CEF crashing in Win10

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Re: CEF crashing in Win10

Postby AmpelioAttanasi » Mon Jun 27, 2022 11:09 am

Hi guys,

sorry for the gravedigging this thread but, now and then, one of our client still get this crash in production, more or less under the same circumstances (unfortunately we do NOT replicate the problem).
To summarize:

- a browser is created through CefSharp to let a user login through SAML
- the browser is opened and the login procedure completes successfully
- we close the browser

when closing the browser it crashes.

Version: 97.1.6+g8961cdb+chromium-97.0.4692.99

Code: Select all

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.
SYMBOL_NAME:  libcef!logging::LogMessage::~LogMessage+4f8
MODULE_NAME: libcef
IMAGE_NAME:  libcef.dll
FAILURE_BUCKET_ID:  BREAKPOINT_80000003_libcef.dll!logging::LogMessage::_LogMessage
FAILURE_ID_HASH:  {90ef5f6c-d83e-15f5-40d1-19e9f0772dcd}

0:013> k
  *** Stack trace for last set context - .thread/.cxr resets it
 # Child-SP          RetAddr               Call Site
00 00000037`04ffdbc0 00007ffa`f8d79bbb     libcef!logging::LogMessage::~LogMessage+0x4f8 [Y:\work\CEF3_git\chromium\src\base\logging.cc @ 883]
01 00000037`04ffe090 00007ffa`f8d79a86     libcef!gfx::`anonymous namespace'::CrashOther+0x5f [Y:\work\CEF3_git\chromium\src\ui\gfx\win\hwnd_util.cc @ 64]
02 00000037`04ffe210 00007ffa`f99ce480     libcef!gfx::CheckWindowCreated+0x45 [Y:\work\CEF3_git\chromium\src\ui\gfx\win\hwnd_util.cc @ 198]
03 00000037`04ffe390 00007ffa`fb780d52     libcef!gfx::WindowImpl::Init+0x186 [Y:\work\CEF3_git\chromium\src\ui\gfx\win\window_impl.cc @ 252]
04 00000037`04ffe4c0 00007ffa`fa91ee03     libcef!views::HWNDMessageHandler::Init+0x98 [Y:\work\CEF3_git\chromium\src\ui\views\win\hwnd_message_handler.cc @ 445]
05 00000037`04ffe570 00007ffa`fb78bd82     libcef!views::DesktopWindowTreeHostWin::Init+0x143 [Y:\work\CEF3_git\chromium\src\ui\views\widget\desktop_aura\desktop_window_tree_host_win.cc @ 199]
06 00000037`04ffe5d0 00007ffa`f93503df     libcef!views::DesktopNativeWidgetAura::InitNativeWidget+0x112 [Y:\work\CEF3_git\chromium\src\ui\views\widget\desktop_aura\desktop_native_widget_aura.cc @ 535]
07 00000037`04ffe890 00007ffa`fbeb3a17     libcef!views::Widget::Init+0x369 [Y:\work\CEF3_git\chromium\src\ui\views\widget\widget.cc @ 412]
08 00000037`04ffeab0 00007ffa`fb1748e5     libcef!CefWindowDelegateView::Init+0x111 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\native\window_delegate_view.cc @ 67]
09 00000037`04ffeda0 00007ffa`f94a8983     libcef!CefBrowserPlatformDelegateNativeWin::CreateHostWindow+0x345 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\native\browser_platform_delegate_native_win.cc @ 230]
0a 00000037`04ffeee0 00007ffa`f94a8409     libcef!AlloyBrowserHostImpl::CreateHostWindow+0x31 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\alloy\alloy_browser_host_impl.cc @ 1611]
0b 00000037`04ffef20 00007ffa`f94a7fe4     libcef!AlloyBrowserHostImpl::CreateInternal+0x225 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\alloy\alloy_browser_host_impl.cc @ 238]
0c 00000037`04ffefe0 00007ffa`f88a795a     libcef!AlloyBrowserHostImpl::Create+0x2bc [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\alloy\alloy_browser_host_impl.cc @ 175]
0d 00000037`04fff4f0 00007ffa`f88a7755     libcef!CefBrowserHostBase::Create+0x54 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\browser_host_create.cc @ 159]
0e 00000037`04fff550 00007ffa`f88a7b44     libcef!CefBrowserHost::CreateBrowserSync+0x3ab [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\browser_host_create.cc @ 148]
0f 00000037`04fff780 00007ffa`f896aee7     libcef!`anonymous namespace'::CreateBrowserHelper::Run+0xc4 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\browser_host_create.cc @ 31]
10 (Inline Function) --------`--------     libcef!base::OnceCallback<void ()>::Run+0x19 [Y:\work\CEF3_git\chromium\src\base\callback.h @ 142]
11 00000037`04fff800 00007ffa`f95101c3     libcef!base::TaskAnnotator::RunTaskImpl+0x147 [Y:\work\CEF3_git\chromium\src\base\task\common\task_annotator.cc @ 157]
12 (Inline Function) --------`--------     libcef!base::TaskAnnotator::RunTask+0x1a [Y:\work\CEF3_git\chromium\src\base\task\common\task_annotator.h @ 73]
13 00000037`04fff8b0 00007ffa`f950ff07     libcef!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl+0x193 [Y:\work\CEF3_git\chromium\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc @ 356]
14 00000037`04fffa40 00007ffa`f899bbf6     libcef!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork+0x87 [Y:\work\CEF3_git\chromium\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc @ 267]
15 00000037`04fffad0 00007ffa`f899b3e4     libcef!base::MessagePumpForUI::DoRunLoop+0x96 [Y:\work\CEF3_git\chromium\src\base\message_loop\message_pump_win.cc @ 222]
16 00000037`04fffb80 00007ffa`f951099e     libcef!base::MessagePumpWin::Run+0x54 [Y:\work\CEF3_git\chromium\src\base\message_loop\message_pump_win.cc @ 80]
17 00000037`04fffbd0 00007ffa`f894deab     libcef!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run+0xee [Y:\work\CEF3_git\chromium\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc @ 471]
18 00000037`04fffc40 00007ffa`f94a52ca     libcef!base::RunLoop::Run+0x20b [Y:\work\CEF3_git\chromium\src\base\run_loop.cc @ 142]
19 00000037`04fffd20 00007ffa`f94a6220     libcef!CefMainRunner::RunMessageLoop+0xa4 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\main_runner.cc @ 288]
1a 00000037`04fffdd0 00007ffa`f89a4d64     libcef!CefUIThread::ThreadMain+0x90 [Y:\work\CEF3_git\chromium\src\cef\libcef\browser\main_runner.cc @ 184]
1b 00000037`04fffe30 00007ffb`d5147c24     libcef!base::`anonymous namespace'::ThreadFunc+0x104 [Y:\work\CEF3_git\chromium\src\base\threading\platform_thread_win.cc @ 113]
1c 00000037`04fffeb0 00007ffb`d5f2d721     kernel32!BaseThreadInitThunk+0x14
1d 00000037`04fffee0 00000000`00000000     ntdll!RtlUserThreadStart+0x21


Error:

Code: Select all
0:013> .frame 0n2;dv /t /v
02 00000037`04ffe210 00007ffa`f99ce480     libcef!gfx::CheckWindowCreated+0x45 [Y:\work\CEF3_git\chromium\src\ui\gfx\win\hwnd_util.cc @ 198]
<unavailable>     struct HWND__ * hwnd = <value unavailable>
@esi              unsigned long last_error = 0x57


Since in the past was done the hypothesis of "browser closed near to its creation", this is the timing of the operation:

Code: Select all
08:48:49.590000|00076-{CreateNewBrowser} Factory {Chromium}
...
08:48:49.683999|00077-{SendBrowserReady} Handle {6952752}
...
08:48:49.782002|00581-GoToPageRequest {https://......
...
08:48:55.482792|00046-{HandleTokenAvailable} ...
...
08:48:55.484786|00112-{SamlLoginComplete}
...
08:48:55.546787|00119-{HandleRemoveBrowserRequest}
...
08:48:55.842787|00059-{Browser Shutdown} Thread {6952752}
...
08:48:59.979780|00083-{Global Exception Handler}  <== Crash detected by application - WER will produce the dump


Anything we can do to solve/avoid this?
Thanks in advance.
AmpelioAttanasi
Techie
 
Posts: 11
Joined: Tue Aug 03, 2021 3:42 am

Re: CEF crashing in Win10

Postby ndesktop » Mon Jun 27, 2022 5:14 pm

Me for one I still do not get how the callstack shows like the browser is in the create/initialize stage, but yet the login was completed and it is closing.
Maybe it is something blocking? A close invoked directly instead of a posted task?

Recheck also the closing flow in cefclient or in one of C# samples.
How are you closing the browser? I mean, what triggers it?
ndesktop
Master
 
Posts: 748
Joined: Thu Dec 03, 2015 10:10 am

Re: CEF crashing in Win10

Postby AmpelioAttanasi » Tue Jun 28, 2022 3:00 am

Considering what we can see from our application logs I admit the stack shown in the dump is weird for me too :-/
In our solution there's a single application that provides browsers instances to all the other applications of the solution: it exposes a public API to create, control and dispose browsers through an IPC messaging system (running through sockets).

The "main application" starts the "browser service" and sends a CreateBrowser message to it; the browser instance is thus created and its handle is sent to the requesting application for reparent.
In this case the browser is used to perform a SAML login: when the login completes the token is acquired and is sent back to the main application that can use it for its purpose.
When the "main application" receives the SAML token sends a BrowserClose message to the "browser service" which perform the tear down of the browser instance.

All the messages (and thus, all the operations) are synchronized on the "browser service" process with the browser thread. Note that the same mechanism is used to create browsers at runtime, so the same pattern (creation/update/close) is used to serve browsers in the "main application" and this problem doesn't occur.

The Shutdown procedure, if we don't consider the local variables cleanup, is more or less something like this:

Code: Select all
private async void Shutdown()
{
    lock (Instances)
    {
        Instances.Remove(BrowserID);
    }

    if (_panel != null && _panel.InvokeRequired)
    {
        _panel.BeginInvoke(new Action(Shutdown));
        return;
    }

    if (_shutDown) return;
    _shutDown = true;

    _logger.Key("Browser Shutdown").T("Handle", Handle).Flush();

    await NotifyIpcClose(true);
    UnregisterBrowserEvents(); // this will unregister from all the browser events

    _panel?.Controls.Clear();
    Browser?.Dispose();

    ExitThread();  // the browser is hosted in an ApplicationContext-derived class
}


where _panel hosts the browser control and Browser is a ChromiumWebBrowse instance.
AmpelioAttanasi
Techie
 
Posts: 11
Joined: Tue Aug 03, 2021 3:42 am

Previous

Return to Support Forum

Who is online

Users browsing this forum: No registered users and 24 guests