It's #25 top browser crasher in 12.0a2 and #57 in 13.0a1. It first appeared in 12.0a1/20120106081835. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4795500b7c1d&tochange=af6501ede378 It's likely caused by bug 703100. Signature PL_DHashTableEnumerate More Reports Search UUID ab5df76b-16a6-4da9-843e-dc4972120215 Date Processed 2012-02-15 20:26:58 Uptime 1579 Install Age 26.3 minutes since version was first installed. Install Time 2012-02-15 20:00:34 Product Firefox Version 13.0a1 Build ID 20120215031155 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 15 stepping 2 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x20021242 App Notes AdapterVendorID: 0x1002, AdapterDeviceID: 0x7183, AdapterSubsysID: 0d021028, AdapterDriverVersion: 18.104.22.168 D3D9 Layers? D3D9 Layers+ EMCheckCompatibility False Total Virtual Memory 2147352576 Available Virtual Memory 1754263552 System Memory Use Percentage 51 Available Page File 3204710400 Available Physical Memory 1043017728 Frame Module Signature [Expand] Source 0 xul.dll PL_DHashTableEnumerate obj-firefox/xpcom/build/pldhash.cpp:753 1 xul.dll nsTHashtable<gfxFont::CacheHashEntry>::EnumerateEntries obj-firefox/dist/include/nsTHashtable.h:241 2 xul.dll gfxFont::AgeCachedWords gfx/thebes/gfxFont.h:1434 3 xul.dll gfxFontCache::AgeCachedWordsForFont gfx/thebes/gfxFont.cpp:1134 4 xul.dll nsTHashtable<nsPtrHashKey<mozilla::dom::Link> >::s_EnumStub obj-firefox/dist/include/nsTHashtable.h:487 5 xul.dll PL_DHashTableEnumerate obj-firefox/xpcom/build/pldhash.cpp:754 6 xul.dll nsTHashtable<gfxFontCache::HashEntry>::EnumerateEntries obj-firefox/dist/include/nsTHashtable.h:242 7 xul.dll gfxFontCache::WordCacheExpirationTimerCallback gfx/thebes/gfxFont.cpp:1143 8 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:428 9 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:524 10 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:657 11 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 12 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:201 More reports at: https://crash-stats.mozilla.com/report/list?signature=PL_DHashTableEnumerate
To Jonathan for a look.
Note that only a minority (around one in four or five out of the couple dozen I checked) of the reports for signature=PL_DHashTableEnumerate are actually this; many of them look like they're somewhere in garbage collection, or other unrelated places. However, there's also bug 717175, which is almost certainly another manifestation of the same problem, and a few reports matching https://crash-stats.mozilla.com/report/list?signature=gfxFont%3A%3AAgeCachedWords%28%29. Something's slightly broken....
(In reply to Jonathan Kew (:jfkthame) from comment #2) > However, there's also bug 717175, which is almost certainly another > manifestation of the same problem, and a few reports matching > https://crash-stats.mozilla.com/report/ > list?signature=gfxFont%3A%3AAgeCachedWords%28%29. Something's slightly > broken.... Let's mark it as a dupe.
Created attachment 598193 [details] [diff] [review] possible experiment/band-aid I don't currently understand what scenario could be leading to this crash; would love some steps to reproduce, but I suspect it's too unpredictable for the. For want of any better ideas at the moment, we could try this change, which aims to clear entries from the word caches a bit earlier during the expiration of fonts; I'd be curious to see if this would affect crash-stats at all.
Comment on attachment 598193 [details] [diff] [review] possible experiment/band-aid Weird, I wonder why bugzilla didn't tell me we were mid-airing. Obsoleting the patch here; I'll attach it to 717175 instead.
It would probably be useful to add PL_DHashTableEnumerate to the skip list, as any crashes in it are likely the fault of code higher up the stack.
(In reply to Andrew McCreight [:mccr8] from comment #6) > It would probably be useful to add PL_DHashTableEnumerate to the skip list, > as any crashes in it are likely the fault of code higher up the stack. That's bug 716345.