Remove the window thread from the list of threads before nulling the AppHost

[zadjii-msft]

See #14957 (comment).

I think there's a race here that lets the WindowEmperor muck around with the window after it's done, but before we remove it from our list of threads.

This should remove the thread from the list, then null out the AppHost, then flush the XAML queue, preventing the A/V.

Closes MSFT:43995981

[DHowett]

Seems fine to me. @lhecker?

[DHowett]

I'm afraid of these "maybe it fixes it????" changes with the lack of having repros, but I get it!

[lhecker]

Alternatively, (re)move the _host = nullptr?

[lhecker]

Unfortunately, this PR didn't seem to have fixed the issue. While mucking around with 2 tabs, changing order without letting go of them, actually changing their order, dragging into a new window, dragging back into the old window, but not actually, then actually, etc., I had an A/V in the exact same spot. The top most part of the stack trace shows how it's caused by an async action (I think?) inside XAML trying to access an UI element that doesn't exist anymore (I think?).

For a double whammy of despair, I'd like to direct your attention to how it uses an IPC system for in-proc calls, because the objects are agile. Might as well use HTTP via localhost. Here's the full stack trace:

Windows.UI.Xaml.dll!DirectUI::ListViewBase::OnDragGesture::__l118::<lambda>(Windows::Foundation::IAsyncOperation<enum Windows::ApplicationModel::DataTransfer::DataPackageOperation> * pAsyncOp, ABI::Windows::Foundation::AsyncStatus status) Line 193	C++
Windows.UI.Xaml.dll!Microsoft::WRL::Details::DelegateArgTraits<long (__cdecl Windows::Foundation::IAsyncOperationCompletedHandler_impl<enum Windows::ApplicationModel::DataTransfer::DataPackageOperation>::*)(Windows::Foundation::IAsyncOperation<enum Windows::ApplicationModel::DataTransfer::DataPackageOperation> *,enum ABI::Windows::Foundation::AsyncStatus)>::DelegateInvokeHelper<Windows::Foundation::IAsyncOperationCompletedHandler<enum Windows::ApplicationModel::DataTransfer::DataPackageOperation>,HRESULT <lambda>(Windows::Foundation::IAsyncOperation<enum Windows::ApplicationModel::DataTransfer::DataPackageOperation> *, ABI::Windows::Foundation::AsyncStatus),-1,Windows::Foundation::IAsyncOperation<enum Windows::ApplicationModel::DataTransfer::DataPackageOperation> *,enum ABI::Windows::Foundation::AsyncStatus>::Invoke(Windows::Foundation::IAsyncOperation<enum Windows::ApplicationModel::DataTransfer::DataPackageOperation> * <args_0>, ABI::Windows::Foundation::AsyncStatus <args_1>) Line 354	C++
Windows.UI.Xaml.dll!Microsoft::WRL::AsyncBase<Windows::Foundation::IAsyncOperationCompletedHandler<enum Windows::ApplicationModel::DataTransfer::DataPackageOperation>,Microsoft::WRL::Details::Nil,1,Microsoft::WRL::AsyncOptions<-1,0,&GUID_CAUSALITY_WINDOWS_PLATFORM_ID,2>>::FireCompletion() Line 780	C++
Windows.UI.Xaml.dll!DirectUI::StartDragAsyncOperation::Invoke(Windows::Foundation::IAsyncOperation<enum Windows::ApplicationModel::DataTransfer::DataPackageOperation> * pAsyncOp, ABI::Windows::Foundation::AsyncStatus status) Line 274	C++
rpcrt4.dll!Invoke()
rpcrt4.dll!Ndr64StubWorker()
rpcrt4.dll!NdrStubCall3()
combase.dll!CStdStubBuffer_Invoke(IRpcStubBuffer * This, tagRPCOLEMESSAGE * prpcmsg, IRpcChannelBuffer * pRpcChannelBuffer) Line 1479	C++
[Inline Frame] combase.dll!InvokeStubWithExceptionPolicyAndTracing::__l6::<lambda_c9f3956a20c9da92a64affc24fdd69ec>::operator()() Line 1151	C++
combase.dll!ObjectMethodExceptionHandlingAction<<lambda_c9f3956a20c9da92a64affc24fdd69ec>>(InvokeStubWithExceptionPolicyAndTracing::__l6::<lambda_c9f3956a20c9da92a64affc24fdd69ec> action, ObjectMethodExceptionHandlingInfo * pExceptionHandlingInfo, ExceptionHandlingResult * pExceptionHandlingResult, void *) Line 94	C++
[Inline Frame] combase.dll!InvokeStubWithExceptionPolicyAndTracing(IRpcStubBuffer * pMsg, tagRPCOLEMESSAGE *) Line 1149	C++
combase.dll!DefaultStubInvoke(bool bIsAsyncBeginMethod, IServerCall * pServerCall, IRpcChannelBuffer * pChannel, IRpcStubBuffer * pStub, unsigned long * pdwFault) Line 1218	C++
combase.dll!SyncServerCall::StubInvoke(IRpcChannelBuffer * pChannel, IRpcStubBuffer * pStub, unsigned long * pdwFault) Line 791	C++
[Inline Frame] combase.dll!StubInvoke(tagRPCOLEMESSAGE * pMsg, const _GUID &) Line 1483	C++
combase.dll!ServerCall::ContextInvoke(tagIPIDEntry * ipidEntry) Line 1421	C++
[Inline Frame] combase.dll!DefaultInvokeInApartment(ServerCall *) Line 3257	C++
combase.dll!ReentrantSTAInvokeInApartment(ServerCall * serverCall, tagIPIDEntry * ipidEntry) Line 110	C++
combase.dll!ComInvokeWithLockAndIPID(ServerCall * pServerCall, tagIPIDEntry * pIPIDEntry) Line 2152	C++
combase.dll!ThreadDispatch(ServerCall * pServerCall) Line 1637	C++
combase.dll!ThreadWndProc(HWND__ * window, unsigned int message, unsigned __int64 wparam, __int64 params) Line 720	C++
user32.dll!UserCallWinProcCheckWow()
user32.dll!DispatchMessageWorker()
[Inline Frame] combase.dll!CCliModalLoop::MyDispatchMessage(tagMSG *) Line 2959	C++
combase.dll!CCliModalLoop::PeekRPCAndDDEMessage() Line 2563	C++
combase.dll!CCliModalLoop::BlockFn(void * * ahEvent, unsigned long cEvents, unsigned long * lpdwSignaled) Line 2055	C++
combase.dll!ModalLoop(CSyncClientCall * pClientCall) Line 169	C++
combase.dll!ClassicSTAThreadDispatchCrossApartmentCall(tagRPCOLEMESSAGE * pMessage, OXIDEntry * pOXIDEntry, CSyncClientCall * pClientCall) Line 357	C++
[Inline Frame] combase.dll!CSyncClientCall::SwitchAptAndDispatchCall(tagRPCOLEMESSAGE * pMessage) Line 5691	C++
combase.dll!CSyncClientCall::SendReceive2(tagRPCOLEMESSAGE * pMessage, unsigned long * pstatus) Line 5297	C++
combase.dll!SyncClientCallRetryContext::SendReceiveWithRetry(tagRPCOLEMESSAGE * pMsg, unsigned long * pulStatus, ClientCall * pClientCall, bool * pbIsAutoRetry) Line 1502	C++
combase.dll!CSyncClientCall::SendReceiveInRetryContext(SyncClientCallRetryContext * pRetryContext, tagRPCOLEMESSAGE * pMsg, unsigned long * pulStatus) Line 582	C++
combase.dll!ClassicSTAThreadSendReceive(CSyncClientCall * pClientCall, tagRPCOLEMESSAGE * pMsg, unsigned long * pulStatus) Line 564	C++
combase.dll!CSyncClientCall::SendReceive(tagRPCOLEMESSAGE * pMessage, unsigned long * pulStatus) Line 730	C++
combase.dll!CClientChannel::SendReceive(tagRPCOLEMESSAGE * pMessage, unsigned long * pulStatus) Line 659	C++
combase.dll!NdrExtpProxySendReceive(void * pThis, _MIDL_STUB_MESSAGE * pStubMsg) Line 1989	C++
rpcrt4.dll!NdrpClientCall3()
combase.dll!ObjectStublessClient(void * ParamAddress, __int64 * FloatRegisters, long Method) Line 366	C++
combase.dll!ObjectStubless() Line 176
combase.dll!CObjectContext::InternalContextCallback(HRESULT(*)(void *) pfnCallback, void * pParam, const _GUID & riid, int iMethod, IUnknown * pUnk) Line 4329	C++
combase.dll!CAgileReferenceMarshaled::~CAgileReferenceMarshaled() Line 1935	C++
combase.dll!CAgileReferenceMarshaled::`scalar deleting destructor'(unsigned int)	C++
combase.dll!Microsoft::WRL::Details::RuntimeClassImpl<Microsoft::WRL::RuntimeClassFlags<2>,1,0,0,IAgileReference,Microsoft::WRL::FtmBase>::Release() Line 1629	C++
DataExchange.dll!DragDropManager::`scalar deleting destructor'()
DataExchange.dll!DragDropManager::Release(void)
combase.dll!CStdIdentity::ReleaseCtrlUnk::__l5::<lambda>() Line 1408	C++
combase.dll!ObjectMethodExceptionHandlingAction<void <lambda>(void)>(CStdIdentity::ReleaseCtrlUnk::__l5::void <lambda>(void) action, ObjectMethodExceptionHandlingInfo * pExceptionHandlingInfo, ExceptionHandlingResult * pExceptionHandlingResult, void * __formal) Line 135	C++
[Inline Frame] combase.dll!CStdIdentity::ReleaseCtrlUnk(unsigned long) Line 1379	C++
combase.dll!CStdMarshal::DisconnectWorker_ReleasesLock(unsigned long dwType, bool logEventIsActive, CObjectContext * explicitServerContext, bool performCallback) Line 4777	C++
combase.dll!CStdMarshal::Disconnect(unsigned long dwType) Line 4452	C++
combase.dll!CStdIdentity::DecStrongCnt(int fKeepAlive) Line 1183	C++
combase.dll!CStdMarshal::DecStrongAndNotifyAct(tagIPIDEntry * pEntry, unsigned long mshlflags) Line 7786	C++
combase.dll!CStdMarshal::DecSrvIPIDCnt(tagIPIDEntry * pEntry, unsigned long cRefs, unsigned long cPrivateRefs, tagSECURITYBINDING * pName, unsigned long mshlflags) Line 7431	C++
combase.dll!CStdMarshal::ReleaseMarshalObjRef(tagOBJREF & objref) Line 4016	C++
[Inline Frame] combase.dll!ReleaseObjRefSwitch(void *) Line 3840	C++
combase.dll!ReleaseMarshalObjRef(tagOBJREF & objref, EffectiveUnmarshalingPolicy policy) Line 3924	C++
combase.dll!CoReleaseMarshalData(IStream * pStm) Line 2132	C++
twinapi.appcore.dll!RemoveServiceFromMapping(struct IViewServiceIdentity *,struct _GUID const &,enum LifetimeManagerNotificationOptions)
twinapi.appcore.dll!UnregisterAllViewServices(struct IViewServiceIdentity *,enum LifetimeManagerNotificationOptions)
twinapi.appcore.dll!CoreUnregisterAllWindowServices()
twinapi.appcore.dll!CWindowViewServicesLifetimeManager::Rundown(struct IViewServiceIdentity *)
twinapi.appcore.dll!RemoveServiceFromMapping(struct IViewServiceIdentity *,struct _GUID const &,enum LifetimeManagerNotificationOptions)
twinapi.appcore.dll!CoreUnregisterWindowService()
user32.dll!CallWindowServiceCallback(struct HWND__ *)
user32.dll!RealDefWindowProcWorker()
user32.dll!DefWindowProcW()
Windows.UI.dll!Windows::UI::Core::WindowServer::WndProc(struct HWND__ *,unsigned int,unsigned __int64,__int64)
user32.dll!UserCallWinProcCheckWow()
user32.dll!DispatchClientMessage()
user32.dll!__fnDWORD()
ntdll.dll!KiUserCallbackDispatcherContinue()
win32u.dll!NtUserDestroyWindow()
Windows.UI.dll!Windows::UI::Core::WindowServer::Uninitialize(void)
twinapi.appcore.dll!Windows::ApplicationModel::Core::CoreApplicationView::Uninitialize(void)
twinapi.appcore.dll!Windows::ApplicationModel::Core::CoreApplicationViewAgileContainer::CloseNonImmersiveView(void)
twinapi.appcore.dll!Windows::ApplicationModel::Core::CoreApplicationView::CloseNonImmersiveView(void)
Windows.UI.Xaml.dll!DirectUI::WindowsXamlManager::XamlCore::Close() Line 361	C++
[Inline Frame] Windows.UI.Xaml.dll!DirectUI::WindowsXamlManager::EnqueueClose::__l2::<lambda_be02aa0cfe4a665338a4012f1e039571>::operator()() Line 298	C++
Windows.UI.Xaml.dll!Microsoft::WRL::Details::DelegateArgTraits<long (__cdecl Windows::System::IDispatcherQueueHandler::*)(void)>::DelegateInvokeHelper<Microsoft::WRL::Implements<Microsoft::WRL::RuntimeClassFlags<2>,Windows::System::IDispatcherQueueHandler,Microsoft::WRL::FtmBase>,<lambda_be02aa0cfe4a665338a4012f1e039571> &,-1>::Invoke() Line 354	C++
CoreMessaging.dll!Windows::System::DispatcherQueue::DeferInvokeCallback()
CoreMessaging.dll!CFlat::SehSafe::Execute<<lambda_a81ff790741c2a62f2197c2561f5fe49>>()
CoreMessaging.dll!Microsoft::CoreUI::ActionCallback::ImportAdapter$()
CoreMessaging.dll!Microsoft::CoreUI::Dispatch::DeferredCall::Callback_Dispatch()
CoreMessaging.dll!Microsoft::CoreUI::Dispatch::DeferredCallDispatcher::Callback_OnDispatch()
CoreMessaging.dll!Microsoft::CoreUI::Dispatch::EventLoop::Callback_RunCoreLoop()
CoreMessaging.dll!Microsoft::CoreUI::Dispatch::UserAdapter::OnUserDispatch()
CoreMessaging.dll!Microsoft::CoreUI::Dispatch::UserAdapter::DoWork()
CoreMessaging.dll!Microsoft::CoreUI::Dispatch::UserAdapter::WindowProc(struct HWND__ *,unsigned int,unsigned __int64,__int64)
user32.dll!UserCallWinProcCheckWow()
user32.dll!DispatchClientMessage()
user32.dll!__fnDWORD()
ntdll.dll!KiUserCallbackDispatcherContinue()
win32u.dll!NtUserPeekMessage()
user32.dll!_PeekMessage()
user32.dll!PeekMessageW()
WindowsTerminal.exe!WindowThread::RundownForExit() Line 56	C++
WindowsTerminal.exe!WindowEmperor::_createNewWindowThread::__l2::<lambda_1>::operator()() Line 167	C++
WindowsTerminal.exe!std::invoke<`WindowEmperor::_createNewWindowThread'::`2'::<lambda_1>>(WindowEmperor::_createNewWindowThread::__l2::<lambda_1> && _Obj) Line 1577	C++
WindowsTerminal.exe!std::thread::_Invoke<std::tuple<`WindowEmperor::_createNewWindowThread'::`2'::<lambda_1>>,0>(void * _RawVals) Line 56	C++
ucrtbased.dll!thread_start<unsigned int (__cdecl*)(void *),1>(void * const parameter) Line 97	C++
kernel32.dll!BaseThreadInitThunk()
ntdll.dll!RtlUserThreadStart()

[zadjii-msft]

Exact same spot? I dunno about that - the stack you've got there is quite a bit different than the one in MSFT:43995981. I'm fine calling it an issue, but I'll track it separately.