Closed Bug 603641 Opened 9 years ago Closed 9 years ago

Crash may occur when clicking in the awesome bar right after being in form view [@ nsIMEStateManager::GetFocusSelectionAndRoot ] on Linux 2.6.28

Categories

(Core :: DOM: Events, defect, critical)

ARM
Maemo
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
fennec 2.0+ ---

People

(Reporter: nhirata, Assigned: crowderbt)

References

Details

(Keywords: crash, topcrash, Whiteboard: [VKB])

Crash Data

Attachments

(1 file, 2 obsolete files)

Mozilla/5.0 (Maemo;Linux armv71; rv:2.0b8pre)Gecko/20101012 Firefox/4.0b8pre Fennec/4.0b2pre

1. place the device in portrait view
2. go to URL http://www.amazon.com
3. click in the search field to bring up the form helper + Virtual KeyBoard
4. click in the awesomebar

Expected: VKB dismisses and may crash.
crash logs:
1. 68e7e1bb-d41e-3a96-40376275-42529707
2. bp-4fc36e22-efb8-424c-8ee7-4391a2101012
Actual: Goes to the awesome page


Note:
http://crash-stats.mozilla.com/report/index/abedf88a-ebc7-47cd-ae55-cca892101012

Fennec 4.0b2pre Crash Report [@ nsIMEStateManager::GetFocusSelectionAndRoot ]
Search Mozilla Support for Help
ID: abedf88a-ebc7-47cd-ae55-cca892101012
Signature: nsIMEStateManager::GetFocusSelectionAndRoot

    Details
    Modules
    Raw Dump
    Extensions
    Comments
    Correlations

Signature	nsIMEStateManager::GetFocusSelectionAndRoot
UUID	abedf88a-ebc7-47cd-ae55-cca892101012
Time 	2010-10-12 08:51:02.24019
Uptime	0
Install Age	272 seconds (4.5 minutes) since version was first installed.
Product	Fennec
Version	4.0b2pre
Build ID	20101012024103
OS	Linux
OS Version	0.0.0 Linux 2.6.28-omap1 #1 PREEMPT Thu Apr 15 09:47:09 EEST 2010 armv7l
CPU	arm
CPU Info	
Crash Reason	SIGSEGV
Crash Address	0x0
User Comments	
Processor Notes 	
EMCheckCompatibility	False
Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	libxul.so 	nsIMEStateManager::GetFocusSelectionAndRoot 	content/events/src/nsIMEStateManager.cpp:635
1 	libxul.so 	nsContentEventHandler::OnSelectionEvent 	content/events/src/nsContentEventHandler.cpp:934
2 	libxul.so 	nsEventStateManager::PreHandleEvent 	content/events/src/nsEventStateManager.cpp:1393
3 	libxul.so 	PresShell::HandleEventInternal 	layout/base/nsPresShell.cpp:6917
4 	libxul.so 	PresShell::HandleEvent 	layout/base/nsPresShell.cpp:6686
5 	libxul.so 	nsViewManager::HandleEvent 	view/src/nsViewManager.cpp:1093
6 	libxul.so 	nsViewManager::DispatchEvent 	view/src/nsViewManager.cpp:1071
7 	libxul.so 	HandleEvent 	view/src/nsView.cpp:161
8 	libxul.so 	mozilla::widget::PuppetWidget::DispatchEvent 	widget/src/xpwidgets/PuppetWidget.cpp:299
9 	libxul.so 	mozilla::widget::PuppetWidget::DispatchEvent 	widget/src/xpwidgets/PuppetWidget.cpp:306
10 	libxul.so 	mozilla::dom::TabChild::DispatchWidgetEvent 	dom/ipc/TabChild.cpp:590
11 	libxul.so 	mozilla::dom::TabChild::RecvSelectionEvent 	dom/ipc/TabChild.cpp:578
12 	libxul.so 	mozilla::dom::PBrowserChild::OnMessageReceived 	PBrowserChild.cpp:1103
13 	libxul.so 	mozilla::dom::PContentChild::OnMessageReceived 	PContentChild.cpp:657
14 	libxul.so 	mozilla::ipc::AsyncChannel::OnDispatchMessage 	ipc/glue/AsyncChannel.cpp:262
15 	libxul.so 	mozilla::ipc::RPCChannel::OnMaybeDequeueOne 	ipc/glue/RPCChannel.cpp:438
16 	libxul.so 	RunnableMethod<mozilla::ipc::RPCChannel,bool ,Tuple0>::Run 	ipc/chromium/src/base/tuple.h:383
17 	libxul.so 	mozilla::ipc::RPCChannel::DequeueTask::Run 	RPCChannel.h:449
18 	libxul.so 	MessageLoop::RunTask 	ipc/chromium/src/base/message_loop.cc:343
19 	libxul.so 	MessageLoop::DeferOrRunPendingTask 	ipc/chromium/src/base/message_loop.cc:351
20 	libxul.so 	MessageLoop::DoWork 	ipc/chromium/src/base/message_loop.cc:451
21 	libxul.so 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:114
22 	libxul.so 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:229
23 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:219
24 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:202
25 	libxul.so 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:180
26 	libxul.so 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp:631
27 	libxul.so 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:215
28 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:219
29 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:202
30 	libxul.so 	XRE_InitChildProcess 	toolkit/xre/nsEmbedFunctions.cpp:506
31 	plugin-container 	main 	ipc/app/MozillaRuntimeMain.cpp:67
32 	libc-2.5.so 	libc-2.5.so@0x14973 	
33 	plugin-container 	plugin-container@0x10eb 	
34 	libc-2.5.so 	libc-2.5.so@0x14927
Expected and Actual corrections:

Expected: VKB dismisses 
Actual: Goes to the awesome page and may crash.
crash logs:
1. 68e7e1bb-d41e-3a96-40376275-42529707
2. bp-4fc36e22-efb8-424c-8ee7-4391a2101012
Severity: normal → major
Summary: [VKB]Crash may occur when clicking in the awesome bar right after being in form view → Crash may occur when clicking in the awesome bar right after being in form view
Whiteboard: [VKB]
Summary: Crash may occur when clicking in the awesome bar right after being in form view → Crash may occur when clicking in the awesome bar right after being in form view [@ nsIMEStateManager::GetFocusSelectionAndRoot ]
Severity: major → critical
Duplicate of this bug: 605989
chenn@24836   659  NS_ASSERTION(sTextStateObserver->mSel && sTextStateObserver->mRootContent,
chenn@24836   660               "uninitialized text state observer");
chenn@24836   661  NS_ADDREF(*aSel = sTextStateObserver->mSel);

mSel is null.
Blocks: 88831
Component: General → DOM: Events
Product: Fennec → Core
QA Contact: general → events
Assignee: nobody → jimnchen+bmo
Duplicate of this bug: 609991
tracking-fennec: --- → ?
Naoki - Does this still happen for you?
Keywords: topcrash
Assignee: jimnchen+bmo → crowderbt
tracking-fennec: ? → 2.0+
I'm not a good owner for this; my N900 does not seem to want to do portrait mode (too old?)
crowder: err, the current system software is pr1.3 (20.2010.36-2). But portrait mode is mostly application specific, and the vkb doesn't support portrait (it just opens in landscape).
I have that rev of system software ("About product" says 20.2010.36-2.002), but Fennec still does not rotate into portrait mode when I tilt my device on its side.  Also, if the VKB doesn't work in portrait, how do you explain the original STR?
Also, I do not get a VKB in landscape.
ah, that's easy, vkb is off by default, open settings, open text input, check the first check item (roughly "use virtual keyboard")
Please reopen with better STR, if you can find them.  I still see a crash with a similar signature happening as recently as 12/6, but don't know how to reproduce this.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
Summary: Crash may occur when clicking in the awesome bar right after being in form view [@ nsIMEStateManager::GetFocusSelectionAndRoot ] → Crash may occur when clicking in the awesome bar right after being in form view [@ nsIMEStateManager::GetFocusSelectionAndRoot ] on Linux 2.6.28
Scoobidiver:  You've changed the summary, does this mean you have steps-to-reproduce that work on Linux (as opposed to MaeMo)?
Attached patch wallpaper (obsolete) — Splinter Review
Can people who are getting this crash reliably try this fix?
Reopening since I think this might be fixable (in spite of lack of STR)
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
> Scoobidiver:  You've changed the summary, does this mean you have
> steps-to-reproduce that work on Linux (as opposed to MaeMo)?
I did it according to the crash stats because crashes happen to four different users only on this Linux version.
http://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=nsIMEStateManager%3A%3AGetFocusSelectionAndRoot&version=Fennec%3A4.0b3pre
Attached patch the right fix (obsolete) — Splinter Review
Actually the right fix is this....  I'm keeping the mEditableNode check here, though masayuki suggests it may be unnecessary.
Attachment #496812 - Attachment is obsolete: true
Attachment #496821 - Flags: review?
Comment on attachment 496821 [details] [diff] [review]
the right fix

r=masayuki
Attachment #496821 - Flags: review? → review+
Keywords: checkin-needed
Carrying over masayuki's review, with a=blocking added to the patch file (and my username)
Attachment #496821 - Attachment is obsolete: true
Attachment #496823 - Flags: review+
http://hg.mozilla.org/mozilla-central/rev/ed44f2f4c7cb

QA please verify this in a few days by looking at top crashes for Fennec?
Status: REOPENED → RESOLVED
Closed: 9 years ago9 years ago
Resolution: --- → FIXED
Keywords: checkin-needed
Crash Signature: [@ nsIMEStateManager::GetFocusSelectionAndRoot ]
You need to log in before you can comment on or make changes to this bug.