Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-127611

[macOS] Crash on WebEngineView destruction

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P1: Critical
    • 6.8.0 Beta3, 6.9.0 FF
    • 6.7.2
    • WebEngine
    • None
    • MacBook Pro M1
      OS Version: macOS 14.5 (23F79)
      Code Type: ARM-64 (Native)
    • macOS
    • 9bcb567b6 (dev), 57ba058ac (6.8)

    Description

      Here is a stable crash on WebEngineView destruction when running with Qt 6.7.2 built with ASAN enabled (with -sanitize address configure option).

      Stably reproduces for me even with empty WebEngineView.

      Crashed Thread:        11  Chrome_InProcGpuThread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000020
Exception Codes:       0x0000000000000001, 0x0000000000000020

VM Region Info: 0x20 is not in any region.  Bytes before following region: 4369252320
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                      1046d8000-10fd20000    [182.3M] r-x/r-x SM=COW

      Call stack:
      CrBrowserMain:

      Thread 0:: CrBrowserMain Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	       0x18c2f61f4 mach_msg2_trap + 8
1   libsystem_kernel.dylib        	       0x18c308b24 mach_msg2_internal + 80
2   libsystem_kernel.dylib        	       0x18c2fee34 mach_msg_overwrite + 476
3   libsystem_kernel.dylib        	       0x18c2f6578 mach_msg + 24
4   QtWebEngineCore               	       0x30f46b8a0 base::WaitableEvent::TimedWaitImpl(base::TimeDelta) + 728
5   QtWebEngineCore               	       0x30f28269c base::WaitableEvent::TimedWait(base::TimeDelta) + 468
6   QtWebEngineCore               	       0x30f2824c0 base::WaitableEvent::Wait() + 16
7   QtWebEngineCore               	       0x310f75f9c mojo::Wait(mojo::Handle, unsigned int, unsigned int, MojoHandleSignalsState*) + 844
8   QtWebEngineCore               	       0x310ee0ec4 mojo::Connector::WaitForIncomingMessage() + 368
9   QtWebEngineCore               	       0x310f16dec mojo::internal::MultiplexRouter::ExclusiveSyncWaitForReply(unsigned int, unsigned long long) + 468
10  QtWebEngineCore               	       0x310ef5c80 mojo::InterfaceEndpointClient::SendMessageWithResponder(mojo::Message*, bool, mojo::InterfaceEndpointClient::SyncSendMode, std::__1::unique_ptr<mojo::MessageReceiver, std::__1::default_delete<mojo::MessageReceiver>>) + 1844
11  QtWebEngineCore               	       0x310ef67b8 mojo::InterfaceEndpointClient::AcceptWithResponder(mojo::Message*, std::__1::unique_ptr<mojo::MessageReceiver, std::__1::default_delete<mojo::MessageReceiver>>) + 248
12  QtWebEngineCore               	       0x310f5a3ac mojo::internal::SendMojoMessage(mojo::MessageReceiverWithResponder&, mojo::Message&, std::__1::unique_ptr<mojo::MessageReceiver, std::__1::default_delete<mojo::MessageReceiver>>) + 508
13  QtWebEngineCore               	       0x30923278c viz::mojom::FrameSinkManagerProxy::DestroyCompositorFrameSink(viz::FrameSinkId const&) + 812
14  QtWebEngineCore               	       0x31702e440 viz::HostFrameSinkManager::InvalidateFrameSinkId(viz::FrameSinkId const&) + 748
15  QtWebEngineCore               	       0x3175eb330 ui::Compositor::~Compositor() + 3576
16  QtWebEngineCore               	       0x3001b52a4 QtWebEngineCore::FlingingCompositor::~FlingingCompositor() + 12
17  QtWebEngineCore               	       0x3001ad0a4 QtWebEngineCore::RenderWidgetHostViewQt::~RenderWidgetHostViewQt() + 1236
18  QtWebEngineCore               	       0x3001ad550 QtWebEngineCore::RenderWidgetHostViewQt::~RenderWidgetHostViewQt() + 12
19  QtWebEngineCore               	       0x30ab7a554 content::RenderWidgetHostImpl::Destroy(bool) + 1816
20  QtWebEngineCore               	       0x30ab64208 content::RenderViewHostImpl::~RenderViewHostImpl() + 1220
21  QtWebEngineCore               	       0x30ab64d0c content::RenderViewHostImpl::~RenderViewHostImpl() + 12
22  QtWebEngineCore               	       0x30a9ac434 content::RenderFrameHostImpl::~RenderFrameHostImpl() + 6120
23  QtWebEngineCore               	       0x30a9b1824 content::RenderFrameHostImpl::~RenderFrameHostImpl() + 12
24  QtWebEngineCore               	       0x30aaa0e98 content::RenderFrameHostManager::~RenderFrameHostManager() + 392
25  QtWebEngineCore               	       0x30a6b4b78 content::FrameTreeNode::~FrameTreeNode() + 3036
26  QtWebEngineCore               	       0x30a6a31f0 content::FrameTree::~FrameTree() + 116
27  QtWebEngineCore               	       0x30b092608 content::WebContentsImpl::~WebContentsImpl() + 5156
28  QtWebEngineCore               	       0x30b094d7c content::WebContentsImpl::~WebContentsImpl() + 12
29  QtWebEngineCore               	       0x300230888 QtWebEngineCore::WebContentsAdapter::~WebContentsAdapter() + 628
30  QtWebEngineQuick              	       0x11502e340 QtSharedPointer::ExternalRefCountWithContiguousData<QtWebEngineCore::WebContentsAdapter>::deleter(QtSharedPointer::ExternalRefCountData*) + 16
31  QtWebEngineQuick              	       0x114ffa060 QQuickWebEngineViewPrivate::~QQuickWebEngineViewPrivate() + 1232
32  QtWebEngineQuick              	       0x114ffa584 QQuickWebEngineViewPrivate::~QQuickWebEngineViewPrivate() + 12
33  QtWebEngineQuick              	       0x11500588c QQuickWebEngineView::~QQuickWebEngineView() + 168
34  QtWebEngineQuick              	       0x11506e99c QQmlPrivate::QQmlElement<QQuickWebEngineView>::~QQmlElement() + 28
...

      Chrome_InProcGpuThread:

      Thread 11 Crashed:: Chrome_InProcGpuThread
0   QtWebEngineCore               	       0x316ec6dc4 std::__1::pair<std::__1::__wrap_iter<std::__1::unique_ptr<gpu::SharedImageRepresentationFactoryRef, std::__1::default_delete<gpu::SharedImageRepresentationFactoryRef>> const*>, std::__1::__wrap_iter<std::__1::unique_ptr<gpu::SharedImageRepresentationFactoryRef, std::__1::default_delete<gpu::SharedImageRepresentationFactoryRef>> const*>> base::internal::flat_tree<std::__1::unique_ptr<gpu::SharedImageRepresentationFactoryRef, std::__1::default_delete<gpu::SharedImageRepresentationFactoryRef>>, base::identity, std::__1::less<void>, std::__1::vector<std::__1::unique_ptr<gpu::SharedImageRepresentationFactoryRef, std::__1::default_delete<gpu::SharedImageRepresentationFactoryRef>>, std::__1::allocator<std::__1::unique_ptr<gpu::SharedImageRepresentationFactoryRef, std::__1::default_delete<gpu::SharedImageRepresentationFactoryRef>>>>>::equal_range<gpu::Mailbox>(gpu::Mailbox const&) const + 208
1   QtWebEngineCore               	       0x316ec3e88 gpu::SharedImageFactory::DestroySharedImage(gpu::Mailbox const&) + 220
2   QtWebEngineCore               	       0x3000597b0 QtWebEngineCore::NativeSkiaOutputDevice::Buffer::~Buffer() + 172
3   QtWebEngineCore               	       0x300054b14 QtWebEngineCore::NativeSkiaOutputDevice::~NativeSkiaOutputDevice() + 504
4   QtWebEngineCore               	       0x3002c3ec0 QtWebEngineCore::NativeSkiaOutputDeviceMetal::~NativeSkiaOutputDeviceMetal() + 12
5   QtWebEngineCore               	       0x317db7e48 viz::SkiaOutputSurfaceImplOnGpu::~SkiaOutputSurfaceImplOnGpu() + 1076
6   QtWebEngineCore               	       0x317dba0dc viz::SkiaOutputSurfaceImplOnGpu::~SkiaOutputSurfaceImplOnGpu() + 12
7   QtWebEngineCore               	       0x317da6ce4 base::internal::Invoker<base::internal::BindState<viz::SkiaOutputSurfaceImpl::~SkiaOutputSurfaceImpl()::$_0, std::__1::unique_ptr<viz::SkiaOutputSurfaceImplOnGpu, std::__1::default_delete<viz::SkiaOutputSurfaceImplOnGpu>>>, void ()>::RunOnce(base::internal::BindStateBase*) + 268
8   QtWebEngineCore               	       0x317db0fb8 base::internal::Invoker<base::internal::BindState<viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl(viz::SkiaOutputSurfaceImpl::SyncMode, viz::SkiaOutputSurfaceImplOnGpu*)::$_2, std::__1::vector<base::OnceCallback<void ()>, std::__1::allocator<base::OnceCallback<void ()>>>, viz::SkiaOutputSurfaceImpl::SyncMode, base::internal::UnretainedWrapper<base::WaitableEvent, base::unretained_traits::MayNotDangle, (base::RawPtrTraits)0>, base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu, base::unretained_traits::MayNotDangle, (base::RawPtrTraits)0>, bool, bool, base::TimeTicks>, void ()>::RunOnce(base::internal::BindStateBase*) + 884
9   QtWebEngineCore               	       0x3159f18d4 gpu::SchedulerDfs::ExecuteSequence(base::IdType<gpu::SyncPointOrderData, unsigned int, 0u, 1u>) + 1828
10  QtWebEngineCore               	       0x3159efca0 gpu::SchedulerDfs::RunNextTask() + 380
11  QtWebEngineCore               	       0x3159f95e0 base::internal::Invoker<base::internal::BindState<void (gpu::SchedulerDfs::*)(), base::internal::UnretainedWrapper<gpu::SchedulerDfs, base::unretained_traits::MayNotDangle, (base::RawPtrTraits)0>>, void ()>::RunOnce(base::internal::BindStateBase*) + 416
12  QtWebEngineCore               	       0x30f28eb94 base::TaskAnnotator::RunTaskImpl(base::PendingTask&) + 924
13  QtWebEngineCore               	       0x30f2fddfc base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*) + 2348
14  QtWebEngineCore               	       0x30f2fd110 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() + 364
15  QtWebEngineCore               	       0x30f177800 base::MessagePumpDefault::Run(base::MessagePump::Delegate*) + 480
16  QtWebEngineCore               	       0x30f2ffd78 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) + 880
17  QtWebEngineCore               	       0x30f21cf38 base::RunLoop::Run(base::Location const&) + 1232
18  QtWebEngineCore               	       0x30f3a5074 base::Thread::Run(base::RunLoop*) + 224
19  QtWebEngineCore               	       0x30f3a55d0 base::Thread::ThreadMain() + 1232
20  QtWebEngineCore               	       0x30f40f0b4 base::(anonymous namespace)::ThreadFunc(void*) + 316
21  libsystem_pthread.dylib       	       0x18c336f94 _pthread_start + 136
22  libsystem_pthread.dylib       	       0x18c331d34 thread_start + 8

      Attachments

        For Gerrit Dashboard: QTBUG-127611
        # Subject Branch Project Status CR V
        580262,7 Avoid crash on WebEngineView destruction with ASAN enabled dev qt/qtwebengine Status: MERGED +2 0
        581677,2 Avoid crash on WebEngineView destruction with ASAN enabled 6.8 qt/qtwebengine Status: MERGED +2 0
        581810,1 Avoid crash on WebEngineView destruction with ASAN enabled 6.7 qt/qtwebengine Status: ABANDONED +2 0

        Activity

          People

            qt_webengine_team Qt WebEngine Team
            studiosus Vladimir Belyavsky
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes