Maybe Fission related. (DOMFissionEnabled=1)

Crash report: https://crash-stats.mozilla.org/report/index/d6ed0054-35db-4c06-a0c3-520210220209

Reason: EXCEPTION_ACCESS_VIOLATION_WRITE

Top 9 frames of crashing thread:

0 xul.dll audioipc2::ipccore::impl$5::flush_outbound<audioipc2::rpccore::ClientHandler<audioipc2_server::server::CallbackClient> > third_party/rust/audioipc2/src/ipccore.rs:615
1 xul.dll audioipc2::ipccore::EventLoop::poll third_party/rust/audioipc2/src/ipccore.rs:264
2 xul.dll std::sys_common::backtrace::__rust_begin_short_backtrace<audioipc2::ipccore::impl$7::new::closure$0, enum$<core::result::Result<tuple$<>, std::io::error::Error>, 0, 3, Err> > ../02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/sys_common/backtrace.rs:123
3 xul.dll core::ops::function::FnOnce::call_once<std::thread::impl$0::spawn_unchecked::closure$1, tuple$<> > ../02072b482a8b5357f7fb5e5637444ae30e423c40/library/core/src/ops/function.rs:227
4 xul.dll std::sys::windows::thread::impl$0::new::thread_start ../02072b482a8b5357f7fb5e5637444ae30e423c40//library/std/src/sys/windows/thread.rs:58
5 kernel32.dll kernel32.dll@0x0000000000017033 
6 xul.dll xul.dll@0x000000000057eaef 
7 mozglue.dll patched_BaseThreadInitThunk toolkit/xre/dllservices/mozglue/WindowsDllBlocklist.cpp:572
8 ntdll.dll RtlUserThreadStart 

From WinDbg:

xul!alloc::collections::vec_deque::wrap_index+0x2 [inlined in xul!audioipc2::ipccore::impl$5::flush_outbound<audioipc2::rpccore::ClientHandler<audioipc2_server::server::CallbackClient> >+0x16f]:
00007fff`f4cba54f c8488946        enter   8948h,46h

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ffff4cba54f (xul!alloc::collections::vec_deque::wrap_index+0x0000000000000002)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 000000cd56016840
Attempt to write to address 000000cd56016840

 # Child-SP          RetAddr               Call Site
00 (Inline Function) --------`--------     xul!alloc::collections::vec_deque::wrap_index(
			unsigned int64 index = 0x000002c9`11d0d000, 
			unsigned int64 size = <Value unavailable error>)+0x2 [/rustc/02072b482a8b5357f7fb5e5637444ae30e423c40\library\alloc\src\collections\vec_deque\mod.rs @ 2726] 
01 (Inline Function) --------`--------     xul!alloc::collections::vec_deque::VecDeque<std::sync::mpsc::Sender<enum$<audioipc2::messages::CallbackResp> >,alloc::alloc::Global>::wrap_add(
			struct alloc::collections::vec_deque::VecDeque<std::sync::mpsc::Sender<enum$<audioipc2::messages::CallbackResp> >,alloc::alloc::Global> * self = <Value unavailable error>, 
			unsigned int64 idx = 0x3a, 
			unsigned int64 addend = <Value unavailable error>)+0x6 [/rustc/02072b482a8b5357f7fb5e5637444ae30e423c40\library\alloc\src\collections\vec_deque\mod.rs @ 227] 
02 (Inline Function) --------`--------     xul!alloc::collections::vec_deque::VecDeque<std::sync::mpsc::Sender<enum$<audioipc2::messages::CallbackResp> >,alloc::alloc::Global>::push_back(
			struct alloc::collections::vec_deque::VecDeque<std::sync::mpsc::Sender<enum$<audioipc2::messages::CallbackResp> >,alloc::alloc::Global> * self = <Value unavailable error>)+0x2d [/rustc/02072b482a8b5357f7fb5e5637444ae30e423c40\library\alloc\src\collections\vec_deque\mod.rs @ 1527] 
03 (Inline Function) --------`--------     xul!audioipc2::rpccore::impl$4::produce(
			struct audioipc2::rpccore::ClientHandler<audioipc2_server::server::CallbackClient> * self = <Value unavailable error>)+0x12b [/builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/rpccore.rs @ 157] 
04 000000cd`5601f1c0 00007fff`f17ff896     xul!audioipc2::ipccore::impl$5::flush_outbound<audioipc2::rpccore::ClientHandler<audioipc2_server::server::CallbackClient> >(
			struct audioipc2::ipccore::FramedDriver<audioipc2::rpccore::ClientHandler<audioipc2_server::server::CallbackClient> > * self = 0x000002c9`1272cb50, 
			struct audioipc2::sys::windows::ConnectionBuffer * outbound = 0x000002c9`11dbb0a8)+0x16f [/builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs @ 615] 
05 (Inline Function) --------`--------     xul!audioipc2::ipccore::Connection::flush_outbound(
			struct audioipc2::ipccore::Connection * self = <Value unavailable error>)+0x16 [/builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs @ 510] 
06 (Inline Function) --------`--------     xul!audioipc2::ipccore::Connection::handle_wake(
			struct audioipc2::ipccore::Connection * self = <Value unavailable error>, 
			struct mio::poll::Registry * registry = <Value unavailable error>)+0x16 [/builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs @ 451] 
07 000000cd`5601f320 00007fff`f4cb36f2     xul!audioipc2::ipccore::EventLoop::poll(
			struct audioipc2::ipccore::EventLoop * self = <Value unavailable error>)+0x3b6 [/builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs @ 264] 

The crash itself seems to be caused by enter attempting to use stack space beyond the thread's stack limit, but there are several strange things about this crash. The crashing instruction (enter) doesn't exist in the crashing code when the function is fully disassembled - seems like the instruction pointer is one byte off a valid instruction. idx of 0x3a becoming index of 0x000002c911d0d000 in the next stack frame doesn't seem possible, unless caused by a trashed stack.

I'll keep monitoring this crash stack for additional reports and gather more clues.

Set release status flags based on info from the regressing bug 1726279

Few crashes on beta 98, fix-optional for this version.

Three new crashes (all on beta 98), plus https://crash-stats.mozilla.org/report/index/ec7e7875-0b89-4ece-bab0-62eef0220214 is likely to be the same issue.

The fixes in bug 1757473 may address this crash. I'll watch crash-stats.

Resolving as fixed based no crash reports in 99 since the depends on bug 1757473 landed