1944056 - Assertion failure: !mEntered, at /builds/worker/workspace/obj-build/dist/include/mozilla/ReentrancyGuard.h:33

Status: RESOLVED FIXED

(Core :: JavaScript: WebAssembly, defect, P1)

Description

[Tyson Smith [:tsmith]]

Found with m-c 20250122-86456e2a4960 (--enable-debug --enable-fuzzing)

This was found by visiting a live website with a debug build. This only seemed to reproduce on Windows.

STR:

• Launch browser and visit: http://parametre.online/

Or via site-scout:

$ pip install fuzzfetch site-scout --upgrade
$ fuzzfetch -d --fuzzing -n firefox
$ site-scout ./firefox/firefox --explore -u <url>

Assertion failure: !mEntered, at /builds/worker/workspace/obj-build/dist/include/mozilla/ReentrancyGuard.h:33

37|0|xul.dll|js::wasm::CallSites::operator[](unsigned long long) const|hg:hg.mozilla.org/mozilla-central:js/src/wasm/WasmCodegenTypes.h:86456e2a4960ab06b8440463d70b202c4ea07cf1|1019|0x1ec
37|1|xul.dll|js::wasm::CallSites::lookup(unsigned int, js::wasm::CallSite*) const|hg:hg.mozilla.org/mozilla-central:js/src/wasm/WasmCodegenTypes.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|281|0x6e
37|2|xul.dll|js::wasm::WasmFrameIter::popFrame()|hg:hg.mozilla.org/mozilla-central:js/src/wasm/WasmFrameIter.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|339|0x352
37|3|xul.dll|js::JitFrameIter::operator++()|hg:hg.mozilla.org/mozilla-central:js/src/vm/FrameIter.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|237|0xae
37|4|xul.dll|js::jit::TraceJitActivations(JSContext*, JSTracer*)|hg:hg.mozilla.org/mozilla-central:js/src/jit/JitFrames.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|1529|0x210
37|5|xul.dll|js::gc::GCRuntime::traceRuntimeCommon(JSTracer*, js::gc::GCRuntime::TraceOrMarkRuntime)|hg:hg.mozilla.org/mozilla-central:js/src/gc/RootMarking.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|304|0xb2
37|6|xul.dll|js::gc::GCRuntime::traceRuntimeForMinorGC(JSTracer*, js::gc::AutoGCSession&)|hg:hg.mozilla.org/mozilla-central:js/src/gc/RootMarking.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|259|0x8c
37|7|xul.dll|js::Nursery::traceRoots(js::gc::AutoGCSession&, js::gc::TenuringTracer&)|hg:hg.mozilla.org/mozilla-central:js/src/gc/Nursery.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|1808|0x59a
37|8|xul.dll|js::Nursery::doCollection(js::gc::AutoGCSession&, JS::GCOptions, JS::GCReason)|hg:hg.mozilla.org/mozilla-central:js/src/gc/Nursery.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|1660|0x28c
37|9|xul.dll|js::Nursery::collect(JS::GCOptions, JS::GCReason)|hg:hg.mozilla.org/mozilla-central:js/src/gc/Nursery.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|1417|0x431
37|10|xul.dll|js::gc::GCRuntime::collectNursery(JS::GCOptions, JS::GCReason, js::gcstats::PhaseKind)|hg:hg.mozilla.org/mozilla-central:js/src/gc/GC.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|4942|0x181
37|11|xul.dll|js::gc::GCRuntime::collectNurseryFromMajorGC(JS::GCReason)|hg:hg.mozilla.org/mozilla-central:js/src/gc/GC.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|4074|0x3d
37|12|xul.dll|js::gc::GCRuntime::endPreparePhase(JS::GCReason)|hg:hg.mozilla.org/mozilla-central:js/src/gc/GC.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|2959|0x838
37|13|xul.dll|js::gc::GCRuntime::incrementalSlice(JS::SliceBudget&, JS::GCReason, bool)|hg:hg.mozilla.org/mozilla-central:js/src/gc/GC.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|3899|0x637
37|14|xul.dll|js::gc::GCRuntime::gcCycle(bool, JS::SliceBudget const&, JS::GCReason)|hg:hg.mozilla.org/mozilla-central:js/src/gc/GC.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|4501|0x8fd
37|15|xul.dll|js::gc::GCRuntime::collect(bool, JS::SliceBudget const&, JS::GCReason)|hg:hg.mozilla.org/mozilla-central:js/src/gc/GC.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|4689|0x242
37|16|xul.dll|js::gc::GCRuntime::gc(JS::GCOptions, JS::GCReason)|hg:hg.mozilla.org/mozilla-central:js/src/gc/GC.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|4769|0xdb
37|17|xul.dll|JS::NonIncrementalGC(JSContext*, JS::GCOptions, JS::GCReason)|hg:hg.mozilla.org/mozilla-central:js/src/gc/GCAPI.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|298|0x59
37|18|xul.dll|mozilla::dom::WorkerPrivate::GarbageCollectInternal(JSContext*, bool, bool)|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerPrivate.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|5922|0x13f
37|19|xul.dll|mozilla::dom::(anonymous namespace)::IdleGCTimerCallback(nsITimer*, void*)|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerPrivate.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|713|0x64
37|20|xul.dll|nsTimerImpl::Fire(int)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsTimerImpl.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|675|0x378
37|21|xul.dll|nsTimerEvent::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TimerThread.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|515|0x6ad
37|22|xul.dll|mozilla::dom::(anonymous namespace)::WrappedControlRunnable::WorkerRun(JSContext*, mozilla::dom::WorkerPrivate*)|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerEventTarget.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|51|0x19
37|23|xul.dll|mozilla::dom::WorkerThreadRunnable::Run()|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerRunnable.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|443|0x47f
37|24|xul.dll|mozilla::dom::WorkerPrivate::ProcessAllControlRunnablesLocked()|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerPrivate.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|4290|0x285
37|25|xul.dll|mozilla::dom::WorkerPrivate::InterruptCallback(JSContext*)|hg:hg.mozilla.org/mozilla-central:dom/workers/WorkerPrivate.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|4043|0xba
37|26|xul.dll|JSContext::handleInterrupt()|hg:hg.mozilla.org/mozilla-central:js/src/vm/Runtime.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|502|0x1bc
37|27|xul.dll|WasmHandleTrap()|hg:hg.mozilla.org/mozilla-central:js/src/wasm/WasmBuiltins.cpp:86456e2a4960ab06b8440463d70b202c4ea07cf1|986|0x115
37|28|||||

Comment 1

[Ryan Hunt [:rhunt]]

I believe this is a duplicate of bug 1954129, which has a patch on it.

Comment 2

[Tyson Smith [:tsmith]]

For the sake of stats I'm going to make this a fixed (by bug 1954129) since this was the initial report.