This bug is for crash report bp-5a546a4c-aec2-450a-9beb-304370190928.

Top 10 frames of crashing thread:

0 xul.dll JSRope::flatten js/src/vm/StringType.cpp:856
1 xul.dll js::AtomizeString js/src/vm/JSAtom.cpp:980
2 xul.dll bool js::ValueToId<js::CanGC> js/src/vm/JSAtom-inl.h:93
3 xul.dll class mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRObjectLiteral<js::XDR_DECODE> js/src/vm/JSObject.cpp:1667
4 xul.dll class mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRScript<js::XDR_DECODE> js/src/vm/JSScript.cpp:1176
5 xul.dll class mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRInterpretedFunction<js::XDR_DECODE> js/src/vm/JSFunction.cpp:627
6 xul.dll class mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRScript<js::XDR_DECODE> js/src/vm/JSScript.cpp:1176
7 xul.dll class mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRInterpretedFunction<js::XDR_DECODE> js/src/vm/JSFunction.cpp:627
8 xul.dll class mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRScript<js::XDR_DECODE> js/src/vm/JSScript.cpp:1176
9 xul.dll class mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRInterpretedFunction<js::XDR_DECODE> js/src/vm/JSFunction.cpp:627

New signature with a significant volume on Nightly that popped up over the week end.

It might be a bug caused by the landing of Bug 1575370.
Caroline, can you investigate this issue?

Update crash signature to include js::gc::AtomMarkingRuntime::markAtom<T>, which started spiking at the same moment.

Caroline and I are looking into this. It looks like we are not tracing a GCVector. Working on a patch.

The original atom deduplication patch in bug 1575370 rooted the atom map used when encoding data, but not the atom table used when decoding data. This patch fixes that problem by turning it into a RootedVector.

This means the decoder needs to be stack-allocated. (Fortunately, we already always allocate the decoder on the stack.) Currently, XDRDecoder is the templatized sibling of XDRDecoder, which means there's no base decoder class to put the RootedVector in (and mark with MOZ_RAII). This patch adds a real XDRDecoder class to make it all work.

Depends on D47680

https://hg.mozilla.org/mozilla-central/rev/348bf8439041
https://hg.mozilla.org/mozilla-central/rev/ea8bfbc68dfd
https://hg.mozilla.org/mozilla-central/rev/2a5b14952ee0

Reopening, we are still crashing.

Iain, should we back out Bug 1575370 ?

This patch reverts the patches associated with bug 1575370, bug 1584820, bug 1585158, and bug 1585874. We will reland this code once we've figured out why it is causing crashes in nightly.

https://hg.mozilla.org/mozilla-central/rev/8b6f7d715828

This bug has been identified as part of a pilot on determining root causes of blocking and dot release drivers.

It needs a root-cause set for it. Please see the list at https://docs.google.com/document/d/1FFEGsmoU8T0N8R9kk-MXWptOPtXXXRRIe4vQo3_HgMw/.

Add the root cause as a whiteboard tag in the form [rca - <cause> ] and remove the rca-needed keyword.

If you have questions, please contact :tmaity.

There were multiple issues among the original patches, which got backed out and re-landed once fixed in Bug 1587638, the fix provided by Iain here identified the following root cause:

(based on comment 6) The problem comes with the design of XDR encoding and decoding which are meant to look symmetrical by design. However, when decoding there is a need for telling the GC about newly created Atoms, which is not the case when encoding. This lack of symmetry is the root cause of the issue.