crash in 4430, chrome90 ,windows 32 bit

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

crash in 4430, chrome90 ,windows 32 bit

Postby ifbao » Wed Jun 30, 2021 10:06 pm

I got a crash like this.
crash tip:
0x12A93553 (libcef.dll) (process.dmp 中) have unhandle exception : 0xC0000005: can not access memory at 0xF0565378

the stack like this:
Code: Select all
>   libcef.dll!views::Widget::GetNativeWindow() 行 429   C++   已加载符号。
    libcef.dll!CefBrowserPlatformDelegateNativeWin::SendFocusEvent(bool setFocus) 行 285   C++   已加载符号。
    libcef.dll!AlloyBrowserHostImpl::OnSetFocus(<unnamed-tag> source) 行 844   C++   已加载符号。
    libcef.dll!AlloyBrowserHostImpl::SetFocusInternal(bool focus) 行 377   C++   已加载符号。
    [内联框架] libcef.dll!base::internal::FunctorTraits<void (CefMenuModelImpl::*)(bool) __attribute__((thiscall)),void>::Invoke(void(CefMenuModelImpl::*)(bool) method, const scoped_refptr<CefMenuModelImpl> & receiver_ptr, const bool & args) 行 498   C++   已加载符号。
    [内联框架] libcef.dll!base::internal::InvokeHelper<0,void>::MakeItSo(void(CefMenuModelImpl::*)(bool) & functor, const scoped_refptr<CefMenuModelImpl> & args, const bool & args) 行 637   C++   已加载符号。
    [内联框架] libcef.dll!base::internal::Invoker<base::internal::BindState<void (CefMenuModelImpl::*)(bool) __attribute__((thiscall)),scoped_refptr<CefMenuModelImpl>,bool>,void ()>::RunImpl(void(CefMenuModelImpl::*)(bool) & functor, const std::__1::tuple<scoped_refptr<CefMenuModelImpl>,bool> & bound, std::__1::integer_sequence<unsigned int,0,1>) 行 710   C++   已加载符号。
    libcef.dll!base::internal::Invoker<base::internal::BindState<void (CefMenuModelImpl::*)(bool) __attribute__((thiscall)),scoped_refptr<CefMenuModelImpl>,bool>,void ()>::Run(base::internal::BindStateBase * base) 行 695   C++   已加载符号。
    [内联框架] libcef.dll!base::OnceCallback<void ()>::Run() 行 101   C++   已加载符号。
    libcef.dll!base::TaskAnnotator::RunTask(const char * trace_event_name, base::PendingTask * pending_task) 行 163   C++   已加载符号。
    [内联框架] libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::sequence_manager::LazyNow * continuation_lazy_now) 行 351   C++   已加载符号。
    libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() 行 264   C++   已加载符号。
    libcef.dll!base::MessagePumpForUI::DoRunLoop() 行 225   C++   已加载符号。
    libcef.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate * delegate) 行 83   C++   已加载符号。
    libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) 行 463   C++   已加载符号。
    libcef.dll!base::RunLoop::Run(const base::Location & location) 行 135   C++   已加载符号。
    libcef.dll!CefMainRunner::RunMessageLoop() 行 288   C++   已加载符号。


line 429 code like this
Code: Select all
gfx::NativeWindow Widget::GetNativeWindow() const {
  return native_widget_->GetNativeWindow();
}


and I Found native_widget_ 's __vfptr is 0xf056534c, it's not valid.
even the native_widget_ 's owner window_widget_ 's first __vfptr is not valid too.
and I Found the value native_widget_destroyed_ wa true.

I got this crash 39 times in 10000 people. What are the possible reasons?
Attachments
GetNativeWindow (3).zip
(157.29 KiB) Downloaded 236 times
ifbao
Techie
 
Posts: 13
Joined: Wed Jun 30, 2021 9:53 pm

Re: crash in 4430, chrome90 ,windows 32 bit

Postby ndesktop » Thu Jul 01, 2021 3:46 am

I think I saw this once or twice. Out of the top of my head, it maybe can repro as
- window A appears
- some script posts a task to set focus
- window A is destroyed
- focus task appear only to access a destroyed object
Did not tried this myself, but I would start with something like a JS onunload event, which calls a setTimeout(... function() { window.setfocus(); } ); or something like that.
ndesktop
Master
 
Posts: 750
Joined: Thu Dec 03, 2015 10:10 am

Re: crash in 4430, chrome90 ,windows 32 bit

Postby ifbao » Tue Jul 06, 2021 1:56 am

maybe the problem is CefLifeSpanHandler::DoClose, I return true, And I Call DestroyWindow(browser_->GetHost()->GetWindowHandle() myself.
I will try to async call DestroyWindow to fix this problem
ifbao
Techie
 
Posts: 13
Joined: Wed Jun 30, 2021 9:53 pm

Re: crash in 4430, chrome90 ,windows 32 bit

Postby ndesktop » Thu Jul 22, 2021 10:55 am

It's the issue Chromium issue 937381, but is not yet fixed (or visible).
The Widget destructor says:
Code: Select all
    // TODO(crbug.com/937381): Revert to DCHECK once we figure out the reason.
    CHECK(native_widget_destroyed_)
        << "Destroying a widget with a live native widget. "
        << "Widget probably should use WIDGET_OWNS_NATIVE_WIDGET ownership.";

which suggest is some kind of known problem on destroy.
ndesktop
Master
 
Posts: 750
Joined: Thu Dec 03, 2015 10:10 am


Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 38 guests