Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-128897

Pure virtual function call on NativeSkiaOutputDevice::Present()

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P1: Critical
    • 6.8.1, 6.9.0 FF
    • 6.7.2
    • WebEngine
    • None
    • macOS, Windows
    • 6781151fc (dev), 90cbd1c0c (6.8)

    Description

      During investigating our user' crash reports I found a significant number of crashes due to "pure virtual call" both on Windows and macOS in NativeSkiaOutputDevice::Present(). Most probably this happens on WebEngineView destruction.

      I don't have a simple reproducer yet, but I'll add one as soon as I can reproduce this locally.

      It seems the problem is caused by a race condition.

      Call stack:
      "Chrome_InProcGpuThread" thread

      >	google_breakpad::ExceptionHandler::HandlePureVirtualCall() Line 657	C++
 	[External Code]	
 	Qt6WebEngineCore.dll!QtWebEngineCore::NativeSkiaOutputDevice::Present(const absl::optional<gfx::Rect> & update_rect, base::OnceCallback<void __cdecl(gfx::PresentationFeedback const &)> feedback, viz::OutputSurfaceFrame frame) Line 103	C++
 	Qt6WebEngineCore.dll!viz::SkiaOutputSurfaceImplOnGpu::PostSubmit(absl::optional<viz::OutputSurfaceFrame> frame) Line 2343	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::FunctorTraits<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(absl::optional<viz::OutputSurfaceFrame>),void>::Invoke(void(viz::SkiaOutputSurfaceImplOnGpu::*)(absl::optional<viz::OutputSurfaceFrame>)) Line 713	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::InvokeHelper<0,void,0,1>::MakeItSo(void(viz::SkiaOutputSurfaceImplOnGpu::*)(absl::optional<viz::OutputSurfaceFrame>) &&) Line 868	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(absl::optional<viz::OutputSurfaceFrame>),base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,absl::optional<viz::OutputSurfaceFrame>>,void __cdecl(void)>::RunImpl(void(viz::SkiaOutputSurfaceImplOnGpu::*)(absl::optional<viz::OutputSurfaceFrame>) &&) Line 968	C++
 	Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(absl::optional<viz::OutputSurfaceFrame>),base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,absl::optional<viz::OutputSurfaceFrame>>,void __cdecl(void)>::RunOnce(base::internal::BindStateBase * base) Line 923	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::OnceCallback<void __cdecl(void)>::Run() Line 152	C++
 	Qt6WebEngineCore.dll!viz::SkiaOutputDevice::Submit(bool sync_cpu, base::OnceCallback<void __cdecl(void)> callback) Line 170	C++
 	Qt6WebEngineCore.dll!viz::SkiaOutputSurfaceImplOnGpu::SwapBuffersInternal(absl::optional<viz::OutputSurfaceFrame> frame) Line 2243	C++
 	Qt6WebEngineCore.dll!viz::SkiaOutputSurfaceImplOnGpu::SwapBuffers(viz::OutputSurfaceFrame frame) Line 602	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::FunctorTraits<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(viz::OutputSurfaceFrame),void>::Invoke(void(viz::SkiaOutputSurfaceImplOnGpu::*)(viz::OutputSurfaceFrame)) Line 713	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::InvokeHelper<0,void,0,1>::MakeItSo(void(viz::SkiaOutputSurfaceImplOnGpu::*)(viz::OutputSurfaceFrame) &&) Line 868	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(viz::OutputSurfaceFrame),base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,viz::OutputSurfaceFrame>,void __cdecl(void)>::RunImpl(void(viz::SkiaOutputSurfaceImplOnGpu::*)(viz::OutputSurfaceFrame) && bound, std::tuple<base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,viz::OutputSurfaceFrame> &&) Line 968	C++
 	Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(viz::OutputSurfaceFrame),base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,viz::OutputSurfaceFrame>,void __cdecl(void)>::RunOnce(base::internal::BindStateBase * base) Line 923	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::OnceCallback<void __cdecl(void)>::Run() Line 152	C++
 	[Inline Frame] Qt6WebEngineCore.dll!viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1>::operator()(std::vector<base::OnceCallback<void __cdecl(void)>,std::allocator<base::OnceCallback<void __cdecl(void)>>>) Line 1438	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::FunctorTraits<`viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl'::`2'::<lambda_1>,void>::Invoke(viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1> &&) Line 616	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::InvokeHelper<0,void,0,1,2,3,4,5,6>::MakeItSo(viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1> &&) Line 868	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<`viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl'::`2'::<lambda_1>,std::vector<base::OnceCallback<void __cdecl(void)>,std::allocator<base::OnceCallback<void __cdecl(void)>>>,enum viz::SkiaOutputSurfaceImpl::SyncMode,base::internal::UnretainedWrapper<base::WaitableEvent,base::unretained_traits::MayNotDangle,0>,base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,bool,bool,base::TimeTicks>,void __cdecl(void)>::RunImpl(viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1> &&) Line 968	C++
 	Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<`viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl'::`2'::<lambda_1>,std::vector<base::OnceCallback<void __cdecl(void)>,std::allocator<base::OnceCallback<void __cdecl(void)>>>,enum viz::SkiaOutputSurfaceImpl::SyncMode,base::internal::UnretainedWrapper<base::WaitableEvent,base::unretained_traits::MayNotDangle,0>,base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,bool,bool,base::TimeTicks>,void __cdecl(void)>::RunOnce(base::internal::BindStateBase * base) Line 919	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::OnceCallback<void __cdecl(void)>::Run() Line 152	C++
 	Qt6WebEngineCore.dll!gpu::SchedulerDfs::ExecuteSequence(base::IdType<gpu::SyncPointOrderData,unsigned int,0,1> sequence_id) Line 768	C++
 	Qt6WebEngineCore.dll!gpu::SchedulerDfs::RunNextTask() Line 683	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::OnceCallback<void __cdecl(void)>::Run() Line 152	C++
 	Qt6WebEngineCore.dll!base::TaskAnnotator::RunTaskImpl(base::PendingTask & pending_task) Line 201	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::TaskAnnotator::RunTask(perfetto::StaticString) Line 89	C++
 	Qt6WebEngineCore.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow * continuation_lazy_now) Line 480	C++
 	Qt6WebEngineCore.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() Line 354	C++
 	Qt6WebEngineCore.dll!base::MessagePumpDefault::Run(base::MessagePump::Delegate * delegate) Line 41	C++
 	Qt6WebEngineCore.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) Line 648	C++
 	Qt6WebEngineCore.dll!base::RunLoop::Run(const base::Location & location) Line 136	C++
 	Qt6WebEngineCore.dll!base::Thread::Run(base::RunLoop * run_loop) Line 338	C++
 	Qt6WebEngineCore.dll!base::Thread::ThreadMain() Line 412	C++
 	Qt6WebEngineCore.dll!base::`anonymous namespace'::ThreadFunc(void * params) Line 136	C++
 	[External Code]

      "CrBrowserMain" thread

       	[External Code]	
>	[Inline Frame] Qt6Core.dll!QtWindowsFutex::futexWait(QBasicAtomicPointer<QMutexPrivate> & expectedValue, QMutexPrivate *) Line 35	C++
 	Qt6Core.dll!QBasicMutex::lockInternal() Line 645	C++
 	[Inline Frame] Qt6WebEngineCore.dll!QtWebEngineCore::Compositor::BindingMap::lock() Line 47	C++
 	Qt6WebEngineCore.dll!QtWebEngineCore::Compositor::Observer::unbind() Line 87	C++
 	[Inline Frame] Qt6WebEngineCore.dll!QtWebEngineCore::Compositor::Observer::{dtor}() Line 93	C++
 	Qt6WebEngineCore.dll!QtWebEngineCore::RenderWidgetHostViewQtDelegateItem::~RenderWidgetHostViewQtDelegateItem() Line 43	C++
 	[External Code]	
 	[Inline Frame] Qt6WebEngineCore.dll!std::default_delete<QtWebEngineCore::RenderWidgetHostViewQtDelegate>::operator()(QtWebEngineCore::RenderWidgetHostViewQtDelegate *) Line 3139	C++
 	[Inline Frame] Qt6WebEngineCore.dll!std::unique_ptr<QtWebEngineCore::RenderWidgetHostViewQtDelegate,std::default_delete<QtWebEngineCore::RenderWidgetHostViewQtDelegate>>::reset(QtWebEngineCore::RenderWidgetHostViewQtDelegate *) Line 3284	C++
 	Qt6WebEngineCore.dll!QtWebEngineCore::RenderWidgetHostViewQt::~RenderWidgetHostViewQt() Line 192	C++
 	[External Code]	
 	Qt6WebEngineCore.dll!QtWebEngineCore::ProxyingURLLoaderFactoryQt::OnTargetFactoryError() Line 588	C++
 	Qt6WebEngineCore.dll!content::RenderWidgetHostImpl::Destroy(bool also_delete) Line 2488	C++
 	Qt6WebEngineCore.dll!content::RenderViewHostImpl::~RenderViewHostImpl() Line 380	C++
 	[External Code]	
 	[Inline Frame] Qt6WebEngineCore.dll!base::RefCounted<content::RenderViewHostImpl,base::DefaultRefCountedTraits<content::RenderViewHostImpl>>::DeleteInternal(const content::RenderViewHostImpl *) Line 366	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::DefaultRefCountedTraits<content::RenderViewHostImpl>::Destruct(const content::RenderViewHostImpl *) Line 330	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::RefCounted<content::RenderViewHostImpl,base::DefaultRefCountedTraits<content::RenderViewHostImpl>>::Release() Line 355	C++
 	Qt6WebEngineCore.dll!scoped_refptr<content::RenderViewHostImpl>::Release(content::RenderViewHostImpl * ptr) Line 383	C++
 	[Inline Frame] Qt6WebEngineCore.dll!scoped_refptr<content::RenderViewHostImpl>::{dtor}() Line 280	C++
 	[Inline Frame] Qt6WebEngineCore.dll!scoped_refptr<content::RenderViewHostImpl>::reset() Line 310	C++
 	Qt6WebEngineCore.dll!content::RenderFrameHostImpl::~RenderFrameHostImpl() Line 1882	C++
 	[External Code]	
 	[Inline Frame] Qt6WebEngineCore.dll!std::default_delete<content::RenderFrameHostImpl>::operator()(content::RenderFrameHostImpl *) Line 3139	C++
 	[Inline Frame] Qt6WebEngineCore.dll!std::unique_ptr<content::RenderFrameHostImpl,std::default_delete<content::RenderFrameHostImpl>>::{dtor}() Line 3249	C++
 	Qt6WebEngineCore.dll!content::RenderFrameHostManager::~RenderFrameHostManager() Line 524	C++
 	Qt6WebEngineCore.dll!content::FrameTreeNode::~FrameTreeNode() Line 319	C++
 	Qt6WebEngineCore.dll!content::FrameTree::~FrameTree() Line 227	C++
 	Qt6WebEngineCore.dll!content::WebContentsImpl::~WebContentsImpl() Line 1246	C++
 	[External Code]	
 	[Inline Frame] Qt6WebEngineCore.dll!std::default_delete<content::WebContents>::operator()(content::WebContents *) Line 3139	C++
 	[Inline Frame] Qt6WebEngineCore.dll!std::unique_ptr<content::WebContents,std::default_delete<content::WebContents>>::{dtor}() Line 3249	C++
 	Qt6WebEngineCore.dll!QtWebEngineCore::WebContentsAdapter::~WebContentsAdapter() Line 439	C++
 	[Inline Frame] Qt6WebEngineQuick.dll!QtSharedPointer::ExternalRefCountData::destroy() Line 115	C++
 	[Inline Frame] Qt6WebEngineQuick.dll!QSharedPointer<QtWebEngineCore::WebContentsAdapter>::deref(QtSharedPointer::ExternalRefCountData * dd) Line 476	C++
 	[Inline Frame] Qt6WebEngineQuick.dll!QSharedPointer<QtWebEngineCore::WebContentsAdapter>::deref() Line 471	C++
 	[Inline Frame] Qt6WebEngineQuick.dll!QSharedPointer<QtWebEngineCore::WebContentsAdapter>::{dtor}() Line 284	C++
 	Qt6WebEngineQuick.dll!QQuickWebEngineViewPrivate::~QQuickWebEngineViewPrivate() Line 337	C++
 	[External Code]	
 	[Inline Frame] Qt6WebEngineQuick.dll!QScopedPointerDeleter<QQuickWebEngineViewPrivate>::cleanup(QQuickWebEngineViewPrivate *) Line 24	C++
 	[Inline Frame] Qt6WebEngineQuick.dll!QScopedPointer<QQuickWebEngineViewPrivate,QScopedPointerDeleter<QQuickWebEngineViewPrivate>>::{dtor}() Line 81	C++
 	Qt6WebEngineQuick.dll!QQuickWebEngineView::~QQuickWebEngineView() Line 935	C++
 	[External Code]	
 	Qt6Core.dll!QObjectPrivate::deleteChildren() Line 2219	C++
 	Qt6Core.dll!QObject::~QObject() Line 1174	C++
 	[External Code]	
 	[Inline Frame] Qt6Core.dll!qDeleteInEventHandler(QObject *) Line 5002	C++
 	Qt6Core.dll!QObject::event(QEvent * e) Line 1487	C++
 	Qt6Quick.dll!QQuickItem::event(QEvent * ev) Line 9092	C++
 	[Inline Frame] Qt6Core.dll!QCoreApplicationPrivate::notify_helper(QObject *) Line 1316	C++
 	[Inline Frame] Qt6Core.dll!doNotify(QObject *) Line 1243	C++
 	Qt6Core.dll!QCoreApplication::notify(QObject * receiver, QEvent * event) Line 1227	C++
 	Qt6Core.dll!QCoreApplication::notifyInternal2(QObject * receiver, QEvent * event) Line 1142	C++
 	[Inline Frame] Qt6Core.dll!QCoreApplication::sendEvent(QObject *) Line 1583	C++
 	Qt6Core.dll!QCoreApplicationPrivate::sendPostedEvents(QObject * receiver, int event_type, QThreadData * data) Line 1940	C++
 	Qt6Gui.dll!QWindowsGuiEventDispatcher::sendPostedEvents() Line 44	C++
 	Qt6Core.dll!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 470	C++
 	Qt6Gui.dll!QWindowsGuiEventDispatcher::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 37	C++
 	[Inline Frame] Qt6Core.dll!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag>) Line 100	C++
 	Qt6Core.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 181	C++
 	Qt6Core.dll!QCoreApplication::exec() Line 1486	C++

      Attachments

        For Gerrit Dashboard: QTBUG-128897
        # Subject Branch Project Status CR V
        591200,10 Compositor: do not call unbind() from the base destructor dev qt/qtwebengine Status: MERGED +2 0
        592911,2 Compositor: do not call unbind() from the base destructor 6.8 qt/qtwebengine Status: MERGED +2 0

        Activity

          People

            qt_webengine_team Qt WebEngine Team
            studiosus Vladimir Belyavsky
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes