Closed Bug 252029 Opened 20 years ago Closed 19 years ago

crash or freeze while entering text in text areas

Categories

(Firefox :: Search, defect)

Product:
Firefox
Component:
Search
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: otto, Assigned: p_ch)

Details

(Keywords: crash, hang)

Attachments

(1 file)

Complete strace -ff output from a hang case
91.84 KB, application/gzip
Details 
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7) Gecko/20040718
Build Identifier: Firefox 0.9.x built from source via gentoo portage on AMD64

Firefox versions 0.9.x (0.9, 0.9.1, and 0.9.2 so far) sporadically crash while
entering text in text fields (single line ones, no occuraces in textarea tags).

Reproducible: Sometimes
Steps to Reproduce:
1.Just type stuff into a text field
2.
3.

Actual Results:  
Crash or freeze

Expected Results:  
Continued working so I could hit return or submit

Here are some straces from when entering text in the quick search bar (to the
left of the location bar)
CRASH:poll([{fd=3, events=POLLIN, revents=POLLIN}, {fd=11, events=POLLIN},
{fd=15, events=POLLIN|POLLPRI}, {fd=17, events=POLLIN}, {fd=19,
events=POLLIN|POLLPRI}, {fd=20, events=POLLIN|POLLPRI}, {fd=21,
events=POLLIN|POLLPRI}, {fd=4, events=POLLIN}], 8, 590) = 1
ioctl(3, FIONREAD, [32])                = 0
read(3, "\2)\214y\263yI)@\0\0\0/\0 \0024\0 \2\251\4D\0_\0030\0\20"..., 32) = 32
write(5, "\372", 1)                     = 1
kill(31589, SIGRTMIN)                   = 0
kill(31589, SIGRTMIN)                   = 0
kill(31589, SIGRTMIN)                   = 0
write(3, "\22\0\7\0/\0 \2e\1\0\0\6\0\0\0 \3\5\0\1\0\0\0\263yI)5\30"..., 1296) = 1296
ioctl(3, FIONREAD, [0])                 = 0
poll([{fd=3, events=POLLIN}, {fd=11, events=POLLIN}, {fd=15,
events=POLLIN|POLLPRI}, {fd=17, events=POLLIN}, {fd=19, events=POLLIN|POLLPRI},
{fd=20, events=POLLIN|POLLPRI}, {fd=21, events=POLLIN|POLLPRI}, {fd=4,
events=POLLIN, revents=POLLIN}], 8, 0) = 1
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
unlink("/home/atrus/.mozilla/firefox/default.7pu/lock") = 0
rt_sigaction(SIGSEGV, {SIG_DFL}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
kill(31586, SIGSEGV)                    = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++


FREEZE:
read(42, "// <!-- <mdb:mork:z v=\"1.4\"/> --"..., 17607) = 17607
read(42, "\n\n<(146=S$00E$00A$00R$00C$00H$00"..., 131072) = 3381
read(42, "", 131072)                    = 0
fstat(42, {st_mode=S_IFREG|0644, st_size=20988, ...}) = 0
lseek(42, 20988, SEEK_SET)              = 20988
lseek(42, 20988, SEEK_SET)              = 20988
lseek(42, 0, SEEK_SET)                  = 0
read(42, "// <!-- <mdb:mork:z v=\"1.4\"/> --"..., 20423) = 20423
read(42, "\n\n<(16A=f$00i$00r$00e$00f$00o$00"..., 131072) = 565
read(42, "", 131072)                    = 0
fstat(42, {st_mode=S_IFREG|0644, st_size=20988, ...}) = 0
lseek(42, 20988, SEEK_SET)              = 20988
lseek(42, 20988, SEEK_SET)              = 20988
lseek(42, 0, SEEK_SET)                  = 0
read(42, "// <!-- <mdb:mork:z v=\"1.4\"/> --"..., 20822) = 20822
read(42, "\n\n<(16D= $00f$00i$00r$00e$00f$00"..., 131072) = 166
read(42, "", 131072)                    = 0
lseek(42, 20988, SEEK_SET)              = 20988
read(42, "", 131072)                    = 0
stat("/home/atrus/.mozilla/firefox/default.7pu/formhistory.dat",
{st_mode=S_IFREG|0644, st_size=20988, ...}) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
unlink("/home/atrus/.mozilla/firefox/default.7pu/lock") = 0
rt_sigprocmask(SIG_SETMASK, NULL, ~[KILL STOP], 8) = 0
rt_sigsuspend(~[KILL STOP RTMIN]
Nikolas: Could you reproduce crash with official build? Could you provide
TalkBack incident ID in such case?
Keywords: crash, hang
(In reply to comment #1)
> Nikolas: Could you reproduce crash with official build? Could you provide
> TalkBack incident ID in such case?

If an AMD64 "offical build" was available, I would ...

I can try building it with debug info and get a real stack trace, if you like.
Stack trace:

Program received signal SIGSEGV, Segmentation fault.
0x0000002a974ee339 in kill () from /lib/libc.so.6
(gdb) where
#0  0x0000002a974ee339 in kill () from /lib/libc.so.6
#1  0x0000002a95d3073b in pthread_kill () from /lib/libpthread.so.0
#2  0x0000002a95d30a52 in raise () from /lib/libpthread.so.0
#3  0x000000000040f34f in nsProfileLock::FatalSignalHandler(int) ()
#4  0x0000002a95d32d4e in pthread_barrierattr_setpshared () from
/lib/libpthread.so.0
#5  <signal handler called>
#6  0x0000002a9e6a208c in ?? ()
#7  0x0001001100000001 in ?? ()
#8  0x0000002a9585ce85 in NS_QuickSort () from /usr/lib/MozillaFirefox/libxpcom.so
#9  0x0000002a9e6a1e68 in ?? ()
#10 0x0000000000c945c8 in ?? ()

Obviously I need to kick some things and compile with debug symbols
Complete gdb output. No, I don't know why the #$@#%@$ debugging symbols aren't
working or info threads (they're already dead?). If you have directions or a
"for dummies like me" page to point me to, let me know.

nsNativeComponentLoader: autoregistering begins.
nsNativeComponentLoader: autoregistering succeeded
nNCL: registering deferred (0)
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51

Program received signal SIG32, Real-time event 32.
0x0000002a95de055e in pthread_getconcurrency () from /lib/libpthread.so.0
(gdb) cont
Continuing.

(firefox-bin:3234): Gtk-WARNING **:
/usr/lib/gtk-2.0/2.4.0/engines/libcleanice.so: undefined symbol: GTK_IS_COMBO
GFX: dpi=95 t2p=0.0666667 p2t=15 depth=24
++WEBSHELL == 1
++DOMWINDOW == 1
For application/x-java-vm found plugin
/opt/blackdown-jdk-1.4.2_rc1/jre/plugin/amd64/mozilla/libjavaplugin_oji.so
LoadPlugin()
/opt/blackdown-jdk-1.4.2_rc1/jre/plugin/amd64/mozilla/libjavaplugin_oji.so
returned 69c300

Program received signal SIG32, Real-time event 32.
0x0000002a95de055e in pthread_getconcurrency () from /lib/libpthread.so.0
(gdb) cont
Continuing.
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsPermissionManager.cpp,
line 635

Program received signal SIG32, Real-time event 32.
0x0000002a95de055e in pthread_getconcurrency () from /lib/libpthread.so.0
(gdb) cont
Continuing.
++WEBSHELL == 2
++DOMWINDOW == 2
Note: verifyreflow is disabled
Note: styleverifytree is disabled
Note: frameverifytree is disabled
++WEBSHELL == 3
++DOMWINDOW == 3

Program received signal SIG32, Real-time event 32.
0x0000002a95de055e in pthread_getconcurrency () from /lib/libpthread.so.0
(gdb) cont
Continuing.
++WEBSHELL == 4
++DOMWINDOW == 4
WARNING: NS_ENSURE_TRUE(contentViewer) failed, file nsFormFillController.cpp,
line 789
CSS Error (http://news.google.com/ :20.2): Selector expected.  Ruleset ignored
due to bad selector.
CSS Error (http://news.google.com/ :21.0): Unexpected end of file while
searching for closing } of invalid rule set.
CSS Error (http://news.google.com/ :1.12): Error in parsing value for property
'cursor'.  Declaration dropped.
CSS Error (http://news.google.com/ :1.12): Error in parsing value for property
'cursor'.  Declaration dropped.
CSS Error (http://news.google.com/ :1.12): Error in parsing value for property
'cursor'.  Declaration dropped.
CSS Error (http://news.google.com/ :1.12): Error in parsing value for property
'cursor'.  Declaration dropped.
CSS Error (http://news.google.com/ :1.12): Error in parsing value for property
'cursor'.  Declaration dropped.
CSS Error (http://news.google.com/ :1.12): Error in parsing value for property
'cursor'.  Declaration dropped.
CSS Error (http://news.google.com/ :1.12): Error in parsing value for property
'cursor'.  Declaration dropped.
CSS Error (http://news.google.com/ :1.10): Unknown property 'behavior'. 
Declaration dropped.

Program received signal SIG32, Real-time event 32.
0x0000002a95de055e in pthread_getconcurrency () from /lib/libpthread.so.0
(gdb) cont
Continuing.
CSS Error (http://news.google.com/ :1.12): Error in parsing value for property
'cursor'.  Declaration dropped.
... (more CSS Errors, clipped for sanity) ...
###!!! ASSERTION: nsVoidArray::ElementAt(index past end array) - note on bug
96108: 'aIndex < Count()', file ../../../../dist/include/xpcom/nsVoidArray.h,
line 72
Break: at file ../../../../dist/include/xpcom/nsVoidArray.h, line 72
###!!! ASSERTION: nsVoidArray::ElementAt(index past end array) - note on bug
96108: 'aIndex < Count()', file ../../../../dist/include/xpcom/nsVoidArray.h,
line 72
Break: at file ../../../../dist/include/xpcom/nsVoidArray.h, line 72
###!!! ASSERTION: nsVoidArray::ElementAt(negative index) - note on bug 96108:
'aIndex >= 0', file ../../../../dist/include/xpcom/nsVoidArray.h, line 71
Break: at file ../../../../dist/include/xpcom/nsVoidArray.h, line 71

Program received signal SIGSEGV, Segmentation fault.
0x0000002a9eeeabd2 in ?? ()
(gdb) info threads
(gdb) where
#0  0x0000002a9eeeabd2 in ?? ()
#1  0x0000000001081630 in ?? ()
#2  0x0000007fbfffe820 in ?? ()
#3  0x0000000001081660 in ?? ()
#4  0x0000002a9ef0ffbd in ?? ()
#5  0x0000000001081670 in ?? ()
#6  0x0000000000000008 in ?? ()
#7  0x0000000001081660 in ?? ()
#8  0x0000002a958c38c1 in NS_QuickSort () from /usr/lib/MozillaFirefox/libxpcom.so
#9  0x0000002a9ef0fe3f in ?? ()
#10 0x0000007fbfffe8b0 in ?? ()
#11 0x0000007fbfffe890 in ?? ()
#12 0x0000000000dd6bc0 in ?? ()
#13 0x00000000012d1ef0 in ?? ()
(gdb) cont        
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x0000002a9759e339 in kill () from /lib/libc.so.6
(gdb) where
#0  0x0000002a9759e339 in kill () from /lib/libc.so.6
#1  0x0000002a95de073b in pthread_kill () from /lib/libpthread.so.0
#2  0x0000002a95de0a52 in raise () from /lib/libpthread.so.0
#3  0x0000000000424baf in nsProfileLock::FatalSignalHandler(int) ()
#4  0x0000002a95de2d4e in pthread_barrierattr_setpshared () from
/lib/libpthread.so.0
#5  <signal handler called>
#6  0x0000002a9eeeabd2 in ?? ()
#7  0x0000000001081630 in ?? ()
#8  0x0000007fbfffe820 in ?? ()
#9  0x0000000001081660 in ?? ()
#10 0x0000002a9ef0ffbd in ?? ()
#11 0x0000000001081670 in ?? ()
#12 0x0000000000000008 in ?? ()
#13 0x0000000001081660 in ?? ()
#14 0x0000002a958c38c1 in NS_QuickSort () from /usr/lib/MozillaFirefox/libxpcom.so
#15 0x0000002a9ef0fe3f in ?? ()
#16 0x0000007fbfffe8b0 in ?? ()
#17 0x0000007fbfffe890 in ?? ()
#18 0x0000000000dd6bc0 in ?? ()
#19 0x00000000012d1ef0 in ?? ()
(gdb) cont
Continuing.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
I believe this to be a duplicate of 236792, which I have just proposed a fix for.

I also have this problem.
When entering text fields on and off, yet definately reproducable, the whole
browser will just become unresponsive.
After a sometimes long wait it will become responsive again.

This still stands in v1.0 PRE.

OS: Linux (Gentoo) 2.6.8.1
Version: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040916 Firefox/0.10
This looks exactly like bug 236792, which itself is a dupe of 248442, which was
marked fixed on aviary before the 0.9.x releases.
if it works for you with Firefox 1.0 release, please resolve this bug as
worksforme. Some things were fixed after 1.0PR.

Otherwise, please try a new profile. A few people reported the problem goes away.
If it is reproducible, please submit a talkback report, which will (probably)
have all correct symbols.
Sorry about the absurd delay in closing this.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: