Crash in [@ mozilla::a11y::MsaaIdGenerator::GetContentProcessIDFor::<T>::operator]
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
People
(Reporter: aryx, Unassigned)
References
Details
(Keywords: crash)
Crash Data
Not a new signature but more crashes for 110.0b6 than before: 20 crashes from 12 installations. Firefox 109 release branch had 105 crashes from 81 installations in the database.
Crash report: https://crash-stats.mozilla.org/report/index/d135fd1c-a802-41bf-9f81-380bc0230228
MOZ_CRASH Reason: MOZ_RELEASE_ASSERT(index < ArrayLength(sContentProcessIdBitmap))
Top 10 frames of crashing thread:
0 xul.dll mozilla::a11y::MsaaIdGenerator::GetContentProcessIDFor::<lambda_8>::operator const accessible/windows/msaa/MsaaIdGenerator.cpp:264
0 xul.dll nsBaseHashtable<nsIntegralHashKey<unsigned long long, 0>, unsigned int, unsigned int, nsDefaultConverter<unsigned int, unsigned int> >::EntryHandle::OrInsertWith xpcom/ds/nsBaseHashtable.h:726
0 xul.dll nsBaseHashtable<nsIntegralHashKey<unsigned long long, 0>, unsigned int, unsigned int, nsDefaultConverter<unsigned int, unsigned int> >::LookupOrInsertWith<`lambda at /builds/worker/checkouts/gecko/accessible/windows/msaa/MsaaIdGenerator.cpp:247:72'>::<lambda_1>::operator const xpcom/ds/nsBaseHashtable.h:423
0 xul.dll nsBaseHashtable<nsIntegralHashKey<unsigned long long, 0>, unsigned int, unsigned int, nsDefaultConverter<unsigned int, unsigned int> >::WithEntryHandle<`lambda at /builds/worker/workspace/obj-build/dist/include/nsBaseHashtable.h:422:34'>::<lambda_1>::operator const xpcom/ds/nsBaseHashtable.h:836
0 xul.dll nsTHashtable<nsBaseHashtableET<nsIntegralHashKey<unsigned long long, 0>, unsigned int> >::WithEntryHandle<`lambda at /builds/worker/workspace/obj-build/dist/include/nsBaseHashtable.h:835:15'>::<lambda_1>::operator const xpcom/ds/nsTHashtable.h:437
0 xul.dll PLDHashTable::WithEntryHandle xpcom/ds/PLDHashTable.h:603
0 xul.dll nsTHashtable<nsBaseHashtableET<nsIntegralHashKey<unsigned long long, 0>, unsigned int> >::WithEntryHandle xpcom/ds/nsTHashtable.h:434
0 xul.dll nsBaseHashtable<nsIntegralHashKey<unsigned long long, 0>, unsigned int, unsigned int, nsDefaultConverter<unsigned int, unsigned int> >::WithEntryHandle xpcom/ds/nsBaseHashtable.h:834
0 xul.dll nsBaseHashtable<nsIntegralHashKey<unsigned long long, 0>, unsigned int, unsigned int, nsDefaultConverter<unsigned int, unsigned int> >::LookupOrInsertWith xpcom/ds/nsBaseHashtable.h:422
0 xul.dll mozilla::a11y::MsaaIdGenerator::GetContentProcessIDFor accessible/windows/msaa/MsaaIdGenerator.cpp:243
Comment 1•1 year ago
|
||
This means someone had more than 255 content processes, which accessibility can't handle. Fixing that is extremely difficult with the current architecture without trading for another potential crash when a given process runs out of ids. However, this is fixed by Cache the World.
Comment 2•1 year ago
|
||
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 20 desktop browser crashes on beta
For more information, please visit auto_nag documentation.
Updated•1 year ago
|
Reporter | ||
Comment 3•1 year ago
|
||
Adding signature generated by 111.0.
Updated•1 year ago
|
Comment 5•1 year ago
•
|
||
(In reply to James Teh [:Jamie] from comment #1)
This means someone had more than 255 content processes, which accessibility can't handle. Fixing that is extremely difficult with the current architecture without trading for another potential crash when a given process runs out of ids. However, this is fixed by Cache the World.
It seems we are still getting crashes in 112 release. Did we ship CTW to all users as planned? (Also, the graph suggests that something happened with the 111 release that made this crash spike.)
Comment 6•1 year ago
|
||
After some discussion with release management, it was decided that we would not uplift the pref flip to 112. Instead, to mitigate risk, we will convert the 111 experiment to a 100% rollout via Nimbus, which will allow us to reverse course if anything critically bad happens (unlikely as that may be at this point). We're currently in the process of getting that rollout reviewed and launched.
Comment 7•1 year ago
|
||
No crashes in Beta 113 where CtW is enabled by default.
Comment 8•1 year ago
|
||
Based on the topcrash criteria, the crash signatures linked to this bug are not in the topcrash signatures anymore.
For more information, please visit BugBot documentation.
Comment 9•1 year ago
|
||
This is resolved by Cache the World, which is enabled by default in Firefox 113.
Description
•