Closed Bug 1287063 Opened 3 years ago Closed 3 years ago
Crash [@ js::Enqueue
Pending Parse Tasks After GC] or Assertion failure: !waiting On GC[i]->runtime Matches(rt), at js/src/vm/Helper Threads .cpp:313
The following testcase crashes on mozilla-central revision 08f8a5aacd83 (build with --enable-debug --enable-more-deterministic, run with --fuzzing-safe --ion-offthread-compile=off --ion-eager): schedulegc(""); offThreadCompileScript(""); Backtrace: 0 js-dbg-64-dm-clang-darwin-08f8a5aacd83 0x000000010e95683b js::CancelOffThreadParses(JSRuntime*) + 1163 (HelperThreads.cpp:313) 1 js-dbg-64-dm-clang-darwin-08f8a5aacd83 0x000000010e9e1a7c JSRuntime::destroyRuntime() + 396 (GCRuntime.h:1380) 2 js-dbg-64-dm-clang-darwin-08f8a5aacd83 0x000000010e73aee0 JSContext::~JSContext() + 32 (jscntxt.cpp:886) 3 js-dbg-64-dm-clang-darwin-08f8a5aacd83 0x000000010e72344a js::DestroyContext(JSContext*) + 282 (Utility.h:256) 4 js-dbg-64-dm-clang-darwin-08f8a5aacd83 0x000000010e11e097 main + 13367 (js.cpp:7540) /snip For detailed crash information, see attachment. Crashes [@ js::EnqueuePendingParseTasksAfterGC] on opt builds. Setting s-s because this seems closely related to bug 1285186. I've tested that this still seems to occur on m-i rev 5a9c26f8bb9d, which seems to contain the fix in that bug, so this issue might not yet be fully resolved.
Assigning sec-high because bug 1285186 is sec-high. Jan, you were fixing bug 1285186, do you mind looking at this too?
As discussed, this removes the isGCScheduled check from activeGCInAtomsZone, as it will usually be false.
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Attachment #8771446 - Flags: review?(jcoppeard)
Attachment #8771446 - Flags: review?(jcoppeard) → review+
JSBugMon: The testcase found in this bug no longer reproduces (tried revision ed8e23b5e0c7).
JSBugMon: This bug has been automatically verified fixed.
You need to log in before you can comment on or make changes to this bug.