The attached crash information was submitted via the ASan Nightly Reporter on mozilla-central-asan-nightly revision 108.0a1-20221112215806-https://hg.mozilla.org/mozilla-central/rev/6479051196c1165c23a1964a00422e3be55f7ff1.

For detailed crash information, see attachment.

After bug 1797327 landed it seems there are still raw WorkerLoadContext* passed as a (copied) list into a runnable and one of these has been freed before the runnable was executed.

Ok. I am already reverting the behavior, so this should be fixed by the revert.

Now that bug 1800496 landed - are we confident enough to close this?

This can be closed as we are no longer copying the array.

Fixed by the changes in bug 1800496. Does that patch need uplift to beta 108 then?

The changes may need an uplift as we keep getting reports related to this.

See also https://bugzilla.mozilla.org/show_bug.cgi?id=1793407#c4 where Yulia started talking about reverting the earlier changes back in October

Just Following up on this since we are nearing the end of our beta cycle this week.
Can i get some clarification on what we are trying to uplift to fx108? Are we suggesting to uplift bug 1800496 (which seems very risky so late in the cycle) or are we trying to revert some behavior introduced in 108?
Thank you in advance!

I believe it is too risky to uplift bug 1800496, as there are two follow up patches fixing behavior, so the sequence would be quite large. I think it should bake longer on nightly.

Looks like this bug was fixed regardless of this report. We knew the implementation had issues and worked on it independently (see other bug).
Thanks for reporting this, but at this time we're not awarding a bounty.