V8 backingstore crash in nwjs 0.45

[mikekilburn]

Hi,

We have a problem with nwjs crashing but its very hard to reproduce and the app is very complex. Previously we were using nwjs 0.20 and recently upgraded to 0.45.

Here is a backtrace from Windows. The same crash with the same backtrace happens on Mac. I'd like some help understanding this backtrack.

To me it looks like a problem with V8 backingstore. XMLHttpRequest from Chromium is going through nodes V8 and I'm wondering if the is a problem with using a common V8 for both node and Chromium in nwjs.

Any insights would be greatly appreciated.

nw.dll!base::win::anonymous namespace'::ForceCrashOnSigAbort(int) Line 88 C++ nw.dll!raise(int signum) Line 547 C++ nw.dll!v8::base::OS::Abort() Line 931 C++ [External Code] nw.dll!v8::ArrayBuffer::GetBackingStore() Line 3872 C++ node.dll!node::Buffer::New(node::Environment * env, char * data, unsigned int length, void(*)(char *, void *) callback, void * hint) Line 429 C++ node.dll!node::Buffer::New(node::Environment * env, char * data, unsigned int length, bool uses_malloc) Line 470 C++ node.dll!node::Buffer::New(v8::Isolate * isolate, char * data, unsigned int length) Line 448 C++ node.dll!node::Buffer::New(v8::Isolate * isolate, v8::Local<v8::String> string, node::encoding enc) Line 303 C++ node.dll!node::Buffer::anonymous namespace'::CreateFromString(const v8::FunctionCallbackInfov8::Value & args) Line 506 C++
nw.dll!v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo handler) Line 158 C++
nw.dll!v8::internal::anonymous namespace'::HandleApiCallHelper<0>(v8::internal::Isolate * isolate, v8::internal::Handle<v8::internal::HeapObject> function, v8::internal::Handle<v8::internal::HeapObject> new_target, v8::internal::Handle<v8::internal::FunctionTemplateInfo> fun_data, v8::internal::Handle<v8::internal::Object> receiver, v8::internal::BuiltinArguments args) Line 113 C++ nw.dll!v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments args, v8::internal::Isolate * isolate) Line 141 C++ nw.dll!v8::internal::Builtin_HandleApiCall(int args_length, unsigned int * args_object, v8::internal::Isolate * isolate) Line 129 C++ [External Code] [Frames below may be incorrect and/or missing] nw.dll!v8::internal::anonymous namespace'::Invoke(v8::internal::Isolate * isolate, const v8::internal::`anonymous namespace'::InvokeParams & params) Line 372 C++
nw.dll!v8::internal::Execution::Call(v8::internal::Isolate * isolate, v8::internal::Handlev8::internal::Object callable, v8::internal::Handlev8::internal::Object receiver, int argc, v8::internal::Handlev8::internal::Object * argv) Line 466 C++
nw.dll!v8::Function::Call(v8::Localv8::Context context, v8::Localv8::Value recv, int argc, v8::Localv8::Value * argv) Line 5053 C++
nw.dll!blink::V8ScriptRunner::CallFunction(v8::Localv8::Function function, blink::ExecutionContext * context, v8::Localv8::Value receiver, int argc, v8::Localv8::Value * args, v8::Isolate * isolate) Line 473 C++
nw.dll!blink::V8EventHandlerNonNull::InvokeWithoutRunnabilityCheck(blink::bindings::V8ValueOrScriptWrappableAdapter callback_this_value, const blink::HeapVectorblink::ScriptValue,0 & args) Line 372 C++
nw.dll!blink::JSEventHandler::InvokeInternal(blink::EventTarget & event_target, blink::Event & event, v8::Localv8::Value js_event) Line 123 C++
nw.dll!blink::JSBasedEventListener::Invoke(blink::ExecutionContext * execution_context_of_event_target, blink::Event * event) Line 156 C++
nw.dll!blink::EventTarget::FireEventListeners(blink::Event & event, blink::EventTargetData * d, blink::HeapVectorblink::RegisteredEventListener,1 & entry) Line 919 C++
nw.dll!blink::EventTarget::FireEventListeners(blink::Event & event) Line 838 C++
nw.dll!blink::EventTarget::DispatchEventInternal(blink::Event & event) Line 736 C++
nw.dll!blink::XMLHttpRequestProgressEventThrottle::DispatchReadyStateChangeEvent(blink::Event * event, blink::XMLHttpRequestProgressEventThrottle::DeferredEventAction action) Line 138 C++
nw.dll!blink::XMLHttpRequest::DispatchReadyStateChangeEvent() Line 584 C++
nw.dll!blink::XMLHttpRequest::EndLoading() Line 1797 C++
nw.dll!blink::XMLHttpRequest::DidFinishLoadingInternal() Line 1744 C++
nw.dll!blink::XMLHttpRequest::DidFinishLoading(unsigned __int64 identifier) Line 1721 C++
nw.dll!blink::ThreadableLoader::NotifyFinished(blink::Resource * resource) Line 934 C++
nw.dll!blink::Resource::NotifyFinished() Line 240 C++
nw.dll!blink::Resource::Finish(base::TimeTicks load_response_end, base::SingleThreadTaskRunner * task_runner) Line 378 C++
nw.dll!blink::ResourceFetcher::HandleLoaderFinish(blink::Resource * resource, base::TimeTicks response_end, blink::ResourceFetcher::LoaderFinishType type, unsigned int inflight_keepalive_bytes, bool should_report_corb_blocking) Line 1804 C++
nw.dll!blink::ResourceLoader::DidFinishLoading(base::TimeTicks response_end, __int64 encoded_data_length, __int64 encoded_body_length, __int64 decoded_body_length, bool should_report_corb_blocking) Line 1180 C++
nw.dll!blink::ResourceLoader::DidFinishLoadingBody() Line 540 C++
nw.dll!blink::ResponseBodyLoader::OnStateChange() Line 472 C++
nw.dll!blink::ResourceLoader::DidFinishLoading(base::TimeTicks response_end, __int64 encoded_data_length, __int64 encoded_body_length, __int64 decoded_body_length, bool should_report_corb_blocking) Line 1158 C++
nw.dll!content::WebURLLoaderImpl::Context::OnCompletedRequest(const network::URLLoaderCompletionStatus & status) Line 918 C++
nw.dll!content::ResourceDispatcher::OnRequestComplete(int request_id, const network::URLLoaderCompletionStatus & status) Line 308 C++
nw.dll!content::URLLoaderClientImpl::OnComplete(const network::URLLoaderCompletionStatus & status) Line 331 C++
nw.dll!blink::ThrottlingURLLoader::OnComplete(const network::URLLoaderCompletionStatus & status) Line 716 C++
nw.dll!network::mojom::URLLoaderClientStubDispatch::Accept(network::mojom::URLLoaderClient * impl, mojo::Message * message) Line 1348 C++
nw.dll!network::mojom::URLLoaderClientStub<mojo::RawPtrImplRefTraitsnetwork::mojom::URLLoaderClient >::Accept(mojo::Message * message) Line 297 C++
nw.dll!mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message * message) Line 554 C++
nw.dll!mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper * message_wrapper, mojo::internal::MultiplexRouter::ClientCallBehavior client_call_behavior, base::SequencedTaskRunner * current_task_runner) Line 954 C++
nw.dll!mojo::internal::MultiplexRouter::Accept(mojo::Message * message) Line 624 C++
nw.dll!mojo::Connector::DispatchMessageW(mojo::Message message) Line 538 C++
nw.dll!mojo::Connector::ReadAllAvailableMessages() Line 627 C++
nw.dll!mojo::Connector::OnHandleReadyInternal(unsigned int result) Line 448 C++
nw.dll!base::internal::Invoker<base::internal::BindState<void (net::(anonymous namespace)::DnsUDPAttempt::)(int) attribute((thiscall)),base::internal::UnretainedWrapper<net::(anonymous namespace)::DnsUDPAttempt> >,void (int)>::RunOnce(base::internal::BindStateBase * base, int unbound_args) Line 645 C++
nw.dll!mojo::SimpleWatcher::DiscardReadyState(const base::RepeatingCallback<void (unsigned int)> & callback, unsigned int result, const mojo::HandleSignalsState & state) Line 194 C++
nw.dll!base::internal::Invoker<base::internal::BindState<void ()(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),base::RepeatingCallback<void (unsigned int)> >,void (unsigned int, const mojo::HandleSignalsState &)>::Run(base::internal::BindStateBase * base, unsigned int unbound_args, const mojo::HandleSignalsState & unbound_args) Line 654 C++
nw.dll!mojo::SimpleWatcher::OnHandleReady(int watch_id, unsigned int result, const mojo::HandleSignalsState & state) Line 292 C++
nw.dll!base::internal::Invoker<base::internal::BindState<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &) attribute((thiscall)),base::WeakPtrmojo::SimpleWatcher,int,unsigned int,mojo::HandleSignalsState>,void ()>::RunOnce(base::internal::BindStateBase * base) Line 645 C++
nw.dll!base::TaskAnnotator::RunTask(const char * trace_event_name, base::PendingTask * pending_task) Line 142 C++
nw.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::sequence_manager::LazyNow * continuation_lazy_now, bool * ran_task) Line 366 C++
nw.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() Line 270 C++
nw.dll!base::MessagePumpUV::Run(base::MessagePump::Delegate * delegate) Line 86 C++
nw.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) Line 463 C++
nw.dll!base::RunLoop::Run() Line 157 C++
nw.dll!content::RendererMain(const content::MainFunctionParams & parameters) Line 247 C++
nw.dll!content::RunOtherNamedProcessTypeMain(const std::1::basic_string<char,std::1::char_traits,std::1::allocator > & process_type, const content::MainFunctionParams & main_function_params, content::ContentMainDelegate * delegate) Line 556 C++
nw.dll!content::ContentMainRunnerImpl::Run(bool start_service_manager_only) Line 879 C++
nw.dll!content::ContentServiceManagerMainDelegate::RunEmbedderProcess() Line 52 C++
nw.dll!service_manager::Main(const service_manager::MainParams & params) Line 427 C++
nw.dll!content::ContentMain(const content::ContentMainParams & params) Line 19 C++
nw.dll!ChromeMain(HINSTANCE * instance, sandbox::SandboxInterfaceInfo * sandbox_info, int64 exe_entry_point_ticks) Line 113 C++
Mitel.exe!MainDllLoader::Launch(HINSTANCE * instance, base::TimeTicks) Line 223 C++
Mitel.exe!wWinMain(HINSTANCE * instance, HINSTANCE * prev, wchar_t *, int) Line 245 C++
[External Code]
KERNEL32.DLL!76c28674() Unknown
ntdll.dll!77a95ec7() Unknown
ntdll.dll!77a95e97() Unknown

@rogerwang

[mikekilburn]

Looking through the abort is likely the CHECK here:

void GlobalBackingStoreRegistry::Register(
std::shared_ptr backing_store) {
if (!backing_store || !backing_store->buffer_start()) return;

if (!backing_store->free_on_destruct()) {
// If the backing store buffer is managed by the embedder,
// then we don't have to guarantee that there is single unique
// BackingStore per buffer_start() because the destructor of
// of the BackingStore will be a no-op in that case.

// All WASM memory has to be registered.
CHECK(!backing_store->is_wasm_memory());
return;

}

[mikekilburn]

Looks like this is a node 14 bug that was fixed in 14.3. If that the case this can be closed. see nodejs/node#33321

[rogerwang]

Please try the latest version. Thanks.

[mkilburn60]

@rogerwang We cant try 0.46 yes due the Chromium 83 cross-origin changes we haven't worked around yet but I did backport the nodejs bug fix to 14.2 and 0.47 and the crash is gone.

[rogerwang]

@mkilburn60 you can file an issue about the the cross-origin changes. NW App shouldn't be restricted by it under the default security model.