So it seems like what's happening is that someone is shutting down the WorkerFetchResolver while the main thread is still using it, leading to a race on the value of `mFetchObserver`. The main thread acquires `mPromiseProxy->Lock()`, but the other thread only *sort of* does. The previous line of the shutdown code runs `mPromiseProxy->CleanUp()` which *does* acquire the lock internally... but then Releases mPromiseProxy! That suggests to me that the main thread is potentially use-after-freeing mPromiseProxy? It seems like there's some key missing piece of synchronization to stop the main thread from using WorkerFetchResolver once shutdown starts, but I don't know this code well enough to suggest a solution. --------------- Permalinks to problematic lines: [WorkerFetchResolver::NeedOnDataAvailable](https://searchfox.org/mozilla-central/rev/07342ce09126c513540c1c343476e026cfa907bf/dom/fetch/Fetch.cpp#833) vs [WorkerFetchResolver::Shutdown](https://searchfox.org/mozilla-central/rev/07342ce09126c513540c1c343476e026cfa907bf/dom/fetch/Fetch.cpp#326)
Bug 1686153 Comment 1 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
whoops, sorry ignore the previous version of the comment, posted on the wrong bug.