Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-129153

Sporadic crash on NativeSkiaOutputDevice::BeginPaint()

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 6.7.2, 6.7.3, 6.8.0, 6.9.0
    • WebEngine
    • None
    • Windows
    • fed0ecfc3 (dev), a073935b3 (6.8)

    Description

      Found it in our automated tracking system.

      0xC0000005: Access violation reading location 0x0000000000000008.
      

       
      Call stack:

       	[Inline Frame] Qt6WebEngineCore.dll!viz::SharedImageFormat::is_single_plane() Line 89	C++
       	[Inline Frame] Qt6WebEngineCore.dll!gpu::SkiaImageRepresentation::ScopedWriteAccess::surface() Line 326	C++
       	Qt6WebEngineCore.dll!QtWebEngineCore::NativeSkiaOutputDevice::Buffer::beginWriteSkia() Line 279	C++
      >	Qt6WebEngineCore.dll!QtWebEngineCore::NativeSkiaOutputDevice::BeginPaint(std::vector<GrBackendSemaphore,std::allocator<GrBackendSemaphore>> * end_semaphores) Line 126	C++
       	Qt6WebEngineCore.dll!viz::SkiaOutputDevice::BeginScopedPaint() Line 152	C++
       	Qt6WebEngineCore.dll!viz::SkiaOutputSurfaceImplOnGpu::FinishPaintCurrentFrame(sk_sp<GrDeferredDisplayList> ddl, sk_sp<GrDeferredDisplayList> overdraw_ddl, std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>> graphite_recording, std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>> image_contexts, std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>> sync_tokens, base::OnceCallback<void __cdecl(void)> on_finished, base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)> return_release_fence_cb, absl::optional<gfx::Rect> draw_rectangle) Line 486	C++
       	[Inline Frame] Qt6WebEngineCore.dll!base::internal::FunctorTraits<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>,sk_sp<GrDeferredDisplayList>,std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>,std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>,std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>,base::OnceCallback<void __cdecl(void)>,base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>,absl::optional<gfx::Rect>),void>::Invoke(void(viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>, sk_sp<GrDeferredDisplayList>, std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>, std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>, std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>, base::OnceCallback<void __cdecl(void)>, base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>, absl::optional<gfx::Rect>)) Line 713	C++
       	[Inline Frame] Qt6WebEngineCore.dll!base::internal::InvokeHelper<0,void,0,1,2,3,4,5,6,7,8>::MakeItSo(void(viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>, sk_sp<GrDeferredDisplayList>, std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>, std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>, std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>, base::OnceCallback<void __cdecl(void)>, base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>, absl::optional<gfx::Rect>) &&) Line 868	C++
       	[Inline Frame] Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>,sk_sp<GrDeferredDisplayList>,std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>,std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>,std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>,base::OnceCallback<void __cdecl(void)>,base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>,absl::optional<gfx::Rect>),base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,sk_sp<GrDeferredDisplayList>,sk_sp<GrDeferredDisplayList>,std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>,std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>,std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>,base::OnceCallback<void __cdecl(void)>,base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>,absl::optional<gfx::Rect>>,void __cdecl(void)>::RunImpl(void(viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>, sk_sp<GrDeferredDisplayList>, std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>, std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>, std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>, base::OnceCallback<void __cdecl(void)>, base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>, absl::optional<gfx::Rect>) &&) Line 968	C++
       	Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>,sk_sp<GrDeferredDisplayList>,std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>,std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>,std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>,base::OnceCallback<void __cdecl(void)>,base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>,absl::optional<gfx::Rect>),base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,sk_sp<GrDeferredDisplayList>,sk_sp<GrDeferredDisplayList>,std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>,std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>,std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>,base::OnceCallback<void __cdecl(void)>,base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>,absl::optional<gfx::Rect>>,void __cdecl(void)>::RunOnce(base::internal::BindStateBase * base) Line 923	C++
       	[Inline Frame] Qt6WebEngineCore.dll!base::OnceCallback<void __cdecl(void)>::Run() Line 152	C++
       	[Inline Frame] Qt6WebEngineCore.dll!viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1>::operator()(std::vector<base::OnceCallback<void __cdecl(void)>,std::allocator<base::OnceCallback<void __cdecl(void)>>>) Line 1438	C++
       	[Inline Frame] Qt6WebEngineCore.dll!base::internal::FunctorTraits<`viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl'::`2'::<lambda_1>,void>::Invoke(viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1> &&) Line 616	C++
       	[Inline Frame] Qt6WebEngineCore.dll!base::internal::InvokeHelper<0,void,0,1,2,3,4,5,6>::MakeItSo(viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1> &&) Line 868	C++
       	[Inline Frame] Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<`viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl'::`2'::<lambda_1>,std::vector<base::OnceCallback<void __cdecl(void)>,std::allocator<base::OnceCallback<void __cdecl(void)>>>,enum viz::SkiaOutputSurfaceImpl::SyncMode,base::internal::UnretainedWrapper<base::WaitableEvent,base::unretained_traits::MayNotDangle,0>,base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,bool,bool,base::TimeTicks>,void __cdecl(void)>::RunImpl(viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1> &&) Line 968	C++
       	Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<`viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl'::`2'::<lambda_1>,std::vector<base::OnceCallback<void __cdecl(void)>,std::allocator<base::OnceCallback<void __cdecl(void)>>>,enum viz::SkiaOutputSurfaceImpl::SyncMode,base::internal::UnretainedWrapper<base::WaitableEvent,base::unretained_traits::MayNotDangle,0>,base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,bool,bool,base::TimeTicks>,void __cdecl(void)>::RunOnce(base::internal::BindStateBase * base) Line 919	C++
       	[Inline Frame] Qt6WebEngineCore.dll!base::OnceCallback<void __cdecl(void)>::Run() Line 152	C++
       	Qt6WebEngineCore.dll!gpu::SchedulerDfs::ExecuteSequence(base::IdType<gpu::SyncPointOrderData,unsigned int,0,1> sequence_id) Line 768	C++
       	Qt6WebEngineCore.dll!gpu::SchedulerDfs::RunNextTask() Line 683	C++
       	[Inline Frame] Qt6WebEngineCore.dll!base::OnceCallback<void __cdecl(void)>::Run() Line 152	C++
       	Qt6WebEngineCore.dll!base::TaskAnnotator::RunTaskImpl(base::PendingTask & pending_task) Line 201	C++
       	[Inline Frame] Qt6WebEngineCore.dll!base::TaskAnnotator::RunTask(perfetto::StaticString) Line 89	C++
       	Qt6WebEngineCore.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow * continuation_lazy_now) Line 480	C++
       	Qt6WebEngineCore.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() Line 354	C++
       	Qt6WebEngineCore.dll!base::MessagePumpDefault::Run(base::MessagePump::Delegate * delegate) Line 41	C++
       	Qt6WebEngineCore.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) Line 648	C++
       	Qt6WebEngineCore.dll!base::RunLoop::Run(const base::Location & location) Line 136	C++
       	Qt6WebEngineCore.dll!base::Thread::Run(base::RunLoop * run_loop) Line 338	C++
       	Qt6WebEngineCore.dll!base::Thread::ThreadMain() Line 412	C++
       	Qt6WebEngineCore.dll!base::`anonymous namespace'::ThreadFunc(void * params) Line 136	C++
       	[External Code]	
      

      Update:
      Here is code sample which reproduces the same crash:

      import QtQuick
      import QtWebEngine
      
      Window {
          id: mainWindow
          width: 300
          height: 300
          title: 'Main'
          visible: true
      
          Rectangle {
              width: 200
              height: 200
      
              RotationAnimator on rotation { // just to simulate some active repainting
                  from: 0; to: 360; loops: Animation.Infinite; duration: 500
              }
          }
      
          WebEngineView {
              id: webView
              anchors.fill: parent
              url: 'https://www.youtube.com/embed/tgbNymZ7vqY?autoplay=1&mute=1'
          }
      
          Window {
              id: childWindow
              width: 300
              height: 300
              x: mainWindow.x + mainWindow.width
              y: mainWindow.y
              title: 'Child'
              visible: true
          }
      
          Timer {
              interval: 200
              repeat: true
              running: true
              onTriggered: {
                  if (webView.parent === mainWindow.contentItem)
                      webView.parent = childWindow.contentItem
                  else
                      webView.parent = mainWindow.contentItem
              }
          }
      }
      

      Just run it and observe the crash after some time.

      Attachments

        1. image-2024-09-20-11-47-39-209.png
          166 kB
          Vladimir Belyavsky
        2. screenshot-1.png
          160 kB
          Vladimir Belyavsky

        Issue Links

          For Gerrit Dashboard: QTBUG-129153
          # Subject Branch Project Status CR V

          Activity

            People

              pvarga Peter Varga
              studiosus Vladimir Belyavsky
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes