Closed
Bug 896200
Opened 12 years ago
Closed 12 years ago
crash in DestroyIterator
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
FIXED
mozilla25
| Tracking | Status | |
|---|---|---|
| firefox24 | --- | unaffected |
| firefox25 | + | verified |
People
(Reporter: scoobidiver, Assigned: jfkthame)
References
()
Details
(5 keywords)
Crash Data
It started spiking in 25.0a1/20130720. The regression range for the spike is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=af4e3ce8c487&tochange=bf73e10f5e54
It might be a regression from bug 879963.
Signature nsFontFaceLoader::Cancel() More Reports Search
UUID 94f25406-4a12-410f-bb1d-6606a2130720
Date Processed 2013-07-20 17:12:39.639023
Uptime 72
Last Crash 82 seconds before submission
Install Age 151 since version was first installed.
Install Time 2013-07-20 17:09:57
Product Firefox
Version 25.0a1
Build ID 20130720030214
Release Channel nightly
OS Windows NT
OS Version 6.2.9200
Build Architecture x86
Build Architecture Info GenuineIntel family 6 model 58 stepping 9 | 4
Crash Reason EXCEPTION_ACCESS_VIOLATION_READ
Crash Address 0x0
App Notes
AdapterVendorID: 0x8086, AdapterDeviceID: 0x0152, AdapterSubsysID: 05741028, AdapterDriverVersion: 9.17.10.2849
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+
Frame Module Signature Source
0 xul.dll nsFontFaceLoader::Cancel() layout/style/nsFontFaceLoader.cpp
1 xul.dll DestroyIterator layout/style/nsFontFaceLoader.cpp
2 xul.dll nsTHashtable<nsPtrHashKey<nsIFrame> >::s_EnumStub(PLDHashTable *,PLDHashEntryHdr *,unsigned int,void *) obj-firefox/dist/include/nsTHashtable.h
3 xul.dll PL_DHashTableEnumerate obj-firefox/xpcom/build/pldhash.cpp
4 xul.dll nsTHashtable<nsPtrHashKey<nsFontFaceLoader> >::EnumerateEntries(PLDHashOperator (*)(nsPtrHashKey<nsFontFaceLoader> *,void *),void *) obj-firefox/dist/include/nsTHashtable.h
5 xul.dll nsUserFontSet::Destroy() layout/style/nsFontFaceLoader.cpp
6 xul.dll nsPresContext::SetShell(nsIPresShell *) layout/base/nsPresContext.cpp
7 xul.dll PresShell::Destroy() layout/base/nsPresShell.cpp
8 xul.dll nsDocumentViewer::DestroyPresShell() layout/base/nsDocumentViewer.cpp
9 xul.dll nsDocumentViewer::Destroy() layout/base/nsDocumentViewer.cpp
10 xul.dll nsDocumentViewer::Show() layout/base/nsDocumentViewer.cpp
11 xul.dll nsPresContext::EnsureVisible() layout/base/nsPresContext.cpp
12 xul.dll nsPluginInstanceOwner::Init(nsIContent *) dom/plugins/base/nsPluginInstanceOwner.cpp
13 xul.dll nsPluginHost::InstantiatePluginInstance(char const *,nsIURI *,nsObjectLoadingContent *,nsPluginInstanceOwner * *) dom/plugins/base/nsPluginHost.cpp
14 xul.dll nsObjectLoadingContent::InstantiatePluginInstance(bool) content/base/src/nsObjectLoadingContent.cpp
15 xul.dll nsCString::nsCString(nsCString const &) obj-firefox/dist/include/nsTString.h
16 xul.dll nsObjectLoadingContent::ScriptRequestPluginInstance(JSContext *,nsNPAPIPluginInstance * *) content/base/src/nsObjectLoadingContent.cpp
17 xul.dll nsObjectLoadingContent::DoNewResolve(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,JS::MutableHandle<JS::Value>) content/base/src/nsObjectLoadingContent.cpp
18 xul.dll mozilla::dom::HTMLEmbedElementBinding::_newResolve obj-firefox/dom/bindings/HTMLEmbedElementBinding.cpp
19 mozjs.dll js::GetPropertyHelper(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,unsigned int,JS::MutableHandle<JS::Value>) js/src/jsobj.cpp
20 mozjs.dll GetPropertyOperation(JSContext *,js::StackFrame *,JS::Handle<JSScript *>,unsigned char *,JS::MutableHandle<JS::Value>,JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp
21 mozjs.dll Interpret js/src/vm/Interpreter.cpp
22 mozjs.dll js::RunScript(JSContext *,js::RunState &) js/src/vm/Interpreter.cpp
23 mozjs.dll js::ExecuteKernel(JSContext *,JS::Handle<JSScript *>,JSObject &,JS::Value const &,js::ExecuteType,js::AbstractFramePtr,JS::Value *) js/src/vm/Interpreter.cpp
24 mozjs.dll js::Execute(JSContext *,JS::Handle<JSScript *>,JSObject &,JS::Value *) js/src/vm/Interpreter.cpp
25 mozjs.dll JS::Evaluate(JSContext *,JS::Handle<JSObject *>,JS::CompileOptions,wchar_t const *,unsigned int,JS::Value *) js/src/jsapi.cpp
26 xul.dll nsJSContext::EvaluateString(nsAString_internal const &,JS::Handle<JSObject *>,JS::CompileOptions &,bool,JS::Value *) dom/base/nsJSEnvironment.cpp
27 xul.dll nsScriptLoader::EvaluateScript(nsScriptLoadRequest *,nsString const &) content/base/src/nsScriptLoader.cpp
28 xul.dll nsScriptLoader::ProcessRequest(nsScriptLoadRequest *) content/base/src/nsScriptLoader.cpp
29 xul.dll nsScriptLoader::ProcessPendingRequests() content/base/src/nsScriptLoader.cpp
30 xul.dll nsScriptLoader::OnStreamComplete(nsIStreamLoader *,nsISupports *,tag_nsresult,unsigned int,unsigned char const *) content/base/src/nsScriptLoader.cpp
31 xul.dll nsStreamLoader::OnStopRequest(nsIRequest *,nsISupports *,tag_nsresult) netwerk/base/src/nsStreamLoader.cpp
32 xul.dll nsForceXMLListener::OnStopRequest(nsIRequest *,nsISupports *,tag_nsresult) netwerk/streamconv/converters/nsHTTPCompressConv.cpp
33 xul.dll mozilla::net::nsHttpChannel::OnStopRequest(nsIRequest *,nsISupports *,tag_nsresult) netwerk/protocol/http/nsHttpChannel.cpp
34 xul.dll nsInputStreamPump::OnStateStop() netwerk/base/src/nsInputStreamPump.cpp
35 xul.dll nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream *) netwerk/base/src/nsInputStreamPump.cpp
36 xul.dll nsInputStreamReadyEvent::Run() xpcom/io/nsStreamUtils.cpp
37 xul.dll nsThread::ProcessNextEvent(bool,bool *) xpcom/threads/nsThread.cpp
38 xul.dll NS_ProcessNextEvent(nsIThread *,bool) obj-firefox/xpcom/build/nsThreadUtils.cpp
39 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate *) ipc/glue/MessagePump.cpp
40 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc
41 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc
42 xul.dll nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp
43 xul.dll nsAppShell::Run() widget/windows/nsAppShell.cpp
44 xul.dll nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp
45 xul.dll XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp
46 xul.dll XREMain::XRE_main(int,char * * const,nsXREAppData const *) toolkit/xre/nsAppRunner.cpp
47 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp
More reports at:
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=nsFontFaceLoader%3A%3ACancel%28%29
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=DestroyIterator
|
Reporter | |
Comment 1•12 years ago
|
||
It's #1 top crasher in this build.
tracking-firefox25:
--- → ?
Keywords: topcrash
|
Assignee | |
Comment 3•12 years ago
|
||
Is this filed correctly as "all platforms", or is it Windows-specific? I'm unable to reproduce with current Nightly on OS X. Will try Windows later...
|
|
Reporter | |
Comment 4•12 years ago
|
||
(In reply to Jonathan Kew (:jfkthame) from comment #3)
> Is this filed correctly as "all platforms", or is it Windows-specific?
The first signature is for Windows and Linux, the second one is for Windows and Mac OS X.
> I'm unable to reproduce with current Nightly on OS X. Will try Windows later...
The STR of comment 2 work at least on Windows.
|
||
Updated•12 years ago
|
Assignee: nobody → jfkthame
|
|
||
Comment 5•12 years ago
|
||
Jonathan, this was brought up in our stability meeting today and looks like a serious crasher on nightly and since we may not be close to a resolution here could we instead do a backout of 879963 due to the volume here ?
|
|
Assignee | |
Comment 6•12 years ago
|
||
Yes, I think that makes sense (sadly). I haven't figured out exactly what's going on yet that can lead to the crash here. So at this point a backout looks like our safest option.
I'm suspicious that what's really happening here is that the changes from bug 879963 may be exposing a pre-existing bug (or at least some overly fragile assumptions) elsewhere in the font-related code, but that's little more than a hunch as yet.
I'll plan to push a backout tomorrow morning my time (as inbound is currently closed).
|
|
Reporter | |
Updated•12 years ago
|
Crash Signature: [@ nsFontFaceLoader::Cancel()]
[@ DestroyIterator ] → [@ nsFontFaceLoader::Cancel()]
[@ DestroyIterator ]
[@ gfxUserFontSet::Release()]
|
|
Assignee | |
Comment 8•12 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #7)
> (I think this was mistakenly unset)
Sorry - I must've had a stale/cached bugzilla tab.
Backed out bug 879963 on inbound (see bug 879963#c23):
https://hg.mozilla.org/integration/mozilla-inbound/rev/9fc53053c489
I'll leave this open until the backout goes out in Nightly and we can confirm that the crashes no longer occur.
|
|
||
Comment 9•12 years ago
|
||
Backout merge to m-c:
https://hg.mozilla.org/mozilla-central/rev/9fc53053c489
Should be good from tomorrow's nightly onwards :-)
|
|
Reporter | |
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
|
|
||
Comment 11•12 years ago
|
||
Verified as fixed with latest Aurora, on Ubuntu 12.10 32bit, Mac OSX 10.8.4 and Windows 7 64bit, using the STR from comment 2.
Here are the reports from Socorro, regarding last month:
1) for the first signature, there are no crashes with 25.0a2
https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&reason_type=contains&date=2013-09-11&range_value=28&range_unit=days&hang_type=any&process_type=any&signature=nsFontFaceLoader%3A%3ACancel%28%29
2) for the 2nd signature, there are no reports/crashes
3) for the 3rd signature, there is 1 crash with 25.0a2
https://crash-stats.mozilla.com/report/list?signature=gfxUserFontSet%3A%3ARelease%28%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&hang_type=any&date=2013-09-11+12%3A00%3A00&range_value=4
|
|
||
Updated•12 years ago
|
QA Contact: manuela.muntean
You need to log in
before you can comment on or make changes to this bug.
Description
•