Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-129153

Sporadic crash on NativeSkiaOutputDevice::BeginPaint()

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P1: Critical
    • None
    • 6.7.2, 6.7.3, 6.8.0
    • WebEngine
    • None
    • Windows
    • fed0ecfc3 (dev), a073935b3 (6.8)

    Description

      Found it in our automated tracking system.

      0xC0000005: Access violation reading location 0x0000000000000008.

       
      Call stack:

       	[Inline Frame] Qt6WebEngineCore.dll!viz::SharedImageFormat::is_single_plane() Line 89	C++
 	[Inline Frame] Qt6WebEngineCore.dll!gpu::SkiaImageRepresentation::ScopedWriteAccess::surface() Line 326	C++
 	Qt6WebEngineCore.dll!QtWebEngineCore::NativeSkiaOutputDevice::Buffer::beginWriteSkia() Line 279	C++
>	Qt6WebEngineCore.dll!QtWebEngineCore::NativeSkiaOutputDevice::BeginPaint(std::vector<GrBackendSemaphore,std::allocator<GrBackendSemaphore>> * end_semaphores) Line 126	C++
 	Qt6WebEngineCore.dll!viz::SkiaOutputDevice::BeginScopedPaint() Line 152	C++
 	Qt6WebEngineCore.dll!viz::SkiaOutputSurfaceImplOnGpu::FinishPaintCurrentFrame(sk_sp<GrDeferredDisplayList> ddl, sk_sp<GrDeferredDisplayList> overdraw_ddl, std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>> graphite_recording, std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>> image_contexts, std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>> sync_tokens, base::OnceCallback<void __cdecl(void)> on_finished, base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)> return_release_fence_cb, absl::optional<gfx::Rect> draw_rectangle) Line 486	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::FunctorTraits<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>,sk_sp<GrDeferredDisplayList>,std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>,std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>,std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>,base::OnceCallback<void __cdecl(void)>,base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>,absl::optional<gfx::Rect>),void>::Invoke(void(viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>, sk_sp<GrDeferredDisplayList>, std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>, std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>, std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>, base::OnceCallback<void __cdecl(void)>, base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>, absl::optional<gfx::Rect>)) Line 713	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::InvokeHelper<0,void,0,1,2,3,4,5,6,7,8>::MakeItSo(void(viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>, sk_sp<GrDeferredDisplayList>, std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>, std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>, std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>, base::OnceCallback<void __cdecl(void)>, base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>, absl::optional<gfx::Rect>) &&) Line 868	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>,sk_sp<GrDeferredDisplayList>,std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>,std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>,std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>,base::OnceCallback<void __cdecl(void)>,base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>,absl::optional<gfx::Rect>),base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,sk_sp<GrDeferredDisplayList>,sk_sp<GrDeferredDisplayList>,std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>,std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>,std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>,base::OnceCallback<void __cdecl(void)>,base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>,absl::optional<gfx::Rect>>,void __cdecl(void)>::RunImpl(void(viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>, sk_sp<GrDeferredDisplayList>, std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>, std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>, std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>, base::OnceCallback<void __cdecl(void)>, base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>, absl::optional<gfx::Rect>) &&) Line 968	C++
 	Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl viz::SkiaOutputSurfaceImplOnGpu::*)(sk_sp<GrDeferredDisplayList>,sk_sp<GrDeferredDisplayList>,std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>,std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>,std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>,base::OnceCallback<void __cdecl(void)>,base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>,absl::optional<gfx::Rect>),base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,sk_sp<GrDeferredDisplayList>,sk_sp<GrDeferredDisplayList>,std::unique_ptr<skgpu::graphite::Recording,std::default_delete<skgpu::graphite::Recording>>,std::vector<viz::ImageContextImpl *,std::allocator<viz::ImageContextImpl *>>,std::vector<gpu::SyncToken,std::allocator<gpu::SyncToken>>,base::OnceCallback<void __cdecl(void)>,base::OnceCallback<void __cdecl(gfx::GpuFenceHandle)>,absl::optional<gfx::Rect>>,void __cdecl(void)>::RunOnce(base::internal::BindStateBase * base) Line 923	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::OnceCallback<void __cdecl(void)>::Run() Line 152	C++
 	[Inline Frame] Qt6WebEngineCore.dll!viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1>::operator()(std::vector<base::OnceCallback<void __cdecl(void)>,std::allocator<base::OnceCallback<void __cdecl(void)>>>) Line 1438	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::FunctorTraits<`viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl'::`2'::<lambda_1>,void>::Invoke(viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1> &&) Line 616	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::InvokeHelper<0,void,0,1,2,3,4,5,6>::MakeItSo(viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1> &&) Line 868	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<`viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl'::`2'::<lambda_1>,std::vector<base::OnceCallback<void __cdecl(void)>,std::allocator<base::OnceCallback<void __cdecl(void)>>>,enum viz::SkiaOutputSurfaceImpl::SyncMode,base::internal::UnretainedWrapper<base::WaitableEvent,base::unretained_traits::MayNotDangle,0>,base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,bool,bool,base::TimeTicks>,void __cdecl(void)>::RunImpl(viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl::__l2::<lambda_1> &&) Line 968	C++
 	Qt6WebEngineCore.dll!base::internal::Invoker<base::internal::BindState<`viz::SkiaOutputSurfaceImpl::FlushGpuTasksWithImpl'::`2'::<lambda_1>,std::vector<base::OnceCallback<void __cdecl(void)>,std::allocator<base::OnceCallback<void __cdecl(void)>>>,enum viz::SkiaOutputSurfaceImpl::SyncMode,base::internal::UnretainedWrapper<base::WaitableEvent,base::unretained_traits::MayNotDangle,0>,base::internal::UnretainedWrapper<viz::SkiaOutputSurfaceImplOnGpu,base::unretained_traits::MayNotDangle,0>,bool,bool,base::TimeTicks>,void __cdecl(void)>::RunOnce(base::internal::BindStateBase * base) Line 919	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::OnceCallback<void __cdecl(void)>::Run() Line 152	C++
 	Qt6WebEngineCore.dll!gpu::SchedulerDfs::ExecuteSequence(base::IdType<gpu::SyncPointOrderData,unsigned int,0,1> sequence_id) Line 768	C++
 	Qt6WebEngineCore.dll!gpu::SchedulerDfs::RunNextTask() Line 683	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::OnceCallback<void __cdecl(void)>::Run() Line 152	C++
 	Qt6WebEngineCore.dll!base::TaskAnnotator::RunTaskImpl(base::PendingTask & pending_task) Line 201	C++
 	[Inline Frame] Qt6WebEngineCore.dll!base::TaskAnnotator::RunTask(perfetto::StaticString) Line 89	C++
 	Qt6WebEngineCore.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow * continuation_lazy_now) Line 480	C++
 	Qt6WebEngineCore.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() Line 354	C++
 	Qt6WebEngineCore.dll!base::MessagePumpDefault::Run(base::MessagePump::Delegate * delegate) Line 41	C++
 	Qt6WebEngineCore.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) Line 648	C++
 	Qt6WebEngineCore.dll!base::RunLoop::Run(const base::Location & location) Line 136	C++
 	Qt6WebEngineCore.dll!base::Thread::Run(base::RunLoop * run_loop) Line 338	C++
 	Qt6WebEngineCore.dll!base::Thread::ThreadMain() Line 412	C++
 	Qt6WebEngineCore.dll!base::`anonymous namespace'::ThreadFunc(void * params) Line 136	C++
 	[External Code]

      Update:
      Here is code sample which reproduces the same crash:

      import QtQuick
import QtWebEngine

Window {
    id: mainWindow
    width: 300
    height: 300
    title: 'Main'
    visible: true

    Rectangle {
        width: 200
        height: 200

        RotationAnimator on rotation { // just to simulate some active repainting
            from: 0; to: 360; loops: Animation.Infinite; duration: 500
        }
    }

    WebEngineView {
        id: webView
        anchors.fill: parent
        url: 'https://www.youtube.com/embed/tgbNymZ7vqY?autoplay=1&mute=1'
    }

    Window {
        id: childWindow
        width: 300
        height: 300
        x: mainWindow.x + mainWindow.width
        y: mainWindow.y
        title: 'Child'
        visible: true
    }

    Timer {
        interval: 200
        repeat: true
        running: true
        onTriggered: {
            if (webView.parent === mainWindow.contentItem)
                webView.parent = childWindow.contentItem
            else
                webView.parent = mainWindow.contentItem
        }
    }
}

      Just run it and observe the crash after some time.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-131304 Broken rendering when reparenting WebEngineView to another window

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Reported
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              qt_webengine_team Qt WebEngine Team
              studiosus Vladimir Belyavsky
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes