414559 - SeaMonkey (suiterunner) crash [@ nsExpirationTracker<gfxFont, 3u>::AddObject(gfxFont*)] at Sm shutdown

Status: VERIFIED FIXED

(SeaMonkey :: Find In Page, defect)

Description

[Tony Mechelynck [:tonymec]]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b3pre) Gecko/2008012702 SeaMonkey/2.0a1pre
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b3pre) Gecko/2008012601 SeaMonkey/2.0a1pre

Breakpad event bp-65861c59-cd04-11dc-b644-001a4bd46e84 at program shutdown

Reproducible: Sometimes

Steps to Reproduce:
Happened once so far
1. Ctrl-Q (Quit SeaMonkey)
2.
3.
Actual Results:  
crash

Expected Results:  
normal program closedown

Breakpad crash "Details":
------------------------------

Signature	nsExpirationTracker<gfxFont, 3u>::AddObject(gfxFont*)
UUID	65861c59-cd04-11dc-b644-001a4bd46e84
Time	2008-01-27 10:18:52-08:00
Uptime	0
Product	SeaMonkey
Version	2.0a1pre
Build ID	2008012601
OS	Linux
OS Version	0.0.0 Linux 2.6.22.13-0.3-default #1 SMP 2007/11/19 15:02:58 UTC i686 GNU/Linux
CPU	x86
CPU Info	AuthenticAMD family 1 model 7 stepping 1
Crash Reason	SIGSEGV
Crash Address	0xb5e7d320
Comments	Add a comment. Note: Comments are publicly visible

Crashing thread stack:
--------------------------

0  	nsExpirationTracker<gfxFont, 3u>::AddObject(gfxFont*)  	 mozilla/gfx/thebes/src/gfxFont.cpp:125
1 	gfxFontCache::NotifyReleased(gfxFont*) 	mozilla/gfx/thebes/src/gfxFont.cpp:146
2 	gfxFont::Release() 	mozilla/gfx/thebes/src/gfxFont.cpp:373
3 	nsRefPtr<gfxFont>::~nsRefPtr() 	mozilla/gfx/thebes/src/gfxFont.cpp:956
4 	nsTArrayElementTraits<nsRefPtr<gfxFont> >::Destruct(nsRefPtr<gfxFont>*) 	mozilla/gfx/thebes/src/gfxFont.cpp:197
5 	nsTArray<nsRefPtr<gfxFont> >::DestructRange(unsigned int, unsigned int) 	mozilla/gfx/thebes/src/gfxFont.cpp:718
6 	nsTArray<nsRefPtr<gfxFont> >::RemoveElementsAt(unsigned int, unsigned int) 	mozilla/gfx/thebes/src/gfxFont.cpp:569
7 	nsTArray<nsRefPtr<gfxFont> >::Clear() 	mozilla/gfx/thebes/src/gfxFont.cpp:580
8 	gfxFontGroup::~gfxFontGroup() 	mozilla/gfx/thebes/src/gfxPangoFonts.cpp:1373
9 	gfxPangoFontGroup::~gfxPangoFontGroup() 	mozilla/gfx/thebes/src/gfxPangoFonts.cpp:180
10 	gfxTextRunFactory::Release() 	mozilla/gfx/thebes/src/gfxFont.cpp:553
11 	gfxTextRun::~gfxTextRun() 	mozilla/gfx/thebes/src/gfxFont.cpp:1039
12 	FrameTextRunCache::NotifyExpired(gfxTextRun*) 	mozilla/layout/generic/nsTextFrameThebes.cpp:371
13 	nsExpirationTracker<gfxTextRun, 3u>::AgeOneGeneration() 	mozilla/layout/generic/nsTextFrameThebes.cpp:210
14 	nsExpirationTracker<gfxTextRun, 3u>::AgeAllGenerations() 	mozilla/layout/generic/nsTextFrameThebes.cpp:234
15 	FrameTextRunCache::~FrameTextRunCache() 	mozilla/layout/generic/nsTextFrameThebes.cpp:355
16 	nsTextFrameTextRunCache::Shutdown() 	mozilla/layout/generic/nsTextFrameThebes.cpp:431
17 	nsLayoutStatics::Shutdown() 	mozilla/layout/build/nsLayoutStatics.cpp:250
18 	nsLayoutStatics::Release() 	mozilla/layout/build/nsLayoutStatics.cpp:327
19 	nsNodeInfoManager::~nsNodeInfoManager() 	mozilla/content/base/src/nsNodeInfoManager.cpp:275
20 	nsNodeInfoManager::Release() 	mozilla/content/base/src/nsNodeInfoManager.cpp:299
21 	nsRefPtr<nsNodeInfoManager>::~nsRefPtr() 	mozilla/content/base/src/nsContentSink.cpp:956
22 	nsNodeInfo::LastRelease() 	mozilla/content/base/src/nsNodeInfo.cpp:302
23 	nsNodeInfo::Release() 	mozilla/content/base/src/nsNodeInfo.cpp:134
24 	nsCOMPtr_base::~nsCOMPtr_base() 	nsCOMPtr.cpp:81
25 	nsCOMPtr<nsINodeInfo>::~nsCOMPtr() 	mozilla/layout/build/nsContentDLF.cpp:542
26 	nsINode::~nsINode() 	mozilla/content/base/src/nsGenericElement.cpp:215
27 	nsIContent::~nsIContent() 	mozilla/content/base/src/nsGenericDOMDataNode.cpp:72
28 	nsGenericDOMDataNode::~nsGenericDOMDataNode() 	mozilla/content/base/src/nsGenericDOMDataNode.cpp:77
29 	nsTextNode::~nsTextNode() 	mozilla/content/base/src/nsTextNode.cpp:174
30 	nsNodeUtils::LastRelease(nsINode*) 	mozilla/content/base/src/nsNodeUtils.cpp:250
31 	nsGenericDOMDataNode::Release() 	mozilla/content/base/src/nsGenericDOMDataNode.cpp:114
32 	nsTextNode::Release() 	mozilla/content/base/src/nsTextNode.cpp:177
33 	nsCOMPtr_base::~nsCOMPtr_base() 	nsCOMPtr.cpp:81
34 	nsCOMPtr<nsIDOMNode>::~nsCOMPtr() 	mozilla/embedding/components/find/src/nsWebBrowserFind.cpp:542
35 	nsFind::~nsFind() 	mozilla/embedding/components/find/src/nsFind.cpp:523
36 	nsFind::Release() 	mozilla/embedding/components/find/src/nsFind.cpp:487
37 	nsCOMPtr_base::~nsCOMPtr_base() 	nsCOMPtr.cpp:81
38 	nsCOMPtr<nsIFind>::~nsCOMPtr() 	mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp:542
39 	nsTypeAheadFind::~nsTypeAheadFind() 	mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp:173
40 	nsTypeAheadFind::Release() 	mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp:127
41 	nsTypeAheadFind::ReleaseInstance() 	mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp:240
42 	TypeAheadFindModuleDtor(nsIModule*) 	mozilla/extensions/typeaheadfind/src/nsTypeAheadFindRegistration.cpp:90
43 	nsGenericModule::Shutdown() 	nsGenericFactory.cpp:340
44 	nsGenericModule::~nsGenericModule() 	nsGenericFactory.cpp:237
45 	nsGenericModule::Release() 	nsGenericFactory.cpp:245
46 	nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) 	nsCOMPtr.cpp:531
47 	nsCOMPtr_base::assign_with_AddRef(nsISupports*) 	nsCOMPtr.cpp:89
48 	nsCOMPtr<nsIModule>::operator=(nsIModule*) 	mozilla/xpcom/components/nsNativeComponentLoader.cpp:713
49 	nsNativeModuleLoader::ReleaserFunc(nsIHashable*, nsNativeModuleLoader::NativeLoadData&, void*) 	mozilla/xpcom/components/nsNativeComponentLoader.cpp:216
50 	nsBaseHashtable<nsHashableHashKey, nsNativeModuleLoader::NativeLoadData, nsNativeModuleLoader::NativeLoadData>::s_EnumStub(PLDHashTable*, PLDHashEntryHdr*, unsigned int, void*) 	mozilla/xpcom/components/nsNativeComponentLoader.cpp:346
51 	PL_DHashTableEnumerate 	pldhash.c:724
52 	nsBaseHashtable<nsHashableHashKey, nsNativeModuleLoader::NativeLoadData, nsNativeModuleLoader::NativeLoadData>::Enumerate(PLDHashOperator (*)(nsIHashable*, nsNativeModuleLoader::NativeLoadData&, void*), void*) 	mozilla/xpcom/components/nsNativeComponentLoader.cpp:221
53 	nsNativeModuleLoader::UnloadLibraries() 	mozilla/xpcom/components/nsNativeComponentLoader.cpp:255
54 	nsComponentManagerImpl::Shutdown() 	mozilla/xpcom/components/nsComponentManager.cpp:698
55 	NS_ShutdownXPCOM_P 	mozilla/xpcom/build/nsXPComInit.cpp:817
56 	ScopedXPCOMStartup::~ScopedXPCOMStartup() 	mozilla/toolkit/xre/nsAppRunner.cpp:898
57 	XRE_main 	mozilla/toolkit/xre/nsAppRunner.cpp:3248
58 	main 	mozilla/suite/app/nsSuiteApp.cpp:103
59 	libc-2.6.1.so@0x15fdf

Comment 1

[Andrew Schultz]

this was supposed to get squashed in bug 398084, but it seems to have started reappearing around 1/24 (based on crashreporter stats).

Comment 3

[Tony Mechelynck [:tonymec]]

Changed product/component away from MzSuite/General as per change to bug 419342 by matti@mversen.de, 2008-02-24 23:29:37 PST

Comment 4

[Tony Mechelynck [:tonymec]]

PS. AFAIK I don't have the privileges to alter AssignedTo / QAContact to the default values for the new product/component.

Comment 5

[Andrew Schultz]

Actually, I suspect FAYT as in bug 398084

Comment 6

[Tony Mechelynck [:tonymec]]

How could FAYT be involved with Ctrl-Q + "confirm close all tabs" Enter? Also, shoulodn't it happen every time then? I only get this bug very sporadically (once slightly less than a month ago and once a few days ago) while I quit SeaMonkey once a day?

Actually, Edit -> (Legacy Prefwindow...) -> Advanced -> Keyboard Navigation ->
_Find As You Type___________________________________________________
[ ] Find automatically when typing within a web page

is UNchecked here, and I didn't change that pref since getting bug 419342 (duped to this one) -- meaning that crash, bp-f9d45982-e316-11dc-a974-001a4bd46e84
, happened with FAYT disabled.

Comment 7

[Andrew Schultz]

> How could FAYT be involved...

Look at frames 39-42 of your stack.  The typeahead module is loaded and has handles to things and they don't get cleaned up properly during shutdown.

Comment 8

[Tony Mechelynck [:tonymec]]

Well, that other stack (in my dupe bug) also happens to have nsTypeAheadFind on the stack at approx. the same depth. However I only invoke FAYT by means of the / key. So if I follow you, searching with / (maybe, or maybe not, followed by Ctrl-G) creates a risk that "something" won't be properly cleared in a later (maybe much later) shutdown? We-e-e-lll... I guess one learns something every day.

Comment 9

[Mats Palmgren (inactive)]

Attachment: Patch rev. 1

I should have been a little more thorough in bug 398084...

Comment 10

[Mike Beltzner [:beltzner, not reading bugmail]]

Comment on attachment 305824 [details] [diff] [review]
Patch rev. 1

a=beltzner

Comment 11

[Mats Palmgren (inactive)]

mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.h 	1.38
mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp 	1.134 

-> FIXED

Comment 12

[Tony Mechelynck [:tonymec]]

(In reply to comment #11)
> mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.h     1.38
> mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp     1.134 
> 
> -> FIXED

I haven't seen this bug in quite some time; I'm setting it VERIFIED. Change it back with a comment (and, if it bugs you in a _recent_ Sm2 build, a UA string and a crash stack) if you're sure that I'm mistaken.