Last Comment Bug 712021 - spdy: crash on cancel of queued session
: spdy: crash on cancel of queued session
Status: RESOLVED FIXED
: crash
Product: Core
Classification: Components
Component: Networking: HTTP (show other bugs)
: 11 Branch
: x86_64 Linux
: -- critical (vote)
: mozilla11
Assigned To: Patrick McManus [:mcmanus] PTO until Sep 6
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-19 09:06 PST by Patrick McManus [:mcmanus] PTO until Sep 6
Modified: 2011-12-20 05:54 PST (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
patch v0 (1.33 KB, patch)
2011-12-19 09:29 PST, Patrick McManus [:mcmanus] PTO until Sep 6
honzab.moz: review+
Details | Diff | Splinter Review

Description Patrick McManus [:mcmanus] PTO until Sep 6 2011-12-19 09:06:57 PST
Before the uplift of 11 to aurora I checked on socorro looking for any unknown spdy issues. I found just 2 reports which I believe are dups of each other:

https://crash-stats.mozilla.com/report/index/d8414902-291d-4aa9-888e-1f8982111209
https://crash-stats.mozilla.com/report/index/2cf95ab8-b4d9-4a2f-8d41-0f46f2111214

In each case the stream is crashing when being activated out of the pending queue. I believe that the stream had actually been canceled and freed prior to activation. (i.e. it got queued due to an extreme level of parallelization (>100) and was cancelled in that state probably because the user navigated off the page).


0 	libxul.so 	mozilla::net::SpdyStream::ReadSegments 	netwerk/protocol/http/SpdyStream.cpp:124
1 	libxul.so 	mozilla::net::SpdySession::ReadSegments 	netwerk/protocol/http/SpdySession.cpp:1223
2 	libxul.so 	mozilla::net::SpdySession::ActivateStream 	netwerk/protocol/http/SpdySession.cpp:283
3 	libxul.so 	mozilla::net::SpdySession::ProcessPending 	netwerk/protocol/http/SpdySession.cpp:295
Comment 1 Patrick McManus [:mcmanus] PTO until Sep 6 2011-12-19 09:29:02 PST
Created attachment 582856 [details] [diff] [review]
patch v0

This touches only SpdySession.cpp

I can reproduce this and confirm the fix by loading a page with thousands of icons off plus.google.com (commments on a celeb posting for example) and immediately closing the windows.
Comment 2 Honza Bambas (:mayhemer) 2011-12-19 12:52:41 PST
Comment on attachment 582856 [details] [diff] [review]
patch v0

Review of attachment 582856 [details] [diff] [review]:
-----------------------------------------------------------------

r=honzab, full review this time (for spdy.enabled = true as well)

void pointers are bitches...
Comment 3 Patrick McManus [:mcmanus] PTO until Sep 6 2011-12-19 13:43:06 PST
https://hg.mozilla.org/integration/mozilla-inbound/rev/b4d859a1e338

thanks honza
Comment 4 Ed Morley [:emorley] 2011-12-20 05:54:14 PST
https://hg.mozilla.org/mozilla-central/rev/b4d859a1e338

Note You need to log in before you can comment on or make changes to this bug.