CEF crashing in Win10

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

CEF crashing in Win10

Postby AmpelioAttanasi » Tue Aug 03, 2021 3:55 am

Hi,

we use CEF (in conjunction with CefSharp) in our application and one of our clients, since when we upgraded to v89 (89.0.17+ge7bbb1d+chromium-89.0.4389.114), is experiencing the crash below.
We've been using CEF for years and this is the first crash we receive from a production environment.
We've received from this client two dumps from two different sessions, the stacks are identical. I found filed issues with stacks ending in the same function (LogMessage destructor) but not with the same sequence
The OS in use is:

Version: 10.0.18363
ProductName: Windows 10 Enterprise
ReleaseId: 1909
64-bit: True

Any hint?
Thanks.
Code: Select all
=======================================
  *** Stack trace for last set context - .thread/.cxr resets it
 # Child-SP          RetAddr               Call Site
00 00000021`e97fdae0 00007fff`26a982f9     libcef!logging::LogMessage::~LogMessage+0x91d [Y:\work\CEF3_git\chromium\src\base\logging.cc @ 885]
01 00000021`e97fe050 00007fff`26a980c0     libcef!gfx::`anonymous namespace'::CrashOther+0x5f [Y:\work\CEF3_git\chromium\src\ui\gfx\win\hwnd_util.cc @ 82]
02 00000021`e97fe1d0 00007fff`274f4dd2     libcef!gfx::CheckWindowCreated+0x41 [Y:\work\CEF3_git\chromium\src\ui\gfx\win\hwnd_util.cc @ 216]
03 00000021`e97fe350 00007fff`292386c4     libcef!gfx::WindowImpl::Init+0x198 [Y:\work\CEF3_git\chromium\src\ui\gfx\win\window_impl.cc @ 250]
04 00000021`e97fe480 00007fff`284958ac     libcef!views::HWNDMessageHandler::Init+0x9e [Y:\work\CEF3_git\chromium\src\ui\views\win\hwnd_message_handler.cc @ 442]
05 00000021`e97fe550 00007fff`29242ff3     libcef!views::DesktopWindowTreeHostWin::Init+0x12c [Y:\work\CEF3_git\chromium\src\ui\views\widget\desktop_aura\desktop_window_tree_host_win.cc @ 158]
06 00000021`e97fe5c0 00007fff`270ffc5f     libcef!views::DesktopNativeWidgetAura::InitNativeWidget+0x103 [Y:\work\CEF3_git\chromium\src\ui\views\widget\desktop_aura\desktop_native_widget_aura.cc @ 494]
07 00000021`e97fe850 00007fff`29864322     libcef!views::Widget::Init+0x267 [Y:\work\CEF3_git\chromium\src\ui\views\widget\widget.cc @ 363]
08 00000021`e97fea70 00007fff`28c15cc1     libcef!CefWindowDelegateView::Init+0x108 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\native\window_delegate_view.cc @ 65]
09 00000021`e97fed40 00007fff`2722f3bd     libcef!CefBrowserPlatformDelegateNativeWin::CreateHostWindow+0x2a1 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\native\browser_platform_delegate_native_win.cc @ 203]
0a 00000021`e97fee80 00007fff`2722ee95     libcef!AlloyBrowserHostImpl::CreateHostWindow+0x1f [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\alloy\alloy_browser_host_impl.cc @ 1710]
0b 00000021`e97feec0 00007fff`2722eafc     libcef!AlloyBrowserHostImpl::CreateInternal+0x215 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\alloy\alloy_browser_host_impl.cc @ 237]
0c 00000021`e97fefa0 00007fff`2675f23c     libcef!AlloyBrowserHostImpl::Create+0x2d0 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\alloy\alloy_browser_host_impl.cc @ 175]
0d 00000021`e97ff410 00007fff`2675f604     libcef!CefBrowserHost::CreateBrowserSync+0x4fa [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\browser_host_create.cc @ 142]
0e (Inline Function) --------`--------     libcef!CefBrowserHost::CreateBrowser::<unnamed-tag>::operator()+0xa8 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\browser_host_create.cc @ 77]
0f (Inline Function) --------`--------     libcef!base::internal::FunctorTraits<`lambda at ../../cef/libcef/browser/browser_host_create.cc:77:3',void>::Invoke+0xac [Y:\work\CEF3_git\chromium\src\base\bind_internal.h @ 379]
10 (Inline Function) --------`--------     libcef!base::internal::InvokeHelper<0,void>::MakeItSo+0xac [Y:\work\CEF3_git\chromium\src\base\bind_internal.h @ 637]
11 (Inline Function) --------`--------     libcef!base::internal::Invoker<base::internal::BindState<`lambda at ../../cef/libcef/browser/browser_host_create.cc:77:3',(anonymous namespace)::CreateBrowserHelper *>,void ()>::RunImpl+0xac [Y:\work\CEF3_git\chromium\src\base\bind_internal.h @ 710]
12 00000021`e97ff760 00007fff`2680132d     libcef!base::internal::Invoker<base::internal::BindState<`lambda at ../../cef/libcef/browser/browser_host_create.cc:77:3',(anonymous namespace)::CreateBrowserHelper *>,void ()>::RunOnce+0xc4 [Y:\work\CEF3_git\chromium\src\base\bind_internal.h @ 679]
13 (Inline Function) --------`--------     libcef!base::OnceCallback<void ()>::Run+0x15 [Y:\work\CEF3_git\chromium\src\base\callback.h @ 101]
14 00000021`e97ff7f0 00007fff`2728a4a1     libcef!base::TaskAnnotator::RunTask+0x16d [Y:\work\CEF3_git\chromium\src\base\task\common\task_annotator.cc @ 163]
15 00000021`e97ff930 00007fff`2728a19c     libcef!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl+0x1b1 [Y:\work\CEF3_git\chromium\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc @ 352]
16 00000021`e97ffb00 00007fff`2683236a     libcef!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork+0xcc [Y:\work\CEF3_git\chromium\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc @ 266]
17 00000021`e97ffb90 00007fff`26831a1a     libcef!base::MessagePumpForUI::DoRunLoop+0x7a [Y:\work\CEF3_git\chromium\src\base\message_loop\message_pump_win.cc @ 226]
18 00000021`e97ffc20 00007fff`2728addd     libcef!base::MessagePumpWin::Run+0x5a [Y:\work\CEF3_git\chromium\src\base\message_loop\message_pump_win.cc @ 83]
19 00000021`e97ffc70 00007fff`267ea301     libcef!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run+0xdd [Y:\work\CEF3_git\chromium\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc @ 463]
1a 00000021`e97ffcd0 00007fff`2722c45d     libcef!base::RunLoop::Run+0x1b1 [Y:\work\CEF3_git\chromium\src\base\run_loop.cc @ 133]
1b 00000021`e97ffd80 00007fff`2722d407     libcef!CefMainRunner::RunMessageLoop+0x7d [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\main_runner.cc @ 288]
1c 00000021`e97ffe00 00007fff`26839090     libcef!CefUIThread::ThreadMain+0x97 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\main_runner.cc @ 184]
1d 00000021`e97ffe60 00007fff`c6b07c24     libcef!base::`anonymous namespace'::ThreadFunc+0xf0 [Y:\work\CEF3_git\chromium\src\base\threading\platform_thread_win.cc @ 103]
1e 00000021`e97ffee0 00007fff`c754d721     kernel32!BaseThreadInitThunk+0x14
1f 00000021`e97fff10 00000000`00000000     ntdll!RtlUserThreadStart+0x21
=======================================
AmpelioAttanasi
Techie
 
Posts: 11
Joined: Tue Aug 03, 2021 3:42 am

Re: CEF crashing in Win10

Postby ndesktop » Tue Aug 03, 2021 11:29 pm

It looks like CheckWindowCreated is failing with neither ERROR_NOT_ENOUGH_MEMORY, nor ERROR_ACCESS_DENIED.
This is invoked from WindowImpl::Init in ui/gfx/win/window_impl.cc, and as I see it the only place where this can fail is CreateWindowEx.
The failure can have multiple causes, but most common
What error code do you get? This should be visible from the crash dump in windbg with "k; !for_each_frame; frame 2; dv".
ndesktop
Master
 
Posts: 750
Joined: Thu Dec 03, 2015 10:10 am

Re: CEF crashing in Win10

Postby AmpelioAttanasi » Tue Aug 10, 2021 10:16 am

Hi ndesktop,

thanks for your reply - is this the info you need?

Code: Select all
0:017> .frame 0n2;dv /t /v
02 0000009e`6e1fde70 00007fff`23774dd2     libcef!gfx::CheckWindowCreated+0x41 [Y:\work\CEF3_git\chromium\src\ui\gfx\win\hwnd_util.cc @ 216]
<unavailable>     struct HWND__ * hwnd = <value unavailable>
@esi              unsigned long last_error = 0x57


our clients are experiencing this issue for multiple users after we've upgraded CEF to version 89 - the application codebase has unchanged.
AmpelioAttanasi
Techie
 
Posts: 11
Joined: Tue Aug 03, 2021 3:42 am

Re: CEF crashing in Win10

Postby ndesktop » Tue Aug 10, 2021 10:55 am

unsigned long last_error = 0x57 is error 87, which is "The parameter is incorrect." (ERROR_INVALID_PARAMETER).
The callstack tracks back to CefBrowserPlatformDelegateNativeWin::CreateHostWindow, specifically to the
Code: Select all
...
  CefWindowDelegateView* delegate_view = new CefWindowDelegateView(
      GetBackgroundColor(), always_on_top, GetBoundsChangedCallback());
  delegate_view->Init(window_info_.window, web_contents_,
                      gfx::Rect(0, 0, point.x(), point.y()));

That leads me to the highest possibility of error, which is the parent window - window_info_.window - to be invalid in conjunction with (ex)styles.
The closes Chromium issues (not related, but in the same vein) are 82193 and 310704 (which was merged into 82193), which are very old but callstack looks very similar.

Maybe the WM_NCCREATE binding between the C++ object and HWND is happening after gfx::WindowImpl::Init - although very unlikely.
I'm afraid I can't be of much help looking only to the 87 error code.

My suggestion is to add LOG(INFO) to CefBrowserPlatformDelegateNativeWin::CreateHostWindow() and in gfx/win/window_impl.cc's WindowImpl::Init, dumping HWND, window class, style and extended style every time when a Win32 call is made. Maybe check the WNDCLASS and ATOM too.
Then do a build and run cefclient --enable-logging --v=1 on one of the machines with repro, then your executable with logging as well.
That's all I can think of in order to track down the issue.
ndesktop
Master
 
Posts: 750
Joined: Thu Dec 03, 2015 10:10 am

Re: CEF crashing in Win10

Postby amaitland » Tue Aug 10, 2021 4:19 pm

See https://github.com/cefsharp/CefSharp/is ... -780194746 for related discussion.

The most probably cause is you've created a ChromiumWebBrowser instance and shortly after called Dispose.
Maintainer of the CefSharp project.
amaitland
Virtuoso
 
Posts: 1290
Joined: Wed Jan 14, 2015 2:35 am

Re: CEF crashing in Win10

Postby AmpelioAttanasi » Fri Aug 13, 2021 2:05 am

I honestly don't know which is the use case of our client; I can understand that trying to access/use a handle that doesn't exist can cause an exception but timing issues shouldn't be a concern of the final user: if they open a browser and they close it right after... I think should fall in the "legit use" - it seems to me something that the library should check.
AmpelioAttanasi
Techie
 
Posts: 11
Joined: Tue Aug 03, 2021 3:42 am

Re: CEF crashing in Win10

Postby amaitland » Fri Aug 13, 2021 2:59 am

It's a threading problem and it only happens very rarely, in 7 years I've seen less than 10 occurrences.

I think should fall in the "legit use" - it seems to me something that the library should check.


- The control handle (hwnd) is created
- a call to CreateBrowser is made
- The CreateBrowser call is queued on the CEF UI thread for execution
- During execution of CreateBrowser you call Dispose and the handler (hwnd) is now invalid
- CreateBrowser now tries to use the invalid handle

In most cases the control is disposed without issue. I've not once seen this issue as the result of a user interaction, it's only been programatically disposing of the control.

Are you sure the user is initiating the dispose in this instance?
Maintainer of the CefSharp project.
amaitland
Virtuoso
 
Posts: 1290
Joined: Wed Jan 14, 2015 2:35 am

Re: CEF crashing in Win10

Postby amaitland » Fri Aug 13, 2021 4:06 am

The only way to solve this is to block the WinForms UI thread until the CefBrowser has been created.

Blocking in Dispose is a big no no, which leaves using CreateBrowserSync. As this only happens for a select few I think it would be better to use CreateBrowser by default and CreateBrowserSync should the user explicitly choose.

Should you wish to create a pull request the following should get you started
https://github.com/cefsharp/CefSharp/bl ... er.cs#L587
https://github.com/cefsharp/CefSharp/bl ... er.cpp#L98
Maintainer of the CefSharp project.
amaitland
Virtuoso
 
Posts: 1290
Joined: Wed Jan 14, 2015 2:35 am

Re: CEF crashing in Win10

Postby AmpelioAttanasi » Fri Aug 13, 2021 6:38 am

I got our client to send us our application logs - this session is used to perform a SAML login, which takes ~3.5 seconds to complete:

Code: Select all
09:19:33.314615|00076-{CreateNewBrowser} Factory {Chromium} src {BrowserManager}
09:19:33.317613|00090-{ChromiumWrapper} BrowserID {9de057e7-3885-4e4b-ac6d-a9c2bf3d758b} src {ChromiumWrapper_0}
[...]
09:19:33.563611|00062-{************************************} src {ChromiumWrapper_0}
09:19:33.563611|00062-{*        Start Saml Session        *} src {ChromiumWrapper_0}
09:19:33.563611|00062-{************************************} src {ChromiumWrapper_0}
[...]
09:19:36.538608|00112-{SamlLoginComplete} Remove browser {9de057e7-3885-4e4b-ac6d-a9c2bf3d758b} src {BrowserManager}
[...]
09:19:36.633604|00119-{HandleRemoveBrowserRequest} Kill browser {9de057e7-3885-4e4b-ac6d-a9c2bf3d758b} src {BrowserManager}
[..]
09:19:36.878604|00042-{Browser Shutdown} src {ChromiumWrapper_0}


and from the dump we can see that it gets created right at the browser close (the name is Dump_20210802_091936.dmp)
AmpelioAttanasi
Techie
 
Posts: 11
Joined: Tue Aug 03, 2021 3:42 am

Re: CEF crashing in Win10

Postby amaitland » Fri Aug 13, 2021 4:01 pm

AmpelioAttanasi wrote:I got our client to send us our application logs - this session is used to perform a SAML login, which takes ~3.5 seconds to complete:

Code: Select all
09:19:33.314615|00076-{CreateNewBrowser} Factory {Chromium} src {BrowserManager}
09:19:33.317613|00090-{ChromiumWrapper} BrowserID {9de057e7-3885-4e4b-ac6d-a9c2bf3d758b} src {ChromiumWrapper_0}
[...]
09:19:33.563611|00062-{************************************} src {ChromiumWrapper_0}
09:19:33.563611|00062-{*        Start Saml Session        *} src {ChromiumWrapper_0}
09:19:33.563611|00062-{************************************} src {ChromiumWrapper_0}
[...]
09:19:36.538608|00112-{SamlLoginComplete} Remove browser {9de057e7-3885-4e4b-ac6d-a9c2bf3d758b} src {BrowserManager}
[...]
09:19:36.633604|00119-{HandleRemoveBrowserRequest} Kill browser {9de057e7-3885-4e4b-ac6d-a9c2bf3d758b} src {BrowserManager}
[..]
09:19:36.878604|00042-{Browser Shutdown} src {ChromiumWrapper_0}


and from the dump we can see that it gets created right at the browser close (the name is Dump_20210802_091936.dmp)


How is this relevant exactly? Did the crash occur?
Maintainer of the CefSharp project.
amaitland
Virtuoso
 
Posts: 1290
Joined: Wed Jan 14, 2015 2:35 am

Next

Return to Support Forum

Who is online

Users browsing this forum: No registered users and 36 guests