Android crashes due to internal Webkit error

[Nopik]

I'm creating some application with MobX and ReactNative. It crashes on Android within Webkit internals. I created minimal example to showcase it: https://github.com/IDTLabs/RNCrashTest - more info in its readme.

TL;DR: embedded webkit's JS VM doesn't handle well MobX observable arrays and crashes.

Reproduction

Sample project: https://github.com/IDTLabs/RNCrashTest

Solution

I believe that bumping Webkit from mid-2014 version to something newer will do the trick. This is not verified, though.

Additional Information

• React Native version: 0.39 and 0.40
• Platform: Android (tested on 6.0.1, Samsung Galaxy S7), without remote debugging.
• Operating System: MacOS

[Nopik]

The minimal MobX code is very minimal, basically adding this to root component:

@observable foo = [];
constructor( props, context ){
  super( props, context );

  let f = ()=>{
    let ff = [ { a: 10 }, { b: 20 }, { c: 30 } ];
    ff = ff.concat( ff );
    ff = ff.concat( ff );
    ff = ff.concat( ff );
    ff = ff.concat( ff );
    ff = ff.concat( ff );
    ff = ff.concat( ff );
    ff = ff.concat( ff );
    ff = ff.concat( ff );
    ff = ff.concat( ff );
    ff = ff.concat( ff ); // remove this
    this.foo = ff;

    console.log('APEEK1', this.foo[10], ff[ 10 ], this.foo.peek()[10]);
    console.log('APEEK2', this.foo[1000], ff[ 1000 ], this.foo.peek()[1000]);
  };

  setInterval( f, 2000 );		
}

Also, more information at mobxjs/mobx#734

[Nopik]

Also, some sample callstack:

Example stacktrace from crash

01-09 10:01:02.264 27214 27256 F libc    : Fatal signal 11 (SIGSEGV), code 1, fault addr 0xbbadbeef in tid 27256 (mqt_js)
01-09 10:01:02.324  4894  4894 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-09 10:01:02.324  4894  4894 F DEBUG   : Build fingerprint: 'samsung/hero2ltexx/hero2lte:6.0.1/MMB29K/G935FXXU1BPLB:user/release-keys'
01-09 10:01:02.324  4894  4894 F DEBUG   : Revision: '9'
01-09 10:01:02.324  4894  4894 F DEBUG   : ABI: 'arm'
01-09 10:01:02.324  4894  4894 F DEBUG   : pid: 27214, tid: 27256, name: mqt_js  >>> com.rncrasher <<<
01-09 10:01:02.324  4894  4894 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xbbadbeef
01-09 10:01:02.374  4894  4894 F DEBUG   :     r0 da2799ac  r1 fffffffe  r2 bbadbeef  r3 00000000
01-09 10:01:02.374  4894  4894 F DEBUG   :     r4 d7cab390  r5 fffffffb  r6 da279b48  r7 d7cab420
01-09 10:01:02.374  4894  4894 F DEBUG   :     r8 da279c08  r9 da279a58  sl d9f35000  fp da279ff4
01-09 10:01:02.374  4894  4894 F DEBUG   :     ip d9865900  sp da279a30  lr eeb28d67  pc eeb28d9c  cpsr 40070030
01-09 10:01:02.374  4894  4894 F DEBUG   :
01-09 10:01:02.374  4894  4894 F DEBUG   : backtrace:
01-09 10:01:02.374  4894  4894 F DEBUG   :     #00 pc 00182d9c  /data/app/com.rncrasher-1/lib/arm/libjsc.so (WTFCrash+19)
01-09 10:01:02.374  4894  4894 F DEBUG   :     #01 pc 0010770f  /data/app/com.rncrasher-1/lib/arm/libjsc.so
01-09 10:01:02.374  4894  4894 F DEBUG   :     #02 pc 0010777d  /data/app/com.rncrasher-1/lib/arm/libjsc.so
01-09 10:01:02.374  4894  4894 F DEBUG   :     #03 pc 0014274f  /data/app/com.rncrasher-1/lib/arm/libjsc.so (_ZNK3JSC12PropertySlot14functionGetterEPNS_9ExecStateE+32)
01-09 10:01:02.374  4894  4894 F DEBUG   :     #04 pc 000ac18b  /data/app/com.rncrasher-1/lib/arm/libjsc.so
01-09 10:01:02.384  4894  4894 F DEBUG   :     #05 pc 000ac62b  /data/app/com.rncrasher-1/lib/arm/libjsc.so
01-09 10:01:02.384  4894  4894 F DEBUG   :     #06 pc 000b0eb3  /data/app/com.rncrasher-1/lib/arm/libjsc.so
01-09 10:01:02.834  4894  4894 F DEBUG   :
01-09 10:01:02.834  4894  4894 F DEBUG   : Tombstone written to: /data/tombstones/tombstone_02
01-09 10:01:02.834  4894  4894 E DEBUG   : AM write failed: Broken pipe
01-09 10:01:02.834  4894  4894 E         : ro.product_ship = true
01-09 10:01:02.834  4894  4894 E         : ro.debug_level = 0x4f4c
01-09 10:01:02.834  4894  4894 E         : sys.mobilecare.preload = false
01-09 10:01:02.834  7783  7783 E audit   : type=1701 msg=audit(1483952462.834:1883): auid=4294967295 uid=10229 gid=10229 ses=4294967295 subj=u:r:untrusted_app:s0:c512,c768 pid=27256 comm="mqt_js" exe="/system/bin/app_process32" sig=11

[AlbertBrand]

Did you see this error with Android dev mode on? Can you reproduce it with it turned off? If not, I have the feeling that this crash is caused by the same thing we found out in #11804.

[Nopik]

@AlbertBrand yes, I can reproduce it with both dev on and off. With dev being off, the problem is harder to reproduce - it requires larger arrays. My test project stopped crashing with dev=false, but when I made the array 10x longer and started access indices like 10k instead of 1000, it crashed again.

[AlbertBrand]

Could you check if the fix in #11804 has any influence on how fast it crashes in dev mode? My hypothesis is that with the patch it should crash as often as without dev mode turned on.

[Nopik]

@AlbertBrand it still crashes

[desmond1121]

+1

[hramos]

Hi there! This issue is being closed because it has been inactive for a while. Maybe the issue has been fixed in a recent release, or perhaps it is not affecting a lot of people. Either way, we're automatically closing issues after a period of inactivity. Please do not take it personally!

If you think this issue should definitely remain open, please let us know. The following information is helpful when it comes to determining if the issue should be re-opened:

• Does the issue still reproduce on the latest release candidate? Post a comment with the version you tested.
• If so, is there any information missing from the bug report? Post a comment with all the information required by the issue template.
• Is there a pull request that addresses this issue? Post a comment with the PR number so we can follow up.

If you would like to work on a patch to fix the issue, contributions are very welcome! Read through the contribution guide, and feel free to hop into #react-native if you need help planning your contribution.

[AlanFoster]

On "react-native": "0.47.2", in production I'm seeing:

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR)
WTFCrash

backtrace:
  native: pc 0000000000182d9c  /data/app/com.foo-1/lib/arm/libjsc.so (WTFCrash+19)
  native: pc 000000000005370f  /data/app/com.foo-1/lib/arm/libjsc.so
  native: pc 0000000000053891  /data/app/com.foo-1/lib/arm/libjsc.so
  native: pc 00000000000a5b4f  /data/app/com.foo-1/lib/arm/libjsc.so
  native: pc 000000000009cdb1  /data/app/com.foo-1/lib/arm/libjsc.so
  native: pc 0000000000002db5  <anonymous:caf74000>

I'm not using mobx, so I'm not sure if this is the same issue of course.

[ghuh]

I'm also seeing this issue in production on RN 0.47.2 and I'm not using mobx either.

The issue was seen on a Google Pixel XL 2 running Android 8.0.

[daxaxelrod]

+1 Same issue after following the react publish guide to the letter. Seen on galaxy s8 running 8.0 as well

[marudy]

Hi,

same issue in production with RN 0.45.1 and i'm not using mobx. According to developer console ANR information issue was seen on device:
Samsung Galaxy Grand Prime (fortuna3g), 1024MB RAM, Android 4.4

@hramos can you guide us how to bring attention to this issue? Should we open a new ticket or something else? Thanks.

pid: 0, tid: 0 >>> com.app <<<

backtrace:
  #00  pc 0000000000182d9c  /data/app-lib/com.app-1/libjsc.so (WTFCrash+19)
  #01  pc 000000000004dfc9  /data/app-lib/com.app-1/libjsc.so
  #02  pc 0000000000075269  /data/app-lib/com.app-1/libjsc.so
  #03  pc 0000000000071df9  /data/app-lib/com.app-1/libjsc.so (JSC::Heap::collect(JSC::HeapOperation)+312)
  #04  pc 000000000003b793  /data/app-lib/com.app-1/libjsc.so
  #05  pc 00000000001207f7  /data/app-lib/com.app-1/libjsc.so
  #06  pc 0000000000127d5d  /data/app-lib/com.app-1/libjsc.so (JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)+512)
  #07  pc 000000000009a261  /data/app-lib/com.app-1/libjsc.so
  #08  pc 000000000009bcf3  /data/app-lib/com.app-1/libjsc.so
  #09  pc 000000000009bdb7  /data/app-lib/com.app-1/libjsc.so
  #10  pc 0000000000004df9  <unknown>

[elgambet]

Hi,

same issue in production with RN 0.50.3 and i'm not using mobx. According to developer console ANR information issue was seen on device:

Samsung Galaxy Note8 (greatlte), 6144MB RAM, Android 7.1

pid: 0, tid: 0 >>> com.app <<<

backtrace:
#00 pc 0000000000182d9c /data/app/lib/arm/libjsc.so (WTFCrash+19)
#1 pc 000000000005370f /data/app/lib/arm/libjsc.so
#2 pc 0000000000053891 /data/app/lib/arm/libjsc.so
#3 pc 00000000000a5b4f /data/app/lib/arm/libjsc.so
#4 pc 000000000009cdb1 /data/app/lib/arm/libjsc.so
#5 pc 0000000000015d0d

[Rebsos]

I've got 50 and more of those daily

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR)
pid: 0, tid: 0 >>> xxx <<<
backtrace:
  #00  pc 0000000000182d9c  /data/app/xxx-1/lib/arm/libjsc.so (WTFCrash+19)
  #01  pc 000000000005370f  /data/app/xxx-1/lib/arm/libjsc.so
  #02  pc 0000000000053891  /data/app/xxx-1/lib/arm/libjsc.so
  #03  pc 00000000000a5b4f  /data/app/xxx-1/lib/arm/libjsc.so
  #04  pc 000000000009cdb1  /data/app/xxx1/lib/arm/libjsc.so
  #05  pc 0000000000001d33  <anonymous>

They are split in multiple clusters:

Android 7.0	32	62,7 %
Android 8.0	16	31,4 %
Android 7.1	2	3,9 %
Android 8.1	1	2,0 %

Galaxy A5(2017) (a5y17lte)	7	13,7 %
P10 lite (HWWAS-H)	6	11,8 %
Galaxy S7 (herolte)	6	11,8 %
P8 lite 2017 (HWPRA-H)	5	9,8 %
P9 lite (HWVNS-H)	3	5,9 %
Mate 10 lite (HWRNE)	3	5,9 %
Galaxy A5(2016) (a5xelte)	2	3,9 %
Moto G(4) (athene)	2	3,9 %
Archos Access 70 3G (ac70as3g)	1	2,0 %
Galaxy Tab S2 8.0 (gts28velte)	1	2,0 %
Galaxy S8 (dreamlte)	1	2,0 %
Galaxy A3(2016) (a3xelte)	1	2,0 %
Redmi 4X (santoni)	1	2,0 %
Nokia 5 (ND1)	1	2,0 %
Honor 7X (HWBND-H)	1	2,0 %
Galaxy J5(2016) (j5xnlte)	1	2,0 %
LG K8 (2017) (lv3n)	1	2,0 %
Galaxy J3(2017) (j3y17lte)	1	2,0 %
Mi 5 (gemini)	1	2,0 %
P20 lite (HWANE)	1	2,0 %
Weitere	5	9,8 %

---

Android 6.0	18	100,0 %

Galaxy S5 (klte)	4	22,2 %
MAX (x6069_cubot_5365u)	2	11,1 %
P9 lite (HWVNS-H)	2	11,1 %
P8 Lite (hwALE-H)	2	11,1 %
Y5 2017 (HWMYA-L6737)	1	5,6 %
LG G4 (p1)	1	5,6 %
荣耀5X (HNKIW-Q)	1	5,6 %
Galaxy S5 LTE-A (kccat6)	1	5,6 %
Galaxy J7 (j7e3g)	1	5,6 %
E5006/P5006 (B5032)	1	5,6 %
Galaxy A3 (a3ulte)	1	5,6 %
Moto G4 Play (harpia)	1	5,6 %

---

Android 4.4	14	100,0 %

Galaxy S3 Neo (s3ve3g)	9	64,3 %
One mini 2 (htc_memul)	4	28,6 %
Galaxy S5 (klte)	1	7,1 %

and many more

At some time I read that this is a memory issue