WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
291759
[Skia] Crashes in GrResourceCache::notifyARefCntReachedZero, GrResourceCache::findAndRefScratchResource when watching Kaltura video
https://bugs.webkit.org/show_bug.cgi?id=291759
Summary
[Skia] Crashes in GrResourceCache::notifyARefCntReachedZero, GrResourceCache:...
Michael Catanzaro
Reported
2025-04-18 10:54:36 PDT
Created
attachment 474957
[details]
Full backtrace When watching a Kaltura video on an internal Red Hat website using Ephy Tech Preview with WebKitGTK 2.49.1, the web process occasionally crashes with SIGILL, which is a quite unusual way to crash. (I wonder if an illegal instruction is used to implement SkASSERT?) Program terminated with signal SIGILL, Illegal instruction. #0 0x00007f66d7a25379 in GrResourceCache::notifyARefCntReachedZero (this=0x5654b90289a0, resource=0x5654ba41b8e0, removedRef=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrResourceCache.cpp:387 warning: 387 /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrResourceCache.cpp: No such file or directory [Current thread is 1 (Thread 0x7f66cb837ac0 (LWP 2))] (gdb) bt #0 0x00007f66d7a25379 in GrResourceCache::notifyARefCntReachedZero (this=0x5654b90289a0, resource=0x5654ba41b8e0, removedRef=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrResourceCache.cpp:387 #1 0x00007f66d7a2c407 in GrIORef<GrGpuResource>::notifyWillBeZero (this=0x5654ba41b8e8, removedRef=GrIORef<GrGpuResource>::LastRemovedRef::kMainRef) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrGpuResource.h:102 #2 GrIORef<GrGpuResource>::unref (this=0x5654ba41b8e8) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrGpuResource.h:65 #3 SkSafeUnref<GrSurface> (obj=0x5654ba41b8e0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:151 #4 sk_sp<GrSurface>::reset (this=0x5654baef593b, ptr=0x0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:316 #5 sk_sp<GrSurface>::operator=(decltype(nullptr)) (this=0x5654baef593b) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:260 #6 GrTextureProxy::~GrTextureProxy (this=0x5654baef5910, vtt=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrTextureProxy.cpp:110 #7 0x00007f66d7a2d8bf in GrTextureRenderTargetProxy::~GrTextureRenderTargetProxy (this=0x5654baef58e0, vtt=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrTextureRenderTargetProxy.h:44 #8 GrTextureRenderTargetProxy::~GrTextureRenderTargetProxy (this=0x5654baef58e0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrTextureRenderTargetProxy.h:44 #9 GrTextureRenderTargetProxy::~GrTextureRenderTargetProxy (this=0x5654baef58e0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrTextureRenderTargetProxy.h:44 #10 0x00007f66d7a2d8bf in virtual thunk to GrTextureRenderTargetProxy::~GrTextureRenderTargetProxy() () at /usr/lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 Unfortunately it's 35 frames deep inside Skia. The first WebKit frame is: #36 0x00007f66d7217a5d in WebCore::createAcceleratedRenderingFence<sk_sp<SkImage> const> (object=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/skia/GraphicsContextSkia.cpp:1054 I will attach a full backtrace.
Attachments
Full backtrace
(223.87 KB, text/plain)
2025-04-18 10:54 PDT
,
Michael Catanzaro
no flags
Details
Full backtrace for second crash
(225.73 KB, text/plain)
2025-04-29 12:43 PDT
,
Michael Catanzaro
no flags
Details
Full backtrace (Debian bookworm)
(10.69 KB, text/plain)
2025-05-20 08:34 PDT
,
Alberto Garcia
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Michael Catanzaro
Comment 1
2025-04-21 07:10:22 PDT
***
Bug 291836
has been marked as a duplicate of this bug. ***
Michael Catanzaro
Comment 2
2025-04-21 07:10:41 PDT
Bug #291836
contains a stack trace for this happening on youtube.com.
Michael Catanzaro
Comment 3
2025-04-29 12:42:25 PDT
Here's a completely different stack trace: (gdb) bt #0 skia_private::AutoSTMalloc<8ul, unsigned int, void>::get (this=0x7f4a40e68910) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/private/base/SkTemplates.h:383 #1 skgpu::ResourceKey::operator== (that=..., this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ResourceKey.h:102 #2 skgpu::ScratchKey::operator== (that=..., this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ResourceKey.h:217 #3 skia_private::THashTable<SkTMultiMap<GrGpuResource, skgpu::ScratchKey, GrResourceCache::ScratchMapTraits>::ValueList*, skgpu::ScratchKey, SkTDynamicHash<SkTMultiMap<GrGpuResource, skgpu::ScratchKey, GrResourceCache::ScratchMapTraits>::ValueList, skgpu::ScratchKey, SkTMultiMap<GrGpuResource, skgpu::ScratchKey, GrResourceCache::ScratchMapTraits>::ValueList>::AdaptedTraits>::find (this=0x55b60c637978, key=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/core/SkTHash.h:126 #4 0x00007f4fb2624b44 in skia_private::THashTable<SkTMultiMap<GrGpuResource, skgpu::ScratchKey, GrResourceCache::ScratchMapTraits>::ValueList*, skgpu::ScratchKey, SkTDynamicHash<SkTMultiMap<GrGpuResource, skgpu::ScratchKey, GrResourceCache::ScratchMapTraits>::ValueList, skgpu::ScratchKey, SkTMultiMap<GrGpuResource, skgpu::ScratchKey, GrResourceCache::ScratchMapTraits>::ValueList>::AdaptedTraits>::findOrNull (this=0x55b60c637978, key=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/core/SkTHash.h:138 #5 SkTDynamicHash<SkTMultiMap<GrGpuResource, skgpu::ScratchKey, GrResourceCache::ScratchMapTraits>::ValueList, skgpu::ScratchKey, SkTMultiMap<GrGpuResource, skgpu::ScratchKey, GrResourceCache::ScratchMapTraits>::ValueList>::find (this=0x55b60c637978, key=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/core/SkTDynamicHash.h:42 #6 SkTMultiMap<GrGpuResource, skgpu::ScratchKey, GrResourceCache::ScratchMapTraits>::find (this=0x55b60c637978, key=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/core/SkTMultiMap.h:95 #7 GrResourceCache::findAndRefScratchResource (this=0x55b60c637930, scratchKey=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrResourceCache.cpp:216 #8 0x00007f4fb2628346 in GrResourceProvider::findAndRefScratchTexture (this=0x55b60c70a290, key=..., label="TextureRenderTarget_FullyLazyProxy") at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrResourceProvider.cpp:336 #9 GrResourceProvider::findAndRefScratchTexture (this=<optimized out>, dimensions=..., format=<optimized out>, textureType=<optimized out>, renderable=<optimized out>, renderTargetSampleCnt=<optimized out>, mipmapped=<optimized out>, isProtected=<optimized out>, label="TextureRenderTarget_FullyLazyProxy") at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrResourceProvider.cpp:369 #10 0x00007f4fb26286c0 in GrResourceProvider::getExactScratch (this=<optimized out>, dimensions=..., format=<optimized out>, textureType=<optimized out>, renderable=<optimized out>, renderTargetSampleCnt=<optimized out>, budgeted=<optimized out>, mipmapped=<optimized out>, isProtected=<optimized out>, label=Python Exception <class 'gdb.error'>: value has been optimized out ) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrResourceProvider.cpp:140 #11 GrResourceProvider::createTexture (this=0x55b60c70a290, dimensions=..., format=..., textureType=GrTextureType::k2D, renderable=<optimized out>, renderTargetSampleCnt=4, mipmapped=<optimized out>, budgeted=<optimized out>, isProtected=<optimized out>, label="TextureRenderTarget_FullyLazyProxy") at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrResourceProvider.cpp:256 #12 0x00007f4fb2872e9a in GrDynamicAtlas::reset(SkISize, GrCaps const&)::$_0::operator()(GrResourceProvider*, GrSurfaceProxy::LazySurfaceDesc const&) const (this=<optimized out>, resourceProvider=0x55b60c70a290, desc=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrDynamicAtlas.cpp:110 #13 std::__invoke_impl<GrSurfaceProxy::LazyCallbackResult, GrDynamicAtlas::reset(SkISize, GrCaps const&)::$_0&, GrResourceProvider*, GrSurfaceProxy::LazySurfaceDesc const&>(std::__invoke_other, GrDynamicAtlas::reset(SkISize, GrCaps const&)::$_0&, GrResourceProvider*&&, GrSurfaceProxy::LazySurfaceDesc const&) (__f=<optimized out>, __args=<optimized out>, __args=<optimized out>) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/14.2.0/../../../../include/c++/14.2.0/bits/invoke.h:61 #14 std::__invoke_r<GrSurfaceProxy::LazyCallbackResult, GrDynamicAtlas::reset(SkISize, GrCaps const&)::$_0&, GrResourceProvider*, GrSurfaceProxy::LazySurfaceDesc const&>(GrDynamicAtlas::reset(SkISize, GrCaps const&)::$_0&, GrResourceProvider*&&, GrSurfaceProxy::LazySurfaceDesc const&) (__fn=<optimized out>, __args=<optimized out>, __args=<optimized out>) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/14.2.0/../../../../include/c++/14.2.0/bits/invoke.h:114 #15 std::_Function_handler<GrSurfaceProxy::LazyCallbackResult(GrResourceProvider*, GrSurfaceProxy::LazySurfaceDesc const&), GrDynamicAtlas::reset(SkISize, GrCaps const&)::$_0>::_M_invoke (__functor=<optimized out>, __args=<optimized out>, __args=...) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/14.2.0/../../../../include/c++/14.2.0/bits/std_function.h:290 I'll attach the full version. Clearly something is wrong with GrResourceCache.
Michael Catanzaro
Comment 4
2025-04-29 12:43:07 PDT
Created
attachment 475083
[details]
Full backtrace for second crash
Alberto Garcia
Comment 5
2025-05-20 08:34:55 PDT
Created
attachment 475318
[details]
Full backtrace (Debian bookworm) It also crashes with Debian bookworm, I'm attaching another backtrace. I'm having this problem often with 2.48.2 using the Element Matrix client, it was working fine with 2.48.1.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug