Summary A crash occurs in ViewBridge framework when a TUINSRemoteViewController object receives -release message after being deallocated. This appears to be a reference counting issue within the ViewBridge framework's internal autorelease pool management. Environment macOS Version: [15.0.0] Application: Custom Qt-based application using Chromium Embedded Framework (xcode version: xcode 15; QT version: 6.5.4 ; CEF version: 138.0.47+g2728d53+chromium-138.0.7204.221) Steps to Reproduce Users are typically using the app normally, but a crash occasionally occurs when they activate and click on the application. This happens infrequently, but it occurs roughly every day. Currently, only a few specific users experience this crash, and it may appear for several consecutive days before disappearing for several days. We cannot reliably reproduce this issue but have collected crash logs from affected users. Crash Analysis Zombie Detection Log: Zombie <TUINSRemoteViewController: 0x338708020> received -release Deallocation Stack Trace (when object was first released): 0 Chromium Embedded Framework 0x000000014283a7f4 rust_png$cxxbridge1$ResultOfWriter$operator$sizeof + 933592 1 AppKit 0x000000019eac0d80 -[NSResponder dealloc] + 340 2 AppKit 0x000000019ebb5e34 -[NSViewController dealloc] + 276 3 ViewBridge 0x00000001a3f6ab9c -[NSRemoteViewController dealloc] + 92 4 AppKit 0x000000019eada4b4 -[NSViewController release] + 236 5 ViewBridge 0x00000001a3eda130 -[NSRemoteViewController release] + 380 6 libobjc.A.dylib 0x000000019aa8806c objc_autoreleasePoolPop + 56 7 CoreFoundation 0x000000019aefc7c0 _CFAutoreleasePoolPop + 32 8 Foundation 0x000000019c0d14f4 -[NSAutoreleasePool drain] + 136 9 ViewBridge 0x00000001a3ed609c __CONSIDER_WHO_REQUESTED_THIS_WAIT_BEFORE_SENDING_BUG_TO_VIEWBRIDGE__ + 24 10 ViewBridge 0x00000001a3f82a10 deferredBlockOpportunity_block_invoke_2 + 436 11 CoreFoundation 0x000000019af3dfa0 __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 28 12 CoreFoundation 0x000000019af3deb0 __CFRunLoopDoBlocks + 356 13 CoreFoundation 0x000000019af3d330 __CFRunLoopRun + 2432 14 CoreFoundation 0x000000019af3c334 CFRunLoopRunSpecific + 572 15 HIToolbox 0x00000001a63740cc RunCurrentEventLoopInMode + 292 16 HIToolbox 0x00000001a6379ebc ReceiveNextEventCommon + 636 17 HIToolbox 0x00000001a637a020 _BlockUntilNextEventMatchingListInModeWithFilter + 76 18 AppKit 0x000000019ea7fa70 _DPSNextEvent + 660 19 AppKit 0x000000019f3a57b8 -[NSApplication(NSEventRouting) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 688 Crash Stack Trace (second release attempt): 0 Chromium Embedded Framework 0x14a03a37c rust_png$cxxbridge1$ResultOfWriter$operator$sizeof + 932448 1 Chromium Embedded Framework 0x14a03a04c rust_png$cxxbridge1$ResultOfWriter$operator$sizeof + 931632 2 CoreFoundation 0x19af1cbe8 ___forwarding___ + 200 3 CoreFoundation 0x19af1ca60 _CF_forwarding_prep_0 + 96 4 libobjc.A.dylib 0x19aa8bd94 AutoreleasePoolPage::releaseUntil(objc_object**) + 204 5 libobjc.A.dylib 0x19aa88138 objc_autoreleasePoolPop + 260 6 CoreFoundation 0x19aefc7c0 _CFAutoreleasePoolPop + 32 7 Foundation 0x19c0d14f4 -[NSAutoreleasePool drain] + 136 8 ViewBridge 0x1a3ed609c __CONSIDER_WHO_REQUESTED_THIS_WAIT_BEFORE_SENDING_BUG_TO_VIEWBRIDGE__ + 24 9 ViewBridge 0x1a3f82a10 deferredBlockOpportunity_block_invoke_2 + 436 10 CoreFoundation 0x19af3dfa0 __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 28 11 CoreFoundation 0x19af3deb0 __CFRunLoopDoBlocks + 356 12 CoreFoundation 0x19af3d330 __CFRunLoopRun + 2432 13 CoreFoundation 0x19af3c334 CFRunLoopRunSpecific + 572 14 HIToolbox 0x1a63740cc RunCurrentEventLoopInMode + 292 15 HIToolbox 0x1a6379ebc ReceiveNextEventCommon + 636 16 HIToolbox 0x1a637a020 _BlockUntilNextEventMatchingListInModeWithFilter + 76 17 AppKit 0x19ea7fa70 _DPSNextEvent + 660 18 AppKit 0x19f3a57b8 -[NSApplication(NSEventRouting) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 688 19 AppKit 0x19ea72b7c -[NSApplication run] + 480 20 libqcocoa.dylib 0x1057b7514 QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 2156 21 QtCore 0x109bb55c4 QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 532 22 QtCore 0x109babff8 QCoreApplication::exec() + 112 23 HoYowave 0x1009fc740 QWidgetFrameAdapter::RunMessageLoop() + 132 24 HoYowave 0x1008ae908 0x10088c000 + 141576 25 HoYowave 0x1008b7038 0x10088c000 + 176184 26 HoYowave 0x1008a3544 0x10088c000 + 95556 27 HoYowave 0x1008a294c 0x10088c000 + 92492 28 dyld 0x19aad4274 start + 2840 Technical Analysis The crash pattern indicates: A TUINSRemoteViewController was autoreleased multiple times During autorelease pool drain, the first release triggered dealloc Subsequent release attempts accessed the deallocated object (zombie) This is entirely within ViewBridge framework's internal code path The function name __CONSIDER_VIEW_SERVICE_BEFORE_SENDING_BUG_TO_VIEWBRIDGE__ in the stack trace suggests this is a known problematic area. Questions Is this a known issue in ViewBridge framework? Is there any workaround or mitigation we can apply from the application side? Could you provide guidance on what might trigger this condition? I have report this in Feedback Assistant FB21809243