232122 2021-10-21 17:43:54 -0700 REGRESSION (iOS 15): Canvas resizing causes webpage to jetsam 2022-01-10 18:35:02 -0800 1 1 1 Unclassified WebKit WebGL Safari 15 Unspecified Unspecified NEW InRadar P2 Normal --- 231180 1 akul webkit-unassigned declan dino jonlee kbr kkinnunen kpiddington sabouhallawa simon.fraser smoley webkit-bug-importer oldest_to_newest 1807474 0 akul 2021-10-21 17:43:54 -0700 Repro app: https://jsfiddle.net/5an01w6d/ Works on ios14.3 Failed on ios 15 Repro steps: Click both buttons (which call their respective canvas resize methods). On ios14 this does not cause a page reload. On ios15 the webpage crashes and reloads with both. No logs from console were outputted. 1807736 1 ap 2021-10-22 10:10:17 -0700 I can reproduce with iOS 15.1 beta. This is a jetsam, i.e. running out of memory. 1807737 2 webkit-bug-importer 2021-10-22 10:10:29 -0700 <rdar://problem/84553912> 1807811 3 declan 2021-10-22 11:59:52 -0700 This bug is causing an experience ContinuumXR made for the Immersive Van Gogh Art Gallery in New York, Denver, and Las Vegas to no longer work. Users with ios 15 are no longer able to experience the pocket gallery exhibit. 1820986 4 446159 kkinnunen 2021-12-07 04:34:16 -0800 Created attachment 446159 reduced testacy 1820989 5 kkinnunen 2021-12-07 04:40:00 -0800 So the test jetsams because depth or stencil buffers are being allocated and they consume too much memory. The buffers are freed eventually, but not during the test resize iteration. The logic is: for (int i=0;i<10000;++i) resize() The buffers do not seem to leak permanently, temporarily. Maybe the buffers are retained in the command buffer, and we are clearing too many buffers without waiting for the previous buffer clears to complete. 1820990 6 kkinnunen 2021-12-07 04:41:18 -0800 To workaround, the reporters can check if they need stencil and depth buffers for the default Framebuffer. If not, switching those off should work around this crash. 1829673 7 jonlee 2022-01-10 16:30:07 -0800 Is this sample code a reduction of something that's out there in public? Is this the pattern being used by the Van Gogh art gallery, for example? 1829712 8 kbr 2022-01-10 18:35:02 -0800 Not sure whether the patch was intended for this bug, but this upstream patch to ANGLE seems to be addressing a similar concern: Metal: Canvas resizing causes webpage to run out of memory https://chromium-review.googlesource.com/c/angle/angle/+/3369922 446159 2021-12-07 04:34:16 -0800 2021-12-07 04:34:16 -0800 reduced testacy resize-crash.html text/html 1361 kkinnunen Y29uc3QgY29udGV4dEF0dHJpYnV0ZXMgPSB7CiAgYWxwaGE6IGZhbHNlLAogIGFudGlhbGlhczog ZmFsc2UsCiAgZGVwdGg6IHRydWUsCiAgZmFpbElmTWFqb3JQZXJmb3JtYW5jZUNhdmVhdDogZmFs c2UsCiAgcG93ZXJQcmVmZXJlbmNlOiAiZGVmYXVsdCIsCiAgcHJlbXVsdGlwbGllZEFscGhhOiB0 cnVlLAogIHByZXNlcnZlRHJhd2luZ0J1ZmZlcjogZmFsc2UsCiAgc3RlbmNpbDogdHJ1ZSwKICB4 ckNvbXBhdGlibGU6IHRydWUKfQoKZnVuY3Rpb24gcnVuVHJlZUpzRnJlZSgpIHsKICBjb25zdCBj YW52YXMgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50KCdjYW52YXMnKTsKICBjYW52YXMuYWRkRXZl bnRMaXN0ZW5lcignd2ViZ2xjb250ZXh0bG9zdCcsIG9uQ29udGV4dExvc3QsIGZhbHNlKTsKICBj YW52YXMuYWRkRXZlbnRMaXN0ZW5lcignd2ViZ2xjb250ZXh0cmVzdG9yZWQnLCBvbkNvbnRleHRS ZXN0b3JlLCBmYWxzZSk7CiAgY29uc3QgY29udGV4dCA9IGNhbnZhcy5nZXRDb250ZXh0KCd3ZWJn bCcsIGNvbnRleHRBdHRyaWJ1dGVzKTsKICBkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGNhbnZh cykKCiAgY29uc3QgY291bnRlciA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdjb3VudGVyJyk7 CiAgZm9yIChsZXQgaSA9IDA7IGkgPCAxMDAwOyArK2kpIHsKICAgIGNvdW50ZXIuaW5uZXJUZXh0 ID0gJ1Jlc2l6ZSBudW1iZXI6ICcgKyBpOwogICAgY2FudmFzLndpZHRoID0gKDUwICsgaSAqIDk3 KSAlIDEwMDA7CiAgICBjYW52YXMuaGVpZ2h0ID0gKDUwICsgaSAqIDk3KSAlIDEwMDA7CiAgfQp9 CgpmdW5jdGlvbiBydW5UcmVlSnMoKSB7CiAgY29uc3QgcmVuZGVyZXIgPSBuZXcgVEhSRUUuV2Vi R0xSZW5kZXJlcigpOwogIGNvbnN0IGNhbnZhcyA9IHJlbmRlcmVyLmRvbUVsZW1lbnQ7CiAgZG9j dW1lbnQuYm9keS5hcHBlbmRDaGlsZChjYW52YXMpCiAgY29uc3QgY291bnRlciA9IGRvY3VtZW50 LmdldEVsZW1lbnRCeUlkKCdjb3VudGVyJyk7CiAgZm9yIChsZXQgaSA9IDA7IGkgPCAxMDAwOyAr K2kpIHsKICAgIGNvdW50ZXIuaW5uZXJUZXh0ID0gJ1Jlc2l6ZSBudW1iZXI6ICcgKyBpOwogICAg Y2FudmFzLndpZHRoID0gKDUwICsgaSAqIDk3KSAlIDEwMDA7CiAgICBjYW52YXMuaGVpZ2h0ID0g KDUwICsgaSAqIDk3KSAlIDEwMDA7CiAgfQp9CgovLwoKZnVuY3Rpb24gb25Db250ZXh0TG9zdChl dmVudCkgewoKICBldmVudC5wcmV2ZW50RGVmYXVsdCgpOwoKICBjb25zb2xlLmxvZygnQ29udGV4 dCBMb3N0LicpOwoKfQoKZnVuY3Rpb24gb25Db250ZXh0UmVzdG9yZSgpIHsKCiAgY29uc29sZS5s b2coJ1RIUkVFLldlYkdMUmVuZGVyZXI6IENvbnRleHQgUmVzdG9yZWQuJyk7Cgp9Cgo=