REOPENED 231423
SIGSEGV when creating WebGL context in Safari 15.0, crashes tab completely 
https://bugs.webkit.org/show_bug.cgi?id=231423
Summary SIGSEGV when creating WebGL context in Safari 15.0, crashes tab completely
Will Morgan
Reported 2021-10-08 04:48:39 PDT
Created attachment 440593 [details] com.apple.WebKit.WebContent_2021-10-08-124039_Mac.crash Hi, Safari 15 is now crashing the tab when creating a WebGL canvas context. This is now blocking all users of Safari 15 from using our, and our customers, web apps. Unfortunately no console logs are available, but here is what the system console says - full log attached: Process: com.apple.WebKit.WebContent [87508] Path: /Library/Apple/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent Identifier: com.apple.WebKit.WebContent Version: 16612 (16612.1.29.41.4) Build Info: WebKit-7612001029041004~8 (612A78a) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: Safari [87045] User ID: 501 Date/Time: 2021-10-08 12:40:34.829 +0100 OS Version: macOS 11.6 (20G165) Report Version: 12 Bridge OS Version: 3.0 (14Y908) Anonymous UUID: EE8A9404-E3A7-470C-9EC2-1B968DC00E20 Sleep/Wake UUID: B189040B-3AF0-490F-B83B-9312801AD26E Time Awake Since Boot: 400000 seconds Time Since Wake: 13000 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [87508] VM Regions Near 0: --> __TEXT 1070ca000-1070ce000 [ 16K] r-x/r-x SM=COW /Library/Apple/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent Application Specific Information: Bundle controller class: BrowserBundleController Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000005b8cd793c WebCore::GraphicsContextGLOpenGL::reshapeDisplayBufferBacking() + 188 1 com.apple.WebCore 0x00000005b82dd243 WebCore::GraphicsContextGLOpenGL::reshapeFBOs(WebCore::IntSize const&) + 451 2 com.apple.WebCore 0x00000005b82df2c3 WebCore::GraphicsContextGLOpenGL::reshape(int, int) + 547 3 com.apple.WebCore 0x00000005b96cdfe4 WebCore::WebGLRenderingContextBase::initializeNewContext() + 2324 4 com.apple.WebCore 0x00000005b96d9312 WebCore::WebGLRenderingContextBase::create(WebCore::CanvasBase&, WebCore::GraphicsContextGLAttributes&, WebCore::GraphicsContextGLWebGLVersion) + 2882 5 com.apple.WebCore 0x00000005b959325a WebCore::HTMLCanvasElement::createContextWebGL(WebCore::GraphicsContextGLWebGLVersion, WebCore::GraphicsContextGLAttributes&&) + 330 6 com.apple.WebCore 0x00000005b9592e92 WebCore::HTMLCanvasElement::getContext(JSC::JSGlobalObject&, WTF::String const&, WTF::Vector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 1186 7 com.apple.WebCore 0x00000005b8640b6b WebCore::jsHTMLCanvasElementPrototypeFunction_getContext(JSC::JSGlobalObject*, JSC::CallFrame*) + 411 8 ??? 0x00004632a1a011d8 0 + 77183273931224 9 com.apple.JavaScriptCore 0x00000005bc49ac4e llint_entry + 112071 10 com.apple.JavaScriptCore 0x00000005bc49b939 llint_entry + 115378 11 com.apple.JavaScriptCore 0x00000005bc49ac4e llint_entry + 112071 12 com.apple.JavaScriptCore 0x00000005bc49ac4e llint_entry + 112071 13 com.apple.JavaScriptCore 0x00000005bc49abc9 llint_entry + 111938 14 com.apple.JavaScriptCore 0x00000005bc49abc9 llint_entry + 111938 15 com.apple.JavaScriptCore 0x00000005bc49abc9 llint_entry + 111938 16 com.apple.JavaScriptCore 0x00000005bc49ac4e llint_entry + 112071 17 com.apple.JavaScriptCore 0x00000005bc49ac4e llint_entry + 112071 18 com.apple.JavaScriptCore 0x00000005bc47f486 vmEntryToJavaScript + 216
Attachments
com.apple.WebKit.WebContent_2021-10-08-124039_Mac.crash (147.81 KB, text/plain)
2021-10-08 04:48 PDT, Will Morgan 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Will Morgan
Comment 1 2021-10-08 05:06:30 PDT
This can be reproduced reliably on the websites listed on this GitHub issue thread: https://github.com/mrdoob/three.js/issues/22582 Some examples: - https://www.aquarium.ru/en - https://billie.withyoutube.com - https://voiceofracism.co.nz - https://augmentedperception.github.io/deepviewvideo/
Kimmo Kinnunen
Comment 2 2021-10-08 05:55:04 PDT
Thanks for the report. This has since been fixed and will be shipped in the upcoming releases. *** This bug has been marked as a duplicate of bug 229309 ***
Kimmo Kinnunen
Comment 3 2021-10-08 05:55:30 PDT
The workaround is to not request WebXR context.
Will Morgan
Comment 4 2021-10-08 08:06:43 PDT
Hi Kimmo, I'm not able to see that ticket, but our product is using WebGL, not WebXR. Do you mean that we should not use WebGL or WebXR at all? In any case, we and our customers would appreciate an update about when the fix, in whatever form it may take, will be shipped? Thanks.
Kenneth Russell
Comment 5 2021-10-08 13:52:42 PDT
Will: these samples
Kenneth Russell
Comment 6 2021-10-08 13:57:20 PDT
...oops, accidentally saved incomplete comment. Will: these samples are specifying the WebGL context creation attribute: xrCompatible: true and there was a bug in Safari's handling of this attribute. Hoping this is already better tested on WebKit's EWS bots.
Sam Sneddon [:gsnedders]
Comment 7 2021-10-13 13:56:37 PDT
> In any case, we and our customers would appreciate an update about when the fix, in whatever form it may take, will be shipped? Apple does not comment on future releases. This does, however, appear identical to bug 229309 from the stack; see what Ken said for some detail there.
Will Morgan
Comment 8 2021-10-13 14:43:25 PDT
Sam, I cannot see the content of that bug.
Kenneth Russell
Comment 9 2021-10-13 16:49:36 PDT
I don't have access to Bug 229309 (anymore?) either. :)
Radar WebKit Bug Importer
Comment 10 2021-10-15 04:49:18 PDT
<rdar://problem/84297576>
Dustin Kerstein
Comment 11 2021-10-20 10:34:53 PDT
Would you be able to provide the version number of Safari where this is resolved? I can still replicate this on the latest Safari Technical Preview on https://my.panomoments.com/u/dustinkerstein/m/havana-intersection
Dustin Kerstein
Comment 12 2021-10-20 14:36:58 PDT
FYI, I just upgraded the three.js library on https://my.panomoments.com to r122 and this issue went away (though this unfortunately breaks the WebVR implementation - but I can live with that for now). Just wanted to let you know as you won't be able to replicate with that link above.
Will Morgan
Comment 13 2021-10-21 02:05:49 PDT
This no longer appears to be an issue in the latest beta of Safari (13th October 2021), but knowing when that will be GA and released would still be useful.
Note You need to log in before you can comment on or make changes to this bug.