Issue 690270 link

Starred by 2 users

Issue metadata

Status:	Duplicate
Owner:	bbudge@chromium.org
Closed:	Feb 2017
Cc:	█ raymes@chromium.org piman@chromium.org
Components:	Internals>Plugins>Flash
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	3
Type:	Bug
Needs-Milestone

A deadlock about ppapi hung

Reported by changfen...@gmail.com, Feb 9 2017

Issue description

Chrome Version       : 55.0.2883.87
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
URLs (if applicable) :
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari 5:
  Firefox 4.x:
     IE 7/8/9:

What steps will reproduce the problem?
1.
2.
3.

What is the expected result?


What happens instead of that?


Please provide any additional information below. Attach a screenshot if
possible.

UserAgentString: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Hi, I meet a flash hung, dump just follows:

Render Process:
Main thread:
Send sync ipc(PpapiMsg_SupportsInterface) to ppapi process
stack frames:
0012d58c 7c92df4a ntdll!KiFastSystemCallRet
0012d590 7c809590 ntdll!ZwWaitForMultipleObjects+0xc
0012d62c 7c80a115 kernel32!WaitForMultipleObjectsEx+0x12c
0012d648 100f3e24 kernel32!WaitForMultipleObjects+0x18
0012d770 100f4106 chrome_child!base::WaitableEvent::WaitMany+0x66 [d:\webapps\b\build\slave\repo\build\src\base\synchronization\waitable_event_win.cc @ 85]
0012d79c 10052b46 chrome_child!IPC::SyncChannel::WaitForReply+0x77 [d:\webapps\b\build\slave\repo\build\src\ipc\ipc_sync_channel.cc @ 520]
0012d7d8 118ef25b chrome_child!IPC::SyncChannel::Send+0xea [d:\webapps\b\build\slave\repo\build\src\ipc\ipc_sync_channel.cc @ 504]
0012d7e8 118ed44c chrome_child!ppapi::proxy::ProxyChannel::Send+0x18 [d:\webapps\b\build\slave\repo\build\src\ppapi\proxy\proxy_channel.cc @ 89]
0012d840 118ecff9 chrome_child!ppapi::proxy::HostDispatcher::Send+0x116 [d:\webapps\b\build\slave\repo\build\src\ppapi\proxy\host_dispatcher.cc @ 161]
0012d888 11721d4a chrome_child!ppapi::proxy::HostDispatcher::GetProxiedInterface+0x84 [d:\webapps\b\build\slave\repo\build\src\ppapi\proxy\host_dispatcher.cc @ 232]
0012d8b8 116cfb1b chrome_child!content::HostDispatcherWrapper::GetProxiedInterface+0x2f [d:\webapps\b\build\slave\repo\build\src\content\renderer\pepper\host_dispatcher_wrapper.cc @ 78]
0012d8c8 11c6d407 chrome_child!content::PluginModule::GetPluginInterface+0x19 [d:\webapps\b\build\slave\repo\build\src\content\renderer\pepper\plugin_module.cc @ 661]
....


PPAPI Process:
Main thread:
Send sync ipc(PpapiHostMsg_PPBInstance_ExecuteScript) to render process
00 0012dc9c 7c92df4a 7c809590 00000002 0012dcc8 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
01 0012dca0 7c809590 00000002 0012dcc8 00000001 ntdll!ZwWaitForMultipleObjects+0xc (FPO: [5,0,0])
02 0012dd3c 7c80a115 00000002 0012dd78 00000000 kernel32!WaitForMultipleObjectsEx+0x12c (FPO: [Non-Fpo])
03 0012dd58 100f3e24 00000002 0012dd78 00000000 kernel32!WaitForMultipleObjects+0x18 (FPO: [Non-Fpo])
04 0012de80 100f4106 0012de9c 00000002 00000000 chrome_child!base::WaitableEvent::WaitMany+0x66 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\webapps\b\build\slave\repo\build\src\base\synchronization\waitable_event_win.cc @ 85]
05 0012deac 10052b46 0092e710 00000000 00961fc0 chrome_child!IPC::SyncChannel::WaitForReply+0x77 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\webapps\b\build\slave\repo\build\src\ipc\ipc_sync_channel.cc @ 520]
06 0012dee8 118ef25b 00961fc0 00000000 0012df08 chrome_child!IPC::SyncChannel::Send+0xea (FPO: [Non-Fpo]) (CONV: thiscall) [d:\webapps\b\build\slave\repo\build\src\ipc\ipc_sync_channel.cc @ 504]
07 0012def8 118fe4d8 00961fc0 129e617e 0012df44 chrome_child!ppapi::proxy::ProxyChannel::Send+0x18 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\webapps\b\build\slave\repo\build\src\ppapi\proxy\proxy_channel.cc @ 89]
08 0012df08 118fe3ca 00961fc0 009999d4 00961fc0 chrome_child!ppapi::proxy::PluginDispatcher::SendMessageW+0x28 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\webapps\b\build\slave\repo\build\src\ppapi\proxy\plugin_dispatcher.cc @ 195]
09 0012df44 11903dbd 00961fc0 0012dfb4 0012e09c chrome_child!ppapi::proxy::PluginDispatcher::Send+0xbf (FPO: [Non-Fpo]) (CONV: thiscall) [d:\webapps\b\build\slave\repo\build\src\ppapi\proxy\plugin_dispatcher.cc @ 219]
0a 0012df94 11fae26e 0012e0a0 a3c36f29 00000005 chrome_child!ppapi::proxy::PPB_Instance_Proxy::ExecuteScript+0xaa (FPO: [Non-Fpo]) (CONV: thiscall) [d:\webapps\b\build\slave\repo\build\src\ppapi\proxy\ppb_instance_proxy.cc @ 299]
0b 0012e0b4 023b57b0 0012e0e8 a3c36f29 00000005 chrome_child!ppapi::thunk::`anonymous namespace'::ExecuteScript+0xa6 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\webapps\b\build\slave\repo\build\src\ppapi\thunk\ppb_instance_private_thunk.cc @ 41]
WARNING: Stack unwind information not available. Following frames may be wrong.
0c 0012e130 01c54a7e 0012e198 00000000 03019000 pepflashplayer+0x7657b0
0d 0012e1d8 01faccbe 050e61a8 03472f50 0301a810 pepflashplayer+0x4a7e
0e 0012e20c 01e4eb93 04746d30 04fe7370 01d0b49e pepflashplayer+0x35ccbe
0f 0012e238 01d0b2a5 05031a90 00000001 0012e288 pepflashplayer+0x1feb93
10 0012e338 01d0b49e 05031a00 00000002 0012e388 pepflashplayer+0xbb2a5
11 0012e358 01d0b2a5 05031a00 00000002 0012e388 pepflashplayer+0xbb49e
12 0012e3a8 01d0b49e 047f7a00 00000001 0012e410 pepflashplayer+0xbb2a5
13 0012e3c8 01d0b2a5 047f7a00 00000001 0012e410 pepflashplayer+0xbb49e

Comment 1 by dcheng@chromium.org, Feb 9 2017

Cc: raymes@chromium.org piman@chromium.org

Do you have a repro?

IIRC, this is one of the many strange things plugins can do. The renderer can make sync IPCs to the plugin, which can then call back into the renderer to execute script. Among other things, this is used to support things like plugin teardown, which (currently) expect to synchronously script.

In order to prevent this from being a deadlock, by understanding is we actually dispatch some subset of incoming IPCs in the renderer.