-
Notifications
You must be signed in to change notification settings - Fork 15k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: crash of a window, renderer process cause of memory cage and asar #36999
Comments
Hello @julianhille. Thanks for reporting this and helping to make Electron better! Would it be possible for you to make a standalone testcase with only the code necessary to reproduce the issue? For example, Electron Fiddle is a great tool for making small test cases and makes it easy to publish your test case to a gist that Electron maintainers can use. Stand-alone test cases make fixing issues go more smoothly: it ensure everyone's looking at the same issue, it removes all unnecessary variables from the equation, and it can also provide the basis for automated regression tests. Now adding the |
This comment was marked as abuse.
This comment was marked as abuse.
yes it seems asar related. @Abhijrathod what do you suggest using instead of asar? | You can also try to create a test case and file an issue on the electron repository so that the developers can investigate this issue. im actually trying to create a minimal version to trigger this, but im confused as i thought this is the electron repository? Edit: |
I can't seem to find the root cause. We're reusing the window, which crashes, and on Linux closing and reopening it, instead of reusing, fixes the hiding of the window, but windows still crashes the renderer process for that particular window. |
i was now able to fix it on windows and here it is the same, closing and reopening instead of reusing the window fixes the problem. i removed ALL calls to any native modules so this cant be any issue. What i basically do is:
sometimes this crashes with a minidump and sometimes it does not. (im unable to supply the minidump) |
Hey @julianhille, sorry you're experiencing this! I know you mentioned that you were unable to supply the minidump, but if you're able, seeing the full minidump would really help us figure out what's going on and why you might be hitting crashes here. If you are able to share one, you can collect one easily by adding the following snippet to your main process code, before app.whenReady:
Then reproduce the crash, zip up the crash dumps directory and attach it here. |
Here is a browser view crash fix: #37267 I'll try that and report back. |
i tried 22.3.0 but that did not help. the window is still crashing |
We're also seeing this, although only in CI machines. This seems to occur on Intel and M1 Macs as well as on Windows 64-bit, cannot reproduce with Windows 32-bit. Started seeing this in This seems to occur early in the process currently, but could be simply based on when the asar file is accessed. I happened to find a dump that gives a decent callstack from Windows x64 (unfortunately I can't share, but other thread stacks are nowhere near v8 at this point):
|
With a debug Electron build a
|
I believe this is a bug in v8, exposed recently in v22 since the v8 sandbox is enabled by default for x64/arm64 (https://chromium.googlesource.com/v8/v8.git/+/a8c27fcc9f9f15a0110a409190a2b514ec86e37f). This seems to be caused by an out-of-bounds embedder slot index, as pinpointed by the DCHECK failure above:
There's several frames here inlined, seemingly even in the debug build, so the full call stack is really:
Rough reproduce steps:
Analysis:
Note 1: The root cause is unclear to me how the embedder field count can be become different from the assumed fields for the type and instance. It's also unclear why the Electron asar path exhibits this issue, I'm not familiar enough with the v8 project to really dig in here. However, since they already have a field count check it seems like there were some expected cases where it might have mismatched. Note 2: As far as future v8 releases, they recently removed the local embedder code in favor of cppgc: https://chromium-review.googlesource.com/c/v8/v8/+/4174081 I've opened a v8 issue here to get their input: https://bugs.chromium.org/p/v8/issues/detail?id=13777 |
Last known good is 20.x for me. 22.1.0 is broken for me together with any 21.x version |
Same problem. Is there an workaround? |
Haven't found one besides not upgrading. |
I see that chromium bug is fixed. Is there any information about when this patch is delivered for Electron ? |
As I understood the bug was fixed in a file and then got moved and maybe reintroduced in cppgc |
It seems that crash reproduces only in packaged app with |
any news on this one? had anyone a chance to test this on a 23.x or newer? |
Has the issue been fixed? |
Not as far as I know |
Closed in https://bugs.chromium.org/p/v8/issues/detail?id=13777 - available in v25.0.0. |
Preflight Checklist
Electron Version
22.0.x
What operating system are you using?
Windows
Operating System Version
Windows 7, 10, 11
What arch are you using?
x64
Last Known Working Electron version
20.x
Expected Behavior
no crash
Actual Behavior
It actually crashes in:
cpp-marking-state-inl.h
with exception code: 0xc0000005
At first glace this seems to be coming from a native module which does not work with the new caging system, but i removed all native modules and it still crashed.
I figured that it does not happen when running locally through npm/yarn starts but after building to a package it does.
After looking a bit more careful at the stack trace i found that the calls originate from
If the origin is asar this would explain that it only crashes after build and not
on locally runs started with npm.
I debugged with 22.0.3 (but happens with any 22.0.x) which happens to be chrome: 108.0.5359.179 which has v8 version 10.8.168.25
Testcase Gist URL
No response
Additional Information
This crashes also on linux (kernel 6.1, x64 arch)
The text was updated successfully, but these errors were encountered: