From bug 1080584: "Hmm, there's one edge case I think we should handle though: currently we set the BFS to BFS_DONE *before* releasing the GC lock, which potentially leaves a period before the memory barrier where allocateFromArena could see BFS == BFS_DONE."
Created attachment 8504075 [details] [diff] [review] Reset the background finalize state outside the GC lock.
The situation is worse than I thought, but I think we're okay after this patch. See also bug 1080584 comment #23, in particular point (4). Try: https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=787612d4fc79
Created attachment 8504160 [details] [diff] [review] v2 - Explicitly set the background finalize state as the last step. Carrying forward r=terrence. Updated the comment and description to better reflect what's actually going on.