Closed Bug 1163132 Opened 5 years ago Closed 4 years ago
crash in ns
Msg Filter After The Fact::Continue Execution Prompt()
This bug was filed from the Socorro interface and is report bp-be07b0a6-87c6-44dd-9e9a-e467b2150502. =============================================================
Somehow the filter executor is getting destroyed prematurely. The stacks seem messed up after a certain point. This patch is really a simple, no-risk experiment. I don't have better ideas. Still a top crasher.
Assignee: nobody → rkent
Status: NEW → ASSIGNED
Attachment #8603533 - Flags: review?(neil)
Comment on attachment 8603533 [details] [diff] [review] Hold onto reference in parent to ApplyFilters Given line 336 I can't see how this makes any difference, but you're welcome to try.
Attachment #8603533 - Flags: review?(neil) → review+
indeed #3 crash for 38.0b4. And, I do not see any crashes before version 37 beta. The majority of crashes may be the person with this crash bp-bb602fbe-ee18-4ab3-ac72-340672150330. He has many lterAfterTheFact::ApplyFilter(bool*) / bug 797710 crashes such as bp-b623460d-8c6f-4148-bf80-acd702150224. I'll check to see if he is using maildir.
First 37.0a1 is 29-Nov-2014. So the regression could be one of these 831c95685e21 2015-03-25 15:23 -0700 ISHIKAWA, Chiaki - Bug 1146100: save a to-be-freed value for later use, r=rkent b50441dcdf0d 2015-02-23 01:49 +0100 ISHIKAWA, Chiaki - Bug 854172 - Add a missing check of the return value of MoveIncorporatedMessage, and the failure to log such failure. r=rkent IGNORE IDL 5967bba9d130 2015-01-01 10:25 -0800 R Kent James - Bug 1116561 - filter after the fact should return an error if any filter failed, r=neil, a=rkent 79d319474891 2014-12-30 21:53 +0000 Neil Rashbrook - Bug 11039 Filter sent messages r=rkent a=starred CLOSED TREE 7bc453bb4cdd 2014-12-20 08:48 -0800 R Kent James - Bug 695671 - Only 1 message filter seems to execute when I hit "Run Filters on Folder", r=neil, a=rkent
Does this happen only under Windows?
(In reply to ISHIKAWA, Chiaki from comment #5) > Does this happen only under Windows? so far, yes only windows. But the crash count to date is much, much too low to say that other OS are not impacted. N.B. bug 797710 is all OS. What are you thinking?
(In reply to Wayne Mery (:wsmwk, use Needinfo for questions) from comment #6) > (In reply to ISHIKAWA, Chiaki from comment #5) > > Does this happen only under Windows? > > so far, yes only windows. But the crash count to date is much, much too low > to say that other OS are not impacted. N.B. bug 797710 is all OS. > > What are you thinking? Maybe a low-level machine-dependent library may have some funny interactions, etc. But I am sort of a fishing trip on this one. I have no clear idea. At least, from the static reading of the code for linux part, it is hard to see where the double-free, etc. can happen. I will keep an eye on this while I work on the POP3/IMAP code, though. TIA
http://hg.mozilla.org/comm-central/rev/2e392e51238e (keep open, this is an experiment)
Target Milestone: --- → Thunderbird 41.0
Comment on attachment 8603533 [details] [diff] [review] Hold onto reference in parent to ApplyFilters http://hg.mozilla.org/releases/comm-aurora/rev/c66ae8a4029e
Attachment #8603533 - Flags: approval-comm-aurora? → approval-comm-aurora+
Comment on attachment 8603533 [details] [diff] [review] Hold onto reference in parent to ApplyFilters TB 38: http://hg.mozilla.org/releases/comm-beta/rev/ce7bee323287 TB 39: http://hg.mozilla.org/releases/comm-beta/rev/127e1f37bc11
Attachment #8603533 - Flags: approval-comm-beta? → approval-comm-beta+
bug 1186392 has an example crash of version 38. If you think it is the same issue I'll dupe it to this bug
Yes the crash in bug 1186392 has the same pattern as this, namely that the main object is being deleted from some unknown source. Si I would say that we failed to fix this bug, and re-opening and duping might be the best path.
Crash Signature: [@ nsMsgFilterAfterTheFact::ContinueExecutionPrompt()] → [@ nsMsgFilterAfterTheFact::ContinueExecutionPrompt()] [@ nsMsgFilterAfterTheFact::ContinueExecutionPrompt]
The signature is gone in version 38.3.0 , so I believe this and bug 1153820 are pretty much fixed by bug 797710. (and perhaps the patch here helped?) Although a topcrash for trunk and 37beta, this never evolved into a topcrash for version 38 - far from it, only a few crashes per week for 38.1.0, and 38.2.0. (Only one filter crash in top 300 for 38.3.0. Rank #300 @ nsMsgFilterAfterTheFact::ApplyFilter, only 24 crashes in one week, bug 537017)  https://crash-stats.mozilla.com/search/?signature=~nsMsgFilterAfterTheFact%3A%3AContinueExecutionPrompt&product=Thunderbird&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Removing leave-open keyword from resolved bugs, per :sylvestre.
You need to log in before you can comment on or make changes to this bug.