Found on m-c BuildID=20170711160010 SourceStamp=6fec4855b5345eb63fef57089e61829b88f5f4eb ==49135==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000001c (pc 0x7ff2f3690022 bp 0x7ffcd3febeb0 sp 0x7ffcd3febeb0 T0) ==49135==The signal is caused by a READ memory access. ==49135==Hint: address points to the zero page. #0 0x7ff2f3690021 in GetBoolFlag dom/base/nsINode.h:1592:12 #1 0x7ff2f3690021 in IsInUncomposedDoc dom/base/nsINode.h:536 #2 0x7ff2f3690021 in mozilla::a11y::IDRefsIterator::IDRefsIterator(mozilla::a11y::DocAccessible*, nsIContent*, nsIAtom*) accessible/base/AccIterator.cpp:260 #3 0x7ff2f374489b in mozilla::a11y::DocAccessible::DoARIAOwnsRelocation(mozilla::a11y::Accessible*) accessible/generic/DocAccessible.cpp:2075:18 #4 0x7ff2f36b141c in mozilla::a11y::NotificationController::WillRefresh(mozilla::TimeStamp) accessible/base/NotificationController.cpp:811:18 #5 0x7ff2f04c6f77 in nsRefreshDriver::Tick(long, mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:1854:12 #6 0x7ff2f04d6855 in mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) layout/base/nsRefreshDriver.cpp:298:7 #7 0x7ff2f04d6512 in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:319:5 #8 0x7ff2f04d8bbb in RunRefreshDrivers layout/base/nsRefreshDriver.cpp:761:5 #9 0x7ff2f04d8bbb in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:674 #10 0x7ff2f04d3f17 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() layout/base/nsRefreshDriver.cpp:520:20 #11 0x7ff2e9884875 in nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1437:14 #12 0x7ff2e988aaa8 in NS_ProcessNextEvent(nsIThread*, bool) xpcom/threads/nsThreadUtils.cpp:489:10 #13 0x7ff2ea69ce41 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:97:21 #14 0x7ff2ea5f90e0 in RunInternal ipc/chromium/src/base/message_loop.cc:320:10 #15 0x7ff2ea5f90e0 in RunHandler ipc/chromium/src/base/message_loop.cc:313 #16 0x7ff2ea5f90e0 in MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:293 #17 0x7ff2efe2737f in nsBaseAppShell::Run() widget/nsBaseAppShell.cpp:156:27 #18 0x7ff2f3ed2db1 in nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp:287:30 #19 0x7ff2f40ad5e4 in XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp:4595:22 #20 0x7ff2f40af1ed in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4778:8 #21 0x7ff2f40b061b in XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4873:21 #22 0x4eb613 in do_main browser/app/nsBrowserApp.cpp:237:22 #23 0x4eb613 in main browser/app/nsBrowserApp.cpp:310 #24 0x7ff3068d782f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291 #25 0x41d168 in _start (/home/user/workspace/browsers/m-c-1499788810-asan-opt/firefox+0x41d168)

This crash also goes away with the patch in bug 1376825.

This should be fixed in nightly after bug 1376825 landed, could you confirm?

I can no longer reproduce this issue on m-c. Changeset: 16ffc1d05422a81099ce8b9b59de66dde4c8b2f0 Build ID: 20170728132457