Closed Bug 1661555 Opened 4 years ago Closed 4 years ago

JS engine sometimes leaks `js::ParseTask` instances in a LinkedList

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1652126
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox-esr78 --- unaffected
firefox80 --- unaffected
firefox81 --- disabled
firefox82 --- affected

People

(Reporter: kats, Unassigned)

References

(Regression)

Details

(Keywords: regression)

Crash Data

The MFBT LinkedList destructor asserts it's empty on shutdown, and it seems that sometimes there is a LinkedList being destroyed that still has js::ParseTask instances in it. This is a contributing factor to the high-frequency intermittent failure in bug 1265637, so it would be great if somebody could take a look at how the ParseTask instances are managed and ensure they get cleaned up properly.

A try push showing the failure is at https://treeherder.mozilla.org/#/jobs?repo=try&group_state=expanded&revision=b09bb71cc35359769a76a5dbc9e3f04bf31ab435

Type: task → defect

Indeed. It looks like the feature discussed in that bug was disabled and then re-enabled on Nightly, and presumably that is responsible for the recent increase in assertion failures.

Depends on: 1652126
Regressed by: 1659483
Has Regression Range: --- → yes

FWIW, that feature was backed out in a try build by malexandru and the asserts were still present: https://bugzilla.mozilla.org/show_bug.cgi?id=1265637#c166, so I do not think that it's responsible for them, but it may contribute to them.

Yeah, I think there might be multiple places that are leaking items in a LinkedList. I'm trying to track down the others too.

Set release status flags based on info from the regressing bug 1659483

status-firefox80: --- → unaffected
status-firefox81: --- → affected
status-firefox82: --- → affected
status-firefox-esr68: --- → unaffected
status-firefox-esr78: --- → unaffected

Regressing bug only enabled the feature on nightly.

status-firefox81: affecteddisabled

(deliberately leaving untriaged so the JS triage team automatically revisits this after bug 1652126 is fixed)

Crash Signature: [@ mozilla::LinkedList<js::ParseTask>::~LinkedList()]

This seems to have gone away. Five failures on the 11th, none since.

Presumably this was bug 1652126.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.