Seen while reviewing trunk crash stats. Trunk only crash which started showing up in crash stats using 2011042700 build. Possible regression range: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c5e8cc100248&tochange=c833fb1623ca There was a merge in this changeset. https://crash-stats.mozilla.com/report/index/66b76fe1-d1a6-4e17-8f57-1a66c2110428 Frame Module Signature [Expand] Source 0 mozjs.dll js::GCMarker::drainMarkStack js/src/jsgcmark.cpp:711 1 xul.dll XPCJSRuntime::TraceJS js/src/xpconnect/src/xpcjsruntime.cpp:380 2 mozjs.dll js::MarkRuntime js/src/jsgc.cpp:1836 3 mozjs.dll MarkAndSweep js/src/jsgc.cpp:2477 4 mozjs.dll GCUntilDone js/src/jsgc.cpp:2812 5 mozjs.dll JS_GC js/src/jsapi.cpp:2592 6 xul.dll nsXPConnect::Collect js/src/xpconnect/src/nsXPConnect.cpp:405 7 xul.dll nsXPConnect::GarbageCollect js/src/xpconnect/src/nsXPConnect.cpp:413 8 xul.dll GCTimerFired dom/base/nsJSEnvironment.cpp:3300 9 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:424 10 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:516 11 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:618 12 xul.dll TimerThread::RemoveTimer xpcom/threads/TimerThread.cpp:417 13 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:202 14 xul.dll xul.dll@0x373c1d 15 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:176 16 xul.dll mozilla::storage::AsyncExecuteStatements::AsyncExecuteStatements storage/src/mozStorageAsyncStatementExecution.cpp:238 17 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:189 18 @0x78173f 19 xul.dll nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:224 20 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3765 21 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:128 22 firefox.exe __tmainCRTStartup obj-firefox/memory/jemalloc/crtsrc/crtexe.c:591 23 kernel32.dll BaseThreadInitThunk 24 ntdll.dll __RtlUserThreadStart 25 ntdll.dll _RtlUserThreadStart

Crashing code was introduced in http://hg.mozilla.org/mozilla-central/rev/3e5aaea1ccf8 which is part of that range.

The patch in bug 616666 changed all the GC marking code to go through a single, central path. So I think what happened is that all the old GC crashes will now be lumped into this bug. Unfortunately, this means we'll be getting less data about these crashes, since the C stack is no longer used for marking. Maybe there's a way we can add some diagnostic data that the crash reporter can pick up on.

See also bug 654877.

This signature is the #4 top browser crash on the trunk.

It is #5 top browser crasher in 6.0a2.

It is #10 top browser crasher in 6.0.

This isn't 6 material so not going to track.

Is the crash ( https://crash-stats.mozilla.com/report/index/f662fcdc-080c-4f78-b14a-570612110802 ) the same as this bug?

Also getting stack ( https://crash-stats.mozilla.com/report/index/dc1e3993-0f07-4a4f-b67b-2204e2110807 ) which I am unsure if it's the same bug as this.

It's #280 top crasher in 7.0.1. It's probably related to bug 668583 and bug 686441.

I have an STR for this crash. I also get the following additional signatures when using the same STR outlined below: [@ js::gc::MarkInternal<js::GlobalObject>(JSTracer*, js::GlobalObject**) ] https://crash-stats.mozilla.com/report/index/bp-a461bb70-6fef-451d-9e2d-85d202120512 [@ JS_DHashTableOperate ] https://crash-stats.mozilla.com/report/index/bp-c38fb92e-5edb-48a8-8921-8b0a62120512 [@ js::gc::Arena::finalize<JSObject>(js::FreeOp*, js::gc::AllocKind, unsigned int) ] https://crash-stats.mozilla.com/report/index/bp-bd172fc8-ec07-44da-8ffc-d8baf2120512 I do not get this crash without addons. Certain addons make crashing possible. One such is Adblock Plus (however, there are others). The more of such addons you have the easier it is to trigger the crash. Hopefully this helps with tracking this down: 1. Start Nightly with a new profile 2. Make sure you have a printer installed. You can also use a PDF printer, like Bullzip: http://www.bullzip.com/products/pdf/info.php 3. Install Adblock Plus dev build: http://adblockplus.org/en/development-builds 4. Restart the browser and do not accept any of the Adblock Plus subscriptions. 5. Visit the following URL: www.linuxhomenetworking.com/wiki/images/f/f0/Iptables.gif 6. Click File --> Print Preview 7. Toggle "Scale:" between "Shrink To Fit" and "125%" 10 times (i.e. "Shrink To Fit" then "125%" counts as 1; followed by "Shrink To Fit" counts as 2; followed by "125%" counts as 3... etc.) 8. Click the "Print..." button and complete ALL the steps necessary to produce the print job. At this point you should get a crash. 9. If you didn't crash, try doing Step 7 20 times or so instead. I've been able to crash on both Windows XP and Windows 7 [@ js::gc::ScanShape ] https://crash-stats.mozilla.com/report/index/bp-03011822-c696-4d5f-b57c-30a492120512

(In reply to IU from comment #13) None of your crash reports match this crash signature. Please comment in the right bug, bug 654877 and bug 702531.

(In reply to Scoobidiver from comment #14) > (In reply to IU from comment #13) > None of your crash reports match this crash signature. Please comment in the > right bug, bug 654877 and bug 702531. The point is that the same STR produces many different signatures. But whatever. I'll comment elsewhere.

There's a spike in crashes (3 crashes an hour) from 15.0a1/20120513. The regression range for the spike is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=22a58090fa70&tochange=c758cc9b60e5 It's likely a regression from bug 735099 which has been backed out since.

Since bug 735099 was backed out, I don't think we need to track this bug at this time.

I think I hit this crash while loading http://www.huffingtonpost.ca/2014/01/18/vancouver-canucks-calgary-flames-brawl_n_4625582.html?utm_hp_ref=canada https://crash-stats.mozilla.com/report/index/aa9ad234-8cbb-4a95-8b34-7ad5a2140120 Running http://hg.mozilla.org/mozilla-central/rev/9bcc52594322

I'm continuing to hit this on other pages on huffingtonpost.ca today, after getting the latest Nightly.

Crash volume for signature 'js::GCMarker::drainMarkStack': - nightly (version 51): 9 crashes from 2016-08-01. - aurora (version 50): 9 crashes from 2016-08-01. - beta (version 49): 25 crashes from 2016-08-02. - release (version 48): 540 crashes from 2016-07-25. - esr (version 45): 2 crashes from 2016-05-02. Crash volume on the last weeks (Week N is from 08-22 to 08-28): W. N-1 W. N-2 W. N-3 - nightly 3 3 1 - aurora 5 2 0 - beta 5 11 3 - release 187 164 67 - esr 0 0 0 Affected platforms: Windows, Linux Crash rank on the last 7 days: Browser Content Plugin - nightly #331 #261 - aurora #150 - beta #1772 - release #118 #92 - esr

Looks like drainmarkstack got renamed.