Issue 2866: deadlock in IPC::SyncChannel::SendWithTimeout http://code.google.com/p/chromium/issues/detail?id=2866
New issue report by [EMAIL PROTECTED]: So I was reading gmail using my regular chrome 0.2.153.1 (Official Build 2519) some other tabs open I was in a a message and when I tried to go back to the inbox the renderer got stuck, frozen. The dialog to kill the tab appeared. I waited for a few minutes and then decided to attach the debugger. I called Darin and Jay to see the state while it was still attached in live debugging but they could not figure out what was going on. So here is the brain dump: 1- The only renderer stuck was that one, other renderers and the browser process seem healty. 2- The hosed renderer had two threads, only one thread seemed hosed, The second thread. The thread is in a forever wait: ChildEBP RetAddr Args to Child 00c5e7fc 7c90e9ab 7c8094e2 00000003 00c5e828 ntdll!KiFastSystemCallRet (FPO: [0,0,0]) 00c5e800 7c8094e2 00000003 00c5e828 00000001 ntdll!ZwWaitForMultipleObjects+0xc (FPO: [5,0,0]) 00c5e89c 7c80a075 00000003 00c5e8f0 00000000 kernel32!WaitForMultipleObjectsEx+0x12c (FPO: [Non-Fpo]) 00c5e8b8 0118ade2 00000003 00c5e8f0 00000000 kernel32!WaitForMultipleObjects+0x18 (FPO: [Non-Fpo]) 00c5e9b0 0118ac47 033e6470 ffffffff 01169901 chrome_1000000!IPC::SyncChannel::SendWithTimeout(class IPC::Message * message = 0x033e6470, int timeout_ms = -1)+0x198 (CONV: thiscall) [c:\b\slave\chrome-official\build\src\chrome\common\ipc_sync_channel.cc @ 431] 00c5e9bc 01169901 033e6470 00000007 0117de3f chrome_1000000!IPC::SyncChannel::Send(class IPC::Message * message = 0x01038d1b)+0xb (FPO: [1,0,0]) (CONV: thiscall) [c:\b\slave\chrome- official\build\src\chrome\common\ipc_sync_channel.cc @ 382] 00c5e9c8 0117de3f 033e6470 02912bb4 033e6470 chrome_1000000!RenderThread::Send(class IPC::Message * msg = 0x01038d1b)+0x18 (FPO: [1,0,0]) (CONV: thiscall) [c:\b\slave\chrome- official\build\src\chrome\renderer\render_thread.cc @ 67] 00c5e9dc 0118584b 033e6470 020e4810 00000000 chrome_1000000!RenderWidget::Send(class IPC::Message * message = 0x01038d1b)+0x4a (FPO: [1,0,0]) (CONV: thiscall) [c:\b\slave\chrome- official\build\src\chrome\renderer\render_widget.cc @ 175] 00c5eb94 01038d1b 00c5eff0 00c5eff0 032f59e8 chrome_1000000!webkit_glue::IPCResourceLoaderBridge::SyncLoad(struct webkit_glue::ResourceLoaderBridge::SyncLoadResponse * response = 0x00c5eff0)+0xd2 (CONV: thiscall) [c:\b\slave\chrome- official\build\src\chrome\common\resource_dispatcher.cc @ 217] 00c5ee3c 01039426 00c5eff0 00c5f12c 00c5f280 chrome_1000000!WebCore::ResourceHandleInternal::Start(struct webkit_glue::ResourceLoaderBridge::SyncLoadResponse * sync_load_response = 0x00c5eff0)+0x8b8 (CONV: thiscall) [c:\b\slave\chrome- official\build\src\webkit\glue\resource_handle_win.cc @ 440] 00c5f0f4 0104691e 00c5f434 00c5f528 00c5f428 chrome_1000000!WebCore::ResourceHandle::loadResourceSynchronously(class WebCore::ResourceRequest * request = 0x00000000, class WebCore::ResourceError * error = 0x00c5f434, class WebCore::ResourceResponse * response = 0x00c5f528, class WTF::Vector<char,0> * data = 0x00c5f428, class WebCore::Frame * __formal = 0x00c5f3e0)+0x71 (CONV: cdecl) [c:\b\slave\chrome- official\build\src\webkit\glue\resource_handle_win.cc @ 683] 00c5f3e0 010aa6d4 00c5f608 00c5f428 011ae013 chrome_1000000!WebCore::FrameLoader::loadResourceSynchronously(class WebCore::ResourceRequest * request = 0x00c5f608, class WebCore::ResourceError * error = 0x00000000, class WebCore::ResourceResponse * response = 0x00000000, class WTF::Vector<char,0> * data = 0x00c5f428)+0x1b9 (CONV: thiscall) [c:\b\slave\chrome-official\build\src\webkit\pending\frameloader.cpp @ 3376] 00c5f76c 011ae106 00c5f7a0 00c5f790 00c5f818 chrome_1000000!WebCore::XMLHttpRequest::send(class WebCore::String * body = 0x00c5f7a0, int * ec = 0x00c5f790)+0x3b0 (CONV: thiscall) [c:\b\slave\chrome-official\build\src\webkit\pending\xmlhttprequest.cpp @ 470] 00c5f794 015e54ea 00c5f7f4 01809758 00000002 chrome_1000000!WebCore::V8Custom::v8XMLHttpRequestSendCallback(class v8::Arguments * args = 0x01809758)+0xf3 (CONV: cdecl) [c:\b\slave\chrome- official\build\src\webkit\port\bindings\v8\v8_custom.cpp @ 2932] 00c5f7e0 00c5f814 00000001 018c0170 00000002 chrome_1000000!v8::internal::Builtin_HandleApiCall(int __argc__ = 28278365, class v8::internal::Object ** __argv__ = 0x02481040)+0x1aa (FPO: [Non-Fpo]) (CONV: cdecl) [c:\b\slave\chrome-official\build\src\v8\src\builtins.cc @ 401] So as you can see is the V8 thread doing an XMLHttpRequest 3- Using about:network you can that see there are no pending network jobs. The code is stuck sending an IPC message, this seems to be the IPC message: Address contents 033e6690 020e1068 00000007 00262020 00000447 h....... &.G... 033e66a0 000002f9 00000004 54534f50 00000094 ........POST.... 033e66b0 70747468 2f2f3a73 65727073 68736461 https://spreadsh 033e66c0 73746565 6f6f672e 2e656c67 2f6d6f63 eets.google.com/ 033e66d0 6f672f61 656c676f 6d6f632e 3f6d662f a/google.com/fm? 033e66e0 6f3d6469 37313731 36393835 38313031 id=o171758961018 033e66f0 32373434 38353430 3036312e 39333631 44720458.1601639 033e6700 37343532 36363339 39353634 3833302e 254793664659.038 the actual call were is stuck is: WaitForMultipleObjects(00000003, 00c5e8f0, 00000000, ffffffff) Which seems to correspond to ipc_sync_channel.cc line 413 The 3 events are that the call is waiting are alive and not signaled. Issue attributes: Status: Untriaged Owner: [EMAIL PROTECTED] Labels: Type-Bug Pri-2 OS-Windows Area-Unknown -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
