Infrequent and unpredictable system crashes in EmbeddedBrowserWebView.dll !mojo::core::ipcz_driver::`anonymous namespace'::Close()

btlopener commented 11 months ago

What happened?

We are encountering random crashes with the following call stack

EmbeddedBrowserWebView.dll!mojo::core::ipcz_driver::anonymous namespace'::Close() EmbeddedBrowserWebView.dll!ipcz::DriverMemoryMapping::~DriverMemoryMapping(void) EmbeddedBrowserWebView.dll!absl::container_internal::raw_hash_set<absl::container_internal::FlatHashMapPolicy<ipcz::StrongAlias<ipcz::BufferIdTag,unsigned long long>,ipcz::DriverMemoryMapping>,absl::hash_internal::Hash<ipcz::StrongAlias<ipcz::BufferIdTag,unsigned long long> >,std::__Cr::equal_to<ipcz::StrongAlias<ipcz::BufferIdTag,unsigned long long> >,std::Cr::allocator<std::Cr::pair<const ipcz::StrongAlias<ipcz::BufferIdTag,unsigned long long>,ipcz::DriverMemoryMapping> > >::destroy_slots() EmbeddedBrowserWebView.dll!ipcz::BufferPool::~BufferPool(void) EmbeddedBrowserWebView.dll!ipcz::NodeLinkMemory::~NodeLinkMemory(void) EmbeddedBrowserWebView.dll!ipcz::RefCounted::ReleaseRef(void) EmbeddedBrowserWebView.dll!ipcz::NodeLink::~NodeLink() EmbeddedBrowserWebView.dll!ipcz::NodeLink::scalar deleting destructor'(unsigned int) EmbeddedBrowserWebView.dll!ipcz::anonymous namespace'::NotifyTransport() EmbeddedBrowserWebView.dll!mojo::core::ipcz_driver::Transport::OnChannelDestroyed(void) EmbeddedBrowserWebView.dll!mojo::core::Channel::~Channel(void) EmbeddedBrowserWebView.dll!??_GChannelWin@?A0x743F16E8@core@mojo@@EEAAPEAXI@Z.c906ffe60f7ae0780f7a7cc206ef4576�() EmbeddedBrowserWebView.dll!base::internal::BindState<void (mojo::core::(anonymous namespace)::ChannelWin::)(),scoped_refptr<mojo::core::(anonymous namespace)::ChannelWin> >::Destroy() EmbeddedBrowserWebView.dll!base::TaskAnnotator::RunTaskImpl(struct base::PendingTask &) EmbeddedBrowserWebView.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl() EmbeddedBrowserWebView.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork(void) EmbeddedBrowserWebView.dll!base::MessagePumpForIO::DoRunLoop(void) EmbeddedBrowserWebView.dll!base::MessagePumpWin::Run(class base::MessagePump::Delegate ) EmbeddedBrowserWebView.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool,class base::TimeDelta) EmbeddedBrowserWebView.dll!base::RunLoop::Run(class base::Location const &) EmbeddedBrowserWebView.dll!base::Thread::Run(class base::RunLoop *) EmbeddedBrowserWebView.dll!base::Thread::ThreadMain(void) EmbeddedBrowserWebView.dll!base::anonymous namespace'::ThreadFunc() kernel32.dll!BaseThreadInitThunk�() ntdll.dll!RtlUserThreadStart�()

I also have the following exception and crash also non reproducible 0xC0000005: Access violation executing location 0x0000000000000000. occurred

with a different call stack:

0000000000000000() Unknown Non - user code EmbeddedBrowserWebView.dll!? OnObjectSignaled@ListenerImpl@ ? A0xD3F84823@mojo@@UEAAXPEAX@Z.216dd7ef86f58123378da918da6660b6() EmbeddedBrowserWebView.dll!base::TaskAnnotator::RunTaskImpl(struct base::PendingTask&)
EmbeddedBrowserWebView.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl()
EmbeddedBrowserWebView.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork(void)
EmbeddedBrowserWebView.dll!base::MessagePumpForIO::DoRunLoop(void)
EmbeddedBrowserWebView.dll!base::MessagePumpWin::Run(class base::MessagePump::Delegate)
EmbeddedBrowserWebView.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, class base::TimeDelta)
EmbeddedBrowserWebView.dll!base::RunLoop::Run(class base::Location const&)
EmbeddedBrowserWebView.dll!base::Thread::Run(class base::RunLoop)
EmbeddedBrowserWebView.dll!base::Thread::ThreadMain(void)
EmbeddedBrowserWebView.dll!base::`anonymous namespace'::ThreadFunc() kernel32.dll!BaseThreadInitThunk() ntdll.dll!RtlUserThreadStart()

Importance

Moderate. My app's user experience is affected, but still usable.

Runtime Channel

Stable release (WebView2 Runtime)

Runtime Version

118.0.2088.57

SDK Version

1.0.2088.41

Framework

Win32

Operating System

Windows 10

OS Version

19044.2075

Repro steps

Up to this point, I've been unable to reproduce it, and it has started crashing recently (Only a few crashes observed out of thousands of tests). It seems unrelated to any changes in our codebase, we are currently using version 118.0.2088.57.

Regression

Don't know

Last working version (if regression)

No response

vbryh-msft commented 11 months ago

@btlopener this is on our radar - it crashes somewhere deep in IPC disconnection. From the logs it looks like the possible scenario for it to repro is to create wv2 and close owning window before CreateCoreWebView2Controller callback is invoked - but I'm still not able to repro it. Please let me know if you will have better luck with repro or the number of hits will increase substantially.

vbryh-msft commented 11 months ago

no hits in 119 - some upstream change have fixed it.

MicrosoftEdge / WebView2Feedback