Expolorer Patcher taskbar reimplementation makes Microsoft Edge crash #4192
Description
Before reporting your issue
- I have confirmed that this issue does not happen when ExplorerPatcher is not installed
- I do not have "register as shell extension" enabled
- I have tried my best to check existing issues
Repro ExplorerPatcher versions
expolrer patcher 22621.4317.67.1
Repro Windows Versions
Windows 11 26100.3194 x86-64
3rd party tweak software installed
OpenShell
Describe the bug
When i open microsoft edge with my tab hoard(see the screenshot) it crashes after some time.
It stopped crashing when i changed taskbar implementation to Windows 11.
Expected outcome
Microsoft edge does not crash with Windows 10 taskbar
Actual outcome
Microsoft edg crashes with Windows 10 taskbar reimplemerntation.
Additional info
I get this when i open edge crach dump in windbg:
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr
(f1d8.4f74): Access violation - code c0000005 (first/second chance not available)
For analysis of this file, run !analyze -v
ntdll!NtDelayExecution+0x14:
00007ffa`eb83fe54 c3 ret
0:000> .ecxr
rax=0000000000000000 rbx=0000000000000000 rcx=000066341ba94dc0
rdx=0000000000000000 rsi=000066341eb28bf0 rdi=0000663417f12900
rip=00007ffa69d05f33 rsp=0000000000bfe490 rbp=0000000000000000
r8=0000000000bfe468 r9=0000000000000000 r10=0000000000000000
r11=0000000000000246 r12=0000663417f12900 r13=0000000000bfe588
r14=000000000000c029 r15=000000000099164e
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
msedge!views::DesktopWindowTreeHostWin::HandleAppFullscreenStateChange+0x13:
00007ffa`69d05f33 488b8858010000 mov rcx,qword ptr [rax+158h] ds:00000000`00000158=????????????????
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
KEY_VALUES_STRING: 1
Key : AV.Dereference
Value: NullClassPtr
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 9156
Key : Analysis.Elapsed.mSec
Value: 10432
Key : Analysis.IO.Other.Mb
Value: 6
Key : Analysis.IO.Read.Mb
Value: 2
Key : Analysis.IO.Write.Mb
Value: 10
Key : Analysis.Init.CPU.mSec
Value: 3531
Key : Analysis.Init.Elapsed.mSec
Value: 58624
Key : Analysis.Memory.CommitPeak.Mb
Value: 1360
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Failure.Bucket
Value: NULL_CLASS_PTR_READ_c0000005_msedge.dll!views::DesktopWindowTreeHostWin::HandleAppFullscreenStateChange
Key : Failure.Hash
Value: {bc3859cf-9fc9-c13b-7372-fb656410ad94}
Key : Timeline.OS.Boot.DeltaSec
Value: 984821
Key : Timeline.Process.Start.DeltaSec
Value: 1562
Key : WER.OS.Branch
Value: ge_release
Key : WER.OS.Version
Value: 10.0.26100.1
Key : WER.Process.Version
Value: 133.0.3065.82
FILE_IN_CAB: ca569882-8a97-4065-a2ea-07a70128bb48.dmp
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
CONTEXT: (.ecxr)
rax=0000000000000000 rbx=0000000000000000 rcx=000066341ba94dc0
rdx=0000000000000000 rsi=000066341eb28bf0 rdi=0000663417f12900
rip=00007ffa69d05f33 rsp=0000000000bfe490 rbp=0000000000000000
r8=0000000000bfe468 r9=0000000000000000 r10=0000000000000000
r11=0000000000000246 r12=0000663417f12900 r13=0000000000bfe588
r14=000000000000c029 r15=000000000099164e
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
msedge!views::DesktopWindowTreeHostWin::HandleAppFullscreenStateChange+0x13:
00007ffa`69d05f33 488b8858010000 mov rcx,qword ptr [rax+158h] ds:00000000`00000158=????????????????
Resetting default scope
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ffa69d05f33 (msedge!views::DesktopWindowTreeHostWin::HandleAppFullscreenStateChange+0x0000000000000013)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000158
Attempt to read from address 0000000000000158
PROCESS_NAME: msedge.exe
READ_ADDRESS: 0000000000000158
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000158
STACK_TEXT:
00000000`00bfe490 00007ffa`6466fc2e : 00007ffa`715feec0 00007ffa`718b0110 00000000`00000001 00000000`00000000 : msedge!views::DesktopWindowTreeHostWin::HandleAppFullscreenStateChange+0x13
00000000`00bfe4c0 00007ffa`6466ede1 : 00000000`00bfe610 00007ffa`654255af 00000000`002608f2 00007ffa`eacb5f05 : msedge!views::HWNDMessageHandler::_ProcessWindowMessage+0xc80
00000000`00bfe540 00007ffa`6414e46d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msedge!views::HWNDMessageHandler::OnWndProc+0xe1
00000000`00bfe5f0 00007ffa`6414e3df : 00000000`00000001 00000000`80000022 00000000`00000001 00000000`0000c029 : msedge!gfx::WindowImpl::WndProc+0x83
00000000`00bfe650 00007ffa`eacb52a1 : 00000000`00000000 00000000`0000c029 aaaaaaaa`aaaa0000 00000000`00000000 : msedge!base::win::WrappedWindowProc<&gfx::WindowImpl::WndProc>+0xf
00000000`00bfe680 00007ffa`eacb2e0d : 00000000`00bfea10 00007ffa`6414e3d0 00000000`002608f2 00000000`00000000 : user32!UserCallWinProcCheckWow+0x341
00000000`00bfe7e0 00007ffa`640abd90 : 00000000`00bfea10 00000000`00000001 00006630`00019770 aaaaaaaa`aaaaaaaa : user32!DispatchMessageWorker+0x1dd
00000000`00bfe860 00007ffa`64f3def9 : 00000000`00000001 00006630`00019770 00006630`000b0900 00000000`0000002f : msedge!base::MessagePumpForUI::ProcessMessageHelper+0x220
00000000`00bfe950 00007ffa`65164003 : 00006630`00019890 00007ffa`62038f8f 00000000`00bfeba0 00007ffa`6334c42a : msedge!base::MessagePumpForUI::DoRunLoop+0xa19
00000000`00bfeaf0 00007ffa`6334c217 : 00000000`00bfede8 00007ffa`61cfa85b 00000000`00bfeca8 00007ffa`61a3a83e : msedge!base::MessagePumpWin::Run+0x93
00000000`00bfeb70 00007ffa`6356a1a4 : 00000000`ffffffff 00000000`00bfec90 00006630`00019778 00007ffa`6356a0b8 : msedge!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run+0xe7
00000000`00bfec00 00007ffa`6429a1e6 : aaaaaaaa`aaaaaa00 aaaaaaaa`aaaaaa00 aaaaaaaa`aaaaaa00 00000000`00000000 : msedge!base::RunLoop::Run+0xa4
00000000`00bfec60 00007ffa`615f0ecd : 0000d9c0`88192ad7 00000000`00bfeda8 00000000`00000000 00007ffa`615d6f5b : msedge!content::BrowserMainLoop::RunMainMessageLoop+0x8e
00000000`00bfecd0 00007ffa`615eff27 : 00000000`00bff690 00000000`00bfedd8 00000000`00bfedf0 00000000`00bfee90 : msedge!content::BrowserMain+0xe7
00000000`00bfed80 00007ffa`615ef1ee : 00000000`00000000 00000000`00000000 00000000`ffffffff 00000000`00000000 : msedge!content::RunBrowserProcessMain+0xcb
00000000`00bfeed0 00007ffa`615d5b95 : 00000000`00000000 00000000`00000001 00000000`00000000 00007ffa`61cfa88b : msedge!content::ContentMainRunnerImpl::RunBrowser+0x3e8
00000000`00bff020 00007ffa`615d52f9 : 00000000`00000000 00006630`00064910 00000000`ffffff00 00007ffa`6542b62f : msedge!content::ContentMainRunnerImpl::Run+0x225
00000000`00bff170 00007ffa`615d468c : 00000000`00000000 00000000`00bff5f0 00007ffa`6f8de648 00007ffa`615d44f3 : msedge!content::RunContentProcess+0x2ea
00000000`00bff3e0 00007ffa`615d400a : 00007ff7`22b20000 00000000`00bff7f0 000043f8`00090410 00000000`0112d7d0 : msedge!content::ContentMain+0x73
00000000`00bff470 00007ff7`22b70a8d : 000043f8`00074310 00007ffa`615d3cd0 00000000`00000101 00000000`00000000 : msedge!ChromeMain+0x33a
00000000`00bff790 00007ff7`22b6dcc2 : 00000000`00bffb80 00007ff7`22ba3bc0 00000000`ffffff00 00000000`00000000 : msedge_exe!MainDllLoader::Launch+0x3b1
00000000`00bffa20 00007ff7`22c351c2 : 00007ff7`22db50a0 00007ff7`22c35239 00000000`00000000 00000000`00000000 : msedge_exe!wWinMain+0x423
00000000`00bfff20 00007ffa`eabee8d7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msedge_exe!__scrt_common_main_seh+0x106
00000000`00bfff60 00007ffa`eb79bf2c : 00000000`00000000 00000000`00000000 000004f0`fffffb30 000004d0`fffffb30 : kernel32!BaseThreadInitThunk+0x17
00000000`00bfff90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x2c
STACK_COMMAND: ~0s; .ecxr ; kb
SYMBOL_NAME: msedge!views::DesktopWindowTreeHostWin::HandleAppFullscreenStateChange+13
MODULE_NAME: msedge
IMAGE_NAME: msedge.dll
FAILURE_BUCKET_ID: NULL_CLASS_PTR_READ_c0000005_msedge.dll!views::DesktopWindowTreeHostWin::HandleAppFullscreenStateChange
OS_VERSION: 10.0.26100.1
BUILDLAB_STR: ge_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
IMAGE_VERSION: 133.0.3065.82
FAILURE_ID_HASH: {bc3859cf-9fc9-c13b-7372-fb656410ad94}
Followup: MachineOwner
---------
0:000> .exr -1
ExceptionAddress: 00007ffa69d05f33 (msedge!views::DesktopWindowTreeHostWin::HandleAppFullscreenStateChange+0x0000000000000013)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000158
Attempt to read from address 0000000000000158
Crash Dumps
Microsoft edge crash dump.
ca569882-8a97-4065-a2ea-07a70128bb48.dmp
Media
