New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 627530 link

Starred by 3 users
Status: WontFix
Owner:
hush@chromium.org
inactive
Closed: Jul 2016
Cc:
boliu@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug



Sign in to add a comment

WebView crashes scrolling most web pages

Reported by jbu...@pof.com, Jul 12 2016 
Steps to reproduce the problem:
1. Load any page in webview with enough content to require plenty of scrolling e.g. "http://stackoverflow.com/questions/11227809/why-is-it-faster-to-process-a-sorted-array-than-an-unsorted-array"
2. Scroll up and down the page repeatedly

What is the expected behavior?
Webview continues to scroll and render correctly.

What went wrong?
Webview crashes, closing the containing activity.
On a few occasions, the device hard reboots instead.

Crashed report ID: 

How much crashed? Just one tab

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: 51.0.2704.81  Channel: stable
OS Version: 5.0.1
Flash Version: google/shamu/shamu:5.0.1/LRX22C/1602158:user/release-keys

Can only reproduce on one device currently - a Nexus 6 running OS 5.0.1.

Attached a bug report and sample app for reproducing the crash.
bugreport.zip
1.2 MB Download
sample-app.apk
1.2 MB Download

Comment 1 by sbash...@chromium.org, Jul 12 2016 

unable to repro the crash on Shamu /LMY 47X and Samsung S5(LRX21T) with the provided Sample apk with webview version 51.0.2704.81

Comment 2 by jbu...@pof.com, Jul 12 2016 

Just a note on repro - it can sometimes take a while before the crash occurs, and rotating the device several times in combination with repeated scrolling seems to encourage the crash to appear. Also, we tested on another Nexus 6 running 6.0.1 and the crash did not occur. After Googling, I see that LMY47X image is 5.1.1, so maybe this crash is specific to 5.0?

Comment 3 by rsgav...@chromium.org, Jul 13 2016

Components: Mobile>WebView

Comment 4 by sgu...@chromium.org, Jul 13 2016

Owner: hush@chromium.org

Comment 5 by hush@chromium.org, Jul 13 2016 

There are many crash dumps I see. One is this:
07-12 09:47:03.224  6135  6244 F libc    : Fatal signal 11 (SIGSEGV), code 1, fault addr 0xc in tid 6244 (RenderThread)

07-12 09:47:03.337  1509  1509 I DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

07-12 09:47:03.337  1509  1509 I DEBUG   : Build fingerprint: 'google/shamu/shamu:5.0.1/LRX22C/1602158:user/release-keys'

07-12 09:47:03.338  1509  1509 I DEBUG   : Revision: '33696'

07-12 09:47:03.338  1509  1509 I DEBUG   : ABI: 'arm'

07-12 09:47:03.339  1509  1509 I DEBUG   : pid: 6135, tid: 6244, name: RenderThread  >>> com.pof.webviewtest <<<

07-12 09:47:03.340  1509  1509 I DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xc

07-12 09:47:03.361  1509  1509 I DEBUG   :     r0 a282e190  r1 00000002  r2 00000002  r3 00000000

07-12 09:47:03.362  1509  1509 I DEBUG   :     r4 a282e190  r5 00000002  r6 00000002  r7 a2858988

07-12 09:47:03.362  1509  1509 I DEBUG   :     r8 ab7f1db8  r9 b5021100  sl a6c83840  fp 0000000c

07-12 09:47:03.362  1509  1509 I DEBUG   :     ip 00000001  sp 9f9bf648  lr ab7386f5  pc ab738d94  cpsr 20070030

07-12 09:47:03.362  1509  1509 I DEBUG   : 

07-12 09:47:03.362  1509  1509 I DEBUG   : backtrace:

07-12 09:47:03.363  1509  1509 I DEBUG   :     #00 pc 0015bd94  /system/vendor/lib/egl/libGLESv2_adreno.so (EsxCmdBuf::GetSpace(unsigned int)+15)

07-12 09:47:03.363  1509  1509 I DEBUG   :     #01 pc 0015b6f1  /system/vendor/lib/egl/libGLESv2_adreno.so (EsxCmdMgr::GetCmdSpace(EsxCmdBufType, unsigned int)+36)

07-12 09:47:03.363  1509  1509 I DEBUG   :     #02 pc 00127761  /system/vendor/lib/egl/libGLESv2_adreno.so (A4xPipeline::WriteNullHwShaderRegs(A4xContext*, EsxCmdBufType) const+212)

07-12 09:47:03.363  1509  1509 I DEBUG   :     #03 pc 00127785  /system/vendor/lib/egl/libGLESv2_adreno.so (A4xPipeline::Write(A4xContext*, EsxCmdBufType)+20)

07-12 09:47:03.363  1509  1509 I DEBUG   :     #04 pc 00137ced  /system/vendor/lib/egl/libGLESv2_adreno.so (A4xContext::HwSetProgramState()+60)

07-12 09:47:03.363  1509  1509 I DEBUG   :     #05 pc 000ac67b  /system/vendor/lib/egl/libGLESv2_adreno.so (EsxContext::GlUseProgram(unsigned int)+214)

07-12 09:47:03.363  1509  1509 I DEBUG   :     #06 pc 000dbe41  /system/vendor/lib/egl/libGLESv2_adreno.so (EsxGlApiParamValidate::GlUseProgram(EsxDispatch*, unsigned int)+40)

07-12 09:47:03.364  1509  1509 I DEBUG   :     #07 pc 000a1da1  /system/vendor/lib/egl/libGLESv2_adreno.so (glUseProgram+48)

07-12 09:47:03.364  1509  1509 I DEBUG   :     #08 pc 00252ceb  /data/app/com.google.android.webview-2/lib/arm/libwebviewchromium.so

07-12 09:47:04.149  1963  6837 W ActivityManager:   Force finishing activity com.pof.webviewtest/.MainActivity

Comment 6 by hush@chromium.org, Jul 13 2016

Cc: boliu@chromium.org
Bo any ideas?
I didn't see any previous bugs about this driver crash by the way.

Comment 7 by jbu...@pof.com, Jul 13 2016 

Yes, those are the relevant crash dumps. Sorry for the other noise.

Comment 8 by hush@chromium.org, Jul 13 2016 

It is pretty possible this is a driver bug that's fixed in L-MR1 update.

Comment 9 by hush@chromium.org, Jul 13 2016

Status: WontFix (was: Unconfirmed)
It's a driver bug that was fixed after L. See b/20755595 (Google internal bug, sorry.)

Comment 10 by torne@chromium.org, Jul 14 2016 

I pinged the internal bug to ask the driver expert if there's any possible workaround on our side.

Sign in to add a comment