Comment #7 on issue 8809 by jer...@chromium.org: Crash in WaitableEventWatcher::StopWatching() http://code.google.com/p/chromium/issues/detail?id=8809
The bug has to do with the destructors for RenderProcess & MessageLoopForIO and how they interact with IPC::SyncChannel in RendererMain(). IPC::SyncChannel waits on render_process' shutdown_event_ , render_process goes out of scope before the end of the function and from that point on it's shutdown_event_ is invalid. The plot thickens: What's supposed to happen here is that render_process' destructor signals shutdown_event_, this should wake up IPC::SyncChannel and get it to unhook itself from the surrounding world. The problem is that WaitableEvent::Signal uses an AsyncTask so the signal is only dispatched at some future date. So shutdown_event_ is invalid, and IPC::SyncChannel is still happilly maintaining a reference to it. The problem then becomes that IPC::SyncChannel is using a WaitableEventWatcher to listen to the event which hooks itself in as a DestructionObserver for the current message loop (the aforementioned MessageLoopForIO). Now we drop off the end of RenderMain() and MessageLoopForIO's destructor is called which calls back to all it's DestructionObserver's. The WaitableEventWatcher then attempts to lock the RenderProcess' shutdown_event_ in order to remove itself from the list of waiters, but that memory is no longer valid since RenderProcess has already died and therein lies our problem... -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
