using 6/3 build of linux apprunner 1) launch apprunner 2) File | Exit crash Setting Back menuitem to enabled Document file:////u/sujay/LINUX/package/res/samples/test8.html loaded successfully Exiting Segmentation fault (core dumped) I'll work on getting a stack trace..

Got a stack trace yet? I can't reporduce this and I can't do much about it without some more data ...

I sporadically see crashes on exiting apprunner, maybe once out of 5-10 runs. If I see another one soon I'll append the trace to this bug report. Sujay, are you seeing this consistently?

Ironically, the very next time I ran apprunner -editor, did a couple minor things then exited, I got one. Here it is. It looks pretty much the same as all the previous crash-on-exit bugs I've seen. #2 0x40021407 in nsAppShellService::Shutdown (this=0x8090238) at nsAppShellService.cpp:413 #3 0x40a6b997 in nsEditorAppCore::Exit (this=0x8152ff8) at nsEditorAppCore.cpp:933 #4 0x40a7af98 in EditorAppCoreExit (cx=0x80f2038, obj=0x8197208, argc=0, argv=0x81b4b80, rval=0xbfffe2c8) at nsJSEditorAppCore.cpp:1103 #5 0x4044a6f7 in js_Invoke (cx=0x80f2038, argc=0, constructing=0) at jsinterp.c:650

Akkana has a stack trace below...also I can't reproduce the problem all the time...its a random problem..

Bill, is this our bug? Could this be related to bug #5164 and bug #7149?

I'm seeing this crash pretty often (maybe two runs out of three) in Monday's build.

I'm seeing a crash after launching apprunner, then Editor, then closing Editor window, then closing Apprunner (no interaction with editor). Here's a stack: gc_root_marker(JSHashEntry * 0x03099de0, int 12, void * 0x017060e8) line 587 + 3 bytes JS_HashTableEnumerateEntries(JSHashTable * 0x01367f70, int (JSHashEntry *, int, void *)* 0x003a1f70 gc_root_marker(JSHashEntry *, int, void *), void * 0x017060e8) line 347 + 15 bytes js_GC(JSContext * 0x01602a90) line 724 + 21 bytes js_ForceGC(JSContext * 0x01602a90) line 618 + 9 bytes js_DestroyContext(JSContext * 0x01602a90) line 130 + 9 bytes JS_DestroyContext(JSContext * 0x01602a90) line 690 + 9 bytes nsJSContext::~nsJSContext() line 116 + 13 bytes nsJSContext::`scalar deleting destructor'(unsigned int 1) + 15 bytes nsJSContext::Release(nsJSContext * const 0x01602a50) line 120 + 96 bytes nsWebShell::~nsWebShell() line 582 + 27 bytes nsWebShell::`scalar deleting destructor'(unsigned int 1) + 15 bytes nsWebShell::Release(nsWebShell * const 0x015ff120) line 646 + 95 bytes nsHTMLFrameInnerFrame::~nsHTMLFrameInnerFrame() line 465 + 18 bytes nsHTMLFrameInnerFrame::`scalar deleting destructor'(unsigned int 1) + 15 bytes nsFrame::DeleteFrame(nsFrame * const 0x015fe520, nsIPresContext & {...}) line 390 + 34 bytes nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29 nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x015fbba0, nsIPresContext & {...}) line 82 nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29 nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x01727fc8, nsIPresContext & {...}) line 82 nsLineBox::DeleteLineList(nsIPresContext & {...}, nsLineBox * 0x015fcaf0) line 158 nsBlockFrame::DeleteFrame(nsBlockFrame * const 0x015f7f20, nsIPresContext & {...}) line 806 + 16 bytes nsAreaFrame::DeleteFrame(nsAreaFrame * const 0x015f7f20, nsIPresContext & {...}) line 106 nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29 nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x015f6d80, nsIPresContext & {...}) line 82 nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29 nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x015f6b90, nsIPresContext & {...}) line 82 ViewportFrame::DeleteFrame(ViewportFrame * const 0x015f6b90, nsIPresContext & {...}) line 116 PresShell::~PresShell() line 549 PresShell::`scalar deleting destructor'(unsigned int 1) + 15 bytes PresShell::Release(PresShell * const 0x015d9890) line 485 + 34 bytes nsCOMPtr_base::~nsCOMPtr_base() line 26 nsCOMPtr<nsIPresShell>::~nsCOMPtr<nsIPresShell>() + 15 bytes DocumentViewerImpl::~DocumentViewerImpl() line 242 + 22 bytes DocumentViewerImpl::`scalar deleting destructor'(unsigned int 1) + 15 bytes DocumentViewerImpl::Release(DocumentViewerImpl * const 0x01598f50) line 184 + 99 bytes nsWebShell::Destroy(nsWebShell * const 0x015b2af0) line 962 + 27 bytes nsHTMLFrameInnerFrame::~nsHTMLFrameInnerFrame() line 465 nsHTMLFrameInnerFrame::`scalar deleting destructor'(unsigned int 1) + 15 bytes nsFrame::DeleteFrame(nsFrame * const 0x015b2900, nsIPresContext & {...}) line 390 + 34 bytes nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29 nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x01572a60, nsIPresContext & {...}) line 82 nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29 nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x01779f08, nsIPresContext & {...}) line 82 nsLineBox::DeleteLineList(nsIPresContext & {...}, nsLineBox * 0x015974f0) line 158 nsBlockFrame::DeleteFrame(nsBlockFrame * const 0x014f5ef0, nsIPresContext & {...}) line 806 + 16 bytes nsAreaFrame::DeleteFrame(nsAreaFrame * const 0x014f5ef0, nsIPresContext & {...}) line 106 nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29 nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x0146c120, nsIPresContext & {...}) line 82 nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29 nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x014fd120, nsIPresContext & {...}) line 82 ViewportFrame::DeleteFrame(ViewportFrame * const 0x014fd120, nsIPresContext & {...}) line 116 PresShell::~PresShell() line 549 PresShell::`scalar deleting destructor'(unsigned int 1) + 15 bytes PresShell::Release(PresShell * const 0x013bea40) line 485 + 34 bytes nsCOMPtr_base::~nsCOMPtr_base() line 26 nsCOMPtr<nsIPresShell>::~nsCOMPtr<nsIPresShell>() + 15 bytes DocumentViewerImpl::~DocumentViewerImpl() line 242 + 22 bytes DocumentViewerImpl::`scalar deleting destructor'(unsigned int 1) + 15 bytes DocumentViewerImpl::Release(DocumentViewerImpl * const 0x01364a50) line 184 + 99 bytes nsWebShell::Destroy(nsWebShell * const 0x01300aa0) line 962 + 27 bytes [more... this should be enough!]

I have been seeing crashes in JavaScript GC code when closing windows, too. I'd really like to assign this to somebody capable of diagnosing why this happens. My suspicion is that this would be a JavaScript guru. If it turns out to be due to some abuse of JavaScript by somebody higher up the food-chain, then it can be assigned back to the xptoolkit or xpapps team. I'll be looking to find somebody better suited to deal with this and will reassign it when I find them. Of course, volunteers are welcome to take it.

Clayton, Can someone on your team help us figure out what is causing this to die in the Javascript garbage collector? We just don't have the expertise to debug this properly. If you can figure out what is happening upstream before the crash occurs, then we can take it from there. Thanks.

Scott, would you help on this one?

If someone would volunteer their Linux build and provide a semi-reliable test case, I'm happy to help.

For the last few days, I see it just about every time I exit ... come on over (give me a few minutes warning).

I think this may have something to do with the registry. I moved my ~/.mozilla aside, went through the irritating profile wizard again, and then found that I couldn't get the crash on exit any more (which I'd been seeing every single run all day before I removed the registry). I continued not to see any crashes on exit, until I updated a few files and rebuilt a library, then on the next run, I started getting exit crashes every time again. Adding dp to cc list -- dp, any ideas?

Incidentally, I just filed a bug on JS Engine with the same stack trace. Maybe it already made it fur's way. So I have been seeing this too. It is interesting what akkanna reports. Dll change causes this. mmh! Let me try it out. So the sequence is: - Remove reg - run (all fine) - Change dll - run: crash (everytime) I will try it. I doubt it is that easy. Any clue on what that dll is ?

*** Bug 7861 has been marked as a duplicate of this bug. ***

Actually we have two bugs here -- the one I'm seeing regularly on Linux, which comes and goes depending on how up to date the registry is (when I don't see the bug, I can usually make it come back by making a significant change to a library and recompiling, then running without removing the registry first), which has the stack trace I gave, and the one in the JS GC code, which happens on Windows. Not clear whether these are the same crash or not. There's no GC in the stack traces I'm seeing, just app core, non-GC JS code, and RDF. The stack trace I posted before was abbreviated: here's the full trace: #0 0x40958fac in ?? () #1 0x4067cac7 in gdk_exit () #2 0x400217df in nsAppShellService::Shutdown (this=0x807bc08) at nsAppShellService.cpp:413 #3 0x40a6139f in nsEditorAppCore::Exit (this=0x80f54d8) at nsEditorAppCore.cpp:957 #4 0x40a71204 in EditorAppCoreExit (cx=0x80f44a0, obj=0x825ae98, argc=0, argv=0x81c7bc0, rval=0xbfffe188) at nsJSEditorAppCore.cpp:1103 #5 0x40445c83 in js_Invoke (cx=0x80f44a0, argc=0, constructing=0) at jsinterp.c:650 #6 0x40456456 in js_Interpret (cx=0x80f44a0, result=0xbfffe590) at jsinterp.c:2199 #7 0x40445ce1 in js_Invoke (cx=0x80f44a0, argc=0, constructing=0) at jsinterp.c:666 #8 0x40456456 in js_Interpret (cx=0x80f44a0, result=0xbfffe9c4) at jsinterp.c:2199 #9 0x40445ce1 in js_Invoke (cx=0x80f44a0, argc=1, constructing=0) at jsinterp.c:666 #10 0x40445f98 in js_CallFunctionValue (cx=0x80f44a0, obj=0x8152118, fval=135602464, argc=1, argv=0xbfffeb48, rval=0xbfffeb4c) at jsinterp.c:735 #11 0x4041fd95 in JS_CallFunctionValue (cx=0x80f44a0, obj=0x8152118, fval=135602464, argc=1, argv=0xbfffeb48, rval=0xbfffeb4c) at jsapi.c:2554 #12 0x4039f831 in nsJSEventListener::HandleEvent (this=0x829c370, aEvent=0x82c2bb0) at nsJSEventListener.cpp:97 #13 0x40d4a296 in nsEventListenerManager::HandleEvent (this=0x829c038, aPresContext=@0x80d4da0, aEvent=0xbfffecc0, aDOMEvent=0xbfffec38, aFlags=3, aEventStatus=@0xbfffecfc) at nsEventListenerManager.cpp:569 #14 0x40b0fd62 in RDFElementImpl::HandleDOMEvent (this=0x829bae0, aPresContext=@0x80d4da0, aEvent=0xbfffecc0, aDOMEvent=0xbfffec38, aFlags=1, aEventStatus=@0xbfffecfc) at nsRDFElement.cpp:2278 #15 0x400ea22e in nsMenuItem::DoCommand (this=0x82e78d8) at nsMenuItem.cpp:404 #16 0x400e9d3d in nsMenuItem::MenuItemSelected (this=0x82e78d8, aMenuEvent=@0xbfffed40) at nsMenuItem.cpp:300 #17 0x400eb2e2 in menu_item_activate_handler (w=0x82e5728, p=0x82e78d8) at nsGtkEventHandler.cpp:505 #18 0x4064e4ad in gtk_marshal_NONE__NONE () #19 0xab15 in ?? ()

This bug is getting confusing since, as Akkana has noted, it's really two separate bugs, and IMHO it's extremely unlikely that they are related. I'm going to split this into two new bugs and mark this one INVALID.

This bug was split into bugs 7940 and 7938.

Moving all Apprunner bugs past and present to Other component temporarily whilst don and I set correct component. Apprunner component will be deleted/retired shortly.