[BUG]: WebView doesn't load

[h1toru]

Version

v1.0.0-245-50fd798-release

Modules

ReZygisk by The PerformanC Organization version v1.0.0 (245-50fd798-release)

Description

After installing the module, any WebView-based app (like browser) doesn't load, it doesn't shows anything. Clearing the app data, reinstall the app, and using different system webview (like Google WebView and AOSP/LOS WebView) does not fix the issue. The issue fixed by removing the module.

Probably related to: #34

Steps to reproduce

1. Download ReZygisk module from Actions page (specifically this
2. Install ReZygisk module on KernelSU (v11872)
3. Reboot
4. Open any WebView-based app

Logs

No response

Confirmations

• My environment meets the minimum requirements.
• I have verified that this is not a duplicate issue.

Code of Conduct

• I agree to follow this project's Code of Conduct

[h1toru]

After a little bit of test I can confirm that this issue can be fixed by disabling "Unmount modules by default" in KernelSU Manager.

Off-topic, but this problem also occurs with ZygiskNext with "Enforce DenyList" enabled in ZygiskNext WebUI and "Unmount modules by default" enabled in KernelSU Manager.

[ThePedroo]

Browsers doesn't use WebView, so I'm afraid it is not connected to that issue.

Either way, enforcing denylist shouldn't make it crash WebView. A solution is to not include those apps in DenyList, I guess.

[h1toru]

Browsers doesn't use WebView, so I'm afraid it is not connected to that issue.

Some browsers does. For example, Via Browser, which is the one that I use.
Some apps also uses WebView for certain components like About and/or Help page that are most commonly used in e-commerce and banking apps.

Either way, enforcing denylist shouldn't make it crash WebView. A solution is to not include those apps in DenyList, I guess.

Of course those apps should not be included in the DenyList (and it never does), but if "Unmount modules by default" option is enabled in KernelSU Manager, DenyList will act as whitelist/allowlist instead of blacklist/denylist, which means that all modules are unmounted for all apps except the one that are allowed. Now the problem is that this issue is not fixed even if you allow Android System WebView to mount or access modules (disabling Unmount modules for Android System WebView app in KernelSU Manager), the only way to fix it is by disabling "Unmount modules by default" for all apps, which is strange because WebView is the only app that doesn't working.

[ThePedroo]

You can try posting logcat, but I'm no WebView specialist.

[Genxster1998]

I am facing similar problem regarding crashing of webview_zygote. Although shamiko is culprit for me.

Build fingerprint: 'N/a'
Revision: '8'
ABI: 'arm'
Processor: '-1'
Timestamp: 2024-11-28 12:35:47.797866524+0530
Process uptime: 1s
Cmdline: webview_zygote
pid: 2396, tid: 2396, name: ch_zygote  >>> webview_zygote <<<
uid: 1053
signal 0 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
Abort message: 'JNI FatalError called: (zygote) Failed dup3() on descriptor 3: Invalid argument'
    r0  00000000  r1  0000095c  r2  00000006  r3  ff84a9f0
    r4  ff84aa00  r5  ff84a9e8  r6  0000095c  r7  0000016b
    r8  00000000  r9  ffffffff  r10 ff84a9f0  r11 f665bd44
    ip  0000095c  sp  ff84a9d0  lr  f18f77db  pc  f18f77ee
backtrace:
      #00 pc 000637ee  /apex/com.android.runtime/lib/bionic/libc.so (abort+138) (BuildId: ab785d6a130b3c9e457406da46e4617c)
      #01 pc 004fa81f  /apex/com.android.art/lib/libart.so (art::Runtime::Abort(char const*)+602) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #02 pc 0000fcbf  /apex/com.android.art/lib/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+46) (BuildId: 89ab91cfa41f49acbf823a57db1bad30)
      #03 pc 0000f57f  /apex/com.android.art/lib/libbase.so (android::base::LogMessage::~LogMessage()+230) (BuildId: 89ab91cfa41f49acbf823a57db1bad30)
      #04 pc 0047dbad  /apex/com.android.art/lib/libart.so (art::JNI<true>::FatalError(_JNIEnv*, char const*)+120) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #05 pc 00142e87  /system/lib/libandroid_runtime.so (android::zygote::ZygoteFailure(_JNIEnv*, char const*, _jstring*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)+94) (BuildId: c2f90548cfd7bb159df73040779768ba)
      #06 pc 00143183  /system/lib/libandroid_runtime.so (android::zygote::ForkCommon(_JNIEnv*, bool, std::__1::vector<int, std::__1::allocator<int> > const&, std::__1::vector<int, std::__1::allocator<int> > const&, bool, bool)+758) (BuildId: c2f90548cfd7bb159df73040779768ba)
      #07 pc 001443d7  /system/lib/libandroid_runtime.so (android::com_android_internal_os_Zygote_nativeForkAndSpecialize(_JNIEnv*, _jclass*, int, int, _jintArray*, int, _jobjectArray*, int, _jstring*, _jstring*, _jintArray*, _jintArray*, unsigned char, _jstring*, _jstring*, unsigned char, _jobjectArray*, _jobjectArray*, unsigned char, unsigned char)+550) (BuildId: c2f90548cfd7bb159df73040779768ba)
      #08 pc 003bdf9d  /apex/com.android.art/lib/libart.so (art_quick_generic_jni_trampoline+44) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #09 pc 000f0adc  /apex/com.android.art/lib/libart.so (nterp_helper+2124) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #10 pc 00849d04  /system/framework/framework.jar
      #11 pc 000f0a74  /apex/com.android.art/lib/libart.so (nterp_helper+2020) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #12 pc 0084bc28  /system/framework/framework.jar
      #13 pc 000f0d80  /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #14 pc 0084f0ba  /system/framework/framework.jar
      #15 pc 003b95d5  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #16 pc 003b9023  /apex/com.android.art/lib/libart.so (void art::quick_invoke_reg_setup<false>(art::ArtMethod*, unsigned int*, unsigned int, art::Thread*, art::JValue*, char const*) (.__uniq.192663596067446536341070919852553954320.llvm.1740321804276605057)+158) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #17 pc 00287263  /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+134) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #18 pc 001e00fb  /apex/com.android.art/lib/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+142) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #19 pc 002b9807  /apex/com.android.art/lib/libart.so (art::PerformCall(art::Thread*, art::CodeItemDataAccessor const&, art::ArtMethod*, unsigned int, art::ShadowFrame*, art::JValue*, bool)+46) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #20 pc 002b95f3  /apex/com.android.art/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+354) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #21 pc 000fd791  /apex/com.android.art/lib/libart.so (void art::interpreter::ExecuteSwitchImplCpp<false, false>(art::interpreter::SwitchImplContext*)+25728) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #22 pc 003bea75  /apex/com.android.art/lib/libart.so (ExecuteSwitchImplAsm+4) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #23 pc 00832cbc  /system/framework/framework.jar
      #24 pc 0028ec7d  /apex/com.android.art/lib/libart.so (art::interpreter::ExecuteSwitch(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool) (.__uniq.112435418011751916792819755956732575238)+100) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #25 pc 0022f0b7  /apex/com.android.art/lib/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.__uniq.112435418011751916792819755956732575238.llvm.3362079746286162438)+86) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #26 pc 001dd62b  /apex/com.android.art/lib/libart.so (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*)+74) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #27 pc 0056ef5f  /apex/com.android.art/lib/libart.so (artQuickToInterpreterBridge+558) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #28 pc 003be033  /apex/com.android.art/lib/libart.so (art_quick_to_interpreter_bridge+34) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #29 pc 000f033c  /apex/com.android.art/lib/libart.so (nterp_helper+172) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #30 pc 008487fe  /system/framework/framework.jar
      #31 pc 003b95d5  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #32 pc 002c9915  /apex/com.android.art/lib/libart.so (void art::quick_invoke_reg_setup<true>(art::ArtMethod*, unsigned int*, unsigned int, art::Thread*, art::JValue*, char const*) (.__uniq.192663596067446536341070919852553954320.llvm.1740321804276605057)+260) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #33 pc 00287291  /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+180) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #34 pc 0030eed5  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*) (.__uniq.245181933781456475607640333933569312899.llvm.6283735602879151646)+40) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #35 pc 0034f70b  /apex/com.android.art/lib/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)4>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+370) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #36 pc 004d23cd  /apex/com.android.art/lib/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*) (.__uniq.165753521025965369065708152063621506277)+40) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #37 pc 00092db1  /system/framework/arm/boot.oat (art_jni_trampoline+56) (BuildId: e383230e98b5fe9a9f29eb65fceb8a3c567f0ec8)
      #38 pc 000f0dec  /apex/com.android.art/lib/libart.so (nterp_helper+2908) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #39 pc 00842032  /system/framework/framework.jar
      #40 pc 000f172c  /apex/com.android.art/lib/libart.so (nterp_helper+5276) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #41 pc 0084c9ea  /system/framework/framework.jar
      #42 pc 003b95d5  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #43 pc 002c9915  /apex/com.android.art/lib/libart.so (void art::quick_invoke_reg_setup<true>(art::ArtMethod*, unsigned int*, unsigned int, art::Thread*, art::JValue*, char const*) (.__uniq.192663596067446536341070919852553954320.llvm.1740321804276605057)+260) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #44 pc 00287291  /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+180) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #45 pc 0030eed5  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*) (.__uniq.245181933781456475607640333933569312899.llvm.6283735602879151646)+40) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #46 pc 003849e9  /apex/com.android.art/lib/libart.so (art::JValue art::InvokeWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+172) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #47 pc 002b3f57  /apex/com.android.art/lib/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+42) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #48 pc 004a0171  /apex/com.android.art/lib/libart.so (art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+72) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #49 pc 00082a01  /system/lib/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+28) (BuildId: c2f90548cfd7bb159df73040779768ba)
      #50 pc 0008ba65  /system/lib/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+592) (BuildId: c2f90548cfd7bb159df73040779768ba)
      #51 pc 0000253f  /system/bin/app_process32 (main+978) (BuildId: de3e6952790e3a72991e725e89a69cf9)
      #52 pc 0005ca57  /apex/com.android.runtime/lib/bionic/libc.so (__libc_init+54) (BuildId: ab785d6a130b3c9e457406da46e4617c)```

[h1toru]

In my case, PlayIntegrityFix and LSPosed are the only zygisk module I use. I don't use Shamiko.

[ThePedroo]

Perhaps we are umounting something that was opened before causing crash? There is no really fix for those system-specific things bugs, but the toggle for enforce denylist should fix. As a workaround, you can remove the call for umount_... in hook.cpp, in the unshare hook.