Crash in gfxFont::AgeCachedWords @ PL_DHashTableEnumerate

RESOLVED DUPLICATE of bug 717175

Status

()

Core
Graphics
--
critical
RESOLVED DUPLICATE of bug 717175
6 years ago
6 years ago

People

(Reporter: Scoobidiver (away), Assigned: jfkthame)

Tracking

({crash, regression})

12 Branch
x86
Windows 7
crash, regression
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 obsolete attachment)

(Reporter)

Description

6 years ago
It's #25 top browser crasher in 12.0a2 and #57 in 13.0a1.

It first appeared in 12.0a1/20120106081835. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4795500b7c1d&tochange=af6501ede378
It's likely caused by bug 703100.

Signature 	PL_DHashTableEnumerate More Reports Search
UUID	ab5df76b-16a6-4da9-843e-dc4972120215
Date Processed	2012-02-15 20:26:58
Uptime	1579
Install Age	26.3 minutes since version was first installed.
Install Time	2012-02-15 20:00:34
Product	Firefox
Version	13.0a1
Build ID	20120215031155
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7601 Service Pack 1
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 15 stepping 2
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x20021242
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x7183, AdapterSubsysID: 0d021028, AdapterDriverVersion: 8.56.1.16
D3D9 Layers? D3D9 Layers+
EMCheckCompatibility	False	
Total Virtual Memory	2147352576
Available Virtual Memory	1754263552
System Memory Use Percentage	51
Available Page File	3204710400
Available Physical Memory	1043017728

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	PL_DHashTableEnumerate 	obj-firefox/xpcom/build/pldhash.cpp:753
1 	xul.dll 	nsTHashtable<gfxFont::CacheHashEntry>::EnumerateEntries 	obj-firefox/dist/include/nsTHashtable.h:241
2 	xul.dll 	gfxFont::AgeCachedWords 	gfx/thebes/gfxFont.h:1434
3 	xul.dll 	gfxFontCache::AgeCachedWordsForFont 	gfx/thebes/gfxFont.cpp:1134
4 	xul.dll 	nsTHashtable<nsPtrHashKey<mozilla::dom::Link> >::s_EnumStub 	obj-firefox/dist/include/nsTHashtable.h:487
5 	xul.dll 	PL_DHashTableEnumerate 	obj-firefox/xpcom/build/pldhash.cpp:754
6 	xul.dll 	nsTHashtable<gfxFontCache::HashEntry>::EnumerateEntries 	obj-firefox/dist/include/nsTHashtable.h:242
7 	xul.dll 	gfxFontCache::WordCacheExpirationTimerCallback 	gfx/thebes/gfxFont.cpp:1143
8 	xul.dll 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:428
9 	xul.dll 	nsTimerEvent::Run 	xpcom/threads/nsTimerImpl.cpp:524
10 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:657
11 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:110
12 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/message_loop.cc:201

More reports at:
https://crash-stats.mozilla.com/report/list?signature=PL_DHashTableEnumerate

Comment 1

6 years ago
To Jonathan for a look.
Assignee: nobody → jfkthame
Status: NEW → ASSIGNED
(Assignee)

Comment 2

6 years ago
Note that only a minority (around one in four or five out of the couple dozen I checked) of the reports for signature=PL_DHashTableEnumerate are actually this; many of them look like they're somewhere in garbage collection, or other unrelated places.

However, there's also bug 717175, which is almost certainly another manifestation of the same problem, and a few reports matching https://crash-stats.mozilla.com/report/list?signature=gfxFont%3A%3AAgeCachedWords%28%29. Something's slightly broken....
(Reporter)

Comment 3

6 years ago
(In reply to Jonathan Kew (:jfkthame) from comment #2)
> However, there's also bug 717175, which is almost certainly another
> manifestation of the same problem, and a few reports matching
> https://crash-stats.mozilla.com/report/
> list?signature=gfxFont%3A%3AAgeCachedWords%28%29. Something's slightly
> broken....
Let's mark it as a dupe.
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 717175
(Assignee)

Comment 4

6 years ago
Created attachment 598193 [details] [diff] [review]
possible experiment/band-aid

I don't currently understand what scenario could be leading to this crash; would love some steps to reproduce, but I suspect it's too unpredictable for the.

For want of any better ideas at the moment, we could try this change, which aims to clear entries from the word caches a bit earlier during the expiration of fonts; I'd be curious to see if this would affect crash-stats at all.
Attachment #598193 - Flags: review?(jdaggett)
(Assignee)

Comment 5

6 years ago
Comment on attachment 598193 [details] [diff] [review]
possible experiment/band-aid

Weird, I wonder why bugzilla didn't tell me we were mid-airing. Obsoleting the patch here; I'll attach it to 717175 instead.
Attachment #598193 - Attachment is obsolete: true
Attachment #598193 - Flags: review?(jdaggett)
It would probably be useful to add PL_DHashTableEnumerate to the skip list, as any crashes in it are likely the fault of code higher up the stack.
(Reporter)

Comment 7

6 years ago
(In reply to Andrew McCreight [:mccr8] from comment #6)
> It would probably be useful to add PL_DHashTableEnumerate to the skip list,
> as any crashes in it are likely the fault of code higher up the stack.
That's bug 716345.
You need to log in before you can comment on or make changes to this bug.