WebCore OpenGL crash in web view when app with background modes enabled goes to background

Originator:florian.heiber
Number:rdar://33647286 Date Originated:01-Aug-2017 08:00 AM
Status:Open Resolved:
Product:iOS + SDK Product Version:iOS 9
Classification:Security Reproducible:Sometimes
 
Summary:
This is a duplicate of radar #31689026

App running OpenGL method in web view (UIWebView or WKWebView) will crash when it goes to the background. There’s no way to stop or pause the OpenGL execution in web view before app goes to background. Setting the web view to nil doesn’t work.


Steps to Reproduce:
1. Load a web view that uses OpenGL to do animation.
2. Click on the web view to start animation.
3. Before the animation stops, click the home button to exit the app.
4. Reopen the app.

Expected Results:
No crash.

Actual Results:
App crashed.  See crash log below:

#7. Crashed: WebThread
0  libGPUSupportMercury.dylib     0x1a185ffac gpus_ReturnNotPermittedKillClient
1  AGXGLDriver                    0x1a6436f74 (null)
2  libGPUSupportMercury.dylib     0x1a1860f88 gpusSubmitDataBuffers
3  AGXGLDriver                    0x1a6438480 (null)
4  WebCore                        0x1968a655c WebCore::GraphicsContext3D::reshape(int, int) + 528
5  WebCore                        0x1973d7650 WebCore::WebGLRenderingContextBase::initializeNewContext() + 716
6  WebCore                        0x1973d7108 WebCore::WebGLRenderingContextBase::WebGLRenderingContextBase(WebCore::HTMLCanvasElement&, WTF::RefPtr<WebCore::GraphicsContext3D>&&, WebCore::GraphicsContext3DAttributes) + 544
7  WebCore                        0x1973d13e4 WebCore::WebGLRenderingContext::WebGLRenderingContext(WebCore::HTMLCanvasElement&, WTF::PassRefPtr<WebCore::GraphicsContext3D>, WebCore::GraphicsContext3DAttributes) + 60
8  WebCore                        0x1973d6690 WebCore::WebGLRenderingContextBase::create(WebCore::HTMLCanvasElement&, WebCore::GraphicsContext3DAttributes&, WTF::String const&) + 1176
9  WebCore                        0x1968d5030 WebCore::HTMLCanvasElement::getContextWebGL(WTF::String const&, WebCore::GraphicsContext3DAttributes&&) + 156
10 WebCore                        0x196bef788 WebCore::JSHTMLCanvasElement::getContext(JSC::ExecState&) + 360
11 WebCore                        0x1964efa10 WebCore::jsHTMLCanvasElementPrototypeFunctionGetContext(JSC::ExecState*) + 172
12 JavaScriptCore                 0x195ee9694 llint_entry + 28916
13 JavaScriptCore                 0x195ee8cc8 llint_entry + 26408
14 JavaScriptCore                 0x195ee8cc8 llint_entry + 26408
15 JavaScriptCore                 0x195ee8cc8 llint_entry + 26408
16 JavaScriptCore                 0x195ee23d8 vmEntryToJavaScript + 264
17 JavaScriptCore                 0x195dcc6f8 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 164
18 JavaScriptCore                 0x195da45a8 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) + 12052
19 JavaScriptCore                 0x195ac15c0 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 348
20 WebCore                        0x19713f2a0 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) + 324
21 WebCore                        0x197144da0 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) + 548
22 WebCore                        0x196ed3298 WebCore::LoadableClassicScript::execute(WebCore::ScriptElement&) + 52
23 WebCore                        0x19714529c WebCore::ScriptElement::executeScriptAndDispatchEvent(WebCore::LoadableScript&) + 216
24 WebCore                        0x196940528 WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WTF::RefPtr<WebCore::PendingScript>) + 120
25 WebCore                        0x196940464 WebCore::HTMLScriptRunner::executeParsingBlockingScript() + 200
26 WebCore                        0x196940560 WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::PendingScript&) + 28
27 WebCore                        0x1968e9ad4 WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&) + 72
28 WebCore                        0x196f91eb0 WebCore::PendingScript::notifyFinished(WebCore::LoadableScript&) + 52
29 WebCore                        0x196ed3c14 WebCore::LoadableScript::notifyClientFinished() + 276
30 WebCore                        0x1965b1f40 WebCore::CachedResource::didAddClient(WebCore::CachedResourceClient&) + 200
31 WebCore                        0x1964ecb80 WebCore::CachedResource::switchClientsToRevalidatedResource() + 736
32 WebCore                        0x196f2fea4 WebCore::MemoryCache::revalidationSucceeded(WebCore::CachedResource&, WebCore::ResourceResponse const&) + 360
33 WebCore                        0x19641c0c0 WebCore::SubresourceLoader::didReceiveResponse(WebCore::ResourceResponse const&) + 112
34 WebCore                        0x1971180fc WebCore::ResourceHandle::didReceiveResponse(WebCore::ResourceResponse&&) + 320
35 WebCore                        0x1973c09fc -[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:] + 368
36 CFNetwork                      0x1920af330 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke + 60
37 CFNetwork                      0x1920af2d4 -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 200
38 CFNetwork                      0x1920af448 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 56
39 CFNetwork                      0x19206ce4c _NSURLConnectionDidReceiveResponse(_CFURLConnection*, _CFURLResponse*, void const*) + 80
40 CFNetwork                      0x191fd2814 ___ZN27URLConnectionClient_Classic28_delegate_didReceiveResponseEP14_CFURLResponse_block_invoke + 104
41 CFNetwork                      0x191fce318 ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 + 108
42 libdispatch.dylib              0x1906fe9a0 _dispatch_client_callout + 16
43 libdispatch.dylib              0x19070a194 _dispatch_block_invoke_direct + 332
44 CFNetwork                      0x19208bb30 RunloopBlockContext::_invoke_block(void const*, void*) + 36
45 CoreFoundation                 0x191722710 CFArrayApplyFunction + 68
46 CFNetwork                      0x19208b9f0 RunloopBlockContext::perform() + 128
47 CFNetwork                      0x19208cd34 MultiplexerSource::perform() + 312
48 CFNetwork                      0x19208caa0 MultiplexerSource::_perform(void*) + 64
49 CoreFoundation                 0x1917f542c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24
50 CoreFoundation                 0x1917f4d9c __CFRunLoopDoSources0 + 540
51 CoreFoundation                 0x1917f29a8 __CFRunLoopRun + 744
52 CoreFoundation                 0x191722da4 CFRunLoopRunSpecific + 424
53 WebCore                        0x1963f4608 RunWebThread(void*) + 456
54 libsystem_pthread.dylib        0x19090968c _pthread_body + 240
55 libsystem_pthread.dylib        0x19090959c _pthread_body + 282
56 libsystem_pthread.dylib        0x190906cb4 thread_start + 4

Version:
iOS 9

Notes:
For us, this happens primarily on Google Ad Banners.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!