Closed Bug 1797001 Opened 2 years ago Closed 2 years ago

Crash in [@ mozilla::a11y::LocalAccessible::BundleFieldsForCache]

Categories

(Core :: Disability Access APIs, defect)

defect

Tracking

()

RESOLVED FIXED
108 Branch
Tracking Status
firefox-esr102 --- unaffected
firefox106 --- unaffected
firefox107 --- unaffected
firefox108 + fixed

People

(Reporter: aryx, Assigned: eeejay)

References

(Regression)

Details

(Keywords: crash, regression, topcrash, Whiteboard: [ctw-m3])

Crash Data

90+ crashes, first affected build is Firefox 108.0a1 20221020215126

Crash report: https://crash-stats.mozilla.org/report/index/156fbb3d-1970-4a50-a84d-0818b0221023

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0 libxul.so mozilla::a11y::LocalAccessible::BundleFieldsForCache accessible/generic/LocalAccessible.cpp:3265
1 libxul.so mozilla::a11y::LocalAccessible::SendCache accessible/generic/LocalAccessible.cpp:3104
2 libxul.so mozilla::a11y::DocAccessible::DoInitialUpdate accessible/generic/DocAccessible.cpp:1642
3 libxul.so mozilla::a11y::NotificationController::WillRefresh accessible/base/NotificationController.cpp:668
4 libxul.so nsRefreshDriver::Tick layout/base/nsRefreshDriver.cpp:2525
5 libxul.so mozilla::RefreshDriverTimer::TickDriver layout/base/nsRefreshDriver.cpp:375
5 libxul.so mozilla::InactiveRefreshDriverTimer::TickOne layout/base/nsRefreshDriver.cpp:1107
5 libxul.so mozilla::InactiveRefreshDriverTimer::TimerTickOne layout/base/nsRefreshDriver.cpp:1116
6 libxul.so nsTimerImpl::Fire const xpcom/threads/nsTimerImpl.cpp:661
6 libxul.so mozilla::detail::VariantImplementation<unsigned char,  mfbt/Variant.h:309
Flags: needinfo?(mreschenberg)
Whiteboard: [ctw-m3]

I'm hitting this reliably on https://www.espn.com/college-football/schedule

Given the volume, this is very much in topcrash territory.

Keywords: topcrash

96% of the crash reports are from Android, but there are also crash reports from Windows, macOS, and Linux.

OS: Unspecified → All
Hardware: Unspecified → All

The bug is marked as tracked for firefox108 (nightly). However, the bug still isn't assigned.

:fgriffith, could you please find an assignee for this tracked bug? Given that it is a regression and we know the cause, we could also simply backout the regressor. If you disagree with the tracking decision, please talk with the release managers.

For more information, please visit auto_nag documentation.

Flags: needinfo?(fgriffith)

Eitan has a patch for this over on bug 1796876
I'll ping him on matrix to make sure this gets landed asap

Flags: needinfo?(mreschenberg)
Depends on: 1796876
Assignee: nobody → eitan
Flags: needinfo?(fgriffith)

No crashes after 20221024093150. Not sure if 25 build is out yet though. Will check back.

The 2022-10-25T05:10:02.890877 Fenix build w/ GV 108.0a1-20221024212806 & AC 108.0.20221025010754 is live with the fix (we shipped an extra GV Nightly yesterday after the fix was merged to m-c so it would for sure be in today's first Nightly build).

Fixed by bug 1796876.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 108 Branch
Flags: qe-verify+

I have attempted reproduction for the desktop platform using the ESPN web test page (among others) in Windows 10, Ubuntu 22 and Mac OS 11 using the reported 108.0a1 20221020215126, Release v107.0 and other random builds before the (supposed) fix in 2022-10-24, however, no crash was observed after activating CTW, restarting the session and stressing the browser and/or test page.

Also, according to comment 2, there were some crashes observed on all these platforms, however, no crashes are shown on this signature apart from the one and only on Linux Mint 20.3 Una. I can't reproduce or verify this bug. I think investing any more time in this is wasteful. Crashes will be caught by the crash reported if the case.

Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.