New issue
Advanced search Search tips

Issue 608524 link

Starred by 5 users
Status: Archived
Owner:
boliu@chromium.org
Closed: Jul 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Bug



Sign in to add a comment

[Android] WebView crash (SIGSEGV/SEGV_MAPERR) selecting item from <select> menu

Reported by d...@cellartracker.com, May 2 2016 
Steps to reproduce the problem:
This may be device-specific for the Motorola DROID Turbo 2 with Android 6.0. I am not able to reproduce on my Nexus 5 with Android 6.0.1. Is this a WebView issue, or device driver issue?

See below for stack trace from Google Play for affected user.

1. Open CellarTracker app (com.cellartracker.app).
2. Create an account.
3. Search for a wine (e.g. "2012 Abeja Cabernet"), tap the wine glass icon, and select ADD TO CELLAR.
4. Tap on the LOCATION select box, and choose ADD NEW...

Actual: WebView crashes

What is the expected behavior?
Selecting ADD NEW... should open a dialog in the web page to enter a new item.

What went wrong?
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'motorola/kinzie_verizon/kinzie:6.0/MCK24.78-13.12/12:user/release-keys'
Revision: 'p301'
ABI: 'arm64'
pid: 20977, tid: 21074, name: Chrome_InProcGp  >>> com.cellartracker.app <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x7f549c0000
Abort message: '[FATAL:sample_vector.cc(109)] Check failed: value >= bucket_ranges_->range(0) (0 vs. 28)
'
    x0   00000000fffffffe  x1   0000000000000000  x2   2e9da30116004a84  x3   0000000000002a18
    x4   00000000ffffffff  x5   00000000000027f9  x6   0000000000017acf  x7   000000000000006c
    x8   0000000000000042  x9   0000007f54902900  x10  0000000000002a18  x11  0000007f549bff78
    x12  0000000000017ad8  x13  0000007f549bffc0  x14  01010df78648862a  x15  0000000000000005
    x16  01010df78648862a  x17  0000000000000005  x18  0000000000000000  x19  0000007f52160048
    x20  0000007f563e4720  x21  0000007f563e4720  x22  0000007f52160010  x23  0000000000000000
    x24  0000007f84d68000  x25  0000000000000000  x26  0000000000000600  x27  0000007f84a3c000
    x28  0000007f84a3cec8  x29  0000007f563be4c0  x30  0000000000000000
    sp   0000007f563be4c0  pc   0000007f8487b2ac  pstate 00000000a0000000

backtrace:
    #00 pc 000000000027d2ac  /system/vendor/lib64/egl/libGLESv2_adreno.so (EsxMemPoolGeneral::ReturnMemory(EsxMemType, EsxTimestamp const*, unsigned int, gsl_memdesc*)+620)
    #01 pc 000000000027606c  /system/vendor/lib64/egl/libGLESv2_adreno.so (EsxGfxMem::Destroy(EsxContext*)+972)
    #02 pc 000000000019b2d8  /system/vendor/lib64/egl/libGLESv2_adreno.so (EsxResource::SetGfxMem(EsxContext*, unsigned int, EsxGfxMem*, int)+184)
    #03 pc 000000000019b3a0  /system/vendor/lib64/egl/libGLESv2_adreno.so (EsxResource::FreeSubResource(EsxContext*, EsxSubResource*)+64)
    #04 pc 000000000019b4cc  /system/vendor/lib64/egl/libGLESv2_adreno.so (EsxResource::SetSubResource(EsxContext*, unsigned int, EsxSubResource*)+76)
    #05 pc 000000000019b810  /system/vendor/lib64/egl/libGLESv2_adreno.so (EsxResource::Destroy(EsxContext*)+432)
    #06 pc 00000000001c5590  /system/vendor/lib64/egl/libGLESv2_adreno.so (EglImage::Destroy()+48)
    #07 pc 00000000001c1ccc  /system/vendor/lib64/egl/libGLESv2_adreno.so (EglDisplay::ReleaseImage(EglImage*)+44)
    #08 pc 00000000001bb910  /system/vendor/lib64/egl/libGLESv2_adreno.so (EglApi::DestroyImage(void*, void*)+112)
    #09 pc 0000000000009848  /system/vendor/lib64/egl/libEGL_adreno.so (eglDestroyImageKHR+40)
    #10 pc 0000000000029530  /system/lib64/libEGL.so (eglDestroyImageKHR+80)
    #11 pc 0000000000cca7bc  /data/app/com.google.android.webview-2/lib/arm64/libwebviewchromium.so

Crashed report ID: 

How much crashed? Whole browser

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: 50.0.2661.86  Channel: stable
OS Version: 6.0
Flash Version:

Comment 1 Deleted

Comment 2 by sbash...@chromium.org, May 5 2016 

This issue not reproducible with Moto Droid Turbo (5.1) and Moto X(6.0) with web view 50.0.2661.86

Comment 3 by ppolise...@chromium.org, May 5 2016

Labels: Stability-Sheriff-Android

Comment 4 by boliu@chromium.org, May 5 2016

Components: Mobile>WebView
Labels: -Pri-2 Pri-3
Owner: boliu@chromium.org
dan@cellartracker.com: can you open chrome (not webview) on othe device, go to chrome://gpu, and attach that page? Usually easiest is to print it as pdf.

sbashyam@chromium.org: how about any of the nexus devices on M?

I think this is another manifestation of the qualcomm bug that caused the crash in  crbug.com/541145 . If this consistently reproduces on a device, then we can actually take a look

Comment 5 by boliu@chromium.org, May 5 2016 

> sbashyam@chromium.org: how about any of the nexus devices on M?

Ehh, 5x or 6p in particular

Comment 6 by hzl@chromium.org, May 5 2016

Labels: -Stability-Sheriff-Android

Comment 7 by sbash...@chromium.org, May 5 2016 

This issue not reproducible in 
1.Nexus 5(MOB30K)
2.Nexus 5X (MMB30I)
3.Nexus 6P( MMB30I)
with web view version 50.0.2661.86 with cellartracker(1.6.2)

Comment 8 by d...@cellartracker.com, May 6 2016 

boliu: attached is the GPU output from the affected user.

I'm trying to see if I can find a Motorola DROID Turbo 2 to see if it reproduces; it might be specific to that device.
chrome___gpu .pdf
103 KB Download

Comment 9 by boliu@chromium.org, May 6 2016 

dan@cellartracker.com: Can you ask the user how consistently does this crash reproduces?

So it's adreno 430 (same as 6p), which does have the known driver bug. All webview can do is workaround it. There are definitely still corner cases that hit the bug, but so far we don't have a consist repro case to investigate future.

Looks like this case doesn't reproduce consistently though :(

Comment 10 by d...@cellartracker.com, May 9 2016 

@boliu: They said it crashes 100% of the time on their DROID Turbo 2. Any chance you have one of those to repro on?

I just tried with a Nexus 6P and it wasn't crashing either -- however I noticed that when selecting "Add new..." in the menu, it wasn't popping up the dialog to enter a new item like it normally does. I had to select it a second time before it worked. Not sure if that is related or another issue.

Comment 11 by boliu@chromium.org, May 9 2016 

> @boliu: They said it crashes 100% of the time on their DROID Turbo 2. Any chance you have one of those to repro on?

QA on this thread doesn't seem to have that device. So no..

Comment 12 by d...@cellartracker.com, May 13 2016 

PerfectoMobile has one, but it's running Android 5.1.1. I tried to repro but couldn't. If it is a driver issue, perhaps it only happens on Android 6.0. I can offer up the user if you need them to do anything (reach out to me privately), but unfortunately I don't have access to a device either.

I'll have them try the beta WebView and see if that helps, but other than that any ideas on how to proceed?

Comment 13 by aaron.w...@gmail.com, Jun 30 2016 

We have user that is seeing this issue as well on a Droid Turbo 2 (kinzie). Did the beta WebView work for your user?

Comment 14 by d...@cellartracker.com, Jun 30 2016 

I don't believe they've tried the beta WebView.
Project Member

Comment 15 by sheriffbot@chromium.org, Jul 3 2017

Status: Archived (was: Unconfirmed)
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment