[webkit-gtk] Effects of not calling ResourceHandle::cancel()

[Niranjan Rao]

Greetings,

Crashes seen in versions tried : 2.2.3 and 2.2.6. Fix was tried on 2.2.6

We were seeing lot of core dumps as per following stack trace. These 
crashes are hard to reproduce as system load and network speed also 
seems to be a factor in this. As effort to triage the problem I modified 
WebProcessMainGtk to log the soup headers. After researching the number 
core and our log files, it looks like these crashes happens when 
framework tries to cancel current requests. As a workaround for this 
problem, I have changed ResourceHandle::cancel to look like following - 
which effectively makes its a noop. So far this seem to be working ok 
for us. Normally when we run our jobs, we will start seeing these 
crashes for the few sites we visit almost immediately - that is within 
100 or so runs. Now I have completed more than 400 runs and still no 
crashes.

     d->m_cancelled = true;
     if (d->m_cancelled)
       return;


Will this have any unintended side effects? I can see soup eventually 
completing the request but since resource is no longer valid, most 
probably nothing else will happen. Resource leak is another possibility, 
but we can leave with that for the time being as most of our jobs have a 
very short life span.


Stack trace:

#0  0x00007f49dacd9425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f49dacdcb8b in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007f49862b6865 in os::abort(bool) () from 
/usr/lib/jvm/jdk1.7.0_21/jre/lib/amd64/server/libjvm.so
#3  0x00007f4986416b77 in VMError::report_and_die() () from 
/usr/lib/jvm/jdk1.7.0_21/jre/lib/amd64/server/libjvm.so
#4  0x00007f49862ba370 in JVM_handle_linux_signal () from 
/usr/lib/jvm/jdk1.7.0_21/jre/lib/amd64/server/libjvm.so
#5  <signal handler called>
#6  0x00007f49d71c0cac in g_task_propagate_error () from 
/usr/share/finovera/deps/lib/libgio-2.0.so.0
#7  0x00007f49d71c17e0 in g_task_propagate_boolean () from 
/usr/share/finovera/deps/lib/libgio-2.0.so.0
#8  0x00007f498c3510dd in finish_handshake () from 
/usr/share/finovera/deps/lib/gio/modules/libgiognutls.so
#9  0x00007f498c3514f8 in claim_op () from 
/usr/share/finovera/deps/lib/gio/modules/libgiognutls.so
#10 0x00007f498c353ab0 in g_tls_connection_gnutls_write () from 
/usr/share/finovera/deps/lib/gio/modules/libgiognutls.so
#11 0x00007f49d71acce6 in g_pollable_output_stream_write_nonblocking () 
from /usr/share/finovera/deps/lib/libgio-2.0.so.0
#12 0x00007f49d750fc49 in io_run_until () from 
/usr/share/finovera/deps/lib/libsoup-2.4.so.1
#13 0x00007f49d751cd5b in try_run_until_read () from 
/usr/share/finovera/deps/lib/libsoup-2.4.so.1
#14 0x00007f49d751db25 in async_run_queue () from 
/usr/share/finovera/deps/lib/libsoup-2.4.so.1
#15 0x00007f49d751dbab in idle_run_queue () from 
/usr/share/finovera/deps/lib/libsoup-2.4.so.1
#16 0x00007f49d5b46616 in g_main_context_dispatch () from 
/usr/share/finovera/deps/lib/libglib-2.0.so.0
#17 0x00007f49d5b46968 in g_main_context_iterate.isra.24 () from 
/usr/share/finovera/deps/lib/libglib-2.0.so.0
#18 0x00007f49d5b46d6a in g_main_loop_run () from 
/usr/share/finovera/deps/lib/libglib-2.0.so.0
#19 0x00007f49db590d7d in WebProcessMainGtk () from 
/usr/share/finovera/webkit-2.2.6/lib/libwebkit2gtk-3.0.so.25
#20 0x00007f49dacc476d in __libc_start_main () from 
/lib/x86_64-linux-gnu/libc.so.6
#21 0x0000000000400701 in _start ()