Closed Bug 1888800 Opened 2 years ago Closed 1 month ago

Crash in [@ nsINode::IsMaybeSelected]

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
Other
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox124 --- unaffected
firefox125 --- unaffected
firefox126 --- disabled
firefox127 --- disabled

People

(Reporter: release-mgmt-account-bot, Unassigned)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression, topcrash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/8c01bf6f-bd7c-410d-a0c7-f642a0240327

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0  xul.dll  nsINode::IsMaybeSelected const  dom/base/nsINode.h:1593
0  xul.dll  mozilla::dom::AbstractRange::MarkDescendants  dom/base/AbstractRange.cpp:119
0  xul.dll  mozilla::dom::AbstractRange::RegisterClosestCommonInclusiveAncestor  dom/base/AbstractRange.cpp:418
0  xul.dll  mozilla::dom::AbstractRange::RegisterSelection  dom/base/AbstractRange.cpp:386
1  xul.dll  mozilla::dom::Selection::StyledRanges::MaybeAddRangeAndTruncateOverlaps  dom/base/Selection.cpp:1213
2  xul.dll  mozilla::dom::Selection::AddRangesForUserSelectableNodes  dom/base/Selection.cpp:1117
3  xul.dll  mozilla::dom::Selection::SetAnchorFocusToRange  dom/base/Selection.cpp:2828
4  xul.dll  mozilla::dom::Selection::Extend  dom/base/Selection.cpp:3038
5  xul.dll  mozilla::dom::Selection::Extend  dom/base/Selection.cpp:2905
6  xul.dll  nsFrameSelection::TakeFocus  layout/generic/nsFrameSelection.cpp:1436

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

  • First crash report: 2024-03-27
  • Process type: Content
  • Is startup crash: No
  • Has user comments: No
  • Is null crash: Yes - all crashes happened on null or near null memory address

By analyzing the backtrace, the regression may have been introduced by a patch [1] to fix Bug 1867058.

[1] https://hg.mozilla.org/mozilla-central/rev?node=edcf770a3a1d

:sefeng, since you are the author of the potential regressor, could you please take a look?

Flags: needinfo?(sefeng)
Depends on: 1887963
Flags: needinfo?(sefeng)

:sefeng, since you are the author of the regressor, bug 1867058, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

Flags: needinfo?(sefeng)

:sefeng this is the final week of nightly for Fx126.
Are you planning any more investigation here?

Bug 1887963 landed on 2024-04-03 and so far there has been one crash report since then.

Followed up offline, this is nightly only for now and low volume. Leaving as is for now and will set the Fx126 status to disabled once we hit beta.
The pref is dom.shadowdom.selection_across_boundary.enabled

Flags: needinfo?(sefeng)
Severity: -- → S3

Set release status flags based on info from the regressing bug 1867058

status-firefox127: --- → affected
See Also: → 2023029

The bug is linked to a topcrash signature, which matches the following criterion:

  • Top 10 desktop browser crashes on nightly

:hsinyi, could you consider increasing the severity of this top-crash bug?

For more information, please visit BugBot documentation.

Flags: needinfo?(htsai)
Keywords: topcrash

Hi Masayuki, can you please confirm if it's fixed per https://bugzilla.mozilla.org/show_bug.cgi?id=2023029#c3 , or what's the next action we should take here? Thanks.

Flags: needinfo?(htsai) → needinfo?(masayuki)

According to the log of the crash reports, this must have been "fixed" by the backout. I'll be back on April to fix these crashes and fixing the wrong logic of the new patches with adding new patches.

Status: NEW → RESOLVED
Closed: 1 month ago
Flags: needinfo?(masayuki)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.