I have a complex, interactive HTML5 in an Android WebView - and it works
fine on basically all platforms except Galaxy S3. On Galaxy S3 (Android
4.0.4), once out of every 5 times or so, just after the load completes,
/system/lib/libwebcore.so tries to access invalid memory and a Fatal signal
11 (SIGSEGV) at [various addresses] (code=1) is thrown.
The HTML5 is a tiny battle where enemies appear and the user slashes them
to proceed. In between battles are normal html pages: normal page -> HTML5
battle -> normal page -> HTML5 battle -> normal page -> HTML5 battle. The
HTML5 doesn't do anything particularly out-of-the-box - there's a lot of
-webkit-animation calls...
.enemy {
position:absolute;
opacity:0;
-webkit-animation:enemyAnim 0.6s linear 0.2s;
}
…that reference a lot of -webkit-keyframes...
@-webkit-keyframes enemyAnim {
from {
-webkit-transform: matrix(1, 0, 0, 1, 144.25, 150.25) scale(1, 1);
opacity:1;
}
8.33% {
-webkit-transform: matrix(1, 0, 0, 1, 189.406, 102.206) scale(1.3066,
1.3066);
opacity:1;
}
16.66% {
-webkit-transform: matrix(1, 0, 0, 1, 200.424, 82.649) scale(1.414,
1.414);
opacity:1;
}
/*…*/
And a fairly complex div tree, but nothing particularly experimental.
There's some level of Javascript, but the hangs appear to occur even with
all Javascript turned off.
Has anyone ever had a problem with a Galaxy S3 being…different? No Android
2.x devices have this problem, and even a Galaxy Nexus running 4.1.1
doesn't seem to have any particular problem. I've never been tempted to
write to Stack Overflow before, but this is really vexing me...
Searching on "Android WebView sigsegv crash" & "4.0.4 WebView sigsegv
crash" gives several issues, but:
- webview.clearCache()/webView.destroyDrawingCache() don't seem to have an
effect (though this hang is clearly a memory issue, adding/removing
System.gc()s in various places had no great result)
http://stackoverflow.com/questions/4973310/signal-11-sigsegv-crash-android
- There's no use of canvas as in
http://stackoverflow.com/questions/10989120/very-strange-crash-drawing-on-canvas-on-android-4-0-3-a-libc-fatal-signal-11
(Yes I know - calling this page HTML5 is a bit of a stretch)
- There's no use of clearView() as in
http://stackoverflow.com/questions/12261523/execute-webview-loadurl-after-webview-clearview-multitimes-will-cause-crash
- There's no use of preserve-3d as in
http://code.google.com/p/android/issues/detail?id=16563
- I looked at the changelist for android webkit looking for suspicious
fixes after 4.0.4, and thought I had something with the below, but rooting
the S3 and taking it to 4.1.1 didn't fix the issue:
https://github.com/teamgummy/android_external_webkit/commit/61e0d189f2b74650bf72a6a2820f66a8b17c3d06
Since some of the crashes are occuring during memory free()s, I know that
things are being free'd around the time of the crash and my gut feeling is
that some things are being freed mid-render that shouldn't be. It's
frustrating because SIGSEGVs should be physically impossible with pure
HTML, JS, & CSS =/
Below is a sample crash report. Note that the crash location is not
limited to the below; crash reports don't seem to be wildly different but
there seems to be some variation in location.
10-08 17:34:06.605: I/DEBUG(524): *** *** *** *** *** *** *** *** ***
*** *** *** *** *** *** ***
10-08 17:34:06.605: I/DEBUG(524): Build fingerprint:
'samsung/m0xx/m0:4.0.4/IMM76D/I9300XXBLH1:user/release-keys'
10-08 17:34:06.605: I/DEBUG(524): pid: 7443, tid: 7443 >>>
cool.tiny.rpg.battle <<<
10-08 17:34:06.605: I/DEBUG(524): signal 11 (SIGSEGV), code 1
(SEGV_MAPERR), fault addr deadbaad
10-08 17:34:06.605: I/DEBUG(524): r0 deadbaad r1 00000001 r2
40000000 r3 00000000
10-08 17:34:06.605: I/DEBUG(524): r4 00000000 r5 00000027 r6
400d8540 r7 400e74f4
10-08 17:34:06.605: I/DEBUG(524): r8 01fa7160 r9 00000000 10
bed6a584 fp 41d79970
10-08 17:34:06.605: I/DEBUG(524): ip ffffffff sp bed6a2b0 lr
400b9639 pc 400b59c8 cpsr 68000030
10-08 17:34:06.605: I/DEBUG(524): d0 0000000000000000 d1
4343000000000000
10-08 17:34:06.605: I/DEBUG(524): d2 43b6800041a00000 d3
41a8000043020000
10-08 17:34:06.610: I/DEBUG(524): d4 8000000000000000 d5
43aa00003f800000
10-08 17:34:06.610: I/DEBUG(524): d6 43a4000043430000 d7
43cb000041a00000
10-08 17:34:06.610: I/DEBUG(524): d8 4082f00000000000 d9
4082f4000000025e
10-08 17:34:06.610: I/DEBUG(524): d10 4460400000000500 d11
0000000000000000
10-08 17:34:06.610: I/DEBUG(524): d12 0000000000000000 d13
0000000000000000
10-08 17:34:06.610: I/DEBUG(524): d14 0000000000000000 d15
0000000000000000
10-08 17:34:06.610: I/DEBUG(524): d16 4076800000000000 d17
7e37e43c8800759c
10-08 17:34:06.610: I/DEBUG(524): d18 0000000000000000 d19
0000000000000000
10-08 17:34:06.610: I/DEBUG(524): d20 3ff0000000000000 d21
8000000000000000
10-08 17:34:06.610: I/DEBUG(524): d22 0000000000000000 d23
0000000000000000
10-08 17:34:06.610: I/DEBUG(524): d24 0000000000000000 d25
3ff0000000000000
10-08 17:34:06.610: I/DEBUG(524): d26 4034000000000000 d27
3ff0000000000000
10-08 17:34:06.610: I/DEBUG(524): d28 0000000000000000 d29
3ff0000000000000
10-08 17:34:06.610: I/DEBUG(524): d30 0000000000000000 d31
3ff0000000000000
10-08 17:34:06.610: I/DEBUG(524): scr 60000010
10-08 17:34:06.750: I/DEBUG(524): #00 pc 000179c8
/system/lib/libc.so
10-08 17:34:06.750: I/DEBUG(524): #01 pc 00013852
/system/lib/libc.so
10-08 17:34:06.750: I/DEBUG(524): #02 pc 00015b90
/system/lib/libc.so (dlfree)
10-08 17:34:06.750: I/DEBUG(524): #03 pc 00016208
/system/lib/libc.so (free)
10-08 17:34:06.750: I/DEBUG(524): #04 pc 0010f79c
/system/lib/libwebcore.so (_Z6yyfreePvS_)
10-08 17:34:06.750: I/DEBUG(524): #05 pc 0010ef70
/system/lib/libwebcore.so
10-08 17:34:06.750: I/DEBUG(524): #06 pc 003ee8ec
/system/lib/libwebcore.so
10-08 17:34:06.755: I/DEBUG(524): #07 pc 003eef44
/system/lib/libwebcore.so (_ZN7WebCore12LayerAndroidD1Ev)
10-08 17:34:06.755: I/DEBUG(524): #08 pc 003eef84
/system/lib/libwebcore.so (_ZN7WebCore12LayerAndroidD0Ev)
10-08 17:34:06.755: I/DEBUG(524): #09 pc 0019b2ca
/system/lib/libwebcore.so
10-08 17:34:06.755: I/DEBUG(524): #10 pc 003ec6a0
/system/lib/libwebcore.so (_ZN5Layer14removeChildrenEv)
10-08 17:34:06.755: I/DEBUG(524): #11 pc 003ec782
/system/lib/libwebcore.so (_ZN5LayerD2Ev)
10-08 17:34:06.760: I/DEBUG(524): #12 pc 003eef70
/system/lib/libwebcore.so (_ZN7WebCore12LayerAndroidD1Ev)
10-08 17:34:06.760: I/DEBUG(524): #13 pc 003eef84
/system/lib/libwebcore.so (_ZN7WebCore12LayerAndroidD0Ev)
10-08 17:34:06.760: I/DEBUG(524): #14 pc 0019b2ca
/system/lib/libwebcore.so
10-08 17:34:06.760: I/DEBUG(524): #15 pc 003ec6a0
/system/lib/libwebcore.so (_ZN5Layer14removeChildrenEv)
10-08 17:34:06.760: I/DEBUG(524): #16 pc 003ec782
/system/lib/libwebcore.so (_ZN5LayerD2Ev)
10-08 17:34:06.760: I/DEBUG(524): #17 pc 003eef70
/system/lib/libwebcore.so (_ZN7WebCore12LayerAndroidD1Ev)
10-08 17:34:06.760: I/DEBUG(524): #18 pc 003eef84
/system/lib/libwebcore.so (_ZN7WebCore12LayerAndroidD0Ev)
10-08 17:34:06.760: I/DEBUG(524): #19 pc 0019b2ca
/system/lib/libwebcore.so
10-08 17:34:06.760: I/DEBUG(524): #20 pc 003ec6a0
/system/lib/libwebcore.so (_ZN5Layer14removeChildrenEv)
10-08 17:34:06.765: I/DEBUG(524): #21 pc 003ec782
/system/lib/libwebcore.so (_ZN5LayerD2Ev)
10-08 17:34:06.765: I/DEBUG(524): #22 pc 003eef70
/system/lib/libwebcore.so (_ZN7WebCore12LayerAndroidD1Ev)
10-08 17:34:06.765: I/DEBUG(524): #23 pc 003eef84
/system/lib/libwebcore.so (_ZN7WebCore12LayerAndroidD0Ev)
10-08 17:34:06.765: I/DEBUG(524): #24 pc 0019b2ca
/system/lib/libwebcore.so
10-08 17:34:06.765: I/DEBUG(524): #25 pc 003ec6a0
/system/lib/libwebcore.so (_ZN5Layer14removeChildrenEv)
10-08 17:34:06.765: I/DEBUG(524): #26 pc 003ec782
/system/lib/libwebcore.so (_ZN5LayerD2Ev)
10-08 17:34:06.765: I/DEBUG(524): #27 pc 003eef70
/system/lib/libwebcore.so (_ZN7WebCore12LayerAndroidD1Ev)
10-08 17:34:06.765: I/DEBUG(524): #28 pc 003eef84
/system/lib/libwebcore.so (_ZN7WebCore12LayerAndroidD0Ev)
10-08 17:34:06.770: I/DEBUG(524): #29 pc 0019b2ca
/system/lib/libwebcore.so
10-08 17:34:06.770: I/DEBUG(524): #30 pc 003ec6a0
/system/lib/libwebcore.so (_ZN5Layer14removeChildrenEv)
10-08 17:34:06.770: I/DEBUG(524): #31 pc 003ec782
/system/lib/libwebcore.so (_ZN5LayerD2Ev)
10-08 17:34:06.770: I/DEBUG(524): memory map around addr deadbaad:
10-08 17:34:06.770: I/DEBUG(524): bed4a000-bed6b000 [stack]
10-08 17:34:06.770: I/DEBUG(524): (no map for address)
10-08 17:34:06.770: I/DEBUG(524): ffff0000-ffff1000 [vectors]
10-08 17:34:06.770: I/DEBUG(524): stack:
10-08 17:34:06.770: I/DEBUG(524): bed6a270 00000001
10-08 17:34:06.770: I/DEBUG(524): bed6a274 bed6a2b0 [stack]
10-08 17:34:06.770: I/DEBUG(524): bed6a278 400e2800
/system/lib/libc.so
10-08 17:34:06.770: I/DEBUG(524): bed6a27c 0000000c
10-08 17:34:06.770: I/DEBUG(524): bed6a280 400e2794
/system/lib/libc.so
10-08 17:34:06.770: I/DEBUG(524): bed6a284 400e7888
10-08 17:34:06.770: I/DEBUG(524): bed6a288 00000000
10-08 17:34:06.770: I/DEBUG(524): bed6a28c 400b9639
/system/lib/libc.so
10-08 17:34:06.770: I/DEBUG(524): bed6a290 00000000
10-08 17:34:06.770: I/DEBUG(524): bed6a294 bed6a2c4 [stack]
10-08 17:34:06.770: I/DEBUG(524): bed6a298 400d8540
/system/lib/libc.so
10-08 17:34:06.770: I/DEBUG(524): bed6a29c 400e74f4
10-08 17:34:06.775: I/DEBUG(524): bed6a2a0 01fa7160 [heap]
10-08 17:34:06.775: I/DEBUG(524): bed6a2a4 400b87a5
/system/lib/libc.so
10-08 17:34:06.775: I/DEBUG(524): bed6a2a8 df0027ad
10-08 17:34:06.775: I/DEBUG(524): bed6a2ac 00000000
10-08 17:34:06.775: I/DEBUG(524): #00 bed6a2b0 bed6a2ac [stack]
10-08 17:34:06.775: I/DEBUG(524): bed6a2b4 00000001
10-08 17:34:06.775: I/DEBUG(524): bed6a2b8 400d8524
/system/lib/libc.so
10-08 17:34:06.775: I/DEBUG(524): bed6a2bc 00000005
10-08 17:34:06.775: I/DEBUG(524): bed6a2c0 bed6a2dc [stack]
10-08 17:34:06.775: I/DEBUG(524): bed6a2c4 fffffbdf
10-08 17:34:06.775: I/DEBUG(524): bed6a2c8 bed6a2dc [stack]
10-08 17:34:06.775: I/DEBUG(524): bed6a2cc bed6a2dc [stack]
10-08 17:34:06.775: I/DEBUG(524): bed6a2d0 400dbaac
/system/lib/libc.so
10-08 17:34:06.775: I/DEBUG(524): bed6a2d4 400b1857
/system/lib/libc.so
10-08 17:34:06.775: I/DEBUG(524): #01 bed6a2d8 00000130
10-08 17:34:06.775: I/DEBUG(524): bed6a2dc 20404040
10-08 17:34:06.775: I/DEBUG(524): bed6a2e0 524f4241
/dev/ashmem/dalvik-mark-stack (deleted)
10-08 17:34:06.775: I/DEBUG(524): bed6a2e4 474e4954
/dev/ashmem/dalvik-heap (deleted)
10-08 17:34:06.775: I/DEBUG(524): bed6a2e8 4e49203a
/dev/ashmem/dalvik-heap (deleted)
10-08 17:34:06.775: I/DEBUG(524): bed6a2ec 494c4156
/dev/ashmem/dalvik-heap (deleted)
10-08 17:34:06.775: I/DEBUG(524): bed6a2f0 45482044
/dev/ashmem/dalvik-heap (deleted)
10-08 17:34:06.775: I/DEBUG(524): bed6a2f4 41205041
/dev/ashmem/dalvik-heap (deleted)
10-08 17:34:06.775: I/DEBUG(524): bed6a2f8 45524444
/dev/ashmem/dalvik-heap (deleted)
10-08 17:34:06.775: I/DEBUG(524): bed6a2fc 49205353
/dev/ashmem/dalvik-heap (deleted)
10-08 17:34:06.775: I/DEBUG(524): bed6a300 6c64204e
10-08 17:34:06.775: I/DEBUG(524): bed6a304 65657266
10-08 17:34:06.775: I/DEBUG(524): bed6a308 01f86700 [heap]
10-08 17:34:06.775: I/DEBUG(524): bed6a30c 406f6a2c
/system/lib/libskia.so
10-08 17:34:06.775: I/DEBUG(524): bed6a310 406c4ecc
/system/lib/libskia.so
10-08 17:34:06.775: I/DEBUG(524): bed6a314 3ff00000
10-08 17:34:06.775: I/DEBUG(524): bed6a318 00000000
10-08 17:34:06.775: I/DEBUG(524): bed6a31c 00000000
10-08 17:34:06.775: I/DEBUG(524): bed6a320 00000000
10-08 17:34:06.775: I/DEBUG(524): bed6a324 00000000
10-08 17:34:06.775: I/DEBUG(524): bed6a328 00000000
10-08 17:34:06.775: I/DEBUG(524): bed6a32c 01c9aa08 [heap]
10-08 17:34:06.775: I/DEBUG(524): bed6a330 00000000
10-08 17:34:06.775: I/DEBUG(524): bed6a334 00000000
10-08 17:34:06.775: I/DEBUG(524): bed6a338 00000000
10-08 17:34:06.775: I/DEBUG(524): bed6a33c 3ff00000
10-08 17:34:06.775: I/DEBUG(524): bed6a340 60d00000
10-08 17:34:06.775: I/DEBUG(524): bed6a344 60e42ff0
10-08 17:34:06.775: I/DEBUG(524): bed6a348 014bb000
10-08 17:34:06.775: I/DEBUG(524): bed6a34c 400e74f4
10-08 17:34:06.775: I/DEBUG(524): bed6a350 01bc24b0 [heap]
10-08 17:34:06.775: I/DEBUG(524): bed6a354 400e7550
10-08 17:34:06.775: I/DEBUG(524): bed6a358 01f74458 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a35c 400e7528
10-08 17:34:06.780: I/DEBUG(524): bed6a360 00000010
10-08 17:34:06.780: I/DEBUG(524): bed6a364 400e74f4
10-08 17:34:06.780: I/DEBUG(524): bed6a368 01f74460 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a36c 00000000
10-08 17:34:06.780: I/DEBUG(524): bed6a370 bed6a584 [stack]
10-08 17:34:06.780: I/DEBUG(524): bed6a374 400b3ba9
/system/lib/libc.so
10-08 17:34:06.780: I/DEBUG(524): bed6a378 0211c9a0 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a37c 020d499c [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a380 000097a0
/system/bin/app_process
10-08 17:34:06.780: I/DEBUG(524): bed6a384 00004000
10-08 17:34:06.780: I/DEBUG(524): bed6a388 01d087b8 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a38c 400e7560
10-08 17:34:06.780: I/DEBUG(524): bed6a390 01dc6ef8 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a394 400e7528
10-08 17:34:06.780: I/DEBUG(524): bed6a398 01fd5378 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a39c 400e7580
10-08 17:34:06.780: I/DEBUG(524): bed6a3a0 01ddafa8 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a3a4 01ddb008 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a3a8 01ed4568 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a3ac 400e7580
10-08 17:34:06.780: I/DEBUG(524): bed6a3b0 00000068
10-08 17:34:06.780: I/DEBUG(524): bed6a3b4 400e74f4
10-08 17:34:06.780: I/DEBUG(524): bed6a3b8 01ed4570 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a3bc 00000014
10-08 17:34:06.780: I/DEBUG(524): bed6a3c0 00000000
10-08 17:34:06.780: I/DEBUG(524): bed6a3c4 400b3ba9
/system/lib/libc.so
10-08 17:34:06.780: I/DEBUG(524): bed6a3c8 00000000
10-08 17:34:06.780: I/DEBUG(524): bed6a3cc 01ae77d8 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a3d0 01fa7160 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a3d4 01fd7d2c [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a3d8 00000009
10-08 17:34:06.780: I/DEBUG(524): bed6a3dc 4dfa26b2
/dev/ashmem/dalvik-heap (deleted)
10-08 17:34:06.780: I/DEBUG(524): bed6a3e0 01fa7158 [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a3e4 01fd7d2c [heap]
10-08 17:34:06.780: I/DEBUG(524): bed6a3e8 00000009
10-08 17:34:06.780: I/DEBUG(524): bed6a3ec 400b3b95
/system/lib/libc.so
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
