Closed Bug 1370669 Opened 7 years ago Closed 4 years ago

Assertion failure: mTable.GetWeak(addr) == aEvent [@ mozilla::a11y::NotificationController::EventMap::RemoveEvent]

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla80

Tracking Flags:

Tracking

Status

firefox-esr52

---

wontfix

firefox-esr60

---

wontfix

firefox-esr68

---

wontfix

firefox-esr78

---

wontfix

firefox56

---

wontfix

firefox57

---

wontfix

firefox58

---

wontfix

firefox59

---

wontfix

firefox69

---

wontfix

firefox70

---

wontfix

firefox71

---

wontfix

firefox78

---

wontfix

firefox79

---

wontfix

firefox80

---

fixed

People

(Reporter: tsmith, Assigned: eeejay)

References

(Depends on 1 open bug, Blocks 1 open bug, Regression)

Details

(Keywords: assertion, regression, testcase)

Attachments

(2 files)

test_case.html 7 years ago Tyson Smith [:tsmith] 541 bytes, text/html		Details
Bug 1370669 - Don't queue redundant hide events. r?Jamie! 4 years ago Eitan Isaacson [:eeejay] 47 bytes, text/x-phabricator-request		Details \| Review

Tyson Smith [:tsmith]

Reporter

Description

•

7 years ago

Attached file test_case.html — Details

Assertion failure: mTable.GetWeak(addr) == aEvent (mTable has the wrong event), at src/accessible/base/NotificationController.cpp:935

This test case requires fuzzPriv extension is required. It can be found here https://github.com/MozillaSecurity/domfuzz/tree/master/dom/extension

e10s was disabled when this assertion was discovered.

#0 0x7fb03c35d069 in mozilla::a11y::NotificationController::EventMap::RemoveEvent(mozilla::a11y::AccTreeMutationEvent*) src/accessible/base/NotificationController.cpp:932:3
#1 0x7fb03c35ee7c in mozilla::a11y::NotificationController::WillRefresh(mozilla::TimeStamp) src/accessible/base/NotificationController.cpp:850:18
#2 0x7fb03a1ec35f in nsRefreshDriver::Tick(long, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:1790:12
#3 0x7fb03a1f514e in mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:300:7
#4 0x7fb03a1f4f1d in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:321:5
#5 0x7fb03a1f8d65 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:753:5
#6 0x7fb03a1f7886 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:666:35
#7 0x7fb03a1f3537 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() src/layout/base/nsRefreshDriver.cpp:512:20
#8 0x7fb034c35ff1 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1302:14
#9 0x7fb034c401a0 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:393:10
#10 0x7fb03576a235 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:96:21
#11 0x7fb0356b71d7 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:238:10
#12 0x7fb0356b7069 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:211:3
#13 0x7fb039d1b07a in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:156:27
#14 0x7fb03c8fb471 in nsAppStartup::Run() src/toolkit/components/startup/nsAppStartup.cpp:283:30
#15 0x7fb03ca54a52 in XREMain::XRE_mainRun() src/toolkit/xre/nsAppRunner.cpp:4568:22
#16 0x7fb03ca5668b in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4748:8
#17 0x7fb03ca57578 in XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4843:21
#18 0x4eca88 in do_main(int, char**, char**) src/browser/app/nsBrowserApp.cpp:236:22
#19 0x4ec3a0 in main src/browser/app/nsBrowserApp.cpp:309:16
#20 0x7fb0516f582f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291
#21 0x41e0d4 in _start (debug/firefox+0x41e0d4)

David Bolter [:davidb] (NeedInfo me for attention)

Updated

•

7 years ago

Priority: -- → P3

alexander :surkov (:asurkov)

Comment 1

•

7 years ago

p3 backlog is probably a way to get the issue lost, while it may be quite serious; marking as depending on bug 1368784 to keep track of it

Depends on: 1368784

Ryan VanderMeulen [:RyanVM]

Comment 2

•

7 years ago

INFO: Last good revision: 75fc07efe46f01a41b42b9549ca08ad32c4e78f5
INFO: First bad revision: 916cbaf21a63da2f7953933481a502d7db9b39a0
INFO: Pushlog:
https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=75fc07efe46f01a41b42b9549ca08ad32c4e78f5&tochange=916cbaf21a63da2f7953933481a502d7db9b39a0

Which isn't a surprising result I guess since that's the bug which added said assert to begin with.

Blocks: 1270916

Has Regression Range: --- → yes

status-firefox56: --- → wontfix

status-firefox57: --- → wontfix

status-firefox58: --- → fix-optional

status-firefox-esr52: --- → wontfix

Version: Trunk → 52 Branch

Firefox Bug Husbandry Bot

Comment 3

•

6 years ago

https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Move_fix-optionals

status-firefox58: fix-optional → wontfix

status-firefox59: --- → ?

Tyson Smith [:tsmith]

Reporter

Updated

•

5 years ago

status-firefox59: ? → wontfix

status-firefox69: --- → wontfix

status-firefox70: --- → wontfix

status-firefox71: --- → affected

status-firefox-esr60: --- → wontfix

status-firefox-esr68: --- → affected

Tyson Smith [:tsmith]

Reporter

Comment 4

•

4 years ago

This issue has been around for a long time and the fuzzers continue to trip over it. This issue is not quite a fuzzblocker[1] but it is pretty close. Jamie can you please find someone to have a look if possible? Thank you.

[1] https://firefox-source-docs.mozilla.org/tools/fuzzing/index.html#fuzz-blockers

status-firefox71: affected → wontfix

status-firefox78: --- → wontfix

status-firefox79: --- → affected

status-firefox80: --- → affected

status-firefox-esr78: --- → affected

Flags: needinfo?(jteh)

Eitan Isaacson [:eeejay]

Assignee

Comment 5

•

4 years ago

Attached file Bug 1370669 - Don't queue redundant hide events. r?Jamie! — Details

An accessible can be hidden twice in a mutation event queue. With the first
time representing a move. Instead of queueing a second hide event,
simply drop it.

Phabricator Automation

Updated

•

4 years ago

Assignee: nobody → eitan

Status: NEW → ASSIGNED

Pulsebot

Comment 6

•

4 years ago

Pushed by eisaacson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cf05cf3ac8c6
Don't queue redundant hide events. r=Jamie

Dorel Luca [:dluca]

Comment 7

•

4 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/cf05cf3ac8c6

Status: ASSIGNED → RESOLVED

Closed: 4 years ago

status-firefox80: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla80

Ryan VanderMeulen [:RyanVM]

Comment 8

•

4 years ago

Can we land a test for this?

status-firefox79: affected → wontfix

status-firefox-esr68: affected → wontfix

status-firefox-esr78: affected → wontfix

Flags: needinfo?(jteh)

Flags: needinfo?(eitan)

Flags: in-testsuite?

Ryan VanderMeulen [:RyanVM]

Comment 9

•

4 years ago

Jamie, maybe you can answer comment 6?

Flags: needinfo?(jteh)

Eitan Isaacson [:eeejay]

Assignee

Comment 10

•

4 years ago

I tried to get a test for this, but it this isn't easy to reproduce reliably. Kept the ni open hoping to come back and try again. but i'm just going to admit failure.

Flags: needinfo?(eitan)

James Teh [:Jamie]

Comment 11

•

4 years ago

See comment 10.

Flags: needinfo?(jteh)

Marco Castelluccio [:marco]

Updated

•

3 years ago

Keywords: regression

Marco Castelluccio [:marco]

Updated

•

2 years ago

No longer blocks: 1270916

Regressed by: 1270916

You need to log in before you can comment on or make changes to this bug.