Open Bug 1895112 Opened 11 months ago Updated 10 months ago

Crash in [@ nsIGlobalObject::IsDying]

Categories

(Core :: DOM: Service Workers, defect, P3)

Product:
Core
Component:
DOM: Service Workers
Version:
Firefox 126
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

People

(Reporter: worcester12345, Unassigned)

References

Details

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/1c885e6b-29af-4217-a354-3b9460240426

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames:

0  xul.dll  nsIGlobalObject::IsDying() const  dom/base/nsIGlobalObject.h:103
0  xul.dll  mozilla::dom::ServiceWorkerOp::ServiceWorkerOpRunnable::WorkerRun(JSContext*,...  dom/serviceworkers/ServiceWorkerOp.cpp:296
1  xul.dll  mozilla::dom::WorkerRunnable::Run()  dom/workers/WorkerRunnable.cpp:342
2  xul.dll  nsThread::ProcessNextEvent(bool, bool*)  xpcom/threads/nsThread.cpp:1193
2  xul.dll  NS_ProcessNextEvent(nsIThread*, bool)  xpcom/threads/nsThreadUtils.cpp:480
3  xul.dll  mozilla::dom::WorkerPrivate::DoRunLoop(JSContext*)  dom/workers/WorkerPrivate.cpp:3341
4  xul.dll  mozilla::dom::workerinternals::(anonymous namespace)::WorkerThreadPrimaryRunn...  dom/workers/RuntimeService.cpp:2106
5  xul.dll  nsThread::ProcessNextEvent(bool, bool*)  xpcom/threads/nsThread.cpp:1193
5  xul.dll  NS_ProcessNextEvent(nsIThread*, bool)  xpcom/threads/nsThreadUtils.cpp:480
6  xul.dll  mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)  ipc/glue/MessagePump.cpp:300
Duplicate of this bug: 1895114
Component: General → DOM: Service Workers
Product: Firefox → Core
Crash Signature: [@ nsIGlobalObject::IsDying ]

This is weird and maybe somewhat improbable; the stack says:

  • The worker is in its normal steady state loop processing. We're not in the processing of shutting down the worker, and the initial CompileScriptRunnable has presumably run, because it is the first runnable that should always run.
  • aWorkerPrivate->GlobalScope() would seem to have returned null. This is very hard to do since CompileScriptRunnable calls GetOrCreateGlobalScope at the very top, and it will return false if that fails, which should immediately advance the worker's state to closing (via its custom PostRun).

The most likely thing I could think of would be some kind of early return from WorkerThreadRunnable::Run that causes us to not actually enter CompileScriptRunnable::WorkerRun like when we check CancelBeforeWorkerScopeConstructed()) but I would still expect us to leave the worker steady state in that case.

cc'ing Eden but I think it probably makes sense to try and wait for the fuzzer or automation to provide some more context about what might be happening.

Severity: -- → S3
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.