[BUG]: WebView doesn't load

[h1toru]

Version

v1.0.0-245-50fd798-release

Modules

ReZygisk by The PerformanC Organization version v1.0.0 (245-50fd798-release)

Description

After installing the module, any WebView-based app (like browser) doesn't load, it doesn't shows anything. Clearing the app data, reinstall the app, and using different system webview (like Google WebView and AOSP/LOS WebView) does not fix the issue. The issue fixed by removing the module.

Probably related to: #34

Steps to reproduce

1. Download ReZygisk module from Actions page (specifically this
2. Install ReZygisk module on KernelSU (v11872)
3. Reboot
4. Open any WebView-based app

Logs

No response

Confirmations

• My environment meets the minimum requirements.
• I have verified that this is not a duplicate issue.

Code of Conduct

• I agree to follow this project's Code of Conduct

[h1toru]

After a little bit of test I can confirm that this issue can be fixed by disabling "Unmount modules by default" in KernelSU Manager.

Off-topic, but this problem also occurs with ZygiskNext with "Enforce DenyList" enabled in ZygiskNext WebUI and "Unmount modules by default" enabled in KernelSU Manager.

[ThePedroo]

Browsers doesn't use WebView, so I'm afraid it is not connected to that issue.

Either way, enforcing denylist shouldn't make it crash WebView. A solution is to not include those apps in DenyList, I guess.

[h1toru]

Browsers doesn't use WebView, so I'm afraid it is not connected to that issue.

Some browsers does. For example, Via Browser, which is the one that I use.
Some apps also uses WebView for certain components like About and/or Help page that are most commonly used in e-commerce and banking apps.

Either way, enforcing denylist shouldn't make it crash WebView. A solution is to not include those apps in DenyList, I guess.

Of course those apps should not be included in the DenyList (and it never does), but if "Unmount modules by default" option is enabled in KernelSU Manager, DenyList will act as whitelist/allowlist instead of blacklist/denylist, which means that all modules are unmounted for all apps except the one that are allowed. Now the problem is that this issue is not fixed even if you allow Android System WebView to mount or access modules (disabling Unmount modules for Android System WebView app in KernelSU Manager), the only way to fix it is by disabling "Unmount modules by default" for all apps, which is strange because WebView is the only app that doesn't working.

[ThePedroo]

You can try posting logcat, but I'm no WebView specialist.

[Genxster1998]

I am facing similar problem regarding crashing of webview_zygote. Although shamiko is culprit for me.

Build fingerprint: 'N/a'
Revision: '8'
ABI: 'arm'
Processor: '-1'
Timestamp: 2024-11-28 12:35:47.797866524+0530
Process uptime: 1s
Cmdline: webview_zygote
pid: 2396, tid: 2396, name: ch_zygote  >>> webview_zygote <<<
uid: 1053
signal 0 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
Abort message: 'JNI FatalError called: (zygote) Failed dup3() on descriptor 3: Invalid argument'
    r0  00000000  r1  0000095c  r2  00000006  r3  ff84a9f0
    r4  ff84aa00  r5  ff84a9e8  r6  0000095c  r7  0000016b
    r8  00000000  r9  ffffffff  r10 ff84a9f0  r11 f665bd44
    ip  0000095c  sp  ff84a9d0  lr  f18f77db  pc  f18f77ee
backtrace:
      #00 pc 000637ee  /apex/com.android.runtime/lib/bionic/libc.so (abort+138) (BuildId: ab785d6a130b3c9e457406da46e4617c)
      #01 pc 004fa81f  /apex/com.android.art/lib/libart.so (art::Runtime::Abort(char const*)+602) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #02 pc 0000fcbf  /apex/com.android.art/lib/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+46) (BuildId: 89ab91cfa41f49acbf823a57db1bad30)
      #03 pc 0000f57f  /apex/com.android.art/lib/libbase.so (android::base::LogMessage::~LogMessage()+230) (BuildId: 89ab91cfa41f49acbf823a57db1bad30)
      #04 pc 0047dbad  /apex/com.android.art/lib/libart.so (art::JNI<true>::FatalError(_JNIEnv*, char const*)+120) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #05 pc 00142e87  /system/lib/libandroid_runtime.so (android::zygote::ZygoteFailure(_JNIEnv*, char const*, _jstring*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)+94) (BuildId: c2f90548cfd7bb159df73040779768ba)
      #06 pc 00143183  /system/lib/libandroid_runtime.so (android::zygote::ForkCommon(_JNIEnv*, bool, std::__1::vector<int, std::__1::allocator<int> > const&, std::__1::vector<int, std::__1::allocator<int> > const&, bool, bool)+758) (BuildId: c2f90548cfd7bb159df73040779768ba)
      #07 pc 001443d7  /system/lib/libandroid_runtime.so (android::com_android_internal_os_Zygote_nativeForkAndSpecialize(_JNIEnv*, _jclass*, int, int, _jintArray*, int, _jobjectArray*, int, _jstring*, _jstring*, _jintArray*, _jintArray*, unsigned char, _jstring*, _jstring*, unsigned char, _jobjectArray*, _jobjectArray*, unsigned char, unsigned char)+550) (BuildId: c2f90548cfd7bb159df73040779768ba)
      #08 pc 003bdf9d  /apex/com.android.art/lib/libart.so (art_quick_generic_jni_trampoline+44) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #09 pc 000f0adc  /apex/com.android.art/lib/libart.so (nterp_helper+2124) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #10 pc 00849d04  /system/framework/framework.jar
      #11 pc 000f0a74  /apex/com.android.art/lib/libart.so (nterp_helper+2020) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #12 pc 0084bc28  /system/framework/framework.jar
      #13 pc 000f0d80  /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #14 pc 0084f0ba  /system/framework/framework.jar
      #15 pc 003b95d5  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #16 pc 003b9023  /apex/com.android.art/lib/libart.so (void art::quick_invoke_reg_setup<false>(art::ArtMethod*, unsigned int*, unsigned int, art::Thread*, art::JValue*, char const*) (.__uniq.192663596067446536341070919852553954320.llvm.1740321804276605057)+158) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #17 pc 00287263  /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+134) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #18 pc 001e00fb  /apex/com.android.art/lib/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+142) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #19 pc 002b9807  /apex/com.android.art/lib/libart.so (art::PerformCall(art::Thread*, art::CodeItemDataAccessor const&, art::ArtMethod*, unsigned int, art::ShadowFrame*, art::JValue*, bool)+46) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #20 pc 002b95f3  /apex/com.android.art/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+354) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #21 pc 000fd791  /apex/com.android.art/lib/libart.so (void art::interpreter::ExecuteSwitchImplCpp<false, false>(art::interpreter::SwitchImplContext*)+25728) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #22 pc 003bea75  /apex/com.android.art/lib/libart.so (ExecuteSwitchImplAsm+4) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #23 pc 00832cbc  /system/framework/framework.jar
      #24 pc 0028ec7d  /apex/com.android.art/lib/libart.so (art::interpreter::ExecuteSwitch(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool) (.__uniq.112435418011751916792819755956732575238)+100) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #25 pc 0022f0b7  /apex/com.android.art/lib/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.__uniq.112435418011751916792819755956732575238.llvm.3362079746286162438)+86) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #26 pc 001dd62b  /apex/com.android.art/lib/libart.so (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*)+74) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #27 pc 0056ef5f  /apex/com.android.art/lib/libart.so (artQuickToInterpreterBridge+558) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #28 pc 003be033  /apex/com.android.art/lib/libart.so (art_quick_to_interpreter_bridge+34) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #29 pc 000f033c  /apex/com.android.art/lib/libart.so (nterp_helper+172) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #30 pc 008487fe  /system/framework/framework.jar
      #31 pc 003b95d5  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #32 pc 002c9915  /apex/com.android.art/lib/libart.so (void art::quick_invoke_reg_setup<true>(art::ArtMethod*, unsigned int*, unsigned int, art::Thread*, art::JValue*, char const*) (.__uniq.192663596067446536341070919852553954320.llvm.1740321804276605057)+260) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #33 pc 00287291  /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+180) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #34 pc 0030eed5  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*) (.__uniq.245181933781456475607640333933569312899.llvm.6283735602879151646)+40) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #35 pc 0034f70b  /apex/com.android.art/lib/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)4>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+370) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #36 pc 004d23cd  /apex/com.android.art/lib/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*) (.__uniq.165753521025965369065708152063621506277)+40) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #37 pc 00092db1  /system/framework/arm/boot.oat (art_jni_trampoline+56) (BuildId: e383230e98b5fe9a9f29eb65fceb8a3c567f0ec8)
      #38 pc 000f0dec  /apex/com.android.art/lib/libart.so (nterp_helper+2908) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #39 pc 00842032  /system/framework/framework.jar
      #40 pc 000f172c  /apex/com.android.art/lib/libart.so (nterp_helper+5276) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #41 pc 0084c9ea  /system/framework/framework.jar
      #42 pc 003b95d5  /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #43 pc 002c9915  /apex/com.android.art/lib/libart.so (void art::quick_invoke_reg_setup<true>(art::ArtMethod*, unsigned int*, unsigned int, art::Thread*, art::JValue*, char const*) (.__uniq.192663596067446536341070919852553954320.llvm.1740321804276605057)+260) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #44 pc 00287291  /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+180) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #45 pc 0030eed5  /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*) (.__uniq.245181933781456475607640333933569312899.llvm.6283735602879151646)+40) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #46 pc 003849e9  /apex/com.android.art/lib/libart.so (art::JValue art::InvokeWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+172) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #47 pc 002b3f57  /apex/com.android.art/lib/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+42) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #48 pc 004a0171  /apex/com.android.art/lib/libart.so (art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+72) (BuildId: 8ba16b285a28b1ea8604d8da8d1cadcd)
      #49 pc 00082a01  /system/lib/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+28) (BuildId: c2f90548cfd7bb159df73040779768ba)
      #50 pc 0008ba65  /system/lib/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+592) (BuildId: c2f90548cfd7bb159df73040779768ba)
      #51 pc 0000253f  /system/bin/app_process32 (main+978) (BuildId: de3e6952790e3a72991e725e89a69cf9)
      #52 pc 0005ca57  /apex/com.android.runtime/lib/bionic/libc.so (__libc_init+54) (BuildId: ab785d6a130b3c9e457406da46e4617c)```

[h1toru]

In my case, PlayIntegrityFix and LSPosed are the only zygisk module I use. I don't use Shamiko.

[ThePedroo]

Perhaps we are umounting something that was opened before causing crash? There is no really fix for those system-specific things bugs, but the toggle for enforce denylist should fix. As a workaround, you can remove the call for umount_... in hook.cpp, in the unshare hook.

[heinhuiz]

I have an issue that is probably related to this. I won't report it as a separate issue, but if you can reproduce it, it might help you to find a solution to the current one.

When I ask anything in the Perplexity app, the Answer section does not display any text. The rest of the page seems is loading normally, including the images in the Answer section, only the text is missing.

Just like in the current issue, disabling Unmount modules by default solves that problem (but obviously causes many others in my setup). Also in Zygisk Next the page loads normally.

Note that the Perplexity app does not require you to register. On the login page that is presented after opening the first time, just press Cancel in the upper right corner.

One other app, a banking app named GTWorld Gambia, refuses to open with the Unmount ... option disabled. It doesn't crash, but just hangs on the opening splash screen. Note that this app doesn't have any root checks.

[q234rty]

Are you by any chance using QuickSwitch?

[h1toru]

Just like in the current issue, disabling Unmount modules by default solves that problem (but obviously causes many others in my setup). Also in Zygisk Next the page loads normally.

ZygiskNext also had the same problem if you enable "Enforce DenyList" option in ZygiskNext WebUI. This option will make zygisk less detectable by third-party apps and will give the same result as ReZygisk. (And this option is not enabled by default)

For reference, I did a test with Clash Royale app. It detects the existence of zygisk.

These are the result:

1. KSU Unmount modules by default enabled + ReZygisk = App launch, WebView empty.
2. KSU Unmount modules by default enabled + ZygiskNext = App crash, WebView OK.
3. KSU Unmount modules by default enabled + ZygiskNext (Enforce DenyList enabled) = App launch, WebView empty.

One other app, a banking app named GTWorld Gambia, refuses to open with the Unmount ... option disabled. It doesn't crash, but just hangs on the opening splash screen. Note that this app doesn't have any root checks.

You'll probably have to enable Unmount modules option for that specific app by choosing the app on KernelSU and select Custom profile, then enable Unmount modules option.

[h1toru]

Are you by any chance using QuickSwitch?

No, I never use QuickSwitch.

[q234rty]

No, I never use QuickSwitch.

Then it might be some other module (possibly non-zygisk) interfering... Anyway, checking whether the uid is 1053 and skip unmounting in that case worked for me.

[ThePedroo]

You must disable Umount by default as then it will cause issues if you use any module that mounts and requires some part of the system to keep it, like Lawnchair. However main branch should not cause issues, as the umount is done without privileges, so things like global mounts won't be umounted.