJSContext::~nsJSContext() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 772] nsJSContext::Release() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 799] nsCOMPtr_base::assign_with_AddRef() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/xpcom/build/nsCOMPtr.cpp, line 531] nsXULPDGlobalObject::SetContext() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/content/xul/document/src/nsXULPrototypeDocument.cpp, line 800] nsXULPrototypeDocument::~nsXULPrototypeDocument() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/content/xul/document/src/nsXULPrototypeDocument.cpp, line 848] nsXULPrototypeDocument::Release() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/content/xul/document/src/nsXULPrototypeDocument.cpp, line 272] nsCOMArray_base::~nsCOMArray_base() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/xpcom/build/nsCOMArray.cpp, line 61] nsXULDocument::~nsXULDocument() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/content/xul/document/src/nsXULDocument.cpp, line 149] nsDocument::Release() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/content/base/src/nsDocument.cpp, line 852] XPCJSRuntime::GCCallback() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/xpconnect/src/xpcjsruntime.cpp, line 562] DOMGCCallback() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 2205] js_GC() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsgc.c, line 2033] js_ForceGC() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsgc.c, line 1561] js_DestroyContext() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jscntxt.c, line 283] JS_DestroyContext() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsapi.c, line 934] mozJSComponentLoader::UnloadModules() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/xpconnect/loader/mozJSComponentLoader.cpp, line 1174] mozJSComponentLoader::Observe() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/xpconnect/loader/mozJSComponentLoader.cpp, line 1197] NS_ShutdownXPCOM_P() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/xpcom/build/nsXPComInit.cpp, line 848] ScopedXPCOMStartup::~ScopedXPCOMStartup() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/toolkit/xre/nsAppRunner.cpp, line 556] XRE_main() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/toolkit/xre/nsAppRunner.cpp, line 848] main() [/builds/tinderbox/Fx-Trunk/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 62] libc.so.6 + 0x14e4b (0xb74e4e4b)

Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9a1) Gecko/20060213 Firefox/1.6a1 I can't reproduce this. Did you take any other steps?

Timeless, js_GC avoids reentering itself unsafely, bailing early after noting that more garbage may have been created by a callback or finalizer, and re-GC'ing again to collect any such garbage. The stack shows problems elsewhere, for sure. Confirming. Roc, is this really your bug? /be

So... at least the last frame of the stack is semi-bogus (that line is nowhere near ~nsViewManager)...

I didn't check stack, but assuming the reported crash is nsViewManager::~nsViewManager() this still occurs at a low rate. bp-43bc7af1-e7ef-416b-b283-7a5fb2091214 I think has no extensions 0 xul.dll nsViewManager::~nsViewManager view/src/nsViewManager.cpp:180 1 xul.dll nsViewManager::`vector deleting destructor' 2 xul.dll nsViewManager::Release view/src/nsViewManager.cpp:225 3 xul.dll nsCOMPtr<nsIDocumentEncoder>::~nsCOMPtr<nsIDocumentEncoder> obj-firefox/dist/include/nsAutoPtr.h:956 4 xul.dll DocumentViewerImpl::~DocumentViewerImpl layout/base/nsDocumentViewer.cpp:603 5 xul.dll DocumentViewerImpl::`vector deleting destructor' 6 xul.dll DocumentViewerImpl::Release layout/base/nsDocumentViewer.cpp:570 7 xul.dll DoDeferredRelease<nsISupports*> js/src/xpconnect/src/xpcjsruntime.cpp:488 8 xul.dll XPCJSRuntime::GCCallback js/src/xpconnect/src/xpcjsruntime.cpp:759 9 nspr4.dll _PR_MD_UNLOCK nsprpub/pr/src/md/windows/w95cv.c:342

Still occurs in 6.0 but low volume. bp-0b3e7ec0-c166-4c76-aa2f-99b672110804

Zero incidents in the past 28 days for this signature.