macOS intermittent crash with branch 4638

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

macOS intermittent crash with branch 4638

Postby mic » Tue Jan 11, 2022 2:37 pm

I am seeing an intermittent crash at shutdown on macOS (multiple versions) with branch 4638. The crash occurs during the CefShutdown() API. The relevant portion of the macOS crash log looks like this:

Code: Select all
...
Crashed Thread:        0  CrBrowserMain  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes:       0x0000000000000001, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [1679]

VM Region Info: 0 is not in any region.  Bytes before following region: 4513230848
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
---> 
      __TEXT                      10d027000-10d2c7000    [ 2688K] r-x/r-x SM=COW  ................

Thread 0 Crashed:: CrBrowserMain Dispatch queue: com.apple.main-thread
0   Chromium Embedded Framework             0x1263b4461 extensions::RendererStartupHelper::UntrackProcess(content::RenderProcessHost*) + 49 (renderer_startup_helper.cc:207)
1   Chromium Embedded Framework             0x1238395e8 content::RenderProcessHostImpl::Cleanup() + 1304 (render_process_host_impl.cc:4005)
2   Chromium Embedded Framework             0x123833781 content::RenderProcessHostImpl::DecrementKeepAliveRefCount() + 353 (render_process_host_impl.cc:2881)
3   Chromium Embedded Framework             0x1236fc523 content::(anonymous namespace)::KeepAliveHandleImpl::~KeepAliveHandleImpl() + 73 (keep_alive_handle_factory.cc:42) [inlined]
4   Chromium Embedded Framework             0x1236fc523 content::(anonymous namespace)::KeepAliveHandleImpl::~KeepAliveHandleImpl() + 73 (keep_alive_handle_factory.cc:36) [inlined]
5   Chromium Embedded Framework             0x1236fc523 content::(anonymous namespace)::KeepAliveHandleImpl::~KeepAliveHandleImpl() + 83 (keep_alive_handle_factory.cc:36)
6   Chromium Embedded Framework             0x1236fc0e2 std::__1::default_delete<blink::mojom::KeepAliveHandle>::operator()(blink::mojom::KeepAliveHandle*) const + 6 (unique_ptr.h:54) [inlined]
7   Chromium Embedded Framework             0x1236fc0e2 std::__1::unique_ptr<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> >::reset(blink::mojom::KeepAliveHandle*) + 23 (unique_ptr.h:315) [inlined]
8   Chromium Embedded Framework             0x1236fc0e2 std::__1::unique_ptr<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> >::~unique_ptr() + 23 (unique_ptr.h:269) [inlined]
9   Chromium Embedded Framework             0x1236fc0e2 std::__1::unique_ptr<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> >::~unique_ptr() + 23 (unique_ptr.h:269) [inlined]
10  Chromium Embedded Framework             0x1236fc0e2 blink::mojom::KeepAliveHandleStub<mojo::UniquePtrImplRefTraits<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> > >::~KeepAliveHandleStub() + 34 (frame.mojom.h:1737) [inlined]
11  Chromium Embedded Framework             0x1236fc0e2 blink::mojom::KeepAliveHandleStub<mojo::UniquePtrImplRefTraits<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> > >::~KeepAliveHandleStub() + 34 (frame.mojom.h:1737) [inlined]
12  Chromium Embedded Framework             0x1236fc0e2 mojo::internal::BindingState<blink::mojom::KeepAliveHandle, mojo::UniquePtrImplRefTraits<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> > >::~BindingState() + 46 (binding_state.h:114) [inlined]
13  Chromium Embedded Framework             0x1236fc0e2 mojo::internal::BindingState<blink::mojom::KeepAliveHandle, mojo::UniquePtrImplRefTraits<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> > >::~BindingState() + 46 (binding_state.h:114) [inlined]
14  Chromium Embedded Framework             0x1236fc0e2 mojo::Receiver<blink::mojom::KeepAliveHandle, mojo::UniquePtrImplRefTraits<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> > >::~Receiver() + 46 (receiver.h:77) [inlined]
15  Chromium Embedded Framework             0x1236fc0e2 mojo::Receiver<blink::mojom::KeepAliveHandle, mojo::UniquePtrImplRefTraits<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> > >::~Receiver() + 46 (receiver.h:77) [inlined]
16  Chromium Embedded Framework             0x1236fc0e2 mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::KeepAliveHandle, mojo::UniquePtrImplRefTraits<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> > >, void>::ReceiverEntry::~ReceiverEntry() + 56 (receiver_set.h:362) [inlined]
17  Chromium Embedded Framework             0x1236fc0e2 mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::KeepAliveHandle, mojo::UniquePtrImplRefTraits<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> > >, void>::ReceiverEntry::~ReceiverEntry() + 56 (receiver_set.h:362) [inlined]
18  Chromium Embedded Framework             0x1236fc0e2 mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::KeepAliveHandle, mojo::UniquePtrImplRefTraits<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> > >, void>::ReceiverEntry::~ReceiverEntry() + 66 (receiver_set.h:362)
19  Chromium Embedded Framework             0x1231dcfaf std::__1::default_delete<mojo::ReceiverSetState::Entry>::operator()(mojo::ReceiverSetState::Entry*) const + 8 (unique_ptr.h:54) [inlined]
20  Chromium Embedded Framework             0x1231dcfaf std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> >::reset(mojo::ReceiverSetState::Entry*) + 25 (unique_ptr.h:315) [inlined]
21  Chromium Embedded Framework             0x1231dcfaf std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> >::~unique_ptr() + 25 (unique_ptr.h:269) [inlined]
22  Chromium Embedded Framework             0x1231dcfaf std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> >::~unique_ptr() + 25 (unique_ptr.h:269) [inlined]
23  Chromium Embedded Framework             0x1231dcfaf std::__1::pair<unsigned long long const, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >::~pair() + 25 (utility:394) [inlined]
24  Chromium Embedded Framework             0x1231dcfaf std::__1::pair<unsigned long long const, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >::~pair() + 25 (utility:394) [inlined]
25  Chromium Embedded Framework             0x1231dcfaf void std::__1::allocator_traits<std::__1::allocator<std::__1::__tree_node<std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >, void*> > >::destroy<std::__1::pair<unsigned long long const, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >, void, void>(std::__1::allocator<std::__1::__tree_node<std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >, void*> >&, std::__1::pair<unsigned long long const, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >*) + 25 (allocator_traits.h:318) [inlined]
26  Chromium Embedded Framework             0x1231dcfaf std::__1::__tree<std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >, std::__1::__map_value_compare<unsigned long long, std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >, std::__1::less<unsigned long long>, true>, std::__1::allocator<std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > > > >::destroy(std::__1::__tree_node<std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >, void*>*) + 63 (__tree:1801)
27  Chromium Embedded Framework             0x1254f562f std::__1::__tree<std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >, std::__1::__map_value_compare<unsigned long long, std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >, std::__1::less<unsigned long long>, true>, std::__1::allocator<std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > > > >::~__tree() + 9 (__tree:1789) [inlined]
28  Chromium Embedded Framework             0x1254f562f std::__1::__tree<std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >, std::__1::__map_value_compare<unsigned long long, std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > >, std::__1::less<unsigned long long>, true>, std::__1::allocator<std::__1::__value_type<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > > > >::~__tree() + 9 (__tree:1786) [inlined]
29  Chromium Embedded Framework             0x1254f562f std::__1::map<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> >, std::__1::less<unsigned long long>, std::__1::allocator<std::__1::pair<unsigned long long const, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > > > >::~map() + 13 (map:1103) [inlined]
30  Chromium Embedded Framework             0x1254f562f std::__1::map<unsigned long long, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> >, std::__1::less<unsigned long long>, std::__1::allocator<std::__1::pair<unsigned long long const, std::__1::unique_ptr<mojo::ReceiverSetState::Entry, std::__1::default_delete<mojo::ReceiverSetState::Entry> > > > >::~map() + 13 (map:1101) [inlined]
31  Chromium Embedded Framework             0x1254f562f mojo::ReceiverSetState::~ReceiverSetState() + 22 (receiver_set.cc:67) [inlined]
32  Chromium Embedded Framework             0x1254f562f mojo::ReceiverSetState::~ReceiverSetState() + 31 (receiver_set.cc:67)
33  Chromium Embedded Framework             0x1236fbe45 mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::KeepAliveHandle, mojo::UniquePtrImplRefTraits<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> > >, void>::~ReceiverSetBase() + 9 (receiver_set.h:172) [inlined]
34  Chromium Embedded Framework             0x1236fbe45 mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::KeepAliveHandle, mojo::UniquePtrImplRefTraits<blink::mojom::KeepAliveHandle, std::__1::default_delete<blink::mojom::KeepAliveHandle> > >, void>::~ReceiverSetBase() + 9 (receiver_set.h:172) [inlined]
35  Chromium Embedded Framework             0x1236fbe45 content::KeepAliveHandleFactory::Context::~Context() + 28 (keep_alive_handle_factory.cc:60) [inlined]
36  Chromium Embedded Framework             0x1236fbe45 content::KeepAliveHandleFactory::Context::~Context() + 28 (keep_alive_handle_factory.cc:60) [inlined]
37  Chromium Embedded Framework             0x1236fbe45 content::KeepAliveHandleFactory::Context::~Context() + 37 (keep_alive_handle_factory.cc:60)
38  Chromium Embedded Framework             0x1236fc585 std::__1::default_delete<content::KeepAliveHandleFactory::Context>::operator()(content::KeepAliveHandleFactory::Context*) const + 6 (unique_ptr.h:54) [inlined]
39  Chromium Embedded Framework             0x1236fc585 std::__1::unique_ptr<content::KeepAliveHandleFactory::Context, std::__1::default_delete<content::KeepAliveHandleFactory::Context> >::reset(content::KeepAliveHandleFactory::Context*) + 23 (unique_ptr.h:315) [inlined]
40  Chromium Embedded Framework             0x1236fc585 std::__1::unique_ptr<content::KeepAliveHandleFactory::Context, std::__1::default_delete<content::KeepAliveHandleFactory::Context> >::~unique_ptr() + 23 (unique_ptr.h:269) [inlined]
41  Chromium Embedded Framework             0x1236fc585 std::__1::unique_ptr<content::KeepAliveHandleFactory::Context, std::__1::default_delete<content::KeepAliveHandleFactory::Context> >::~unique_ptr() + 23 (unique_ptr.h:269) [inlined]
42  Chromium Embedded Framework             0x1236fc585 std::__1::__tuple_leaf<0ul, std::__1::unique_ptr<content::KeepAliveHandleFactory::Context, std::__1::default_delete<content::KeepAliveHandleFactory::Context> >, false>::~__tuple_leaf() + 23 (tuple:186) [inlined]
43  Chromium Embedded Framework             0x1236fc585 std::__1::__tuple_impl<std::__1::__tuple_indices<0ul>, std::__1::unique_ptr<content::KeepAliveHandleFactory::Context, std::__1::default_delete<content::KeepAliveHandleFactory::Context> > >::~__tuple_impl() + 23 (tuple:360) [inlined]
44  Chromium Embedded Framework             0x1236fc585 std::__1::__tuple_impl<std::__1::__tuple_indices<0ul>, std::__1::unique_ptr<content::KeepAliveHandleFactory::Context, std::__1::default_delete<content::KeepAliveHandleFactory::Context> > >::~__tuple_impl() + 23 (tuple:360) [inlined]
45  Chromium Embedded Framework             0x1236fc585 std::__1::tuple<std::__1::unique_ptr<content::KeepAliveHandleFactory::Context, std::__1::default_delete<content::KeepAliveHandleFactory::Context> > >::~tuple() + 23 (tuple:446) [inlined]
46  Chromium Embedded Framework             0x1236fc585 std::__1::tuple<std::__1::unique_ptr<content::KeepAliveHandleFactory::Context, std::__1::default_delete<content::KeepAliveHandleFactory::Context> > >::~tuple() + 23 (tuple:446) [inlined]
47  Chromium Embedded Framework             0x1236fc585 base::internal::BindState<content::KeepAliveHandleFactory::~KeepAliveHandleFactory()::$_0, std::__1::unique_ptr<content::KeepAliveHandleFactory::Context, std::__1::default_delete<content::KeepAliveHandleFactory::Context> > >::~BindState() + 23 (bind_internal.h:918) [inlined]
48  Chromium Embedded Framework             0x1236fc585 base::internal::BindState<content::KeepAliveHandleFactory::~KeepAliveHandleFactory()::$_0, std::__1::unique_ptr<content::KeepAliveHandleFactory::Context, std::__1::default_delete<content::KeepAliveHandleFactory::Context> > >::~BindState() + 23 (bind_internal.h:918) [inlined]
49  Chromium Embedded Framework             0x1236fc585 base::internal::BindState<content::KeepAliveHandleFactory::~KeepAliveHandleFactory()::$_0, std::__1::unique_ptr<content::KeepAliveHandleFactory::Context, std::__1::default_delete<content::KeepAliveHandleFactory::Context> > >::Destroy(base::internal::BindStateBase const*) + 37 (bind_internal.h:921)
50  Chromium Embedded Framework             0x1255a42f4 std::__1::allocator<base::sequence_manager::Task>::destroy(base::sequence_manager::Task*) + 8 (allocator.h:133) [inlined]
51  Chromium Embedded Framework             0x1255a42f4 void std::__1::allocator_traits<std::__1::allocator<base::sequence_manager::Task> >::destroy<base::sequence_manager::Task, void>(std::__1::allocator<base::sequence_manager::Task>&, base::sequence_manager::Task*) + 8 (allocator_traits.h:308) [inlined]
52  Chromium Embedded Framework             0x1255a42f4 std::__1::__vector_base<base::sequence_manager::Task, std::__1::allocator<base::sequence_manager::Task> >::__destruct_at_end(base::sequence_manager::Task*) + 26 (vector:429) [inlined]
53  Chromium Embedded Framework             0x1255a42f4 std::__1::__vector_base<base::sequence_manager::Task, std::__1::allocator<base::sequence_manager::Task> >::clear() + 26 (vector:372) [inlined]
54  Chromium Embedded Framework             0x1255a42f4 std::__1::__vector_base<base::sequence_manager::Task, std::__1::allocator<base::sequence_manager::Task> >::~__vector_base() + 31 (vector:466) [inlined]
55  Chromium Embedded Framework             0x1255a42f4 std::__1::vector<base::sequence_manager::Task, std::__1::allocator<base::sequence_manager::Task> >::~vector() + 31 (vector:558) [inlined]
56  Chromium Embedded Framework             0x1255a42f4 std::__1::vector<base::sequence_manager::Task, std::__1::allocator<base::sequence_manager::Task> >::~vector() + 31 (vector:553) [inlined]
57  Chromium Embedded Framework             0x1255a42f4 std::__1::priority_queue<base::sequence_manager::Task, std::__1::vector<base::sequence_manager::Task, std::__1::allocator<base::sequence_manager::Task> >, std::__1::less<base::sequence_manager::Task> >::~priority_queue() + 31 (queue:413) [inlined]
58  Chromium Embedded Framework             0x1255a42f4 base::sequence_manager::internal::TaskQueueImpl::DelayedIncomingQueue::PQueue::~PQueue() + 31 (task_queue_impl.h:337) [inlined]
59  Chromium Embedded Framework             0x1255a42f4 base::sequence_manager::internal::TaskQueueImpl::DelayedIncomingQueue::PQueue::~PQueue() + 31 (task_queue_impl.h:337) [inlined]
60  Chromium Embedded Framework             0x1255a42f4 base::sequence_manager::internal::TaskQueueImpl::DelayedIncomingQueue::~DelayedIncomingQueue() + 31 (task_queue_impl.cc:1336) [inlined]
61  Chromium Embedded Framework             0x1255a42f4 base::sequence_manager::internal::TaskQueueImpl::DelayedIncomingQueue::~DelayedIncomingQueue() + 31 (task_queue_impl.cc:1336) [inlined]
62  Chromium Embedded Framework             0x1255a42f4 base::sequence_manager::internal::TaskQueueImpl::UnregisterTaskQueue() + 1220 (task_queue_impl.cc:210)
63  Chromium Embedded Framework             0x12559719d base::sequence_manager::internal::SequenceManagerImpl::UnregisterTaskQueueImpl(std::__1::unique_ptr<base::sequence_manager::internal::TaskQueueImpl, std::__1::default_delete<base::sequence_manager::internal::TaskQueueImpl> >) + 253 (sequence_manager_impl.cc:413)
64  Chromium Embedded Framework             0x1255a1f97 base::sequence_manager::TaskQueue::ShutdownTaskQueue() + 535 (task_queue.cc:189)
65  Chromium Embedded Framework             0x123891371 content::BrowserTaskQueues::~BrowserTaskQueues() + 337 (browser_task_queues.cc:209)
66  Chromium Embedded Framework             0x123891d1b content::BrowserUIThreadScheduler::~BrowserUIThreadScheduler() + 49 (browser_ui_thread_scheduler.cc:93) [inlined]
67  Chromium Embedded Framework             0x123891d1b content::BrowserUIThreadScheduler::~BrowserUIThreadScheduler() + 59 (browser_ui_thread_scheduler.cc:93)
68  Chromium Embedded Framework             0x12389048a std::__1::default_delete<content::BrowserUIThreadScheduler>::operator()(content::BrowserUIThreadScheduler*) const + 8 (unique_ptr.h:54) [inlined]
69  Chromium Embedded Framework             0x12389048a std::__1::unique_ptr<content::BrowserUIThreadScheduler, std::__1::default_delete<content::BrowserUIThreadScheduler> >::reset(content::BrowserUIThreadScheduler*) + 25 (unique_ptr.h:315) [inlined]
70  Chromium Embedded Framework             0x12389048a std::__1::unique_ptr<content::BrowserUIThreadScheduler, std::__1::default_delete<content::BrowserUIThreadScheduler> >::~unique_ptr() + 25 (unique_ptr.h:269) [inlined]
71  Chromium Embedded Framework             0x12389048a std::__1::unique_ptr<content::BrowserUIThreadScheduler, std::__1::default_delete<content::BrowserUIThreadScheduler> >::~unique_ptr() + 25 (unique_ptr.h:269) [inlined]
72  Chromium Embedded Framework             0x12389048a content::BrowserTaskExecutor::UIThreadExecutor::~UIThreadExecutor() + 58 (browser_task_executor.cc:372)
73  Chromium Embedded Framework             0x12389050e content::BrowserTaskExecutor::UIThreadExecutor::~UIThreadExecutor() + 5 (browser_task_executor.cc:369) [inlined]
74  Chromium Embedded Framework             0x12389050e content::BrowserTaskExecutor::UIThreadExecutor::~UIThreadExecutor() + 14 (browser_task_executor.cc:369)
75  Chromium Embedded Framework             0x12388fdc8 std::__1::default_delete<content::BrowserTaskExecutor::UIThreadExecutor>::operator()(content::BrowserTaskExecutor::UIThreadExecutor*) const + 6 (unique_ptr.h:54) [inlined]
76  Chromium Embedded Framework             0x12388fdc8 std::__1::unique_ptr<content::BrowserTaskExecutor::UIThreadExecutor, std::__1::default_delete<content::BrowserTaskExecutor::UIThreadExecutor> >::reset(content::BrowserTaskExecutor::UIThreadExecutor*) + 23 (unique_ptr.h:315) [inlined]
77  Chromium Embedded Framework             0x12388fdc8 content::BrowserTaskExecutor::Shutdown() + 200 (browser_task_executor.cc:284)
78  Chromium Embedded Framework             0x125114380 content::ContentMainRunnerImpl::Shutdown() + 224 (content_main_runner_impl.cc:1124)
79  Chromium Embedded Framework             0x1251c30f5 CefMainRunner::FinalizeShutdown(base::OnceCallback<void ()>) + 117 (main_runner.cc:507)
80  Chromium Embedded Framework             0x1251c2f80 CefMainRunner::Shutdown(base::OnceCallback<void ()>, base::OnceCallback<void ()>) + 336 (main_runner.cc:274)
81  Chromium Embedded Framework             0x12519963a CefContext::Shutdown() + 250 (context.cc:386)
82  Chromium Embedded Framework             0x1251994bd CefShutdown() + 125 (context.cc:233)
83  My App                                  0x103a85528 main + 2168 (main.mm:211)
84  dyld                                    0x1113274fe start + 462
...


The relevant portion of the CEF code looks like this:

Code: Select all
...
205 void RendererStartupHelper::UntrackProcess(
206    content::RenderProcessHost* process) {
207  if (!ExtensionsBrowserClient::Get()->IsSameContext(
208          browser_context_, process->GetBrowserContext())) {
209    return;
210  }
211
212  process->RemoveObserver(this);
213  process_mojo_map_.erase(process);
214  pending_active_extensions_.erase(process);
215  for (auto& extension_process_pair : extension_process_map_)
216    extension_process_pair.second.erase(process);
217 }
...


Line 207 is given as the failing line, and you can see that ExtensionsBrowserClient::Get() is called to retrieve a pointer that is immediately dereferenced without checking its value. My guess is that the pointer is intermittently NULL, which is what the crash report indicates. The fact that this pointer is used without first checking its value would seem to be a bug. Of course, the next question is why is the pointer NULL, and the answer to that may lead to another more-complicated issue.

Does this seem to be a correct analysis of this intermittent crash, or is there something else I should check?

Thanks in advance for any help you can provide.
mic
Mentor
 
Posts: 82
Joined: Fri Jan 29, 2016 12:59 pm

Re: macOS intermittent crash with branch 4638

Postby mic » Wed Jan 19, 2022 12:29 pm

mic
Mentor
 
Posts: 82
Joined: Fri Jan 29, 2016 12:59 pm


Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 33 guests