[Bug]: Geolocation crashes 13.0.1

[omarkilani]

Preflight Checklist

• I have read the Contributing Guidelines for this project.
• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Electron Version

13.0.1

What operating system are you using?

macOS

Operating System Version

11.4

What arch are you using?

arm64 (including Apple Silicon)

Last Known Working Electron version

12.0.7

Expected Behavior

Electron shouldn't crash.

Actual Behavior

Electron crashes.

Testcase Gist URL

https://gist.github.com/omarkilani/f0c264e278b04575a381d1eadc930514

Additional Information

Electron 13.x crashes on any geolocation use. Backtrace attached.

[omarkilani]

Crash occurs on x86_64 and arm64.

[andrewpaprotsky]

Here is a gist with a repro: https://gist.github.com/andrewpaprotsky/c46eb4368e236d6ed0a70d3fbb2054ac

[omarkilani]

Did some bisecting with Andrew's Electron fiddle:

14.0.0-beta.1 - crash
13.0.1 - crash
13.0.0 - crash
13.0.0-beta.28 - crash
13.0.0.beta.27 - crash
13.0.0.beta.18 - crash
13.0.0.beta.14 - crash
13.0.0.beta.13 - no crash
13.0.0.beta.12 - no crash
13.0.0.beta.3 - white canvas
13.0.0.beta.2 - white canvas

[omarkilani]

[ deleted incorrect post as explained later ]

[Eneris]

Can reproduce in 13.1.0 too

[omarkilani]

Okay, this is kinda weird.

This is crashing on 13.1.0, 14.0.0-beta.2 and the latest 15 nightly.

The reason it's weird is that when I posted about that commit fixing it, I downloaded the artifacts from Circle CI:

https://app.circleci.com/pipelines/github/electron/electron/40279/workflows/1ff812c1-76d8-4597-8d02-b9e8ebc1e940/jobs/890665/artifacts

And used that as a Local Electron Build in Electron Fiddle. It doesn't crash.

However, to get that artifact to run I had to

xattr -r -d com.apple.quarantine Electron.app

Hmmm.

[omarkilani]

Okay, so with the 13.1.0 artifacts from Circle CI:

https://app.circleci.com/pipelines/github/electron/electron/40575/workflows/a3db5bc2-c7b6-418a-ab5b-6a4722220e1f/jobs/898319/artifacts

If I xattr -r -d com.apple.quarantine Electron.app and use this as a local Electron in Fiddle, Geolocation works.

If I use the official 13.1.0 build, it crashes.

If I download 13.1.0 from the GitHub releases page (electron-v13.1.0-darwin-arm64.zip) and xattr -r -d com.apple.quarantine Electron.app that, it also crashes.

electron-v13 % md5 Electron.app/Contents/MacOS/Electron
MD5 (Electron.app/Contents/MacOS/Electron) = 1cabb3ca377fa3c3ed391ef989473c9c
electron-v13 % codesign -d -vvv Electron.app
Executable=/Users/omar/Downloads/electron-v13/Electron.app/Contents/MacOS/Electron
Identifier=Electron
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20400 size=1825 flags=0x20002(adhoc,linker-signed) hashes=54+0 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=8404233710648a85885cf6c969b1870cf60ba759
CandidateCDHashFull sha256=8404233710648a85885cf6c969b1870cf60ba7597785d714792f78c60abab1ca
Hash choices=sha256
CMSDigest=8404233710648a85885cf6c969b1870cf60ba7597785d714792f78c60abab1ca
CMSDigestType=2
CDHash=8404233710648a85885cf6c969b1870cf60ba759
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements=none

dist % md5 Electron.app/Contents/MacOS/Electron 
MD5 (Electron.app/Contents/MacOS/Electron) = 8b5ef1367d09c1275e9333fc2f908c52

dist % codesign -d -vvv Electron.app
Executable=/Users/omar/Downloads/dist/Electron.app/Contents/MacOS/Electron
Identifier=Electron
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20400 size=3585 flags=0x20002(adhoc,linker-signed) hashes=109+0 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=ee84dc810e706ca3a65fa1fb8a7d041fb31a2dd8
CandidateCDHashFull sha256=ee84dc810e706ca3a65fa1fb8a7d041fb31a2dd81aa4ccd33b3f547eb3f3e545
Hash choices=sha256
CMSDigest=ee84dc810e706ca3a65fa1fb8a7d041fb31a2dd81aa4ccd33b3f547eb3f3e545
CMSDigestType=2
CDHash=ee84dc810e706ca3a65fa1fb8a7d041fb31a2dd8
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements=none

I'm not really clear on how the assets on the releases page are generated.

[MarshallOfSound]

@omarkilani Artifacts on CI are built using our Testing config, artifacts we release are built using the Release config. This can in rare cases result in differences in behavior. (Just explaining what you're seeing)

[omarkilani]

@MarshallOfSound that makes sense. Thanks!

I was trying to find the Circle CI release job or something to test those artifacts.

So... if this doesn't crash the release build of Chrome 91 (which now matches Electron) and doesn't crash the debug build of Electron I guess it makes it fun? :)

There are four commits between 13.0.0.beta.13 and 13.0.0.beta.14.

Two of them might be the culprit but I'm not sure how to check if a cherry picked v8 patch is still part of the upstream v8 or in the release build Chrome.

[omarkilani]

Okay so with commit 7044cb6

1. The crash happens on arm64 and x64, and the patch is only for x64.

2. The patch has been in Chrome Canary since 92.0.4475.2 and the change is still in the v8 master but Geolocation doesn't crash on Version 93.0.4530.0 (Official Build) canary (arm64).

So I think that leaves something in 66a2218 .

[MarshallOfSound]

I was trying to find the Circle CI release job or something to test those artifacts.

You want to find the publish-* jobs on the bump commit. E.g.

https://github.com/electron/electron/runs/2337296361

I suspect it's something in the Chrome roll we didn't account for / went past without a build failure. Just to clarify, is this definitively macOS only?

[omarkilani]

@MarshallOfSound I just tested on Win 10 x64 and Ubuntu 20.04 64-bit and it doesn't crash there. So yup, macOS only.

[TheCleric]

I can confirm, we have tested in Windows, Linux, and Mac. Of those only Mac segfaults on Geolocation.

[Eneris]

Yes only the Mac crashes using x64 11.4

[TheCleric]

Issue still present in 13.1.1

[omarkilani]

@MarshallOfSound I’d love to take a look at this further but I can’t get Electron to build on my M1 MBP.

I followed the steps in the building docs but I might have missed something.

Is there somewhere one can go to ask possibly… simple… building questions?

[xssc]

Having this issue too when trying load google.com on MacOS x64 inside electron with everything after 13.0.0.beta.13

[TheCleric]

This appears resolved for me in 13.1.2

[omarkilani]

@TheCleric we still see the crash in 13.1.2.

And @andrewpaprotsky 's fiddle still crashes with Electron Fiddle + 13.1.2.

There don't appear to have been any new releases in the last 7 days?

[TheCleric]

@omarkilani you're right! Just tried again in my original test and it did fail. The difference between the two (for anyone actively working this) was that in my working test I had overridden the user agent to use a Firefox user agent.

Not sure if that helps narrow down the issue or not.

[MarshallOfSound]

Uh, this is funny I totally figured out what was causing this crash two weeks ago and have since closed all my tabs and lost all my research 😆 I'll figure this out again 😄

[TheCleric]

Uh, this is funny I totally figured out what was causing this crash two weeks ago and have since closed all my tabs and lost all my research 😆 I'll figure this out again 😄

Who among us has not done this. 😆

That and "I fixed the code in a dream, but I'll be damned if I can remember how..."

[d4kris]

Strange how the dream fixes always seem so easy and still not possible to remember :-)

Don't know if this can help with the debugging but it may help as a workaround to others in the same boat as us.
At least it keeps our app from crashing from this bug whenever our users go to google.com.

    if (os.platform() === "darwin") {
        session.setPermissionRequestHandler(
            (
                webContents: WebContents,
                permission: string,
                callback: Function
            ) => {
                if (permission === "geolocation") {
                    return callback(false); // denied.
                }
                callback(true);
            }
        );
        session.setPermissionCheckHandler(
            (
                webContents: WebContents,
                permission: string,
                requestingOrigin: string
            ) => {
                if (permission === "geolocation") {
                    return false; // denied
                }
                return true; // granted for everything else...?
            }
        );
    }

[dsanders11]

@MarshallOfSound, worth noting that this doesn't seem to crash anymore on main (as of this writing). It does on v15.0.0-nightly.20210609 (the last nightly visible in Fiddle at the moment due to other issues), so something between those two points may have fixed it.

EDIT: Hacked up my Fiddle so I could test the newer nightlies, looks like it still crashed as of v15.0.0-nightly.20210616. So that narrows the window.

[hvaoc]

Strange how the dream fixes always seem so easy and still not possible to remember :-)

Don't know if this can help with the debugging but it may help as a workaround to others in the same boat as us.
At least it keeps our app from crashing from this bug whenever our users go to google.com.

    if (os.platform() === "darwin") {
        session.setPermissionRequestHandler(
            (
                webContents: WebContents,
                permission: string,
                callback: Function
            ) => {
                if (permission === "geolocation") {
                    return callback(false); // denied.
                }
                callback(true);
            }
        );
        session.setPermissionCheckHandler(
            (
                webContents: WebContents,
                permission: string,
                requestingOrigin: string
            ) => {
                if (permission === "geolocation") {
                    return false; // denied
                }
                return true; // granted for everything else...?
            }
        );
    }

This solution worked. App is not crashing anymore when navigating to any URL which asks for GeoLocation permission and crashed the entire app without this fix.

[omarkilani]

FWIW, still crashing in:

13.1.4
14.0.0-beta.8
15.0.0-nightly.20210622

[TheCleric]

So based on @omarkilani 's research above, this looks like it broke between 13.0.0-beta13 and 13.0.0-beta14.

Looking at the diff, only thing I can (naively) notice that might be an issue is the chromium version bump:

v13.0.0-beta.13...v13.0.0-beta.14

Which went from 90.0.4415.0 to 91.0.4448.0

So I started digging through chromium compares between those two versions, but that revealed to me that I am way out of my depth there. 😆

I'll leave this to those that are wiser than I.

[TheCleric]

I also stumbled across this bug in Chromium's issue tracker. Not sure if it's related as it's talking about headless browser usage, but it seems pretty close:

https://bugs.chromium.org/p/chromium/issues/detail?id=1195664&q=OS%3DMac%20component%3ABlink%3EGeolocation&can=1

The issue there is that headless chromium couldn't access geolocation_system_permission_manager. I wonder if the same is happening within Electron.

[omarkilani]

@TheCleric I tried to narrow down which commit the issue was introduced in here: #29343 (comment)

I wasn't successful in building Electron on my main M1 machine, so I switched to other tasks.

I've got it downloading on a x86_64 machine now then I'll try to take a deeper look.

[omarkilani]

Hmmmmm.... well, the crash is in:

Thread 29 Crashed:: Geolocation
0   com.github.Electron.framework 	0x00000001068ac110 v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 37224412
1   com.github.Electron.framework 	0x0000000104995614 v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4625632
2   com.github.Electron.framework 	0x0000000104995614 v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4625632
3   com.github.Electron.framework 	0x00000001049925cc v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4613272
4   com.github.Electron.framework 	0x0000000101de56f0 v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 6346400
5   com.github.Electron.framework 	0x0000000104992370 v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4612668

And this was one of the changes in 66a2218:

-index a76f001440d21ee34ffa1a98c9dbc87961fcaff0..95b404a3d371304f9569f66615b4e016bb4d88cb 100644
+index 2447c80eece6fa84f01d4d84b136a7c6a799c696..6680e614b5985b6774e47472957a9b4ac2d50354 100644
 --- a/third_party/blink/renderer/platform/runtime_enabled_features.json5
 +++ b/third_party/blink/renderer/platform/runtime_enabled_features.json5
-@@ -2128,6 +2128,9 @@
+@@ -2146,6 +2146,9 @@
      {
        name: "WebAppWindowControlsOverlay",
      },
@@ -115,5 +93,5 @@ index a76f001440d21ee34ffa1a98c9dbc87961fcaff0..95b404a3d371304f9569f66615b4e016
 +      name: "WebAssemblyCSP",
 +    },
      {
-       name: "WebAssemblySimd",
-       origin_trial_feature_name: "WebAssemblySimd",
+       name: "WebAssemblyExceptions",
+       origin_trial_feature_name: "WebAssemblyExceptions",

Maybe some default changed somewhere? 🤔

Edit: this patch was removed in f72597b#diff-849f1c17197312f1191586b602a4115a2efe3fba15c9f7ecd4170cf2c7d5bea2

Hmmm.

[TheCleric]

That is interesting @omarkilani

Especially since your bug was filed the same day as this article I found:

https://www.theregister.com/2021/05/26/chrome_91_release/

Big changes for devs: Chrome 91 lands with WebAssembly SIMD, JSON modules, clipboard file support

So here's my likely incorrect wild-ass guess/theory:

Google is trying to use WASM for GeoLocation if it detects Chrome 91+

• This meshes with what you found in that diff
• This explains why if a different user agent is provided, it does not crash

As well, I can only get this crash to happen on Google sites (such as google.com) though I'd suspect some other sites that use Google Analytics might crash as well.

Interestingly to you @omarkilani , I ran rememberthemilk.com through Nativefier (a web site to Electron app generator that I help maintain) on our experimental electron_13 branch, and it did not crash on my Mac here, so I don't know if your customized app has some geolocation features that the site does not. 🤔

[omarkilani]

@TheCleric In our web app, we only call out to Geolocation if the user uses a Geolocation feature. I.e. one of our location-based search operators (locatedWithin) or if you go to add a Location and press the use current location icon.

The only Geolocation-related customisation in our Electron app is setting a Google API key.

[omarkilani]

If I run the latest 13_x_y testing arm64 artifacts:

https://app.circleci.com/pipelines/github/electron/electron/41661/workflows/36efe109-09fa-4a18-a810-8976b7623baf/jobs/926036/artifacts

Using it as a Local Electron with:

xattr -r -d com.apple.quarantine Electron.app

(C.f. #29343 (comment))

And test SIMD support with wasm-feature-detect and Geolocation I get:

[85457:0626/104114.340789:INFO:CONSOLE(2)] "SIMD true", source: file:///var/folders/t1/kqyp4d8j7597lz8djc_qxbk80000gn/T/tmp-84823-xA0nLtDWz0bd/renderer.js (2)
[85457:0626/104114.343363:INFO:CONSOLE(0)] "[object GeolocationPosition]", source:  (0)

So yeah, once gclient sync runs for the 6th time... and hopefully works this time... I can try to test my own builds and bisect the differences between the Testing and Release builds.

Or the mention of WASM SIMD triggers something in @MarshallOfSound 's memory and he knows what to do. :)

[omarkilani]

Okay, so I managed to get Electron built (Testing + Release took 8 hours) and... discovered that the crash that occurs on 13.x is different to the one on 15.x.

So... the one on 13.x:

Thread 29 Crashed:: Geolocation
0   com.github.Electron.framework       0x000000011c87f3e4 v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 40987940
1   com.github.Electron.framework       0x000000011a5fde19 v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4806489
2   com.github.Electron.framework       0x000000011a5fb952 v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4797074
3   com.github.Electron.framework       0x000000011764fe95 v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 7115717
4   com.github.Electron.framework       0x000000011a5fb636 v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4796278
5   com.github.Electron.framework       0x00000001178de0fc v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 9795116

And the one on 15.x:

* thread #35, name = 'Geolocation', stop reason = EXC_BAD_ACCESS (code=1, address=0x70)
    frame #0: 0x0000000106fc9f84 Electron Framework`device::GeolocationManager::GetObserverList() const [inlined] scoped_refptr<base::ObserverListThreadSafe<device::GeolocationManager::PermissionObserver> >::scoped_refptr(r=0x0000000000000070) at scoped_refptr.h:197:59 [opt]
   194
   195    // Copy constructor. This is required in addition to the copy conversion
   196    // constructor below.
-> 197    scoped_refptr(const scoped_refptr& r) : scoped_refptr(r.ptr_) {}
   198
   199    // Copy conversion constructor.
   200    template <typename U,
Target 0: (Electron) stopped.
(lldb) bt
* thread #35, name = 'Geolocation', stop reason = EXC_BAD_ACCESS (code=1, address=0x70)
  * frame #0: 0x0000000106fc9f84 Electron Framework`device::GeolocationManager::GetObserverList() const [inlined] scoped_refptr<base::ObserverListThreadSafe<device::GeolocationManager::PermissionObserver> >::scoped_refptr(r=0x0000000000000070) at scoped_refptr.h:197:59 [opt]
    frame #1: 0x0000000106fc9f84 Electron Framework`device::GeolocationManager::GetObserverList(this=0x0000000000000000) const at geolocation_manager.cc:47 [opt]
    frame #2: 0x00000001055cdb51 Electron Framework`device::NetworkLocationProvider::NetworkLocationProvider(this=0x00000001092b37e0, url_loader_factory=<unavailable>, geolocation_manager=0x0000000000000000, main_task_runner=const scoped_refptr<base::SingleThreadTaskRunner> @ 0x00007000158e98c0, api_key=<unavailable>, position_cache=<unavailable>) at network_location_provider.cc:63:48 [opt]
    frame #3: 0x00000001055cb8b2 Electron Framework`device::LocationArbitrator::NewNetworkLocationProvider(scoped_refptr<network::SharedURLLoaderFactory>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) [inlined] std::__1::__unique_if<device::NetworkLocationProvider>::__unique_single std::__1::make_unique<device::NetworkLocationProvider, scoped_refptr<network::SharedURLLoaderFactory>, device::GeolocationManager* const&, scoped_refptr<base::SingleThreadTaskRunner>&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, device::PositionCache*>(__args=0x00000001092b3610, __args=0x00000001092b3618) at memory:2006:32 [opt]
    frame #4: 0x00000001055cb882 Electron Framework`device::LocationArbitrator::NewNetworkLocationProvider(this=0x00000001092b3600, url_loader_factory=scoped_refptr<network::SharedURLLoaderFactory> @ scalar, api_key="") at location_arbitrator.cc:156 [opt]

Unfortunately I built the main branch because I thought the crashes were the same, so I have to go back and rebuild on the 13_x_y branch.

But I guess that's something to look into on 15.x. Or I might be doing something wrong with entitlements? I did code sign all the .app's with my own cert but that didn't change anything.

[omarkilani]

@TheCleric FWIW, I now think that headless Chrome bug might be doing something, but I'm not sure what.

https://bugs.chromium.org/p/chromium/issues/detail?id=1195664&q=OS%3DMac%20component%3ABlink%3EGeolocation&can=1

Slightly different backtrace on 15.x but the cause is the same:

geolocation_manager=0x0000000000000000

That change landed in:

https://chromiumdash.appspot.com/commit/65d98b3a63fc9c2fb2ce30898d103f7a343daefa

So, 90.0.4430.19.

13.0.0.beta13 shipped with:

electron/DEPS

Line 17 in 1f95fdd

'90.0.4415.0',

So, 90.0.4415.0.

Then beta14 bumped it to include that fix.

What's not clear (yet) is why it crashes only on the Release (maybe something different gets set on OFFICIAL_BUILD) builds or why the crash is in WASM SIMD on 13.x/14.x.

Or maybe something else changed in 15.x and the way Electron hooks into Chromium is different than on 13.x/14.x. 🤷

FWIW, these are the two crashes shown in the Mac crash reporter for 13.1.4 and 14.0.0-beta.9 with the official Electron builds running against https://www.google.com/, i.e.:

./node_modules/.bin/electron https://www.google.com/

13.1.4:

Thread 39 Crashed:: Geolocation
0   com.github.Electron.framework 	0x0000000106f6a314 v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 37218620
1   com.github.Electron.framework 	0x0000000105054dbc v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4625380
2   com.github.Electron.framework 	0x0000000105054dbc v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4625380
3   com.github.Electron.framework 	0x0000000105051d74 v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4613020
4   com.github.Electron.framework 	0x00000001024a26a8 v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 6346612
5   com.github.Electron.framework 	0x0000000105051b18 v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4612416

14.0.0-beta.9

Thread 39 Crashed:: Geolocation
0   com.github.Electron.framework 	0x0000000109549698 v8::internal::compiler::GetI32WasmCallDescriptor(v8::internal::Zone*, v8::internal::compiler::CallDescriptor const*) + 31945536
1   com.github.Electron.framework 	0x0000000107b4523c v8::internal::compiler::GetI32WasmCallDescriptor(v8::internal::Zone*, v8::internal::compiler::CallDescriptor const*) + 4665060
2   com.github.Electron.framework 	0x0000000107b4523c v8::internal::compiler::GetI32WasmCallDescriptor(v8::internal::Zone*, v8::internal::compiler::CallDescriptor const*) + 4665060
3   com.github.Electron.framework 	0x0000000107b42b64 v8::internal::compiler::GetI32WasmCallDescriptor(v8::internal::Zone*, v8::internal::compiler::CallDescriptor const*) + 4655116
4   com.github.Electron.framework 	0x0000000104950310 v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 7532296
5   com.github.Electron.framework 	0x0000000107b4299c v8::internal::compiler::GetI32WasmCallDescriptor(v8::internal::Zone*, v8::internal::compiler::CallDescriptor const*) + 4654660

Edit: hmmmm... but the "official" Electron 15 nightly crashes with the WASM SIMD backtrace, too:

15.0.0-nightly.20210625

Thread 40 Crashed:: Geolocation
0   com.github.Electron.framework 	0x0000000108e70d0c v8::internal::compiler::GetI32WasmCallDescriptor(v8::internal::Zone*, v8::internal::compiler::CallDescriptor const*) + 30473880
1   com.github.Electron.framework 	0x00000001075c20b8 v8::internal::compiler::GetI32WasmCallDescriptor(v8::internal::Zone*, v8::internal::compiler::CallDescriptor const*) + 4592196
2   com.github.Electron.framework 	0x00000001075c20b8 v8::internal::compiler::GetI32WasmCallDescriptor(v8::internal::Zone*, v8::internal::compiler::CallDescriptor const*) + 4592196
3   com.github.Electron.framework 	0x00000001075bf9dc v8::internal::compiler::GetI32WasmCallDescriptor(v8::internal::Zone*, v8::internal::compiler::CallDescriptor const*) + 4582248
4   com.github.Electron.framework 	0x000000010422dec4 v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 7564516
5   com.github.Electron.framework 	0x00000001075bf814 v8::internal::compiler::GetI32WasmCallDescriptor(v8::internal::Zone*, v8::internal::compiler::CallDescriptor const*) + 4581792

Maybe the self-compiled binaries are different somehow.

[omarkilani]

Okay so mystery solved, I guess.

Without dSYMs:

$ lldb --debug ./Electron.app/Contents/MacOS/Electron 
(lldb) target create "./Electron.app/Contents/MacOS/Electron"
Current executable set to '/Users/omar/Downloads/electron-v13/Electron.app/Contents/MacOS/Electron' (x86_64).
(lldb) r https://www.google.com/
Process 67072 launched: '/Users/omar/Downloads/electron-v13/Electron.app/Contents/MacOS/Electron' (x86_64)
2021-06-27 10:10:30.780668-0700 Electron[67072:11102508] +[MTLIOAccelDevice registerDevices]: Zero Metal services found
Process 67072 stopped
* thread #39, name = 'Geolocation', stop reason = EXC_BAD_ACCESS (code=1, address=0x8)
    frame #0: 0x0000000106a8e3e4 Electron Framework`___lldb_unnamed_symbol4$$Electron Framework + 53326868
Electron Framework`v8::internal::compiler::GetI32WasmCallDescriptorForSimd:
->  0x106a8e3e4 <+40987940>: movq   0x8(%rdi), %rax
    0x106a8e3e8 <+40987944>: testq  %rax, %rax
    0x106a8e3eb <+40987947>: je     0x106a8e3f1               ; <+40987953>
    0x106a8e3ed <+40987949>: lock   
Target 0: (Electron) stopped.
(lldb) bt
* thread #39, name = 'Geolocation', stop reason = EXC_BAD_ACCESS (code=1, address=0x8)
  * frame #0: 0x0000000106a8e3e4 Electron Framework`___lldb_unnamed_symbol4$$Electron Framework + 53326868
    frame #1: 0x00000001037af356 Electron Framework`node::SetTracingController(v8::TracingController*) + 1008182
    frame #2: 0x000000010480ce19 Electron Framework`v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4806489
    frame #3: 0x000000010480a952 Electron Framework`v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4797074
    frame #4: 0x000000010185ee95 Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 7115717
    frame #5: 0x000000010480a636 Electron Framework`v8::internal::compiler::GetI32WasmCallDescriptorForSimd(v8::internal::Zone*, v8::internal::compiler::CallDescriptor*) + 4796278
    frame #6: 0x0000000101aed0fc Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 9795116
    frame #7: 0x0000000101b053d6 Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 9894150
    frame #8: 0x0000000101b3d3e0 Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 10123536
    frame #9: 0x0000000101b399c2 Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 10108658
    frame #10: 0x0000000101b3cbff Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 10121519
    frame #11: 0x00007fff204626dc CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
    frame #12: 0x00007fff20462644 CoreFoundation`__CFRunLoopDoSource0 + 180
    frame #13: 0x00007fff204623ba CoreFoundation`__CFRunLoopDoSources0 + 242
    frame #14: 0x00007fff20460dc8 CoreFoundation`__CFRunLoopRun + 897
    frame #15: 0x00007fff20460380 CoreFoundation`CFRunLoopRunSpecific + 567
    frame #16: 0x00007fff21118647 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
    frame #17: 0x0000000101b3d9d9 Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 10125065
    frame #18: 0x0000000101b3c6db Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 10120203
    frame #19: 0x0000000101b067af Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 9899231
    frame #20: 0x0000000101ad8e0c Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 9712444
    frame #21: 0x0000000101b231c8 Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 10016504
    frame #22: 0x0000000101b233c7 Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 10017015
    frame #23: 0x0000000101b380d8 Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 10102280
    frame #24: 0x00007fff203698fc libsystem_pthread.dylib`_pthread_start + 224
    frame #25: 0x00007fff20365443 libsystem_pthread.dylib`thread_start + 15
(lldb) 

With dSYMs:

$ lldb --debug ./Electron.app/Contents/MacOS/Electron 
(lldb) target create "./Electron.app/Contents/MacOS/Electron"
Current executable set to '/Users/omar/Downloads/electron-v13/Electron.app/Contents/MacOS/Electron' (x86_64).
(lldb) add-dsym Electron.dSYM
symbol file '/Users/omar/Downloads/electron-v13/Electron.dSYM/Contents/Resources/DWARF/Electron' has been added to '/Users/omar/Downloads/electron-v13/Electron.app/Contents/MacOS/Electron'
(lldb) add-dsym Electron\ Framework.dSYM
symbol file '/Users/omar/Downloads/electron-v13/Electron Framework.dSYM/Contents/Resources/DWARF/Electron Framework' has been added to '/Users/omar/Downloads/electron-v13/Electron.app/Contents/Frameworks/Electron Framework.framework/Electron Framework'
(lldb) r https://www.google.com/
Process 69270 launched: '/Users/omar/Downloads/electron-v13/Electron.app/Contents/MacOS/Electron' (x86_64)
2021-06-27 10:12:53.149980-0700 Electron[69270:11119528] +[MTLIOAccelDevice registerDevices]: Zero Metal services found
Electron Framework was compiled with optimization - stepping may behave oddly; variables may not be available.
Process 69270 stopped
* thread #39, name = 'Geolocation', stop reason = EXC_BAD_ACCESS (code=1, address=0x8)
    frame #0: 0x0000000106a8e3e4 Electron Framework`device::GeolocationSystemPermissionManager::GetObserverList() [inlined] scoped_refptr<base::ObserverListThreadSafe<device::GeolocationSystemPermissionManager::GeolocationPermissionObserver> >::scoped_refptr(r=0x0000000000000008) at scoped_refptr.h:197:59 [opt]
Target 0: (Electron) stopped.
(lldb) bt
* thread #39, name = 'Geolocation', stop reason = EXC_BAD_ACCESS (code=1, address=0x8)
  * frame #0: 0x0000000106a8e3e4 Electron Framework`device::GeolocationSystemPermissionManager::GetObserverList() [inlined] scoped_refptr<base::ObserverListThreadSafe<device::GeolocationSystemPermissionManager::GeolocationPermissionObserver> >::scoped_refptr(r=0x0000000000000008) at scoped_refptr.h:197:59 [opt]
    frame #1: 0x0000000106a8e3e4 Electron Framework`device::GeolocationSystemPermissionManager::GetObserverList(this=0x0000000000000000) at geolocation_system_permission_mac.mm:97 [opt]
    frame #2: 0x000000010480ce19 Electron Framework`device::NetworkLocationProvider::NetworkLocationProvider(this=0x0000000109977ce0, url_loader_factory=<unavailable>, geolocation_system_permission_manager=0x0000000000000000, main_task_runner=const scoped_refptr<base::SingleThreadTaskRunner> @ 0x0000700016c35960, api_key=<unavailable>, position_cache=<unavailable>) at network_location_provider.cc:64:46 [opt]
    frame #3: 0x000000010480a952 Electron Framework`device::LocationArbitrator::NewNetworkLocationProvider(scoped_refptr<network::SharedURLLoaderFactory>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) [inlined] std::__1::__unique_if<device::NetworkLocationProvider>::__unique_single std::__1::make_unique<device::NetworkLocationProvider, scoped_refptr<network::SharedURLLoaderFactory>, device::GeolocationSystemPermissionManager*&, scoped_refptr<base::SingleThreadTaskRunner>&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, device::PositionCache*>(__args=0x0000000109980ca0, __args=0x0000000109980ca8) at memory:2006:32 [opt]
    frame #4: 0x000000010480a922 Electron Framework`device::LocationArbitrator::NewNetworkLocationProvider(this=0x0000000109980c90, url_loader_factory=scoped_refptr<network::SharedURLLoaderFactory> @ scalar, api_key="") at location_arbitrator.cc:157 [opt]
    frame #5: 0x000000010185ee95 Electron Framework`device::LocationArbitrator::RegisterProviders(this=0x0000000109980c90) at location_arbitrator.cc:122:22 [opt]
    frame #6: 0x000000010480a636 Electron Framework`device::LocationArbitrator::StartProvider(this=0x0000000109980c90, enable_high_accuracy=<unavailable>) at location_arbitrator.cc:65:5 [opt]
    frame #7: 0x0000000101aed0fc Electron Framework`base::TaskAnnotator::RunTask(char const*, base::PendingTask*) [inlined] base::OnceCallback<void ()>::Run() && at callback.h:101:12 [opt]
    frame #8: 0x0000000101aed0da Electron Framework`base::TaskAnnotator::RunTask(this=<unavailable>, trace_event_name=<unavailable>, pending_task=0x000000011109a000) at task_annotator.cc:173 [opt]
    frame #9: 0x0000000101b053d6 Electron Framework`non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() at thread_controller_with_message_pump_impl.cc:351:25 [opt]
    frame #10: 0x0000000101b04f8b Electron Framework`non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() [inlined] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork(this=0x0000000109eb4980) at thread_controller_with_message_pump_impl.cc:264 [opt]
    frame #11: 0x0000000101b04ee6 Electron Framework`non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() at thread_controller_with_message_pump_impl.cc:0 [opt]
    frame #12: 0x0000000101b3d3e0 Electron Framework`invocation function for block in base::MessagePumpCFRunLoopBase::RunWorkSource(void*) [inlined] base::MessagePumpCFRunLoopBase::RunWork(this=0x0000000109971e20) at message_pump_mac.mm:384:54 [opt]
    frame #13: 0x0000000101b3d3b2 Electron Framework`invocation function for block in base::MessagePumpCFRunLoopBase::RunWorkSource(.block_descriptor=<unavailable>) at message_pump_mac.mm:361 [opt]
    frame #14: 0x0000000101b399c2 Electron Framework`v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 10108658
    frame #15: 0x0000000101b3cbff Electron Framework`base::MessagePumpCFRunLoopBase::RunWorkSource(info=<unavailable>) at message_pump_mac.mm:360:3 [opt]
    frame #16: 0x00007fff204626dc CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
    frame #17: 0x00007fff20462644 CoreFoundation`__CFRunLoopDoSource0 + 180
    frame #18: 0x00007fff204623ba CoreFoundation`__CFRunLoopDoSources0 + 242
    frame #19: 0x00007fff20460dc8 CoreFoundation`__CFRunLoopRun + 897
    frame #20: 0x00007fff20460380 CoreFoundation`CFRunLoopRunSpecific + 567
    frame #21: 0x00007fff21118647 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
    frame #22: 0x0000000101b3d9d9 Electron Framework`base::MessagePumpNSRunLoop::DoRun(this=0x0000000109971e20, delegate=<unavailable>) at message_pump_mac.mm:630:5 [opt]
    frame #23: 0x0000000101b3c6db Electron Framework`base::MessagePumpCFRunLoopBase::Run(this=0x0000000109971e20, delegate=0x0000000109eb4980) at message_pump_mac.mm:157:3 [opt]
    frame #24: 0x0000000101b067af Electron Framework`base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(this=0x0000000109eb4980, application_tasks_allowed=true, timeout=<unavailable>) at thread_controller_with_message_pump_impl.cc:460:12 [opt]
    frame #25: 0x0000000101ad8e0c Electron Framework`base::RunLoop::Run(this=0x0000700016c36f30, location=<unavailable>) at run_loop.cc:133:14 [opt]
    frame #26: 0x0000000101b231c8 Electron Framework`base::Thread::Run(this=<unavailable>, run_loop=<unavailable>) at thread.cc:312:13 [opt]
    frame #27: 0x0000000101b233c7 Electron Framework`base::Thread::ThreadMain(this=0x0000000109ead3c0) at thread.cc:383:3 [opt]
    frame #28: 0x0000000101b380d8 Electron Framework`base::(anonymous namespace)::ThreadFunc(params=<unavailable>) at platform_thread_posix.cc:87:13 [opt]
    frame #29: 0x00007fff203698fc libsystem_pthread.dylib`_pthread_start + 224
    frame #30: 0x00007fff20365443 libsystem_pthread.dylib`thread_start + 15
(lldb) 

So yeah, that is the reason, @TheCleric 👍. The Mac crash reporter lied. :)

No idea why it doesn't crash on non-Release builds 🤷 .

Anyway, the cause of the crash:

https://chromium.googlesource.com/chromium/src/+/36d366175fee2d4f0fd0a8ccf53338984da9b531%5E%21/

The fix for headless Chrome:

https://chromium.googlesource.com/chromium/src/+/39cabc596fccd3e79b71cd8ddd0f3348cc2975d9%5E%21/

I'll try to work up some patches.

There's a slight difference in that on Chromium 91, the class is called device::GeolocationSystemPermissionManager but on 93+ it's called device::GeolocationManager.