Closed Bug 1535196 Opened 9 months ago Closed 8 months ago

ARMv7 builds of Fennec/GeckoView crash on startup using Android Q - AArch64 works

Categories

(Firefox for Android :: General, defect, P1, major)

Firefox 65
x86_64
Android
defect

Tracking

()

RESOLVED DUPLICATE of bug 1543555
Tracking Status
firefox65 --- wontfix
firefox66 --- wontfix
firefox67 --- fixed
firefox68 --- fixed

People

(Reporter: maxcalvino, Unassigned)

References

Details

(Keywords: regression, Whiteboard: [geckoview:fenix:p2])

Attachments

(9 files)

Attached video screenrecording.mp4

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36

Steps to reproduce:

  1. Open Firefox

Actual results:

  1. The app to opens but immediately crashes

Expected results:

  1. The app to open with out crashing.
OS: Unspecified → macOS
Hardware: Unspecified → x86_64

I see this on my Pixel as well. Firefox and Firefox beta both insta-crash on startup, with no crash reporter. Nightly does work on the same device.

Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: macOS → Android
Duplicate of this bug: 1535359
Attached file logcat

Hi,

I was able to reproduce on Google Pixel (Android Q), on RC 66.0 build 3 and Beta 66.0b13.
I`ve attached a logcat, maybe it helps.

Thank you!

Stefan, could we get someone to investigate this 67 regression? Thanks

Flags: needinfo?(sarentz)
Severity: normal → major

During triage today we discussed seeing what happens when they push the next developer beta. On my device I don't get crashes with Focus or the Reference browser.

Google engineer mentioned that bug 755287 may be related to this crash.

Starting with Android Q (API level 29), libc uses IFUNC functionality in the dynamic linker to choose optimized assembler routines at run time rather than at build time. This lets us use the same libc.so on all devices, and is similar to what other OSes already did. Because the zygote uses the C library, this decision is made long before we know what API level an app targets, so all code sees the new IFUNC-using C library. Most apps should be unaffected by this change, but apps that hook or try to detect hooking of C library functions might need to fix their code to cope with IFUNC relocations. The affected functions are from <string.h>, but may expand to include more functions (and more libraries) in future.

This should go to someone on DavidB's team or maybe glandium.

Flags: needinfo?(sarentz) → needinfo?(dbolter)

Possible dupe of bug 1535139?

Flags: needinfo?(snorp)

(In reply to David Bolter [:davidb] (NeedInfo me for attention) from comment #9)

Possible dupe of bug 1535139?

Nope, that one happens even with m-c.

If 67 works and will be out before Q, do we care about this bug?

Flags: needinfo?(snorp)

(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) (he/him) from comment #10)

(In reply to David Bolter [:davidb] (NeedInfo me for attention) from comment #9)

Possible dupe of bug 1535139?

Nope, that one happens even with m-c.

If 67 works and will be out before Q, do we care about this bug?

On my device, Firefox beta crashes as well as Firefox release.

NI+ Anthony in case this looks like a glandium shaped bug per comment 8

Flags: needinfo?(dbolter) → needinfo?(ajones)

(In reply to David Bolter [:davidb] (NeedInfo me for attention) from comment #12)

NI+ Anthony in case this looks like a glandium shaped bug per comment 8

This is definitely a glandium shaped bug. And/or a froydnj shaped bug. Gentlemen, can you read #c7 and tell us what to do?

Flags: needinfo?(nfroyd)
Flags: needinfo?(mh+mozilla)
Flags: needinfo?(ajones)

This is also happening in the latest GeckoView Example (68 nightly at the time of writing).

Whiteboard: [geckoview]

The logcat unfortunately doesn't contain much, and the only null relocation is for __cxa_type_match, and that shouldn't matter.

The lotcat does say the crashreporter is being summoned... can we find the corresponding crash reports?

Flags: needinfo?(mh+mozilla)

(In reply to Mike Hommey [:glandium] from comment #15)

The logcat unfortunately doesn't contain much, and the only null relocation is for __cxa_type_match, and that shouldn't matter.

The lotcat does say the crashreporter is being summoned... can we find the corresponding crash reports?

There are very few crash reports in Socorro for Q - I only see 3 for stable and beta: https://bit.ly/2UjSJ2j.

The reason Nightly is not crashing is that currently all the Q eligible devices are 64-bit arm (aarch64) and that build does not crash on startup. Running an extremely old aarch64 nightly build does not crash on startup. For example 2018-06-01

Snorp has a bug on file reporting that the crash reporter is not working on Android Q. bug 1535168

(In reply to Kevin Brosnan [:kbrosnan] from comment #17)

The reason Nightly is not crashing is that currently all the Q eligible devices are 64-bit arm (aarch64) and that build does not crash on startup. Running an extremely old aarch64 nightly build does not crash on startup. For example 2018-06-01

Does a 32 bit nightly crash?

A possibility is to simply ship only 64 bit on the 64 bit Android Q platform.

Note the crash reporter problem on Q likely won't get looked at until later next week (unless someone steals the bug).

Comment 7 and related information suggests that we need to handle st_info == STT_GNU_IFUNC somewhere around here:

https://searchfox.org/mozilla-central/source/mozglue/linker/CustomElf.cpp#644

Otherwise, I think we will wind up treating the ifunc-resolving function as the actual function to call, which is sure to lead to all kinds of pain and sadness.

(Though the initial bionic linker changes for ifuncs:

https://android.googlesource.com/platform/bionic/+/31b88da%5E%21/

suggest that maybe we have to defer STT_GNU_IFUNC relocation resolution until we've done all the other relocations?)

Flags: needinfo?(nfroyd) → needinfo?(mh+mozilla)
Blocks: android-q

(In reply to Anthony Jones (:ajones, :kentuckyfriedtakahe, :k17e) from comment #19)

(In reply to Kevin Brosnan [:kbrosnan] from comment #17)

The reason Nightly is not crashing is that currently all the Q eligible devices are 64-bit arm (aarch64) and that build does not crash on startup. Running an extremely old aarch64 nightly build does not crash on startup. For example 2018-06-01

Does a 32 bit nightly crash?

Yes.

A possibility is to simply ship only 64 bit on the 64 bit Android Q platform.

We don't know that all Android Q devices will be 64 bit

We're not building against libraries that use IFUNC, so we shouldn't end up with IFUNC/IRELATIVE relocations in our libraries. And we shouldn't be loading system libraries with our linker ; those should be loaded by the system linker, which supports the IFUNC/IRELATIVE relocations system libraries might have.

Can one of the people who can reproduce the issue try starting with MOZ_DEBUG_LINKER set in the environment (https://wiki.mozilla.org/Mobile/Fennec/Android/AdvancedTopics#Arguments_and_Environment_Variables), and attach the resulting logcat? That should give a little more light. If that's not enough, I'll file a separate bug to add some more logging.

Flags: needinfo?(mh+mozilla)

glandium, I think this is what you asked for

Flags: needinfo?(mh+mozilla)
04-02 19:03:06.328 12076 12099 I GeckoLinker: dlopen("libfreebl3.so", 0x0) = 0xc5c9a24b
04-02 19:03:06.328 12076 12099 I GeckoLinker: ElfLoader::Load("libfreebl3.so", 0x0, 0x0 [""]) = 0xbde7d440
04-02 19:03:06.328 12076 12099 I GeckoLinker: dlsym(0xc5c9a24b ["libfreebl3.so"], "FREEBL_GetVector") = 0xbd8ca79d

Aha! For some reason libfreebl3 is not loaded through CustomElf::Load, which suggests there's a libfreebl3.so library in Android Q?

Flags: needinfo?(mh+mozilla)
Attached file try-logcat.txt

Yup. Here it is.

Flags: needinfo?(mh+mozilla)
Whiteboard: [geckoview] → [geckoview:fenix:p2]

Huh. It didn't fail the same way at all. libfreebl3 was loaded with our linker... and that still crashed. And that build was specifically instrumented to find out why it would load libfreebl3 with the system linker :(

So we're back to square one. Without crash reports, there's not much to say about this.

Flags: needinfo?(mh+mozilla)
Attached file My logcat

I have a locally built nightly that crashes on startup that I can make any changes you need to test things (and a Pixel 3 with Q to test)

Here's my logcat.

Summary: Firefox Stable crashes each time is open in Android Q Developer Preview but Firefox Nightly works → ARMv7 builds of Fennec/GeckoView crash on startup using Android Q - AArch64 works

I can repro with a local build on my Pixel 2. Stack follows:

* thread #27, name = 'Gecko', stop reason = breakpoint 2.1
  * frame #0: 0xed3317b0 libart.so`art_sigsegv_fault
    frame #1: 0xed331aee libart.so`art::FaultManager::HandleFault(int, siginfo*, void*) + 230
    frame #2: 0xb0dd0480 app_process32
    frame #3: 0xee30f92c libc.so
    frame #4: 0xee3127d0 libc.so`__memcpy_base_a55 + 248
    frame #5: 0xc9d92b62 libsoftokn3.so`sftk_setStringName(inString="NSS Internal Cryptographic Services                             ", buffer="NSS Internal Cryptographic Services                             ", buffer_length=<unavailable>, nullTerminate=1) at pkcs11.c:581
    frame #6: 0xc9d92d50 libsoftokn3.so`SFTK_SlotInit(configdir=<unavailable>, updatedir=<unavailable>, updateID=<unavailable>, params=<unavailable>, moduleIndex=0) at pkcs11.c:2602
    frame #7: 0xc9d933b2 libsoftokn3.so`nsc_CommonInitialize(pReserved=<unavailable>, isFIPS=<unavailable>) at pkcs11.c:3059
    frame #8: 0xc9d934d6 libsoftokn3.so`NSC_Initialize(pReserved=0xc74f6ea0) at pkcs11.c:3122
    frame #9: 0xc669cfce libnss3.so`secmod_ModuleInit(mod=0xb331d010, reload=0xc74f6f80, alreadyLoaded=0xc74f6ef4) at pk11load.c:244
    frame #10: 0xc669d384 libnss3.so`secmod_LoadPKCS11Module(mod=0xb331d010, oldModule=0xc74f6f80) at pk11load.c:503
    frame #11: 0xc66a4536 libnss3.so`SECMOD_LoadModule(modulespec="library= name=\"NSS Internal PKCS #11 Module\" NSS=\"Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})\" parameters=\"configdir='sql:/data/user/0/org.mozilla.fennec_snorp/files/mozilla/8k3742bq.default' certPrefix='' keyPrefix='' secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' \"", parent=<unavailable>, recurse=<unavailable>) at pk11pars.c:1840
    frame #12: 0xc66a45dc libnss3.so`SECMOD_LoadModule(modulespec="name=\"NSS Internal Module\" parameters=\"configdir='sql:/data/user/0/org.mozilla.fennec_snorp/files/mozilla/8k3742bq.default' certPrefix='' keyPrefix='' secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' \" NSS=\"flags=internal,moduleDB,moduleDBOnly,critical,defaultModDB,internalKeySlot\"", parent=<unavailable>, recurse=<unavailable>) at pk11pars.c:1876
    frame #13: 0xc66869ac libnss3.so`nss_Init [inlined] nss_InitModules(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName=<unavailable>, updateDir=<unavailable>, updCertPrefix=<unavailable>, updKeyPrefix=<unavailable>, updateID=<unavailable>, updateName=<unavailable>, configName=<unavailable>, configStrings=<unavailable>, pwRequired=<unavailable>, readOnly=<unavailable>, noCertDB=<unavailable>, noModDB=<unavailable>, forceOpen=<unavailable>, optimizeSpace=<unavailable>) at nssinit.c:464
    frame #14: 0xc66866f6 libnss3.so`nss_Init(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName="secmod.db", updateDir="", updCertPrefix="", updKeyPrefix="", updateID="", updateName="", initContextPtr=0x00000000, initParams=0x00000000, readOnly=0, noCertDB=0, noModDB=0, forceOpen=0, noRootInit=1, optimizeSpace=1, noSingleThreadedModules=0, allowAlreadyInitializedModules=0, dontFinalizeModules=0) at nssinit.c:689
    frame #15: 0xc6686c5c libnss3.so`NSS_Initialize(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName=<unavailable>, flags=48) at nssinit.c:889
    frame #16: 0xc282e7ee libxul.so`mozilla::psm::InitializeNSS(dir=<unavailable>, readOnly=false, loadPKCS11Modules=true) at NSSCertDBTrustDomain.cpp:1118
    frame #17: 0xc454035a libxul.so`nsNSSComponent::InitializeNSS() [inlined] InitializeNSSWithFallbacks(profilePath=<unavailable>) at nsNSSComponent.cpp:1585
    frame #18: 0xc4540354 libxul.so`nsNSSComponent::InitializeNSS(this=0xb0ea2640) at nsNSSComponent.cpp:1696
    frame #19: 0xc4540a1e libxul.so`nsNSSComponent::Init(this=0xb0ea2640) at nsNSSComponent.cpp:1877
    frame #20: 0xc288739e libxul.so`mozilla::xpcom::CreateInstanceImpl(aID=<unavailable>, aOuter=<unavailable>, aIID=0xc2384f1c, aResult=<unavailable>) at StaticComponents.cpp:7596
    frame #21: 0xc2890abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc74f73ec) at nsComponentManager.cpp:220
    frame #22: 0xc2890aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc75023a0, aLock=<unavailable>, aEntry=0xc74f7430, aIID=0xc2384f1c, aResult=0xc74f7474)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
    frame #23: 0xc288f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc75023a0, aContractID="@mozilla.org/psm;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
    frame #24: 0xc2891ef0 libxul.so`nsGetServiceByContractID::operator(this=<unavailable>, aIID=<unavailable>, aInstancePtr=0xc74f7474)(nsID const&, void**) const at nsComponentManagerUtils.cpp:243
    frame #25: 0xc284e4d6 libxul.so`nsCOMPtr_base::assign_from_gs_contractid(this=0xc74f74a4, aGS=(mContractID = "@mozilla.org/psm;1"), aIID=<unavailable>) at nsCOMPtr.cpp:82
    frame #26: 0xc2892118 libxul.so`nsCOMPtr<nsISupports>::nsCOMPtr(this=0xc74f74a4, aGS=<unavailable>) at nsCOMPtr.h:948
    frame #27: 0xc453f4bc libxul.so`EnsureNSSInitializedChromeOrContent() at nsNSSComponent.cpp:114
    frame #28: 0xc4543fc4 libxul.so`nsresult mozilla::psm::NSSConstructor<nsPK11TokenDB>(nsISupports*, nsID const&, void**) [inlined] nsresult mozilla::psm::Constructor<nsPK11TokenDB, (nsresult (nsPK11TokenDB::*)())0, (mozilla::psm::ProcessRestriction)0, (mozilla::psm::ThreadRestriction)1>(aOuter=<unavailable>, aIID=0xc74f7584, aResult=<unavailable>) at nsNSSModule.cpp:94
    frame #29: 0xc4543fb2 libxul.so`nsresult mozilla::psm::NSSConstructor<nsPK11TokenDB>(aOuter=<unavailable>, aIID=0xc74f7584, aResult=<unavailable>) at nsNSSModule.cpp:131
    frame #30: 0xc2890abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc74f74f4) at nsComponentManager.cpp:220
    frame #31: 0xc2890aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc75023a0, aLock=<unavailable>, aEntry=0xc74f7538, aIID=0xc74f7584, aResult=0xc74f7570)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
    frame #32: 0xc288f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc75023a0, aContractID="@mozilla.org/security/pk11tokendb;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
    frame #33: 0xc2e06064 libxul.so`xpc::CIGSHelper(aCx=0xbd70f800, aArgc=<unavailable>, aVp=0xb37db4c8, aGetService=<unavailable>) at XPCJSID.cpp:512
    frame #34: 0xc46da7cc libxul.so`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [inlined] CallJSNative(cx=<unavailable>, native=(libxul.so`xpc::CID_GetService(JSContext*, unsigned int, JS::Value*) + 1 at XPCJSID.cpp:537), args=<unavailable>)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) at Interpreter.cpp:442
    frame #35: 0xc46da7bc libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f7870, construct=<unavailable>) at Interpreter.cpp:534
    frame #36: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f7870) at Interpreter.cpp:589
    frame #37: 0xc46d6d2e libxul.so`Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=<unavailable>, args=0xb37db4d8) at Interpreter.cpp:593
    frame #38: 0xc46d6d26 libxul.so`Interpret(cx=<unavailable>, state=0xc74f79bc) at Interpreter.cpp:3075
    frame #39: 0xc46d1af4 libxul.so`js::RunScript(cx=0xbd70f800, state=0xc74f79bc) at Interpreter.cpp:422
    frame #40: 0xc46da972 libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f7a80, construct=<unavailable>) at Interpreter.cpp:562
    frame #41: 0xc46daeee libxul.so`InternalConstruct(cx=0xbd70f800, args=0xc74f7a80) at Interpreter.cpp:635
    frame #42: 0xc46db24c libxul.so`js::Construct(cx=<unavailable>, fval=<unavailable>, args=0xc74f7a80, newTarget=<unavailable>, objp=<unavailable>) at Interpreter.cpp:690
    frame #43: 0xc4926b80 libxul.so`JS::Construct(cx=0xbd70f800, fval=<unavailable>, args=0xc74f7b84, objp=<unavailable>) at jsapi.cpp:2671
    frame #44: 0xc288a3e0 libxul.so`mozilla::xpcom::ConstructJSMComponent(aURI=<unavailable>, aConstructor="LoginManagerCrypto_SDR", aResult=0xc74f7c30) at StaticComponents.cpp:1337
    frame #45: 0xc2889e5c libxul.so`mozilla::xpcom::CreateInstanceImpl(aID=<unavailable>, aOuter=<unavailable>, aIID=0xc74f7cf4, aResult=<unavailable>) at StaticComponents.cpp:0
    frame #46: 0xc2890abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc74f7c64) at nsComponentManager.cpp:220
    frame #47: 0xc2890aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc75023a0, aLock=<unavailable>, aEntry=0xc74f7ca8, aIID=0xc74f7cf4, aResult=0xc74f7ce0)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
    frame #48: 0xc288f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc75023a0, aContractID="@mozilla.org/login-manager/crypto/SDR;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
    frame #49: 0xc2e06064 libxul.so`xpc::CIGSHelper(aCx=0xbd70f800, aArgc=<unavailable>, aVp=0xb37db3f0, aGetService=<unavailable>) at XPCJSID.cpp:512
    frame #50: 0xc46da7cc libxul.so`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [inlined] CallJSNative(cx=<unavailable>, native=(libxul.so`xpc::CID_GetService(JSContext*, unsigned int, JS::Value*) + 1 at XPCJSID.cpp:537), args=<unavailable>)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) at Interpreter.cpp:442
    frame #51: 0xc46da7bc libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f7fe0, construct=<unavailable>) at Interpreter.cpp:534
    frame #52: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f7fe0) at Interpreter.cpp:589
    frame #53: 0xc46d6d2e libxul.so`Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=<unavailable>, args=0xb37db400) at Interpreter.cpp:593
    frame #54: 0xc46d6d26 libxul.so`Interpret(cx=<unavailable>, state=0xc74f812c) at Interpreter.cpp:3075
    frame #55: 0xc46d1af4 libxul.so`js::RunScript(cx=0xbd70f800, state=0xc74f812c) at Interpreter.cpp:422
    frame #56: 0xc46da972 libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f8198, construct=<unavailable>) at Interpreter.cpp:562
    frame #57: 0xc46db374 libxul.so`js::CallGetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) [inlined] InternalCall(cx=<unavailable>, args=0xc74f81c8) at Interpreter.cpp:589
    frame #58: 0xc46db322 libxul.so`js::CallGetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) [inlined] js::Call(cx=<unavailable>, fval=<unavailable>, thisv=<unavailable>, args=0xc74f81c8, rval=<unavailable>) at Interpreter.cpp:605
    frame #59: 0xc46db30e libxul.so`js::CallGetter(cx=0xbd70f800, thisv=<unavailable>, getter=<unavailable>, rval=<unavailable>) at Interpreter.cpp:729
    frame #60: 0xc4809f66 libxul.so`js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) at NativeObject.cpp:2216
    frame #61: 0xc4809f2c libxul.so`js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) [inlined] bool GetExistingProperty<(js::AllowGC)1>(cx=<unavailable>, obj=<unavailable>, shape=<unavailable>, vp=<unavailable>)1>::HandleType, js::MaybeRooted<js::NativeObject*, (js::AllowGC)1>::HandleType, js::MaybeRooted<js::Shape*, (js::AllowGC)1>::HandleType, js::MaybeRooted<JS::Value, (js::AllowGC)1>::MutableHandleType) at NativeObject.cpp:2268
    frame #62: 0xc4809f1c libxul.so`js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) at NativeObject.cpp:2517
    frame #63: 0xc4809e96 libxul.so`js::NativeGetProperty(cx=0xbd70f800, obj=<unavailable>, receiver=<unavailable>, id=<unavailable>, vp=<unavailable>) at NativeObject.cpp:2554
    frame #64: 0xc46dc870 libxul.so`js::GetProperty(JSContext*, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) [inlined] js::GetProperty(cx=<unavailable>, obj=<unavailable>) at ObjectOperations-inl.h:117
    frame #65: 0xc46dc858 libxul.so`js::GetProperty(JSContext*, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) [inlined] js::GetProperty(cx=<unavailable>, name=<unavailable>) at ObjectOperations-inl.h:124
    frame #66: 0xc46dc858 libxul.so`js::GetProperty(cx=0xbd70f800, v=<unavailable>, name=<unavailable>, vp=<unavailable>) at Interpreter.cpp:4485
    frame #67: 0xc46d559a libxul.so`Interpret(JSContext*, js::RunState&) [inlined] GetPropertyOperation(cx=<unavailable>, fp=<unavailable>, script=<unavailable>, pc=<unavailable>, lval=<unavailable>) at Interpreter.cpp:215
    frame #68: 0xc46d5398 libxul.so`Interpret(cx=<unavailable>, state=0xc74f8634) at Interpreter.cpp:2762
    frame #69: 0xc46d1af4 libxul.so`js::RunScript(cx=0xbd70f800, state=0xc74f8634) at Interpreter.cpp:422
    frame #70: 0xc46da972 libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f86e0, construct=<unavailable>) at Interpreter.cpp:562
    frame #71: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f86e0) at Interpreter.cpp:589
    frame #72: 0xc46dad2a libxul.so`js::Call(cx=<unavailable>, fval=<unavailable>, thisv=<unavailable>, args=0xc74f86e0, rval=<unavailable>) at Interpreter.cpp:605
    frame #73: 0xc492622a libxul.so`JS_CallFunctionValue(cx=0xbd70f800, obj=<unavailable>, fval=<unavailable>, args=0xc74f8850, rval=<unavailable>) at jsapi.cpp:2558
    frame #74: 0xc2e10680 libxul.so`nsXPCWrappedJSClass::CallMethod(wrapper=<unavailable>, methodIndex=<unavailable>, info=0xc23a9704, nativeParams=0xc74f8a98) at XPCWrappedJSClass.cpp:951
    frame #75: 0xc28a91b0 libxul.so`::PrepareAndDispatch(self=0xb33ec0b0, methodIndex=<unavailable>, args=<unavailable>) at xptcstubs_arm.cpp:102
    frame #76: 0xc28a88dc libxul.so`SharedStub + 16
    frame #77: 0xc28a88ac libxul.so`::NS_InvokeByIndex(that=<unavailable>, methodIndex=<unavailable>, paramCount=<unavailable>, params=<unavailable>) at xptcinvoke_arm.cpp:167
    frame #78: 0xc2e13612 libxul.so`XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) [inlined] CallMethodHelper::Invoke(this=<unavailable>) at XPCWrappedNative.cpp:1624
    frame #79: 0xc2e13602 libxul.so`XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) [inlined] CallMethodHelper::Call(this=0xc74f8be0) at XPCWrappedNative.cpp:1171
    frame #80: 0xc2e12fa2 libxul.so`XPCWrappedNative::CallMethod(ccx=<unavailable>, mode=<unavailable>) at XPCWrappedNative.cpp:1137
    frame #81: 0xc2e14144 libxul.so`XPC_WN_CallMethod(cx=<unavailable>, argc=<unavailable>, vp=<unavailable>) at XPCWrappedNativeJSOps.cpp:942
    frame #82: 0xc46da7cc libxul.so`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [inlined] CallJSNative(cx=<unavailable>, native=(libxul.so`XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) + 1 at XPCWrappedNativeJSOps.cpp:918), args=<unavailable>)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) at Interpreter.cpp:442
    frame #83: 0xc46da7bc libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f90b0, construct=<unavailable>) at Interpreter.cpp:534
    frame #84: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f90b0) at Interpreter.cpp:589
    frame #85: 0xc46d6d2e libxul.so`Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=<unavailable>, args=0xb37db2f0) at Interpreter.cpp:593
    frame #86: 0xc46d6d26 libxul.so`Interpret(cx=<unavailable>, state=0xc74f91fc) at Interpreter.cpp:3075
    frame #87: 0xc46d1af4 libxul.so`js::RunScript(cx=0xbd70f800, state=0xc74f91fc) at Interpreter.cpp:422
    frame #88: 0xc46da972 libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f92a8, construct=<unavailable>) at Interpreter.cpp:562
    frame #89: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f92a8) at Interpreter.cpp:589
    frame #90: 0xc46dad2a libxul.so`js::Call(cx=<unavailable>, fval=<unavailable>, thisv=<unavailable>, args=0xc74f92a8, rval=<unavailable>) at Interpreter.cpp:605
    frame #91: 0xc492622a libxul.so`JS_CallFunctionValue(cx=0xbd70f800, obj=<unavailable>, fval=<unavailable>, args=0xc74f9418, rval=<unavailable>) at jsapi.cpp:2558
    frame #92: 0xc2e10680 libxul.so`nsXPCWrappedJSClass::CallMethod(wrapper=<unavailable>, methodIndex=<unavailable>, info=0xc23b467c, nativeParams=0xc74f9660) at XPCWrappedJSClass.cpp:951
    frame #93: 0xc28a91b0 libxul.so`::PrepareAndDispatch(self=0xb0e495d0, methodIndex=<unavailable>, args=<unavailable>) at xptcstubs_arm.cpp:102
    frame #94: 0xc28a88dc libxul.so`SharedStub + 16
    frame #95: 0xc3cd26f2 libxul.so`mozilla::widget::EventDispatcher::DispatchOnGecko(this=<unavailable>, list=0xb0e497c0, aEvent=0xc74f9790, aData=<unavailable>, aCallback=0x00000000) at EventDispatcher.cpp:748
    frame #96: 0xc3cd28ca libxul.so`mozilla::widget::EventDispatcher::Dispatch(this=0xc75ba4f0, aEvent=<unavailable>, aData=<unavailable>, aCallback=<unavailable>, aFinalizer=0x00000000, aCx=0xbd70f800) at EventDispatcher.cpp:802
    frame #97: 0xc28a88ac libxul.so`::NS_InvokeByIndex(that=<unavailable>, methodIndex=<unavailable>, paramCount=<unavailable>, params=<unavailable>) at xptcinvoke_arm.cpp:167
    frame #98: 0xc2e13612 libxul.so`XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) [inlined] CallMethodHelper::Invoke(this=<unavailable>) at XPCWrappedNative.cpp:1624
    frame #99: 0xc2e13602 libxul.so`XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) [inlined] CallMethodHelper::Call(this=0xc74f98f0) at XPCWrappedNative.cpp:1171
    frame #100: 0xc2e12fa2 libxul.so`XPCWrappedNative::CallMethod(ccx=<unavailable>, mode=<unavailable>) at XPCWrappedNative.cpp:1137
    frame #101: 0xc2e14144 libxul.so`XPC_WN_CallMethod(cx=<unavailable>, argc=<unavailable>, vp=<unavailable>) at XPCWrappedNativeJSOps.cpp:942
    frame #102: 0xc46da7cc libxul.so`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [inlined] CallJSNative(cx=<unavailable>, native=(libxul.so`XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) + 1 at XPCWrappedNativeJSOps.cpp:918), args=<unavailable>)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) at Interpreter.cpp:442
    frame #103: 0xc46da7bc libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f9dc0, construct=<unavailable>) at Interpreter.cpp:534
    frame #104: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f9dc0) at Interpreter.cpp:589
    frame #105: 0xc46d6d2e libxul.so`Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=<unavailable>, args=0xb37db238) at Interpreter.cpp:593
    frame #106: 0xc46d6d26 libxul.so`Interpret(cx=<unavailable>, state=0xc74f9f0c) at Interpreter.cpp:3075
    frame #107: 0xc46d1af4 libxul.so`js::RunScript(cx=0xbd70f800, state=0xc74f9f0c) at Interpreter.cpp:422
    frame #108: 0xc46da972 libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f9fb8, construct=<unavailable>) at Interpreter.cpp:562
    frame #109: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f9fb8) at Interpreter.cpp:589
    frame #110: 0xc46dad2a libxul.so`js::Call(cx=<unavailable>, fval=<unavailable>, thisv=<unavailable>, args=0xc74f9fb8, rval=<unavailable>) at Interpreter.cpp:605
    frame #111: 0xc49267ac libxul.so`JS::Call(cx=0xbd70f800, thisv=<unavailable>, fval=<unavailable>, args=0xc74fa0b8, rval=<unavailable>) at jsapi.cpp:2621
    frame #112: 0xc35d5910 libxul.so`mozilla::dom::EventHandlerNonNull::Call(this=0xb2a9ee60, cx=<unavailable>, aThisVal=<unavailable>, event=<unavailable>, aRetVal=<unavailable>, aRv=0xc74fa318) at EventHandlerBinding.cpp:266
    frame #113: 0xc380647a libxul.so`void mozilla::dom::EventHandlerNonNull::Call<nsCOMPtr<mozilla::dom::EventTarget> >(this=0xb2a9ee60, thisVal=0xc74fa2ec, event=0xb0e8b670, aRetVal=<unavailable>, aRv=0xc74fa318, aExecutionReason=<unavailable>, aExceptionHandling=eReportExceptions, aRealm=0x00000000) at EventHandlerBinding.h:363
    frame #114: 0xc3802e2a libxul.so`mozilla::JSEventHandler::HandleEvent(this=<unavailable>, aEvent=0xb0e8b670) at JSEventHandler.cpp:205
    frame #115: 0xc37fa59a libxul.so`mozilla::EventListenerManager::HandleEventSubType(this=0xb2aaa400, aListener=0xb29e1d18, aDOMEvent=0xb0e8b670, aCurrentTarget=<unavailable>) at EventListenerManager.cpp:1045
    frame #116: 0xc37fa8c6 libxul.so`mozilla::EventListenerManager::HandleEventInternal(this=<unavailable>, aPresContext=0xb2f82a40, aEvent=0xc74fa850, aDOMEvent=0xc74fa670, aCurrentTarget=0xb331b800, aEventStatus=0xc74fa674, aItemInShadowTree=<unavailable>) at EventListenerManager.cpp:1240
    frame #117: 0xc3806960 libxul.so`mozilla::EventListenerManager::HandleEvent(this=<unavailable>, aPresContext=<unavailable>, aEvent=<unavailable>, aDOMEvent=<unavailable>, aCurrentTarget=0xb331b800, aEventStatus=0xc74fa674, aItemInShadowTree=<unavailable>) at EventListenerManager.h:355
    frame #118: 0xc3804e22 libxul.so`mozilla::EventTargetChainItem::HandleEvent(this=<unavailable>, aVisitor=<unavailable>, aCd=<unavailable>) at EventDispatcher.cpp:349
    frame #119: 0xc37f7824 libxul.so`mozilla::EventTargetChainItem::HandleEventTargetChain(aChain=0xc74fa684, aVisitor=0xc74fa668, aCallback=0x00000000, aCd=0xc74fa688) at EventDispatcher.cpp:551
    frame #120: 0xc37f804a libxul.so`mozilla::EventDispatcher::Dispatch(aTarget=<unavailable>, aPresContext=<unavailable>, aEvent=<unavailable>, aDOMEvent=<unavailable>, aEventStatus=0xc74fa8c4, aCallback=0x00000000, aTargets=0x00000000) at EventDispatcher.cpp:1046
    frame #121: 0xc3dc9716 libxul.so`nsDocumentViewer::LoadComplete(this=0xb2a30d40, aStatus=<unavailable>) at nsDocumentViewer.cpp:1098
    frame #122: 0xc447c27c libxul.so`nsDocShell::EndPageLoad(this=0xb330d800, aProgress=<unavailable>, aChannel=<unavailable>, aStatus=NS_OK) at nsDocShell.cpp:6596
    frame #123: 0xc447c0b2 libxul.so`nsDocShell::OnStateChange(this=0xb330d800, aProgress=0xb330d800, aRequest=0xb358f160, aStateFlags=<unavailable>, aStatus=NS_OK) at nsDocShell.cpp:6397
    frame #124: 0xc447c96e libxul.so`non-virtual thunk to nsDocShell::OnStateChange(this=<unavailable>, aProgress=<unavailable>, aRequest=<unavailable>, aStateFlags=<unavailable>, aStatus=NS_OK) at nsDocShell.cpp:0
    frame #125: 0xc2edd5ce libxul.so`nsDocLoader::DoFireOnStateChange(this=0xb330d800, aProgress=0xb330d800, aRequest=0xb358f160, aStateFlags=0xc74fad08, aStatus=NS_OK) at nsDocLoader.cpp:1313
    frame #126: 0xc2edd3b0 libxul.so`nsDocLoader::doStopDocumentLoad(this=<unavailable>, request=0xb358f160, aStatus=<unavailable>) at nsDocLoader.cpp:872
    frame #127: 0xc2edc9e8 libxul.so`nsDocLoader::DocLoaderIsEmpty(this=0xb330d800, aFlushLayout=<unavailable>) at nsDocLoader.cpp:710
    frame #128: 0xc2edd126 libxul.so`nsDocLoader::OnStopRequest(this=0xb330d800, aRequest=0xb2f87e18, aStatus=<unavailable>) at nsDocLoader.cpp:598
    frame #129: 0xc2edd334 libxul.so`non-virtual thunk to nsDocLoader::OnStopRequest(this=<unavailable>, aRequest=<unavailable>, aStatus=<unavailable>) at nsDocLoader.cpp:0
    frame #130: 0xc28f57de libxul.so`mozilla::net::nsLoadGroup::RemoveRequest(this=0xb2a29500, request=<unavailable>, ctxt=<unavailable>, aStatus=<unavailable>) at nsLoadGroup.cpp:568
    frame #131: 0xc31ca7de libxul.so`mozilla::dom::Document::DoUnblockOnload(this=<unavailable>) at Document.cpp:7831
    frame #132: 0xc31c5f26 libxul.so`mozilla::dom::Document::DispatchContentLoadedEvents(this=<unavailable>) at Document.cpp:4891
    frame #133: 0xc31c6220 libxul.so`mozilla::dom::Document::EndLoad(this=0xb2a1a000) at Document.cpp:5010
    frame #134: 0xc3b13108 libxul.so`mozilla::dom::PrototypeDocumentContentSink::DoneWalking(this=0xb2a3ed30) at PrototypeDocumentContentSink.cpp:636
    frame #135: 0xc3b13042 libxul.so`mozilla::dom::PrototypeDocumentContentSink::MaybeDoneWalking(this=<unavailable>) at PrototypeDocumentContentSink.cpp:593
    frame #136: 0xc3b129ec libxul.so`mozilla::dom::PrototypeDocumentContentSink::ResumeWalk(this=0xb2a3ed30) at PrototypeDocumentContentSink.cpp:576
    frame #137: 0xc3b1341e libxul.so`mozilla::dom::PrototypeDocumentContentSink::OnScriptCompileComplete(this=0xb2a3ed30, aScript=<unavailable>, aStatus=NS_OK) at PrototypeDocumentContentSink.cpp:898
    frame #138: 0xc3bfffc0 libxul.so`NotifyOffThreadScriptCompletedRunnable::Run(this=<unavailable>) at nsXULElement.cpp:2086
    frame #139: 0xc289dcaa libxul.so`nsThread::ProcessNextEvent(this=0xc7522a00, aMayWait=<unavailable>, aResult=<unavailable>) at nsThread.cpp:1180
    frame #140: 0xc289ea4a libxul.so`NS_ProcessNextEvent(aThread=<unavailable>, aMayWait=true) at nsThreadUtils.cpp:486
    frame #141: 0xc2bb3e06 libxul.so`mozilla::ipc::MessagePump::Run(this=0xc75082b0, aDelegate=0xc7562030) at MessagePump.cpp:110
    frame #142: 0xc2b79602 libxul.so`MessageLoop::Run() [inlined] MessageLoop::RunInternal(this=<unavailable>) at message_loop.cc:315
    frame #143: 0xc2b795fa libxul.so`MessageLoop::Run() [inlined] MessageLoop::RunHandler(this=<unavailable>) at message_loop.cc:308
    frame #144: 0xc2b795fa libxul.so`MessageLoop::Run(this=<unavailable>) at message_loop.cc:290
    frame #145: 0xc3cb1298 libxul.so`nsBaseAppShell::Run(this=0xc7522d00) at nsBaseAppShell.cpp:137
    frame #146: 0xc45b417c libxul.so`nsAppStartup::Run(this=0xc75ba190) at nsAppStartup.cpp:270
    frame #147: 0xc461c8f8 libxul.so`XREMain::XRE_mainRun(this=0xc74fb7b8) at nsAppRunner.cpp:4587
    frame #148: 0xc461cc9e libxul.so`XREMain::XRE_main(this=0xc74fb7b8, argc=<unavailable>, argv=<unavailable>, aConfig=0xc74fb87c) at nsAppRunner.cpp:4725
    frame #149: 0xc461cf1c libxul.so`XRE_main(argc=<unavailable>, argv=<unavailable>, aConfig=<unavailable>) at nsAppRunner.cpp:4806
    frame #150: 0xc461e766 libxul.so`::GeckoStart(env=<unavailable>, argv=0xc7506160, argc=6, aAppData=0xc78772c4) at nsAndroidStartup.cpp:47
    frame #151: 0xc77a74ec libmozglue.so`::Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun(jenv=0xca4e8100, jc=<unavailable>, jargs=<unavailable>, prefsFd=<unavailable>, prefMapFd=-1, ipcFd=-1, crashFd=-1, crashAnnotationFd=-1) at APKOpen.cpp:371
    frame #152: 0xed2a651a libart.so`art_quick_generic_jni_trampoline + 42
    frame #153: 0xed2a1bc6 libart.so`art_quick_invoke_stub_internal + 70
    frame #154: 0xed62061a libart.so`art_quick_invoke_static_stub + 250
    frame #155: 0xed2aa20e libart.so`art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) + 174
    frame #156: 0xed3ef10c libart.so`art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*) + 284
    frame #157: 0xed3eb054 libart.so`bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) + 528
    frame #158: 0xed3f5e2e libart.so`void art::interpreter::ExecuteSwitchImplCpp<false, false>(art::interpreter::SwitchImplContext*) + 10094
    frame #159: 0xed2a7076 libart.so`ExecuteSwitchImplAsm + 6
    frame #160: 0xed3cbbe8 libart.so`art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.llvm.8650392831108427790) + 468
    frame #161: 0xed3d0a84 libart.so`art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*) + 128
    frame #162: 0xed608f0a libart.so`artQuickToInterpreterBridge + 830
    frame #163: 0xed2a65a4 libart.so`art_quick_to_interpreter_bridge + 36
    frame #164: 0xed2a1bc6 libart.so`art_quick_invoke_stub_internal + 70
    frame #165: 0xed620506 libart.so`art_quick_invoke_stub + 254
    frame #166: 0xed2aa1fc libart.so`art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) + 156
    frame #167: 0xed565676 libart.so`art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*) + 58
    frame #168: 0xed5663b8 libart.so`art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue const*) + 308
    frame #169: 0xed595bb0 libart.so`art::Thread::CreateCallback(void*) + 1140
    frame #170: 0xee35b2f0 libc.so`__pthread_start(void*) + 22
    frame #171: 0xee315b84 libc.so`__start_thread + 32

Ah, indeed strlen() seems to be going into the weeds, so this IFUNC stuff is likely in play.

So libfreebl3 is being loaded via the system linker because that's what we try first for the dlopen("libfreebl3") case (no path). I hacked it to load via the custom linker and I get the same crash.

In reference to strlen() going into the weeds, the strlen() here[0] returns a ridiculous result (like -271958475), so I assume it's not really pointing to strlen().

[0] https://searchfox.org/mozilla-central/rev/8d78f219702286c873860f39f9ed78bad1a6d062/security/nss/lib/softoken/pkcs11.c#539

(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) (he/him) from comment #32)

So libfreebl3 is being loaded via the system linker because that's what we try first for the dlopen("libfreebl3") case (no path). I hacked it to load via the custom linker and I get the same crash.

The problem is that NSS itself derives the libfreebl3 path from the path to libsoftokn3, so dlopen("libfreebl3") shouldn't be happening in the first place. So if you could figure out where that unqualified dlopen comes from and why, that'd be great.

Separately, could you attach here, or send me, the /bionic/lib/libc.so file from the OS?

The dlopen is happening from NSS:

* thread #26, name = 'Gecko', stop reason = breakpoint 2.1
  * frame #0: 0xeec6b7b0 libart.so`art_sigsegv_fault
    frame #1: 0xeec6baee libart.so`art::FaultManager::HandleFault(int, siginfo*, void*) + 230
    frame #2: 0xaf234480 app_process32
    frame #3: 0xefca292c libc.so
    frame #4: 0xc8f1ba1a libmozglue.so`ElfLoader::Load(char const*, int, LibHandle*) [inlined] AnnotateMozCrashReason(reason=<unavailable>) at Assertions.h:38
    frame #5: 0xc8f1ba08 libmozglue.so`ElfLoader::Load(this=<unavailable>, path="libfreebl3.so", flags=0, parent=0x00000000) at ElfLoader.cpp:488
    frame #6: 0xc8f1b75a libmozglue.so`::__wrap_dlopen(path=<unavailable>, flags=<unavailable>) at ElfLoader.cpp:64
    frame #7: 0xc7d64df6 libnss3.so`PR_LoadLibraryWithFlags at prlink.c:803
    frame #8: 0xc7d64db0 libnss3.so`PR_LoadLibraryWithFlags(libSpec=<unavailable>, flags=10) at prlink.c:418
    frame #9: 0xcb325676 libsoftokn3.so`freebl_LoadDSO at loader.c:46
    frame #10: 0xc7d66c8c libnss3.so`PR_CallOnce(once=0xcb341018, func=<unavailable>) at prinit.c:778
    frame #11: 0xcb3231b2 libsoftokn3.so`RNG_RNGInit at loader.c:728
    frame #12: 0xcb32c29e libsoftokn3.so`nsc_CommonInitialize(pReserved=0xc8bf6ea0, isFIPS=0) at pkcs11.c:2994
    frame #13: 0xcb32c4d6 libsoftokn3.so`NSC_Initialize(pReserved=0xc8bf6ea0) at pkcs11.c:3122
    frame #14: 0xc7d9cfce libnss3.so`secmod_ModuleInit(mod=0xb4224010, reload=0xc8bf6f80, alreadyLoaded=0xc8bf6ef4) at pk11load.c:244
    frame #15: 0xc7d9d384 libnss3.so`secmod_LoadPKCS11Module(mod=0xb4224010, oldModule=0xc8bf6f80) at pk11load.c:503
    frame #16: 0xc7da4536 libnss3.so`SECMOD_LoadModule(modulespec="library= name=\"NSS Internal PKCS #11 Module\" NSS=\"Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})\" parameters=\"configdir='sql:/data/user/0/org.mozilla.fennec_snorp/files/mozilla/8k3742bq.default' certPrefix='' keyPrefix='' secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' \"", parent=<unavailable>, recurse=<unavailable>) at pk11pars.c:1840
    frame #17: 0xc7da45dc libnss3.so`SECMOD_LoadModule(modulespec="name=\"NSS Internal Module\" parameters=\"configdir='sql:/data/user/0/org.mozilla.fennec_snorp/files/mozilla/8k3742bq.default' certPrefix='' keyPrefix='' secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' \" NSS=\"flags=internal,moduleDB,moduleDBOnly,critical,defaultModDB,internalKeySlot\"", parent=<unavailable>, recurse=<unavailable>) at pk11pars.c:1876
    frame #18: 0xc7d869ac libnss3.so`nss_Init [inlined] nss_InitModules(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName=<unavailable>, updateDir=<unavailable>, updCertPrefix=<unavailable>, updKeyPrefix=<unavailable>, updateID=<unavailable>, updateName=<unavailable>, configName=<unavailable>, configStrings=<unavailable>, pwRequired=<unavailable>, readOnly=<unavailable>, noCertDB=<unavailable>, noModDB=<unavailable>, forceOpen=<unavailable>, optimizeSpace=<unavailable>) at nssinit.c:464
    frame #19: 0xc7d866f6 libnss3.so`nss_Init(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName="secmod.db", updateDir="", updCertPrefix="", updKeyPrefix="", updateID="", updateName="", initContextPtr=0x00000000, initParams=0x00000000, readOnly=0, noCertDB=0, noModDB=0, forceOpen=0, noRootInit=1, optimizeSpace=1, noSingleThreadedModules=0, allowAlreadyInitializedModules=0, dontFinalizeModules=0) at nssinit.c:689
    frame #20: 0xc7d86c5c libnss3.so`NSS_Initialize(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName=<unavailable>, flags=48) at nssinit.c:889
    frame #21: 0xc3f2e7ee libxul.so`mozilla::psm::InitializeNSS(dir=<unavailable>, readOnly=false, loadPKCS11Modules=true) at NSSCertDBTrustDomain.cpp:1118
    frame #22: 0xc5c4035a libxul.so`nsNSSComponent::InitializeNSS() [inlined] InitializeNSSWithFallbacks(profilePath=<unavailable>) at nsNSSComponent.cpp:1585
    frame #23: 0xc5c40354 libxul.so`nsNSSComponent::InitializeNSS(this=0xaf7a3640) at nsNSSComponent.cpp:1696
    frame #24: 0xc5c40a1e libxul.so`nsNSSComponent::Init(this=0xaf7a3640) at nsNSSComponent.cpp:1877
    frame #25: 0xc3f8739e libxul.so`mozilla::xpcom::CreateInstanceImpl(aID=<unavailable>, aOuter=<unavailable>, aIID=0xc3a84f1c, aResult=<unavailable>) at StaticComponents.cpp:7596
    frame #26: 0xc3f90abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc8bf73ec) at nsComponentManager.cpp:220
    frame #27: 0xc3f90aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc8c023a0, aLock=<unavailable>, aEntry=0xc8bf7430, aIID=0xc3a84f1c, aResult=0xc8bf7474)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
    frame #28: 0xc3f8f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc8c023a0, aContractID="@mozilla.org/psm;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
    frame #29: 0xc3f91ef0 libxul.so`nsGetServiceByContractID::operator(this=<unavailable>, aIID=<unavailable>, aInstancePtr=0xc8bf7474)(nsID const&, void**) const at nsComponentManagerUtils.cpp:243
    frame #30: 0xc3f4e4d6 libxul.so`nsCOMPtr_base::assign_from_gs_contractid(this=0xc8bf74a4, aGS=(mContractID = "@mozilla.org/psm;1"), aIID=<unavailable>) at nsCOMPtr.cpp:82
    frame #31: 0xc3f92118 libxul.so`nsCOMPtr<nsISupports>::nsCOMPtr(this=0xc8bf74a4, aGS=<unavailable>) at nsCOMPtr.h:948
    frame #32: 0xc5c3f4bc libxul.so`EnsureNSSInitializedChromeOrContent() at nsNSSComponent.cpp:114
    frame #33: 0xc5c43fc4 libxul.so`nsresult mozilla::psm::NSSConstructor<nsPK11TokenDB>(nsISupports*, nsID const&, void**) [inlined] nsresult mozilla::psm::Constructor<nsPK11TokenDB, (nsresult (nsPK11TokenDB::*)())0, (mozilla::psm::ProcessRestriction)0, (mozilla::psm::ThreadRestriction)1>(aOuter=<unavailable>, aIID=0xc8bf7584, aResult=<unavailable>) at nsNSSModule.cpp:94
    frame #34: 0xc5c43fb2 libxul.so`nsresult mozilla::psm::NSSConstructor<nsPK11TokenDB>(aOuter=<unavailable>, aIID=0xc8bf7584, aResult=<unavailable>) at nsNSSModule.cpp:131
    frame #35: 0xc3f90abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc8bf74f4) at nsComponentManager.cpp:220
    frame #36: 0xc3f90aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc8c023a0, aLock=<unavailable>, aEntry=0xc8bf7538, aIID=0xc8bf7584, aResult=0xc8bf7570)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
    frame #37: 0xc3f8f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc8c023a0, aContractID="@mozilla.org/security/pk11tokendb;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
    frame #38: 0xc4506064 libxul.so`xpc::CIGSHelper(aCx=0xbee0f800, aArgc=<unavailable>, aVp=0xb4edb4c8, aGetService=<unavailable>) at XPCJSID.cpp:512
    frame #39: 0xc5dda7cc libxul.so`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [inlined] CallJSNative(cx=<unavailable>, native=(libxul.so`xpc::CID_GetService(JSContext*, unsigned int, JS::Value*) + 1 at XPCJSID.cpp:537), args=<unavailable>)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) at Interpreter.cpp:442
    frame #40: 0xc5dda7bc libxul.so`js::InternalCallOrConstruct(cx=0xbee0f800, args=0xc8bf7870, construct=<unavailable>) at Interpreter.cpp:534
    frame #41: 0xc5ddace0 libxul.so`InternalCall(cx=0xbee0f800, args=0xc8bf7870) at Interpreter.cpp:589
    frame #42: 0xc5dd6d2e libxul.so`Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=<unavailable>, args=0xb4edb4d8) at Interpreter.cpp:593
    frame #43: 0xc5dd6d26 libxul.so`Interpret(cx=<unavailable>, state=0xc8bf79bc) at Interpreter.cpp:3075
    frame #44: 0xc5dd1af4 libxul.so`js::RunScript(cx=0xbee0f800, state=0xc8bf79bc) at Interpreter.cpp:422
    frame #45: 0xc5dda972 libxul.so`js::InternalCallOrConstruct(cx=0xbee0f800, args=0xc8bf7a80, construct=<unavailable>) at Interpreter.cpp:562
    frame #46: 0xc5ddaeee libxul.so`InternalConstruct(cx=0xbee0f800, args=0xc8bf7a80) at Interpreter.cpp:635
    frame #47: 0xc5ddb24c libxul.so`js::Construct(cx=<unavailable>, fval=<unavailable>, args=0xc8bf7a80, newTarget=<unavailable>, objp=<unavailable>) at Interpreter.cpp:690
    frame #48: 0xc6026b80 libxul.so`JS::Construct(cx=0xbee0f800, fval=<unavailable>, args=0xc8bf7b84, objp=<unavailable>) at jsapi.cpp:2671
    frame #49: 0xc3f8a3e0 libxul.so`mozilla::xpcom::ConstructJSMComponent(aURI=<unavailable>, aConstructor="LoginManagerCrypto_SDR", aResult=0xc8bf7c30) at StaticComponents.cpp:1337
    frame #50: 0xc3f89e5c libxul.so`mozilla::xpcom::CreateInstanceImpl(aID=<unavailable>, aOuter=<unavailable>, aIID=0xc8bf7cf4, aResult=<unavailable>) at StaticComponents.cpp:0
    frame #51: 0xc3f90abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc8bf7c64) at nsComponentManager.cpp:220
    frame #52: 0xc3f90aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc8c023a0, aLock=<unavailable>, aEntry=0xc8bf7ca8, aIID=0xc8bf7cf4, aResult=0xc8bf7ce0)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
    frame #53: 0xc3f8f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc8c023a0, aContractID="@mozilla.org/login-manager/crypto/SDR;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
Duplicate of this bug: 1535139

(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) (he/him) from comment #36)

The dlopen is happening from NSS:

* thread #26, name = 'Gecko', stop reason = breakpoint 2.1
  * frame #0: 0xeec6b7b0 libart.so`art_sigsegv_fault
    frame #1: 0xeec6baee libart.so`art::FaultManager::HandleFault(int, siginfo*, void*) + 230
    frame #2: 0xaf234480 app_process32
    frame #3: 0xefca292c libc.so
    frame #4: 0xc8f1ba1a libmozglue.so`ElfLoader::Load(char const*, int, LibHandle*) [inlined] AnnotateMozCrashReason(reason=<unavailable>) at Assertions.h:38
    frame #5: 0xc8f1ba08 libmozglue.so`ElfLoader::Load(this=<unavailable>, path="libfreebl3.so", flags=0, parent=0x00000000) at ElfLoader.cpp:488
    frame #6: 0xc8f1b75a libmozglue.so`::__wrap_dlopen(path=<unavailable>, flags=<unavailable>) at ElfLoader.cpp:64
    frame #7: 0xc7d64df6 libnss3.so`PR_LoadLibraryWithFlags at prlink.c:803
    frame #8: 0xc7d64db0 libnss3.so`PR_LoadLibraryWithFlags(libSpec=<unavailable>, flags=10) at prlink.c:418

O_o Can you try the apk from comment 26 and check its logcat, and/or try the corresponding changes locally (https://hg.mozilla.org/try/rev/33837eb7aa0b36902d344523f794c327523f8d3d/)

I think there are overall two different problems at stake, and one of them would be in the OS. At this point, I guess I should just try to run this all locally, since AIUI, it happens in the emulator? How can I get this running? It looks like the Android SDK changed a lot and I have no clue.

Those logs are not doing dlopen("libfreedl3.so") :(

Flags: needinfo?(snorp)

(In reply to Mike Hommey [:glandium] from comment #23)

We're not building against libraries that use IFUNC, so we shouldn't end up with IFUNC/IRELATIVE relocations in our libraries. And we shouldn't be loading system libraries with our linker ; those should be loaded by the system linker, which supports the IFUNC/IRELATIVE relocations system libraries might have.

Aha! I had forgotten we actually use our symbol resolution for libc and libm, unlike other system libraries. Now, the reason we did that is that we couldn't resolve weak symbols with dlsym. That was actually solved in bionic... in 2014... https://issuetracker.google.com/issues/36996100. It seems that shipped in Lollipop.

I'm going to file a bug to make us stop doing that when running on a version of Android where we don't need to, which will mechanically solve the IFUNC problem.

We can keep this bug for the freebl problem.

Filed bug 1543555.

FWIW, one reason I don't want to fix the issue by implementing IFUNC in the linker is that more and more I'm thinking of retiring the linker for a variety of reasons, and I don't really want to add features to it as a consequence.

Doh, of course, this is all inter-related. The reason why we end up doing dlopen("libfreebl3.so") is because loader_LoadLibInReferenceDir uses strlen, which doesn't return the actual length, but a pointer. The result of that strlen is used to allocate memory, so the malloc looks like it wants gigantic amounts of memory, which fails, so it returns null, and we end up in the fallback case without using the full path.

Considering bug 1543555 has a patch, I'm dupe'ing forward.

Status: NEW → RESOLVED
Closed: 8 months ago
Flags: needinfo?(snorp)
Resolution: --- → DUPLICATE
Duplicate of bug: 1543555

(In reply to Mike Hommey [:glandium] from comment #45)

Filed bug 1543555.

FWIW, one reason I don't want to fix the issue by implementing IFUNC in the linker is that more and more I'm thinking of retiring the linker for a variety of reasons, and I don't really want to add features to it as a consequence.

I was thinking this too. We aren't getting the utility from it that we once did, and the system linker is much better than it used to be.

No longer blocks: android-q
You need to log in before you can comment on or make changes to this bug.