[Bug]: webview crashes

[dtychshenko]

Preflight Checklist

• I have read the Contributing Guidelines for this project.
• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for a bug report that matches the one I want to file, without success.

Electron Version

22.3.8

What operating system are you using?

Windows

Operating System Version

Windows 10.0.19044

What arch are you using?

x64

Last Known Working Electron version

16.1.0

Expected Behavior

An active webview should not crash when another webview is destroyed.

Actual Behavior

With a large number of active webviews (~80 webviews), when one webview is closed/destroyed, another active webview is crashing unexpectedly.

Testcase Gist URL

https://gist.github.com/dtychshenko/d2b07e47988504a7b81865faaa09863c

Additional Information

We have an application that is visually similar to a Chrome browser. We have a renderer window that hosts and controls multiple tabs and each tab is a webview element that loads a web app. When we have about 10 windows open with 1-10 tabs within each window (a total of about 80 webviews across the multiple windows), everything starts up and run fine; however, as soon as one tab (webview) or window is closed, it causes a random tab in another random window to crash.

The crash always happens with exit code 134 or -1073741819 at about 50/50 split rate.
The crash seems to be happening within v8 according to the crash dump with the following error:

Unhandled exception at 0x00007FF616074E45 (electron.exe) in 6c86d02f-8f69-4414-87c6-6c93c8bf35e7.dmp: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF.

Here is the stack trace:

electron.exe!v8::Object::SetPrivate(v8::Localv8::Context context, v8::Localv8::Private key, v8::Localv8::Value value) Line 4589
at C:\projects\src\v8\src\api\api.cc(4589)
electron.exe!node::util::SetHiddenValue(const v8::FunctionCallbackInfov8::Value & args) Line 195
at C:\projects\src\third_party\electron_node\src\node_util.cc(195)
electron.exe!v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo handler) Line 147
at C:\projects\src\v8\src\api\api-arguments-inl.h(147)
electron.exe!v8::internal::`anonymous namespace'::HandleApiCallHelper<0>(v8::internal::Isolate * isolate, v8::internal::Handlev8::internal::HeapObject new_target, v8::internal::Handlev8::internal::FunctionTemplateInfo fun_data, v8::internal::Handlev8::internal::Object receiver, unsigned __int64 * argv, int argc) Line 114
at C:\projects\src\v8\src\builtins\builtins-api.cc(114)
[Inline Frame] electron.exe!v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments args, v8::internal::Isolate * isolate) Line 143
at C:\projects\src\v8\src\builtins\builtins-api.cc(143)
electron.exe!v8::internal::Builtin_HandleApiCall(int args_length, unsigned __int64 * args_object, v8::internal::Isolate * isolate) Line 130
at C:\projects\src\v8\src\builtins\builtins-api.cc(130)
[External Code]
electron.exe!v8::internal::Builtin_TypedArrayPrototypeBuffer(int args_length, unsigned __int64 * args_object, v8::internal::Isolate * isolate) Line 20
at C:\projects\src\v8\src\builtins\builtins-typed-array.cc(20)
[External Code]
electron.exe!v8::internal::Builtin_TypedArrayPrototypeBuffer(int args_length, unsigned __int64 * args_object, v8::internal::Isolate * isolate) Line 20
at C:\projects\src\v8\src\builtins\builtins-typed-array.cc(20)
[External Code]

This issue was not happening with Electron version 14.2.9; however, due to a race condition issue in this version (fixed in #32734) we had to upgrade to Electron 16.2.6 and started seeing the webview crashes.

We then tried to upgrade to 22.3.8 and the crashes are still happening. Here is a crash dump using version 22.3.8: 6c86d02f-8f69-4414-87c6-6c93c8bf35e7.zip

Would appreciate any help or pointers for what could possibly be prompting these crashes or where to look. Thanks!

[dtychshenko]

Attached a Gist to reproduce. And also a gif:

[VerteDinde]

Thanks for the detailed bug report, all of the information and the repro is very appreciated! We'll bring this in front of our Releases WG and have someone take a look for you.

[dtychshenko]

I went back a few versions of Electron trying to understand where these crashes were introduced, and the last working version seems to be 16.1.0 So it looks like this issue was introduced in 16.1.1 Unfortunately, we need a minimum version 16.2.6 to get this fix so we can't go back to 16.1.0

Looking at the changes made in 16.1.1, I think the most likely culprit is this change: #33207 as this issue doesn't happen in < 16, so we can eliminate anything that was backported and given the behaviour it seems like it could be related to process reuse.

Since the option to disable process reuse was removed in version 14, I'm having a hard time trying to find a way to work around it. Any tips would be appreciated.

@deepak1556, would you have any feedback on this?

[github-actions]

This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the latest version of Electron or in the beta—please include it with your comment!

[dtychshenko]

Bump! Still need help on this

[electron-issue-triage]

This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the latest version of Electron or in the beta—please include it with your comment!

[electron-issue-triage]

This issue has been closed due to inactivity, and will not be monitored. If this is a bug and you can reproduce this issue on a supported version of Electron please open a new issue and include instructions for reproducing the issue.