There are still occasional failures like [this one](https://treeherder.mozilla.org/logviewer?job_id=468474587&repo=mozilla-central). The last log before crashing is `UntrustedModulesFixture::Setup bottom`. So the failure point is still the following line: `AutoJSContextWithGlobal cx(mCleanGlobal);`. But since we moved this line, the failure point moved as well. Then the log shows the call stack for the failure: ``` #05: XRE_GetBootstrap[D:\task_172231404848826\build\application\firefox\gtest\xul.dll +0xaf2f061] #06: mozilla_net_is_label_safe[D:\task_172231404848826\build\application\firefox\gtest\xul.dll +0x338a0ea] #07: VR_RuntimePath[D:\task_172231404848826\build\application\firefox\gtest\xul.dll +0x8efdfbb] ``` Which, when applying the symbols for this job, yields: ``` #05: xul!JS::GetNonCCWObjectGlobal(JSObject*)+0x31 #06: xul!xpc::NativeGlobal(JSObject*)+0x1a #07: xul!mozilla::dom::AutoJSAPI::Init(JSObject*)+0x1b ``` Looking at the disassembly there, the failure occurs as we access `reinterpret_cast<const JS::shadow::Object*>(mCleanGlobal)->shape->immutableFlags` (through [`js::IsProxy`](https://searchfox.org/mozilla-central/source/js/public/Proxy.h#399)), we crash because the `shape` is an invalid pointer. Presumably a GC occured and collected the object behind `mCleanGlobal`. So the issue is likely that a GC can occur during `UntrustedModulesFixture::InitialModuleLoadOnce`, which is the only remaining code that gets executed between `UntrustedModulesFixture::SetUp` and the start of the test.
Bug 1889839 Comment 40 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
There are still occasional failures like [this one](https://treeherder.mozilla.org/logviewer?job_id=468474587&repo=mozilla-central). The last log before crashing is `UntrustedModulesFixture::Setup bottom`. So the failure point is still the following line: `AutoJSContextWithGlobal cx(mCleanGlobal);`. But since we moved this line, the failure point moved as well. Then the log shows the call stack for the failure: ``` #05: XRE_GetBootstrap[D:\task_172231404848826\build\application\firefox\gtest\xul.dll +0xaf2f061] #06: mozilla_net_is_label_safe[D:\task_172231404848826\build\application\firefox\gtest\xul.dll +0x338a0ea] #07: VR_RuntimePath[D:\task_172231404848826\build\application\firefox\gtest\xul.dll +0x8efdfbb] ``` Which, when applying the symbols for this job, yields: ``` #05: xul!JS::GetNonCCWObjectGlobal(JSObject*)+0x31 #06: xul!xpc::NativeGlobal(JSObject*)+0x1a #07: xul!mozilla::dom::AutoJSAPI::Init(JSObject*)+0x1b ``` Looking at the disassembly there, the failure occurs as we access `reinterpret_cast<const JS::shadow::Object*>(mCleanGlobal)->shape->immutableFlags` (through [`js::IsProxy`](https://searchfox.org/mozilla-central/source/js/public/Proxy.h#399)), we crash because the `shape` is an invalid pointer. Presumably a GC occured and collected the object behind `mCleanGlobal`. So the issue is likely that a GC can still occur, this time during `UntrustedModulesFixture::InitialModuleLoadOnce` which is the only remaining code that gets executed between `UntrustedModulesFixture::SetUp` and the start of the test.