Before the uplift of 11 to aurora I checked on socorro looking for any unknown spdy issues. I found just 2 reports which I believe are dups of each other: https://crash-stats.mozilla.com/report/index/d8414902-291d-4aa9-888e-1f8982111209 https://crash-stats.mozilla.com/report/index/2cf95ab8-b4d9-4a2f-8d41-0f46f2111214 In each case the stream is crashing when being activated out of the pending queue. I believe that the stream had actually been canceled and freed prior to activation. (i.e. it got queued due to an extreme level of parallelization (>100) and was cancelled in that state probably because the user navigated off the page). 0 libxul.so mozilla::net::SpdyStream::ReadSegments netwerk/protocol/http/SpdyStream.cpp:124 1 libxul.so mozilla::net::SpdySession::ReadSegments netwerk/protocol/http/SpdySession.cpp:1223 2 libxul.so mozilla::net::SpdySession::ActivateStream netwerk/protocol/http/SpdySession.cpp:283 3 libxul.so mozilla::net::SpdySession::ProcessPending netwerk/protocol/http/SpdySession.cpp:295
Created attachment 582856 [details] [diff] [review] patch v0 This touches only SpdySession.cpp I can reproduce this and confirm the fix by loading a page with thousands of icons off plus.google.com (commments on a celeb posting for example) and immediately closing the windows.
Assignee: nobody → mcmanus
Status: NEW → ASSIGNED
Attachment #582856 - Flags: review?(honzab.moz)
Comment on attachment 582856 [details] [diff] [review] patch v0 Review of attachment 582856 [details] [diff] [review]: ----------------------------------------------------------------- r=honzab, full review this time (for spdy.enabled = true as well) void pointers are bitches...
Attachment #582856 - Flags: review?(honzab.moz) → review+
Target Milestone: --- → mozilla11
Severity: major → critical
Crash Signature: [@ mozilla::net::SpdyStream::ReadSegments]
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.