Renderer process crashing due to V8_FATAL

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Renderer process crashing due to V8_FATAL

Postby akolbow » Wed Oct 20, 2021 10:14 am

Hello!

I am having a hard time debugging random crashes in our windows application.
The application makes heavy usage of the JS Extensions Feature to provide functionality to a webapp.
The application work fine most of the time but the longer the webapp is running and the more work is done the more likely it gets that the renderer process crashes. It is very difficult and time consuming to reproduce but i managed to get two crash dumps so far. In both crash dumps V8_FATAL is called due to AllocateRawFixedArray being called with a negative length (-524289).
Since the crash in both dumps is in the V8 area and occurs only after heavy usage of the JS-Extensions I guess we are doing something wrong in that area. But I have no idea what since the app runs fine for such a long time and there are no anomalities up until the crash.

We are using the prebuilt cef binaries from https://cef-builds.spotifycdn.com/index.html in version cef_binary_94.4.1+g4b61a8c+chromium-94.0.4606.5

What puzzles me especially is that in both cases AllocateRawFixedArray is called with the same invalid length argument.

Does someone have an idea what might go on here? I am feeling a bit lost here. Any help / nudge in the right direction might help me now :)

The symbolized stack traces of the two dumps:
Code: Select all
    libcef.dll!v8::base::OS::Abort() Zeile 959   C++
    libcef.dll!V8_Fatal(const char * format, ...) Zeile 167   C++
    [Inlineframe] libcef.dll!v8::internal::FactoryBase<v8::internal::Factory>::AllocateRawFixedArray(int length, v8::internal::AllocationType allocation) Zeile 822   C++
    libcef.dll!v8::internal::FactoryBase<v8::internal::Factory>::NewFixedArrayWithFiller(v8::internal::Handle<v8::internal::Map> map, int length, v8::internal::Handle<v8::internal::Oddball> filler, v8::internal::AllocationType allocation) Zeile 118   C++
    libcef.dll!v8::internal::FactoryBase<v8::internal::Factory>::NewFixedArrayWithMap(v8::internal::Handle<v8::internal::Map> map, int length, v8::internal::AllocationType allocation) Zeile 91   C++
    libcef.dll!v8::internal::Factory::NewClosureFeedbackCellArray(int length) Zeile 530   C++
    libcef.dll!v8::internal::ClosureFeedbackCellArray::New(v8::internal::Isolate * isolate, v8::internal::Handle<v8::internal::SharedFunctionInfo> shared) Zeile 236   C++
    libcef.dll!v8::internal::JSFunction::EnsureClosureFeedbackCellArray(v8::internal::Handle<v8::internal::JSFunction> function, bool reset_budget_for_feedback_allocation) Zeile 288   C++
    libcef.dll!v8::internal::Compiler::Compile(v8::internal::Isolate * isolate, v8::internal::Handle<v8::internal::JSFunction> function, v8::internal::Compiler::ClearExceptionFlag flag, v8::internal::IsCompiledScope * is_compiled_scope) Zeile 1929   C++
    [Inlineframe] libcef.dll!v8::internal::__RT_impl_Runtime_CompileLazy(v8::internal::Arguments<v8::internal::ArgumentsType::kRuntime> args, v8::internal::Isolate * isolate) Zeile 73   C++
    libcef.dll!v8::internal::Runtime_CompileLazy(int args_length, unsigned __int64 * args_object, v8::internal::Isolate * isolate) Zeile 53   C++
    [Inlineframe] libcef.dll!v8::internal::GeneratedCode<unsigned long long,unsigned long long,v8::internal::MicrotaskQueue *>::Call(unsigned __int64 args, v8::internal::MicrotaskQueue * args) Zeile 150   C++
    libcef.dll!v8::internal::`anonymous namespace'::Invoke(v8::internal::Isolate * isolate, const v8::internal::`anonymous namespace'::InvokeParams & params) Zeile 391   C++
    libcef.dll!v8::internal::`anonymous namespace'::InvokeWithTryCatch(v8::internal::Isolate * isolate, const v8::internal::`anonymous namespace'::InvokeParams & params) Zeile 436   C++
    libcef.dll!v8::internal::Execution::TryRunMicrotasks(v8::internal::Isolate * isolate, v8::internal::MicrotaskQueue * microtask_queue, v8::internal::MaybeHandle<v8::internal::Object> * exception_out) Zeile 513   C++
    libcef.dll!v8::internal::MicrotaskQueue::RunMicrotasks(v8::internal::Isolate * isolate) Zeile 173   C++
    libcef.dll!v8::internal::MicrotaskQueue::PerformCheckpointInternal(v8::Isolate * v8_isolate) Zeile 127   C++
    [Inlineframe] libcef.dll!std::__1::default_delete<v8::MicrotasksScope>::operator()(v8::MicrotasksScope * __ptr) Zeile 54   C++
    [Inlineframe] libcef.dll!std::__1::unique_ptr<v8::MicrotasksScope,std::__1::default_delete<v8::MicrotasksScope>>::reset(v8::MicrotasksScope * __p) Zeile 315   C++
    libcef.dll!CefV8ContextImpl::Exit() Zeile 1044   C++
    libcef.dll!`anonymous namespace'::v8context_exit(_cef_v8context_t * self) Zeile 154   C++
    [Übergang von Verwaltet zu Nativ]   
>   Xilium.CefGlue.dll!Xilium.CefGlue.Interop.cef_v8context_t.exit(Xilium.CefGlue.Interop.cef_v8context_t* self) Zeile 300   C#
    Xilium.CefGlue.dll!Xilium.CefGlue.CefV8Context.Exit() Zeile 119   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Requests.SimpleRendererRequestHandler.HandleResponse(XXXXXXXXXXXXXXXX.Types.VariantDictionary responseData, XXXXXXXXXXXXXXXX.Requests.RequestContext requestContext, out bool keepContext) Zeile 95   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Requests.RendererRequestHandler.HandleMessage(XXXXXXXXXXXXXXXX.Types.VariantDictionary message, XXXXXXXXXXXXXXXX.Requests.RequestMapping requestMapping, Xilium.CefGlue.CefV8Context context) Zeile 93   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.V8ContextTask.Execute() Zeile 45   C#
    [Übergang von Nativ zu Verwaltet]   
    [Inlineframe] libcef.dll!base::OnceCallback<void ()>::Run() Zeile 98   C++
    libcef.dll!base::TaskAnnotator::RunTask(const char * trace_event_name, base::PendingTask * pending_task) Zeile 178   C++
    libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::sequence_manager::LazyNow * continuation_lazy_now) Zeile 361   C++
    libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() Zeile 266   C++
    libcef.dll!base::MessagePumpDefault::Run(base::MessagePump::Delegate * delegate) Zeile 41   C++
    libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) Zeile 470   C++
    libcef.dll!base::RunLoop::Run(const base::Location & location) Zeile 136   C++
    libcef.dll!content::RendererMain(const content::MainFunctionParams & parameters) Zeile 266   C++
    libcef.dll!content::ContentMainRunnerImpl::Run(bool start_minimal_browser) Zeile 975   C++
    libcef.dll!content::ContentMainRun(content::ContentMainParams & params, content::ContentMainRunner * content_main_runner) Zeile 385   C++
    libcef.dll!content::RunContentProcess(content::ContentMainParams & params, content::ContentMainRunner * content_main_runner) Zeile 430   C++
    libcef.dll!content::ContentMain(content::ContentMainParams & params) Zeile 446   C++
    libcef.dll!CefMainRunner::RunAsHelperProcess(const CefMainArgs & args, scoped_refptr<CefApp> application, void * windows_sandbox_info) Zeile 353   C++
    libcef.dll!CefExecuteProcess(const CefMainArgs & args, scoped_refptr<CefApp> application, void * windows_sandbox_info) Zeile 186   C++
    libcef.dll!cef_execute_process(const _cef_main_args_t * args, _cef_app_t * application, void * windows_sandbox_info) Zeile 79   C++
    [Übergang von Verwaltet zu Nativ]   
    Xilium.CefGlue.dll!Xilium.CefGlue.CefRuntime.ExecuteProcess(Xilium.CefGlue.CefMainArgs args, Xilium.CefGlue.CefApp application, System.IntPtr windowsSandboxInfo) Zeile 181   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Program.AppStartup(Castle.Windsor.IWindsorContainer container) Zeile 295   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Program.StartupHandling(Castle.Windsor.IWindsorContainer container, System.Action<Castle.Windsor.IWindsorContainer> mainProgram) Zeile 274   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Program.Main.AnonymousMethod__0() Zeile 64   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Program.Init(System.Action startupCode) Zeile 98   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Program.Main(string[] args) Zeile 57   C#
    [Übergang von Nativ zu Verwaltet]   
    mscoreei.dll!00007ffe731e8c01()   Unbekannt
    mscoree.dll!00007ffe7331ac42()   Unbekannt
    kernel32.dll!00007ffe87927034()   Unbekannt
    ntdll.dll!00007ffe89262651()   Unbekannt


Code: Select all
    libcef.dll!v8::base::OS::Abort() Zeile 959   C++
    libcef.dll!V8_Fatal(const char * format, ...) Zeile 167   C++
    [Inlineframe] libcef.dll!v8::internal::FactoryBase<v8::internal::Factory>::AllocateRawFixedArray(int length, v8::internal::AllocationType allocation) Zeile 822   C++
    libcef.dll!v8::internal::FactoryBase<v8::internal::Factory>::NewFixedArrayWithFiller(v8::internal::Handle<v8::internal::Map> map, int length, v8::internal::Handle<v8::internal::Oddball> filler, v8::internal::AllocationType allocation) Zeile 118   C++
    libcef.dll!v8::internal::FactoryBase<v8::internal::Factory>::NewFixedArrayWithMap(v8::internal::Handle<v8::internal::Map> map, int length, v8::internal::AllocationType allocation) Zeile 91   C++
    libcef.dll!v8::internal::Factory::NewClosureFeedbackCellArray(int length) Zeile 530   C++
    libcef.dll!v8::internal::ClosureFeedbackCellArray::New(v8::internal::Isolate * isolate, v8::internal::Handle<v8::internal::SharedFunctionInfo> shared) Zeile 236   C++
    libcef.dll!v8::internal::JSFunction::EnsureClosureFeedbackCellArray(v8::internal::Handle<v8::internal::JSFunction> function, bool reset_budget_for_feedback_allocation) Zeile 288   C++
    libcef.dll!v8::internal::Compiler::Compile(v8::internal::Isolate * isolate, v8::internal::Handle<v8::internal::JSFunction> function, v8::internal::Compiler::ClearExceptionFlag flag, v8::internal::IsCompiledScope * is_compiled_scope) Zeile 1929   C++
    [Inlineframe] libcef.dll!v8::internal::__RT_impl_Runtime_CompileLazy(v8::internal::Arguments<v8::internal::ArgumentsType::kRuntime> args, v8::internal::Isolate * isolate) Zeile 73   C++
    libcef.dll!v8::internal::Runtime_CompileLazy(int args_length, unsigned __int64 * args_object, v8::internal::Isolate * isolate) Zeile 53   C++
    [Inlineframe] libcef.dll!v8::internal::GeneratedCode<unsigned long long,unsigned long long,unsigned long long,unsigned long long,unsigned long long,long long,unsigned long long **>::Call(unsigned __int64 args, unsigned __int64 args, unsigned __int64 args, unsigned __int64 args, __int64 args, unsigned __int64 * * args) Zeile 150   C++
    libcef.dll!v8::internal::`anonymous namespace'::Invoke(v8::internal::Isolate * isolate, const v8::internal::`anonymous namespace'::InvokeParams & params) Zeile 376   C++
    libcef.dll!v8::internal::Execution::Call(v8::internal::Isolate * isolate, v8::internal::Handle<v8::internal::Object> callable, v8::internal::Handle<v8::internal::Object> receiver, int argc, v8::internal::Handle<v8::internal::Object> * argv) Zeile 470   C++
>   libcef.dll!v8::Function::Call(v8::Local<v8::Context> context, v8::Local<v8::Value> recv, int argc, v8::Local<v8::Value> * argv) Zeile 5091   C++
    libcef.dll!blink::V8ScriptRunner::CallFunction(v8::Local<v8::Function> function, blink::ExecutionContext * context, v8::Local<v8::Value> receiver, int argc, v8::Local<v8::Value> * argv, v8::Isolate * isolate) Zeile 707   C++
    libcef.dll!blink::bindings::CallbackInvokeHelper<blink::CallbackInterfaceBase,blink::bindings::CallbackInvokeHelperMode::kDefault>::Call(int argc, v8::Local<v8::Value> * argv) Zeile 132   C++
    libcef.dll!blink::V8EventListener::InvokeWithoutRunnabilityCheck(blink::bindings::V8ValueOrScriptWrappableAdapter arg0_receiver, blink::Event * arg1_event) Zeile 132   C++
    libcef.dll!blink::JSEventListener::InvokeInternal(blink::EventTarget &, blink::Event & event, v8::Local<v8::Value> js_event) Zeile 60   C++
    libcef.dll!blink::JSBasedEventListener::Invoke(blink::ExecutionContext * execution_context_of_event_target, blink::Event * event) Zeile 152   C++
    libcef.dll!blink::EventTarget::FireEventListeners(blink::Event & event, blink::EventTargetData * d, blink::HeapVector<blink::RegisteredEventListener,1> & entry) Zeile 901   C++
    libcef.dll!blink::EventTarget::FireEventListeners(blink::Event & event) Zeile 820   C++
    libcef.dll!blink::EventTarget::DispatchEventInternal(blink::Event & event) Zeile 718   C++
    [Inlineframe] libcef.dll!blink::XMLHttpRequest::DispatchProgressEvent(const WTF::AtomicString & type, __int64 received_length, __int64 expected_length) Zeile 1292   C++
    [Inlineframe] libcef.dll!blink::XMLHttpRequest::DispatchProgressEventFromSnapshot(const WTF::AtomicString & type) Zeile 1298   C++
    libcef.dll!blink::XMLHttpRequest::DispatchReadyStateChangeEvent() Zeile 594   C++
    [Inlineframe] libcef.dll!blink::XMLHttpRequest::ChangeState(blink::XMLHttpRequest::State new_state) Zeile 566   C++
    libcef.dll!blink::XMLHttpRequest::EndLoading() Zeile 1795   C++
    libcef.dll!blink::XMLHttpRequest::DidFinishLoadingInternal() Zeile 1742   C++
    libcef.dll!blink::XMLHttpRequest::DidFinishLoading(unsigned __int64 identifier) Zeile 1718   C++
    libcef.dll!blink::ThreadableLoader::NotifyFinished(blink::Resource * resource) Zeile 358   C++
    libcef.dll!blink::Resource::NotifyFinished() Zeile 238   C++
    libcef.dll!blink::ResourceFetcher::HandleLoaderFinish(blink::Resource * resource, base::TimeTicks response_end, blink::ResourceFetcher::LoaderFinishType type, unsigned int inflight_keepalive_bytes, bool should_report_corb_blocking) Zeile 1879   C++
    libcef.dll!blink::ResourceLoader::DidFinishLoading(base::TimeTicks response_end_time, __int64 encoded_data_length, __int64 encoded_body_length, __int64 decoded_body_length, bool should_report_corb_blocking) Zeile 1245   C++
    libcef.dll!blink::ResourceLoader::DidFinishLoadingBody() Zeile 618   C++
    [Inlineframe] libcef.dll!blink::ResponseBodyLoader::DidFinishLoadingBody() Zeile 432   C++
    libcef.dll!blink::ResponseBodyLoader::OnStateChange() Zeile 632   C++
    libcef.dll!blink::WebURLLoader::Context::OnCompletedRequest(const network::URLLoaderCompletionStatus & status) Zeile 706   C++
    libcef.dll!blink::WebResourceRequestSender::OnRequestComplete(const network::URLLoaderCompletionStatus & status) Zeile 609   C++
    libcef.dll!blink::ThrottlingURLLoader::OnComplete(const network::URLLoaderCompletionStatus & status) Zeile 895   C++
    libcef.dll!network::mojom::URLLoaderClientStubDispatch::Accept(network::mojom::URLLoaderClient * impl, mojo::Message * message) Zeile 1253   C++
    libcef.dll!mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message * message) Zeile 901   C++
    libcef.dll!mojo::MessageDispatcher::Accept(mojo::Message * message) Zeile 43   C++
    libcef.dll!mojo::InterfaceEndpointClient::HandleIncomingMessage(mojo::Message * message) Zeile 655   C++
    libcef.dll!mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper * message_wrapper, mojo::internal::MultiplexRouter::ClientCallBehavior client_call_behavior, base::SequencedTaskRunner * current_task_runner) Zeile 1098   C++
    libcef.dll!mojo::internal::MultiplexRouter::Accept(mojo::Message * message) Zeile 722   C++
    libcef.dll!mojo::MessageDispatcher::Accept(mojo::Message * message) Zeile 43   C++
    libcef.dll!mojo::Connector::DispatchMessageW(mojo::Message message) Zeile 545   C++
    libcef.dll!mojo::Connector::ReadAllAvailableMessages() Zeile 604   C++
    [Inlineframe] libcef.dll!base::RepeatingCallback<void (unsigned int, const mojo::HandleSignalsState &)>::Run(unsigned int args, const mojo::HandleSignalsState & args) Zeile 166   C++
    libcef.dll!mojo::SimpleWatcher::OnHandleReady(int watch_id, unsigned int result, const mojo::HandleSignalsState & state) Zeile 279   C++
    [Inlineframe] libcef.dll!base::OnceCallback<void ()>::Run() Zeile 98   C++
    libcef.dll!base::TaskAnnotator::RunTask(const char * trace_event_name, base::PendingTask * pending_task) Zeile 178   C++
    libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::sequence_manager::LazyNow * continuation_lazy_now) Zeile 361   C++
    libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() Zeile 266   C++
    libcef.dll!base::MessagePumpDefault::Run(base::MessagePump::Delegate * delegate) Zeile 41   C++
    libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) Zeile 470   C++
    libcef.dll!base::RunLoop::Run(const base::Location & location) Zeile 136   C++
    libcef.dll!content::RendererMain(const content::MainFunctionParams & parameters) Zeile 266   C++
    libcef.dll!content::ContentMainRunnerImpl::Run(bool start_minimal_browser) Zeile 975   C++
    libcef.dll!content::ContentMainRun(content::ContentMainParams & params, content::ContentMainRunner * content_main_runner) Zeile 385   C++
    libcef.dll!content::RunContentProcess(content::ContentMainParams & params, content::ContentMainRunner * content_main_runner) Zeile 430   C++
    libcef.dll!content::ContentMain(content::ContentMainParams & params) Zeile 446   C++
    libcef.dll!CefMainRunner::RunAsHelperProcess(const CefMainArgs & args, scoped_refptr<CefApp> application, void * windows_sandbox_info) Zeile 353   C++
    libcef.dll!CefExecuteProcess(const CefMainArgs & args, scoped_refptr<CefApp> application, void * windows_sandbox_info) Zeile 186   C++
    libcef.dll!cef_execute_process(const _cef_main_args_t * args, _cef_app_t * application, void * windows_sandbox_info) Zeile 79   C++
    [Übergang von Verwaltet zu Nativ]   
    Xilium.CefGlue.dll!Xilium.CefGlue.CefRuntime.ExecuteProcess(Xilium.CefGlue.CefMainArgs args, Xilium.CefGlue.CefApp application, System.IntPtr windowsSandboxInfo) Zeile 181   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Program.AppStartup(Castle.Windsor.IWindsorContainer container) Zeile 295   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Program.StartupHandling(Castle.Windsor.IWindsorContainer container, System.Action<Castle.Windsor.IWindsorContainer> mainProgram) Zeile 274   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Program.Main.AnonymousMethod__0() Zeile 64   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Program.Init(System.Action startupCode) Zeile 98   C#
    XXXXXXXXXXXXXXXX.exe!XXXXXXXXXXXXXXXX.Program.Main(string[] args) Zeile 57   C#
    [Übergang von Nativ zu Verwaltet]   
    mscoreei.dll!00007ffe731e8c01()   Unbekannt
    mscoree.dll!00007ffe7331ac42()   Unbekannt
    kernel32.dll!00007ffe87927034()   Unbekannt
    ntdll.dll!00007ffe89262651()   Unbekannt
akolbow
Newbie
 
Posts: 1
Joined: Wed Oct 20, 2021 8:20 am

Return to Support Forum

Who is online

Users browsing this forum: No registered users and 23 guests