search

chromiumembedded / cef

Chromium Embedded Framework (CEF). A simple framework for embedding Chromium-based browsers in other applications.
https://bitbucket.org/chromiumembedded/cef/
Other
3.38k stars 467 forks source link

mac: cefclient: Dangling ptr in RenderProcessHostImpl::Cleanup #3758

Closed magreenblatt closed 1 month ago

magreenblatt commented 3 months ago

To Reproduce Steps to reproduce the behavior:

  1. Run cefclient
  2. Close the window.

Expected behavior Application should exit cleanly. Instead, it shows the following shutdown error:

[94694:259:0729/170941.200878:ERROR:partition_alloc_support.cc(597)] A freed allocation is still referenced by a dangling pointer at exit, or at test end. Leaked raw_ptr/raw_ref could cause PartitionAlloc's quarantine memory bloat.

Memory was released on:
Task trace:
0   Chromium Embedded Framework         0x00000003cd76e384 content::RenderProcessHostImpl::Cleanup() + 2972

0   Chromium Embedded Framework         0x00000003d6901228 base::debug::CollectStackTrace(void const**, unsigned long) + 48
1   Chromium Embedded Framework         0x00000003d68ce000 base::debug::StackTrace::StackTrace(unsigned long) + 112
2   Chromium Embedded Framework         0x00000003d68ce0a8 base::debug::StackTrace::StackTrace(unsigned long) + 36
3   Chromium Embedded Framework         0x00000003d690fdbc base::allocator::(anonymous namespace)::DanglingRawPtrDetected(unsigned long) + 516
4   Chromium Embedded Framework         0x00000003c17c39bc partition_alloc::internal::InSlotMetadata::CheckDanglingPointersOnFree(unsigned long long) + 116
5   Chromium Embedded Framework         0x00000003c17c1c24 partition_alloc::internal::InSlotMetadata::PreReleaseFromAllocator() + 52
6   Chromium Embedded Framework         0x00000003c17c1754 void partition_alloc::PartitionRoot::FreeInline<(partition_alloc::internal::FreeFlags)12>(void*) + 580
7   Chromium Embedded Framework         0x00000003c17c1504 void partition_alloc::PartitionRoot::Free<(partition_alloc::internal::FreeFlags)12>(void*) + 32
8   Chromium Embedded Framework         0x00000003c17c14c4 void base::internal::HandleMemorySafetyCheckedOperatorDelete<(base::internal::MemorySafetyCheck)7>(void*) + 28
9   Chromium Embedded Framework         0x00000003cd75f4f8 content::RenderProcessHost::operator delete(void*) + 24
10  Chromium Embedded Framework         0x00000003cd75f4d4 content::RenderProcessHostImpl::~RenderProcessHostImpl() + 36
11  Chromium Embedded Framework         0x00000003cd7b2060 base::DeleteHelper<content::RenderProcessHostImpl>::DoDelete(void const*) + 48
12  Chromium Embedded Framework         0x00000003d67e7d70 void base::internal::DecayedFunctorTraits<void (*)(void const*), void const*&&>::Invoke<void (*)(void const*), void const*>(void (*&&)(void const*), void const*&&) + 40
13  Chromium Embedded Framework         0x00000003d67e7d1c void base::internal::InvokeHelper<false, base::internal::FunctorTraits<void (*&&)(void const*), void const*&&>, void, 0ul>::MakeItSo<void (*)(void const*), std::__Cr::tuple<base::internal::UnretainedWrapper<void const, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>>(void (*&&)(void const*), std::__Cr::tuple<base::internal::UnretainedWrapper<void const, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>&&) + 80
14  Chromium Embedded Framework         0x00000003d67e7cc0 void base::internal::Invoker<base::internal::FunctorTraits<void (*&&)(void const*), void const*&&>, base::internal::BindState<false, true, false, void (*)(void const*), base::internal::UnretainedWrapper<void const, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, void ()>::RunImpl<void (*)(void const*), std::__Cr::tuple<base::internal::UnretainedWrapper<void const, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, 0ul>(void (*&&)(void const*), std::__Cr::tuple<base::internal::UnretainedWrapper<void const, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>&&, std::__Cr::integer_sequence<unsigned long, 0ul>) + 32
15  Chromium Embedded Framework         0x00000003d67e7c50 base::internal::Invoker<base::internal::FunctorTraits<void (*&&)(void const*), void const*&&>, base::internal::BindState<false, true, false, void (*)(void const*), base::internal::UnretainedWrapper<void const, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, void ()>::RunOnce(base::internal::BindStateBase*) + 52
16  Chromium Embedded Framework         0x00000003c1705690 base::OnceCallback<void ()>::Run() && + 236
17  Chromium Embedded Framework         0x00000003d674d2c4 base::TaskAnnotator::RunTaskImpl(base::PendingTask&) + 492
18  Chromium Embedded Framework         0x00000003d67cf960 _ZN4base13TaskAnnotator7RunTaskIJZNS_16sequence_manager8internal35ThreadControllerWithMessagePumpImpl10DoWorkImplEPNS_7LazyNowEE3$_3EEEvN8perfetto12StaticStringERNS_11PendingTaskEDpOT_ + 144
19  Chromium Embedded Framework         0x00000003d67cf36c base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*) + 1552
20  Chromium Embedded Framework         0x00000003d67cea28 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() + 244
21  Chromium Embedded Framework         0x00000003d692b8b8 base::MessagePumpCFRunLoopBase::RunWork() + 236
22  Chromium Embedded Framework         0x00000003d692b9e0 ___ZN4base24MessagePumpCFRunLoopBase13RunWorkSourceEPv_block_invoke + 36
23  Chromium Embedded Framework         0x00000003d6929594 base::apple::CallWithEHFrame(void () block_pointer) + 16
24  Chromium Embedded Framework         0x00000003d692a570 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 112
25  CoreFoundation                      0x000000019a8ca4d8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
26  CoreFoundation                      0x000000019a8ca46c __CFRunLoopDoSource0 + 176
27  CoreFoundation                      0x000000019a8ca1dc __CFRunLoopDoSources0 + 244
28  CoreFoundation                      0x000000019a8c8dc8 __CFRunLoopRun + 828
29  CoreFoundation                      0x000000019a8c8434 CFRunLoopRunSpecific + 608
30  HIToolbox                           0x00000001a506c19c RunCurrentEventLoopInMode + 292
31  HIToolbox                           0x00000001a506be2c ReceiveNextEventCommon + 220

[94694:259:0729/170941.487156:ERROR:partition_alloc_support.cc(608)] Dangling reference from:

[94694:259:0729/170941.487180:ERROR:partition_alloc_support.cc(609)] 0   Chromium Embedded Framework         0x00000003d6a1c7dc partition_alloc::internal::base::debug::CollectStackTrace(void const**, unsigned long) + 28
1   Chromium Embedded Framework         0x00000003d6a1640c base::internal::InstanceTracer::TraceImpl(unsigned long long, bool, unsigned long) + 328
2   Chromium Embedded Framework         0x00000003c16f0a9c base::internal::InstanceTracer::Trace(unsigned long long, bool, unsigned long) + 60
3   Chromium Embedded Framework         0x00000003ccaa5488 void base::internal::RawPtrBackupRefImpl<false, false>::Trace<content::RenderProcessHost>(unsigned long long, content::RenderProcessHost*) + 84
4   Chromium Embedded Framework         0x00000003cce559d4 base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>::raw_ptr(base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>&&) + 72
5   Chromium Embedded Framework         0x00000003cce5597c base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>::raw_ptr(base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>&&) + 36
6   Chromium Embedded Framework         0x00000003cce55948 base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>* std::__Cr::construct_at<base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>, base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>, base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>*>(base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>*, base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>&&) + 88
7   Chromium Embedded Framework         0x00000003cce558e4 base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>* std::__Cr::__construct_at<base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>, base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>, base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>*>(base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>*, base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>&&) + 32
8   Chromium Embedded Framework         0x00000003cce55848 void std::__Cr::allocator_traits<std::__Cr::allocator<base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>>>::construct<base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>, base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>, void, 0>(std::__Cr::allocator<base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>>&, base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>*, base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>&&) + 36
9   Chromium Embedded Framework         0x00000003cce55754 base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>* std::__Cr::vector<base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>, std::__Cr::allocator<base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>>>::__push_back_slow_path<base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>>(base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>&&) + 216
10  Chromium Embedded Framework         0x00000003cce5557c std::__Cr::vector<base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>, std::__Cr::allocator<base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>>>::push_back(base::raw_ptr<content::RenderProcessHost, (partition_alloc::internal::RawPtrTraits)0>&&) + 116
11  Chromium Embedded Framework         0x00000003cce4c824 base::ScopedMultiSourceObservation<content::RenderProcessHost, content::RenderProcessHostObserver>::AddObservation(content::RenderProcessHost*) + 204
12  Chromium Embedded Framework         0x00000003dda38abc task_manager::RenderProcessHostTaskProvider::OnRenderProcessHostCreated(content::RenderProcessHost*) + 108
13  Chromium Embedded Framework         0x00000003cd7754d4 content::RenderProcessHostImpl::OnProcessLaunched() + 888
14  Chromium Embedded Framework         0x00000003cc25b770 content::ChildProcessLauncher::Notify(content::internal::ChildProcessLauncherHelper::Process, int) + 272
15  Chromium Embedded Framework         0x00000003cc25faf0 content::internal::ChildProcessLauncherHelper::PostLaunchOnClientThread(content::internal::ChildProcessLauncherHelper::Process, int) + 116
16  Chromium Embedded Framework         0x00000003cc26162c void base::internal::DecayedFunctorTraits<void (content::internal::ChildProcessLauncherHelper::*)(content::internal::ChildProcessLauncherHelper::Process, int), content::internal::ChildProcessLauncherHelper*&&, content::internal::ChildProcessLauncherHelper::Process&&, int&&>::Invoke<void (content::internal::ChildProcessLauncherHelper::*)(content::internal::ChildProcessLauncherHelper::Process, int), scoped_refptr<content::internal::ChildProcessLauncherHelper>, content::internal::ChildProcessLauncherHelper::Process, int>(void (content::internal::ChildProcessLauncherHelper::*)(content::internal::ChildProcessLauncherHelper::Process, int), scoped_refptr<content::internal::ChildProcessLauncherHelper>&&, content::internal::ChildProcessLauncherHelper::Process&&, int&&) + 200
17  Chromium Embedded Framework         0x00000003cc261558 void base::internal::InvokeHelper<false, base::internal::FunctorTraits<void (content::internal::ChildProcessLauncherHelper::*&&)(content::internal::ChildProcessLauncherHelper::Process, int), content::internal::ChildProcessLauncherHelper*&&, content::internal::ChildProcessLauncherHelper::Process&&, int&&>, void, 0ul, 1ul, 2ul>::MakeItSo<void (content::internal::ChildProcessLauncherHelper::*)(content::internal::ChildProcessLauncherHelper::Process, int), std::__Cr::tuple<scoped_refptr<content::internal::ChildProcessLauncherHelper>, content::internal::ChildProcessLauncherHelper::Process, int>>(void (content::internal::ChildProcessLauncherHelper::*&&)(content::internal::ChildProcessLauncherHelper::Process, int), std::__Cr::tuple<scoped_refptr<content::internal::ChildProcessLauncherHelper>, content::internal::ChildProcessLauncherHelper::Process, int>&&) + 128
18  Chromium Embedded Framework         0x00000003cc2614cc void base::internal::Invoker<base::internal::FunctorTraits<void (content::internal::ChildProcessLauncherHelper::*&&)(content::internal::ChildProcessLauncherHelper::Process, int), content::internal::ChildProcessLauncherHelper*&&, content::internal::ChildProcessLauncherHelper::Process&&, int&&>, base::internal::BindState<true, true, false, void (content::internal::ChildProcessLauncherHelper::*)(content::internal::ChildProcessLauncherHelper::Process, int), scoped_refptr<content::internal::ChildProcessLauncherHelper>, content::internal::ChildProcessLauncherHelper::Process, int>, void ()>::RunImpl<void (content::internal::ChildProcessLauncherHelper::*)(content::internal::ChildProcessLauncherHelper::Process, int), std::__Cr::tuple<scoped_refptr<content::internal::ChildProcessLauncherHelper>, content::internal::ChildProcessLauncherHelper::Process, int>, 0ul, 1ul, 2ul>(void (content::internal::ChildProcessLauncherHelper::*&&)(content::internal::ChildProcessLauncherHelper::Process, int), std::__Cr::tuple<scoped_refptr<content::internal::ChildProcessLauncherHelper>, content::internal::ChildProcessLauncherHelper::Process, int>&&, std::__Cr::integer_sequence<unsigned long, 0ul, 1ul, 2ul>) + 32
19  Chromium Embedded Framework         0x00000003cc26143c base::internal::Invoker<base::internal::FunctorTraits<void (content::internal::ChildProcessLauncherHelper::*&&)(content::internal::ChildProcessLauncherHelper::Process, int), content::internal::ChildProcessLauncherHelper*&&, content::internal::ChildProcessLauncherHelper::Process&&, int&&>, base::internal::BindState<true, true, false, void (content::internal::ChildProcessLauncherHelper::*)(content::internal::ChildProcessLauncherHelper::Process, int), scoped_refptr<content::internal::ChildProcessLauncherHelper>, content::internal::ChildProcessLauncherHelper::Process, int>, void ()>::RunOnce(base::internal::BindStateBase*) + 52
20  Chromium Embedded Framework         0x00000003c1705690 base::OnceCallback<void ()>::Run() && + 236
21  Chromium Embedded Framework         0x00000003d674d2c4 base::TaskAnnotator::RunTaskImpl(base::PendingTask&) + 492
22  Chromium Embedded Framework         0x00000003d67cf960 _ZN4base13TaskAnnotator7RunTaskIJZNS_16sequence_manager8internal35ThreadControllerWithMessagePumpImpl10DoWorkImplEPNS_7LazyNowEE3$_3EEEvN8perfetto12StaticStringERNS_11PendingTaskEDpOT_ + 144
23  Chromium Embedded Framework         0x00000003d67cf36c base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*) + 1552
24  Chromium Embedded Framework         0x00000003d67cea28 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() + 244
25  Chromium Embedded Framework         0x00000003d692b8b8 base::MessagePumpCFRunLoopBase::RunWork() + 236
26  Chromium Embedded Framework         0x00000003d692b9e0 ___ZN4base24MessagePumpCFRunLoopBase13RunWorkSourceEPv_block_invoke + 36
27  Chromium Embedded Framework         0x00000003d6929594 base::apple::CallWithEHFrame(void () block_pointer) + 16
28  Chromium Embedded Framework         0x00000003d692a570 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 112
29  CoreFoundation                      0x000000019a8ca4d8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
30  CoreFoundation                      0x000000019a8ca46c __CFRunLoopDoSource0 + 176
31  CoreFoundation                      0x000000019a8ca1dc __CFRunLoopDoSources0 + 244

[94694:259:0729/170941.804479:FATAL:partition_alloc_support.cc(620)] Check failed: !errors. 
0   Chromium Embedded Framework         0x00000003d6901228 base::debug::CollectStackTrace(void const**, unsigned long) + 48
1   Chromium Embedded Framework         0x00000003d68ce000 base::debug::StackTrace::StackTrace(unsigned long) + 112
2   Chromium Embedded Framework         0x00000003d68ce0a8 base::debug::StackTrace::StackTrace(unsigned long) + 36
3   Chromium Embedded Framework         0x00000003d68ce074 base::debug::StackTrace::StackTrace() + 40
4   Chromium Embedded Framework         0x00000003d65d0864 logging::LogMessage::Flush() + 216
5   Chromium Embedded Framework         0x00000003d65d0770 logging::LogMessage::~LogMessage() + 44
6   Chromium Embedded Framework         0x00000003d658f6c8 logging::(anonymous namespace)::CheckLogMessage::~CheckLogMessage() + 152
7   Chromium Embedded Framework         0x00000003d658f5f0 logging::(anonymous namespace)::CheckLogMessage::~CheckLogMessage() + 28
8   Chromium Embedded Framework         0x00000003d658f61c logging::(anonymous namespace)::CheckLogMessage::~CheckLogMessage() + 28
9   Chromium Embedded Framework         0x00000003d6590148 std::__Cr::default_delete<logging::LogMessage>::operator()(logging::LogMessage*) const + 52
10  Chromium Embedded Framework         0x00000003d658f078 std::__Cr::unique_ptr<logging::LogMessage, std::__Cr::default_delete<logging::LogMessage>>::reset(logging::LogMessage*) + 104
11  Chromium Embedded Framework         0x00000003d658efc8 logging::CheckError::~CheckError() + 68
12  Chromium Embedded Framework         0x00000003d658f0d0 logging::CheckError::~CheckError() + 28
13  Chromium Embedded Framework         0x00000003d690fb48 base::allocator::(anonymous namespace)::CheckDanglingRawPtrBufferEmpty() + 1168
14  Chromium Embedded Framework         0x00000003cc0ade70 void base::internal::DecayedFunctorTraits<void (*)()>::Invoke<void (*)()>(void (*&&)()) + 28
15  Chromium Embedded Framework         0x00000003cc7a9630 void base::internal::InvokeHelper<false, base::internal::FunctorTraits<void (*&&)()>, void>::MakeItSo<void (*)(), std::__Cr::tuple<>>(void (*&&)(), std::__Cr::tuple<>&&) + 32
16  Chromium Embedded Framework         0x00000003cc7a9604 void base::internal::Invoker<base::internal::FunctorTraits<void (*&&)()>, base::internal::BindState<false, true, false, void (*)()>, void ()>::RunImpl<void (*)(), std::__Cr::tuple<>>(void (*&&)(), std::__Cr::tuple<>&&, std::__Cr::integer_sequence<unsigned long, ...>) + 32
17  Chromium Embedded Framework         0x00000003cc7a959c base::internal::Invoker<base::internal::FunctorTraits<void (*&&)()>, base::internal::BindState<false, true, false, void (*)()>, void ()>::RunOnce(base::internal::BindStateBase*) + 52
18  Chromium Embedded Framework         0x00000003c1705690 base::OnceCallback<void ()>::Run() && + 236
19  Chromium Embedded Framework         0x00000003d658aacc base::AtExitManager::ProcessCallbacksNow() + 332
20  Chromium Embedded Framework         0x00000003d658a888 base::AtExitManager::~AtExitManager() + 304
21  Chromium Embedded Framework         0x00000003d658ac30 base::AtExitManager::~AtExitManager() + 28
22  Chromium Embedded Framework         0x00000003d486d028 std::__Cr::default_delete<base::AtExitManager>::operator()(base::AtExitManager*) const + 44
23  Chromium Embedded Framework         0x00000003d4869f28 std::__Cr::unique_ptr<base::AtExitManager, std::__Cr::default_delete<base::AtExitManager>>::reset(base::AtExitManager*) + 104
24  Chromium Embedded Framework         0x00000003d4869df8 content::ContentMainRunnerImpl::Shutdown() + 424
25  Chromium Embedded Framework         0x00000003d48654b0 content::ContentMainShutdown(content::ContentMainRunner*) + 32
26  Chromium Embedded Framework         0x00000003c1834c40 CefMainRunner::Shutdown(base::OnceCallback<void ()>, base::OnceCallback<void ()>) + 504
27  Chromium Embedded Framework         0x00000003c17db58c CefContext::Shutdown() + 344
28  Chromium Embedded Framework         0x00000003c17db390 CefShutdown() + 284
29  Chromium Embedded Framework         0x00000003c154dbf8 cef_shutdown + 12
30  cefclient                           0x0000000104d733cc cef_shutdown + 24
31  cefclient                           0x0000000104c510d0 CefShutdown() + 12
32  cefclient                           0x0000000104a515cc client::MainContextImpl::Shutdown() + 520
33  cefclient                           0x0000000104aececc client::(anonymous namespace)::RunMain(int, char**) + 1516
34  cefclient                           0x0000000104aec8d4 main + 36
35  dyld                                0x000000019a4620e0 start + 2360

Versions (please complete the following information):

Additional context Reproduces with cefclient using Alloy and Chrome style. Does not reproduce with cefsimple.

magreenblatt commented 1 month ago

Testing at M130 and running with cefclient --url=about:blank the Observer notifications looks correct:

[5353:259:0927/123510.891273:WARNING:render_process_host_impl.cc(5309)] RenderProcessHostImpl::OnProcessLaunched host=0x11c0234cb00 deleting_soon=0
[5353:259:0927/123510.894783:WARNING:render_process_host_task_provider.cc(102)] RenderProcessHostTaskProvider::OnRenderProcessHostCreated is_updating=1 host=0x11c0234cb00
[5353:259:0927/123510.895210:WARNING:render_process_host_impl.cc(5309)] RenderProcessHostImpl::OnProcessLaunched host=0x11c02349e00 deleting_soon=0
[5353:259:0927/123510.898150:WARNING:render_process_host_task_provider.cc(102)] RenderProcessHostTaskProvider::OnRenderProcessHostCreated is_updating=1 host=0x11c02349e00
(close window)
[5353:259:0927/123527.346431:WARNING:render_process_host_impl.cc(3904)] RenderProcessHostImpl::Cleanup host=0x11c02349e00
[5353:259:0927/123527.347088:WARNING:render_process_host_impl.cc(3904)] RenderProcessHostImpl::Cleanup host=0x11c02349e00
[5353:259:0927/123527.347825:WARNING:render_process_host_task_provider.cc(115)] RenderProcessHostTaskProvider::RenderProcessExited is_updating=0 host=0x11c02349e00
[5353:259:0927/123527.348145:WARNING:render_process_host_task_provider.cc(125)] RenderProcessHostTaskProvider::RenderProcessHostDestroyed is_updating=0 host=0x11c02349e00
[5353:259:0927/123527.471382:WARNING:render_process_host_impl.cc(3904)] RenderProcessHostImpl::Cleanup host=0x11c0234cb00
[5353:259:0927/123527.471679:WARNING:render_process_host_task_provider.cc(115)] RenderProcessHostTaskProvider::RenderProcessExited is_updating=0 host=0x11c0234cb00
[5353:259:0927/123527.471810:WARNING:render_process_host_task_provider.cc(125)] RenderProcessHostTaskProvider::RenderProcessHostDestroyed is_updating=0 host=0x11c0234cb00

It's just the |isupdating==false| that keeps it from actually removing the observation in RenderProcessHostTaskProvider.

No RenderProcessHostTaskProvider is created with cefsimple.

The RenderProcessHostTaskProvider with cefclient is created via:

* thread #1, name = 'CrBrowserMain', queue = 'com.apple.main-thread', stop reason = breakpoint 2.2
  * frame #0: 0x00000003d76d8950 Chromium Embedded Framework`task_manager::RenderProcessHostTaskProvider::RenderProcessHostTaskProvider(this=0x0000010c1c056720) at render_process_host_task_provider.cc:26:62
    frame #1: 0x00000003d770d904 Chromium Embedded Framework`std::__Cr::__unique_if<task_manager::RenderProcessHostTaskProvider>::__unique_single std::__Cr::make_unique<task_manager::RenderProcessHostTaskProvider>() at unique_ptr.h:623:30
    frame #2: 0x00000003d770cfd8 Chromium Embedded Framework`task_manager::TaskManagerImpl::TaskManagerImpl(this=0x00000003f46e9db0) at task_manager_impl.cc:88:7
    frame #3: 0x00000003d770da1c Chromium Embedded Framework`task_manager::TaskManagerImpl::TaskManagerImpl(this=0x00000003f46e9db0) at task_manager_impl.cc:71:39
    frame #4: 0x00000003d77281a4 Chromium Embedded Framework`base::LazyInstanceTraitsBase<task_manager::TaskManagerImpl>::New(instance=0x00000003f46e9db0) at lazy_instance.h:70:27
    frame #5: 0x00000003d77280f8 Chromium Embedded Framework`base::internal::LeakyLazyInstanceTraits<task_manager::TaskManagerImpl>::New(instance=0x00000003f46e9db0) at lazy_instance.h:119:12
    frame #6: 0x00000003d7728010 Chromium Embedded Framework`task_manager::TaskManagerImpl* base::subtle::GetOrCreateLazyPointer<task_manager::TaskManagerImpl>(state=0x00000003f46e9da8, creator_func=(Chromium Embedded Framework`base::internal::LeakyLazyInstanceTraits<task_manager::TaskManagerImpl>::New(void*) at lazy_instance.h:117), creator_arg=0x00000003f46e9db0, destructor=0x0000000000000000, destructor_arg=0x00000003f46e9da8) at lazy_instance_helpers.h:82:46
    frame #7: 0x00000003d770dcd8 Chromium Embedded Framework`base::LazyInstance<task_manager::TaskManagerImpl, base::internal::LeakyLazyInstanceTraits<task_manager::TaskManagerImpl>>::Pointer(this=0x00000003f46e9da8) at lazy_instance.h:159:12
    frame #8: 0x00000003d770dc68 Chromium Embedded Framework`task_manager::TaskManagerImpl::GetInstance() at task_manager_impl.cc:113:37
    frame #9: 0x00000003d77359a4 Chromium Embedded Framework`task_manager::TaskManagerInterface::GetTaskManager() at task_manager_interface.cc:50:10
    frame #10: 0x00000003c44d3280 Chromium Embedded Framework`CefTaskManager::GetTaskManager() at task_manager_impl.cc:182:7
    frame #11: 0x00000003c4173a7c Chromium Embedded Framework`::cef_task_manager_get() at task_manager_cpptoc.cc:30:39
    frame #12: 0x000000010036c56c cefclient`::cef_task_manager_get() at libcef_dll_dylib.cc:1055:10
    frame #13: 0x000000010032e7d8 cefclient`CefTaskManager::GetTaskManager() at task_manager_ctocpp.cc:30:33
    frame #14: 0x0000000100092344 cefclient`(anonymous namespace)::Handler::Handler(this=0x0000010c1ce58d00) at task_manager_test.cc:84:38
    frame #15: 0x0000000100092300 cefclient`(anonymous namespace)::Handler::Handler(this=0x0000010c1ce58d00) at task_manager_test.cc:84:72
    frame #16: 0x000000010009229c cefclient`client::task_manager_test::CreateMessageHandlers(handlers=size=8) at task_manager_test.cc:132:23
    frame #17: 0x0000000100099118 cefclient`client::test_runner::CreateMessageHandlers(handlers=size=8) at test_runner.cc:882:3
    frame #18: 0x000000010000f5a0 cefclient`client::BaseClientHandler::OnAfterCreated(this=0x0000010c1ba49240, browser=(ptr_ = 0x0000010c1d102b50)) at base_client_handler.cc:47:5
    frame #19: 0x0000000100027410 cefclient`client::ClientHandler::OnAfterCreated(this=0x0000010c1ba49240, browser=(ptr_ = 0x0000010c1d102b50)) at client_handler.cc:976:22

And RenderProcessHostTaskProvider::StopUpdating is called via:

* thread #1, name = 'CrBrowserMain', queue = 'com.apple.main-thread', stop reason = breakpoint 3.1
  * frame #0: 0x00000003d76d8ed8 Chromium Embedded Framework`task_manager::RenderProcessHostTaskProvider::StopUpdating(this=0x0000010c1c056720) at render_process_host_task_provider.cc:58:3
    frame #1: 0x00000003d76dbd0c Chromium Embedded Framework`task_manager::TaskProvider::ClearObserver(this=0x0000010c1c056720) at task_provider.cc:25:3
    frame #2: 0x00000003d76bbd98 Chromium Embedded Framework`task_manager::FallbackTaskProvider::StopUpdating(this=0x0000010c1cb2bf40) at fallback_task_provider.cc:92:37
    frame #3: 0x00000003d76dbd0c Chromium Embedded Framework`task_manager::TaskProvider::ClearObserver(this=0x0000010c1cb2bf40) at task_provider.cc:25:3
    frame #4: 0x00000003d7711ffc Chromium Embedded Framework`task_manager::TaskManagerImpl::StopUpdating(this=0x00000003f46e9db0) at task_manager_impl.cc:675:15
    frame #5: 0x00000003d7736158 Chromium Embedded Framework`task_manager::TaskManagerInterface::RemoveObserver(this=0x00000003f46e9db0, observer=0x0000010c1d082000) at task_manager_interface.cc:105:5
    frame #6: 0x00000003c44d21fc Chromium Embedded Framework`CefTaskManagerImpl::~CefTaskManagerImpl(this=0x0000010c1d082000, vtt=0x00000003f39e4b38) at task_manager_impl.cc:80:18
    frame #7: 0x00000003c44d22a8 Chromium Embedded Framework`CefTaskManagerImpl::~CefTaskManagerImpl(this=0x0000010c1d082000) at task_manager_impl.cc:79:43
    frame #8: 0x00000003c44d2324 Chromium Embedded Framework`CefTaskManagerImpl::~CefTaskManagerImpl(this=0x0000010c1d082000) at task_manager_impl.cc:79:43
    frame #9: 0x00000003c44d5158 Chromium Embedded Framework`void content::BrowserThread::DeleteOnThread<(content::BrowserThread::ID)0>::Destruct<CefTaskManagerImpl>(x=0x0000010c1d082000) at browser_thread.h:174:9
    frame #10: 0x00000003c44d33ac Chromium Embedded Framework`CefTaskManagerImpl::Release(this=0x0000010c1d082000) const at task_manager_impl.h:45:3
    frame #11: 0x00000003c4176b30 Chromium Embedded Framework`CefCppToCRefCounted<CefTaskManagerCppToC, CefTaskManager, _cef_task_manager_t>::UnderlyingRelease(this=0x0000010c1ab72130) const at cpptoc_ref_counted.h:139:61
    frame #12: 0x00000003c4174944 Chromium Embedded Framework`CefCppToCRefCounted<CefTaskManagerCppToC, CefTaskManager, _cef_task_manager_t>::Release(this=0x0000010c1ab72130) const at cpptoc_ref_counted.h:88:5
    frame #13: 0x00000003c4176750 Chromium Embedded Framework`CefCppToCRefCounted<CefTaskManagerCppToC, CefTaskManager, _cef_task_manager_t>::struct_release(base=0x0000010c1ab72150) at cpptoc_ref_counted.h:172:37
    frame #14: 0x0000000100330540 cefclient`CefCToCppRefCounted<CefTaskManagerCToCpp, CefTaskManager, _cef_task_manager_t>::UnderlyingRelease(this=0x0000010c1d1032d0) const at ctocpp_ref_counted.h:80:12
    frame #15: 0x000000010032f500 cefclient`CefCToCppRefCounted<CefTaskManagerCToCpp, CefTaskManager, _cef_task_manager_t>::Release(this=0x0000010c1d1032d0) const at ctocpp_ref_counted.h:160:3
    frame #16: 0x00000001000952d8 cefclient`scoped_refptr<CefTaskManager>::Release(ptr=0x0000010c1d1032d0) at cef_scoped_refptr.h:365:8
    frame #17: 0x0000000100095298 cefclient`scoped_refptr<CefTaskManager>::~scoped_refptr(this=0x0000010c1ce58d08) at cef_scoped_refptr.h:266:7
    frame #18: 0x0000000100095250 cefclient`scoped_refptr<CefTaskManager>::~scoped_refptr(this=0x0000010c1ce58d08) at cef_scoped_refptr.h:259:20
    frame #19: 0x000000010009521c cefclient`(anonymous namespace)::Handler::~Handler(this=0x0000010c1ce58d00) at task_manager_test.cc:82:7
    frame #20: 0x00000001000927b0 cefclient`(anonymous namespace)::Handler::~Handler(this=0x0000010c1ce58d00) at task_manager_test.cc:82:7
    frame #21: 0x00000001000927dc cefclient`(anonymous namespace)::Handler::~Handler(this=0x0000010c1ce58d00) at task_manager_test.cc:82:7
    frame #22: 0x000000010000fa60 cefclient`client::BaseClientHandler::OnBeforeClose(this=0x0000010c1ba49240, browser=(ptr_ = 0x0000010c1cfd16d0)) at base_client_handler.cc:61:7
    frame #23: 0x000000010002798c cefclient`client::ClientHandler::OnBeforeClose(this=0x0000010c1ba49240, browser=(ptr_ = 0x0000010c1cfd16d0)) at client_handler.cc:998:22

And then the leaks are checked during RenderProcessHostImpl cleanup. The RenderProcessHostTaskProvider is not destroyed until process exit because it's owned by the singleton TaskManagerImpl object.

magreenblatt commented 1 month ago

I think RenderProcessHostTaskProvider::RenderProcessExited and RenderProcessHostDestroyed should be changed to not require |isupdating==true|, as those methods will only be called if AddObservation was called (and then RemoveObservation must also be called).

magreenblatt commented 1 month ago

Proposed Chromium fix: https://chromium-review.googlesource.com/c/chromium/src/+/5894650