Closed
Bug 1535196
Opened 6 years ago
Closed 6 years ago
ARMv7 builds of Fennec/GeckoView crash on startup using Android Q - AArch64 works
Categories
(Firefox for Android Graveyard :: General, defect, P1)
Tracking
(firefox65 wontfix, firefox66 wontfix, firefox67 fixed, firefox68 fixed)
RESOLVED
DUPLICATE
of bug 1543555
People
(Reporter: maxcalvino, Unassigned)
References
Details
(Keywords: regression, Whiteboard: [geckoview:fenix:p2])
Attachments
(9 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
Steps to reproduce:
- Open Firefox
Actual results:
- The app to opens but immediately crashes
Expected results:
- The app to open with out crashing.
|
Reporter | |
Updated•6 years ago
|
OS: Unspecified → macOS
Hardware: Unspecified → x86_64
|
||
Comment 1•6 years ago
|
||
I see this on my Pixel as well. Firefox and Firefox beta both insta-crash on startup, with no crash reporter. Nightly does work on the same device.
Status: UNCONFIRMED → NEW
status-firefox65:
--- → affected
status-firefox66:
--- → affected
Ever confirmed: true
OS: macOS → Android
|
||
Comment 3•6 years ago
|
||
Hi,
I was able to reproduce on Google Pixel (Android Q), on RC 66.0 build 3 and Beta 66.0b13.
I`ve attached a logcat, maybe it helps.
Thank you!
|
|
||
Updated•6 years ago
|
|
||
Comment 4•6 years ago
|
||
Stefan, could we get someone to investigate this 67 regression? Thanks
Flags: needinfo?(sarentz)
Keywords: regression,
regressionwindow-wanted
|
||
Updated•6 years ago
|
Severity: normal → major
|
|
||
Comment 5•6 years ago
|
||
During triage today we discussed seeing what happens when they push the next developer beta. On my device I don't get crashes with Focus or the Reference browser.
|
||
Comment 6•6 years ago
|
||
Google engineer mentioned that bug 755287 may be related to this crash.
|
|
||
Comment 7•6 years ago
|
||
Starting with Android Q (API level 29), libc uses IFUNC functionality in the dynamic linker to choose optimized assembler routines at run time rather than at build time. This lets us use the same
libc.soon all devices, and is similar to what other OSes already did. Because the zygote uses the C library, this decision is made long before we know what API level an app targets, so all code sees the new IFUNC-using C library. Most apps should be unaffected by this change, but apps that hook or try to detect hooking of C library functions might need to fix their code to cope with IFUNC relocations. The affected functions are from<string.h>, but may expand to include more functions (and more libraries) in future.
|
|
||
Comment 8•6 years ago
|
||
This should go to someone on DavidB's team or maybe glandium.
Flags: needinfo?(sarentz) → needinfo?(dbolter)
(In reply to David Bolter [:davidb] (NeedInfo me for attention) from comment #9)
Possible dupe of bug 1535139?
Nope, that one happens even with m-c.
If 67 works and will be out before Q, do we care about this bug?
Flags: needinfo?(snorp)
|
|
||
Comment 11•6 years ago
|
||
(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) (he/him) from comment #10)
(In reply to David Bolter [:davidb] (NeedInfo me for attention) from comment #9)
Possible dupe of bug 1535139?
Nope, that one happens even with m-c.
If 67 works and will be out before Q, do we care about this bug?
On my device, Firefox beta crashes as well as Firefox release.
|
||
Updated•6 years ago
|
status-firefox68:
--- → affected
|
|
||
Updated•6 years ago
|
|
||
Comment 12•6 years ago
|
||
NI+ Anthony in case this looks like a glandium shaped bug per comment 8
Flags: needinfo?(dbolter) → needinfo?(ajones)
|
|
||
Updated•6 years ago
|
|
||
Comment 13•6 years ago
|
||
(In reply to David Bolter [:davidb] (NeedInfo me for attention) from comment #12)
NI+ Anthony in case this looks like a glandium shaped bug per comment 8
This is definitely a glandium shaped bug. And/or a froydnj shaped bug. Gentlemen, can you read #c7 and tell us what to do?
Flags: needinfo?(nfroyd)
Flags: needinfo?(mh+mozilla)
Flags: needinfo?(ajones)
|
||
Comment 14•6 years ago
|
||
This is also happening in the latest GeckoView Example (68 nightly at the time of writing).
Whiteboard: [geckoview]
|
||
Comment 15•6 years ago
|
||
The logcat unfortunately doesn't contain much, and the only null relocation is for __cxa_type_match, and that shouldn't matter.
The lotcat does say the crashreporter is being summoned... can we find the corresponding crash reports?
Flags: needinfo?(mh+mozilla)
|
|
||
Comment 16•6 years ago
|
||
(In reply to Mike Hommey [:glandium] from comment #15)
The logcat unfortunately doesn't contain much, and the only null relocation is for __cxa_type_match, and that shouldn't matter.
The lotcat does say the crashreporter is being summoned... can we find the corresponding crash reports?
There are very few crash reports in Socorro for Q - I only see 3 for stable and beta: https://bit.ly/2UjSJ2j.
|
|
||
Comment 17•6 years ago
|
||
The reason Nightly is not crashing is that currently all the Q eligible devices are 64-bit arm (aarch64) and that build does not crash on startup. Running an extremely old aarch64 nightly build does not crash on startup. For example 2018-06-01
Keywords: regressionwindow-wanted
|
|
||
Comment 18•6 years ago
|
||
Snorp has a bug on file reporting that the crash reporter is not working on Android Q. bug 1535168
(In reply to Kevin Brosnan [:kbrosnan] from comment #17)
The reason Nightly is not crashing is that currently all the Q eligible devices are 64-bit arm (aarch64) and that build does not crash on startup. Running an extremely old aarch64 nightly build does not crash on startup. For example 2018-06-01
Does a 32 bit nightly crash?
A possibility is to simply ship only 64 bit on the 64 bit Android Q platform.
|
|
||
Comment 20•6 years ago
|
||
Note the crash reporter problem on Q likely won't get looked at until later next week (unless someone steals the bug).
|
||
Comment 21•6 years ago
|
||
Comment 7 and related information suggests that we need to handle st_info == STT_GNU_IFUNC somewhere around here:
https://searchfox.org/mozilla-central/source/mozglue/linker/CustomElf.cpp#644
Otherwise, I think we will wind up treating the ifunc-resolving function as the actual function to call, which is sure to lead to all kinds of pain and sadness.
(Though the initial bionic linker changes for ifuncs:
https://android.googlesource.com/platform/bionic/+/31b88da%5E%21/
suggest that maybe we have to defer STT_GNU_IFUNC relocation resolution until we've done all the other relocations?)
Flags: needinfo?(nfroyd) → needinfo?(mh+mozilla)
Blocks: android-q
|
|
||
Comment 22•6 years ago
|
||
(In reply to Anthony Jones (:ajones, :kentuckyfriedtakahe, :k17e) from comment #19)
(In reply to Kevin Brosnan [:kbrosnan] from comment #17)
The reason Nightly is not crashing is that currently all the Q eligible devices are 64-bit arm (aarch64) and that build does not crash on startup. Running an extremely old aarch64 nightly build does not crash on startup. For example 2018-06-01
Does a 32 bit nightly crash?
Yes.
A possibility is to simply ship only 64 bit on the 64 bit Android Q platform.
We don't know that all Android Q devices will be 64 bit
|
|
||
Comment 23•6 years ago
|
||
We're not building against libraries that use IFUNC, so we shouldn't end up with IFUNC/IRELATIVE relocations in our libraries. And we shouldn't be loading system libraries with our linker ; those should be loaded by the system linker, which supports the IFUNC/IRELATIVE relocations system libraries might have.
Can one of the people who can reproduce the issue try starting with MOZ_DEBUG_LINKER set in the environment (https://wiki.mozilla.org/Mobile/Fennec/Android/AdvancedTopics#Arguments_and_Environment_Variables), and attach the resulting logcat? That should give a little more light. If that's not enough, I'll file a separate bug to add some more logging.
Flags: needinfo?(mh+mozilla)
|
|
||
Comment 25•6 years ago
|
||
04-02 19:03:06.328 12076 12099 I GeckoLinker: dlopen("libfreebl3.so", 0x0) = 0xc5c9a24b
04-02 19:03:06.328 12076 12099 I GeckoLinker: ElfLoader::Load("libfreebl3.so", 0x0, 0x0 [""]) = 0xbde7d440
04-02 19:03:06.328 12076 12099 I GeckoLinker: dlsym(0xc5c9a24b ["libfreebl3.so"], "FREEBL_GetVector") = 0xbd8ca79d
Aha! For some reason libfreebl3 is not loaded through CustomElf::Load, which suggests there's a libfreebl3.so library in Android Q?
Flags: needinfo?(mh+mozilla)
|
|
||
Comment 26•6 years ago
|
||
Could you attach the logcat from starting this build from try? https://queue.taskcluster.net/v1/task/UZkgd3rCQfankWcCxpIvww/runs/0/artifacts/public/build/target.apk
|
|
||
Updated•6 years ago
|
Whiteboard: [geckoview] → [geckoview:fenix:p2]
|
|
||
Comment 28•6 years ago
|
||
Huh. It didn't fail the same way at all. libfreebl3 was loaded with our linker... and that still crashed. And that build was specifically instrumented to find out why it would load libfreebl3 with the system linker :(
So we're back to square one. Without crash reports, there's not much to say about this.
Flags: needinfo?(mh+mozilla)
|
||
Comment 29•6 years ago
|
||
I have a locally built nightly that crashes on startup that I can make any changes you need to test things (and a Pixel 3 with Q to test)
Here's my logcat.
|
|
||
Updated•6 years ago
|
Summary: Firefox Stable crashes each time is open in Android Q Developer Preview but Firefox Nightly works → ARMv7 builds of Fennec/GeckoView crash on startup using Android Q - AArch64 works
I can repro with a local build on my Pixel 2. Stack follows:
* thread #27, name = 'Gecko', stop reason = breakpoint 2.1
* frame #0: 0xed3317b0 libart.so`art_sigsegv_fault
frame #1: 0xed331aee libart.so`art::FaultManager::HandleFault(int, siginfo*, void*) + 230
frame #2: 0xb0dd0480 app_process32
frame #3: 0xee30f92c libc.so
frame #4: 0xee3127d0 libc.so`__memcpy_base_a55 + 248
frame #5: 0xc9d92b62 libsoftokn3.so`sftk_setStringName(inString="NSS Internal Cryptographic Services ", buffer="NSS Internal Cryptographic Services ", buffer_length=<unavailable>, nullTerminate=1) at pkcs11.c:581
frame #6: 0xc9d92d50 libsoftokn3.so`SFTK_SlotInit(configdir=<unavailable>, updatedir=<unavailable>, updateID=<unavailable>, params=<unavailable>, moduleIndex=0) at pkcs11.c:2602
frame #7: 0xc9d933b2 libsoftokn3.so`nsc_CommonInitialize(pReserved=<unavailable>, isFIPS=<unavailable>) at pkcs11.c:3059
frame #8: 0xc9d934d6 libsoftokn3.so`NSC_Initialize(pReserved=0xc74f6ea0) at pkcs11.c:3122
frame #9: 0xc669cfce libnss3.so`secmod_ModuleInit(mod=0xb331d010, reload=0xc74f6f80, alreadyLoaded=0xc74f6ef4) at pk11load.c:244
frame #10: 0xc669d384 libnss3.so`secmod_LoadPKCS11Module(mod=0xb331d010, oldModule=0xc74f6f80) at pk11load.c:503
frame #11: 0xc66a4536 libnss3.so`SECMOD_LoadModule(modulespec="library= name=\"NSS Internal PKCS #11 Module\" NSS=\"Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})\" parameters=\"configdir='sql:/data/user/0/org.mozilla.fennec_snorp/files/mozilla/8k3742bq.default' certPrefix='' keyPrefix='' secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' \"", parent=<unavailable>, recurse=<unavailable>) at pk11pars.c:1840
frame #12: 0xc66a45dc libnss3.so`SECMOD_LoadModule(modulespec="name=\"NSS Internal Module\" parameters=\"configdir='sql:/data/user/0/org.mozilla.fennec_snorp/files/mozilla/8k3742bq.default' certPrefix='' keyPrefix='' secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' \" NSS=\"flags=internal,moduleDB,moduleDBOnly,critical,defaultModDB,internalKeySlot\"", parent=<unavailable>, recurse=<unavailable>) at pk11pars.c:1876
frame #13: 0xc66869ac libnss3.so`nss_Init [inlined] nss_InitModules(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName=<unavailable>, updateDir=<unavailable>, updCertPrefix=<unavailable>, updKeyPrefix=<unavailable>, updateID=<unavailable>, updateName=<unavailable>, configName=<unavailable>, configStrings=<unavailable>, pwRequired=<unavailable>, readOnly=<unavailable>, noCertDB=<unavailable>, noModDB=<unavailable>, forceOpen=<unavailable>, optimizeSpace=<unavailable>) at nssinit.c:464
frame #14: 0xc66866f6 libnss3.so`nss_Init(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName="secmod.db", updateDir="", updCertPrefix="", updKeyPrefix="", updateID="", updateName="", initContextPtr=0x00000000, initParams=0x00000000, readOnly=0, noCertDB=0, noModDB=0, forceOpen=0, noRootInit=1, optimizeSpace=1, noSingleThreadedModules=0, allowAlreadyInitializedModules=0, dontFinalizeModules=0) at nssinit.c:689
frame #15: 0xc6686c5c libnss3.so`NSS_Initialize(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName=<unavailable>, flags=48) at nssinit.c:889
frame #16: 0xc282e7ee libxul.so`mozilla::psm::InitializeNSS(dir=<unavailable>, readOnly=false, loadPKCS11Modules=true) at NSSCertDBTrustDomain.cpp:1118
frame #17: 0xc454035a libxul.so`nsNSSComponent::InitializeNSS() [inlined] InitializeNSSWithFallbacks(profilePath=<unavailable>) at nsNSSComponent.cpp:1585
frame #18: 0xc4540354 libxul.so`nsNSSComponent::InitializeNSS(this=0xb0ea2640) at nsNSSComponent.cpp:1696
frame #19: 0xc4540a1e libxul.so`nsNSSComponent::Init(this=0xb0ea2640) at nsNSSComponent.cpp:1877
frame #20: 0xc288739e libxul.so`mozilla::xpcom::CreateInstanceImpl(aID=<unavailable>, aOuter=<unavailable>, aIID=0xc2384f1c, aResult=<unavailable>) at StaticComponents.cpp:7596
frame #21: 0xc2890abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc74f73ec) at nsComponentManager.cpp:220
frame #22: 0xc2890aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc75023a0, aLock=<unavailable>, aEntry=0xc74f7430, aIID=0xc2384f1c, aResult=0xc74f7474)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
frame #23: 0xc288f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc75023a0, aContractID="@mozilla.org/psm;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
frame #24: 0xc2891ef0 libxul.so`nsGetServiceByContractID::operator(this=<unavailable>, aIID=<unavailable>, aInstancePtr=0xc74f7474)(nsID const&, void**) const at nsComponentManagerUtils.cpp:243
frame #25: 0xc284e4d6 libxul.so`nsCOMPtr_base::assign_from_gs_contractid(this=0xc74f74a4, aGS=(mContractID = "@mozilla.org/psm;1"), aIID=<unavailable>) at nsCOMPtr.cpp:82
frame #26: 0xc2892118 libxul.so`nsCOMPtr<nsISupports>::nsCOMPtr(this=0xc74f74a4, aGS=<unavailable>) at nsCOMPtr.h:948
frame #27: 0xc453f4bc libxul.so`EnsureNSSInitializedChromeOrContent() at nsNSSComponent.cpp:114
frame #28: 0xc4543fc4 libxul.so`nsresult mozilla::psm::NSSConstructor<nsPK11TokenDB>(nsISupports*, nsID const&, void**) [inlined] nsresult mozilla::psm::Constructor<nsPK11TokenDB, (nsresult (nsPK11TokenDB::*)())0, (mozilla::psm::ProcessRestriction)0, (mozilla::psm::ThreadRestriction)1>(aOuter=<unavailable>, aIID=0xc74f7584, aResult=<unavailable>) at nsNSSModule.cpp:94
frame #29: 0xc4543fb2 libxul.so`nsresult mozilla::psm::NSSConstructor<nsPK11TokenDB>(aOuter=<unavailable>, aIID=0xc74f7584, aResult=<unavailable>) at nsNSSModule.cpp:131
frame #30: 0xc2890abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc74f74f4) at nsComponentManager.cpp:220
frame #31: 0xc2890aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc75023a0, aLock=<unavailable>, aEntry=0xc74f7538, aIID=0xc74f7584, aResult=0xc74f7570)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
frame #32: 0xc288f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc75023a0, aContractID="@mozilla.org/security/pk11tokendb;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
frame #33: 0xc2e06064 libxul.so`xpc::CIGSHelper(aCx=0xbd70f800, aArgc=<unavailable>, aVp=0xb37db4c8, aGetService=<unavailable>) at XPCJSID.cpp:512
frame #34: 0xc46da7cc libxul.so`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [inlined] CallJSNative(cx=<unavailable>, native=(libxul.so`xpc::CID_GetService(JSContext*, unsigned int, JS::Value*) + 1 at XPCJSID.cpp:537), args=<unavailable>)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) at Interpreter.cpp:442
frame #35: 0xc46da7bc libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f7870, construct=<unavailable>) at Interpreter.cpp:534
frame #36: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f7870) at Interpreter.cpp:589
frame #37: 0xc46d6d2e libxul.so`Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=<unavailable>, args=0xb37db4d8) at Interpreter.cpp:593
frame #38: 0xc46d6d26 libxul.so`Interpret(cx=<unavailable>, state=0xc74f79bc) at Interpreter.cpp:3075
frame #39: 0xc46d1af4 libxul.so`js::RunScript(cx=0xbd70f800, state=0xc74f79bc) at Interpreter.cpp:422
frame #40: 0xc46da972 libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f7a80, construct=<unavailable>) at Interpreter.cpp:562
frame #41: 0xc46daeee libxul.so`InternalConstruct(cx=0xbd70f800, args=0xc74f7a80) at Interpreter.cpp:635
frame #42: 0xc46db24c libxul.so`js::Construct(cx=<unavailable>, fval=<unavailable>, args=0xc74f7a80, newTarget=<unavailable>, objp=<unavailable>) at Interpreter.cpp:690
frame #43: 0xc4926b80 libxul.so`JS::Construct(cx=0xbd70f800, fval=<unavailable>, args=0xc74f7b84, objp=<unavailable>) at jsapi.cpp:2671
frame #44: 0xc288a3e0 libxul.so`mozilla::xpcom::ConstructJSMComponent(aURI=<unavailable>, aConstructor="LoginManagerCrypto_SDR", aResult=0xc74f7c30) at StaticComponents.cpp:1337
frame #45: 0xc2889e5c libxul.so`mozilla::xpcom::CreateInstanceImpl(aID=<unavailable>, aOuter=<unavailable>, aIID=0xc74f7cf4, aResult=<unavailable>) at StaticComponents.cpp:0
frame #46: 0xc2890abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc74f7c64) at nsComponentManager.cpp:220
frame #47: 0xc2890aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc75023a0, aLock=<unavailable>, aEntry=0xc74f7ca8, aIID=0xc74f7cf4, aResult=0xc74f7ce0)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
frame #48: 0xc288f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc75023a0, aContractID="@mozilla.org/login-manager/crypto/SDR;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
frame #49: 0xc2e06064 libxul.so`xpc::CIGSHelper(aCx=0xbd70f800, aArgc=<unavailable>, aVp=0xb37db3f0, aGetService=<unavailable>) at XPCJSID.cpp:512
frame #50: 0xc46da7cc libxul.so`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [inlined] CallJSNative(cx=<unavailable>, native=(libxul.so`xpc::CID_GetService(JSContext*, unsigned int, JS::Value*) + 1 at XPCJSID.cpp:537), args=<unavailable>)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) at Interpreter.cpp:442
frame #51: 0xc46da7bc libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f7fe0, construct=<unavailable>) at Interpreter.cpp:534
frame #52: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f7fe0) at Interpreter.cpp:589
frame #53: 0xc46d6d2e libxul.so`Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=<unavailable>, args=0xb37db400) at Interpreter.cpp:593
frame #54: 0xc46d6d26 libxul.so`Interpret(cx=<unavailable>, state=0xc74f812c) at Interpreter.cpp:3075
frame #55: 0xc46d1af4 libxul.so`js::RunScript(cx=0xbd70f800, state=0xc74f812c) at Interpreter.cpp:422
frame #56: 0xc46da972 libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f8198, construct=<unavailable>) at Interpreter.cpp:562
frame #57: 0xc46db374 libxul.so`js::CallGetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) [inlined] InternalCall(cx=<unavailable>, args=0xc74f81c8) at Interpreter.cpp:589
frame #58: 0xc46db322 libxul.so`js::CallGetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) [inlined] js::Call(cx=<unavailable>, fval=<unavailable>, thisv=<unavailable>, args=0xc74f81c8, rval=<unavailable>) at Interpreter.cpp:605
frame #59: 0xc46db30e libxul.so`js::CallGetter(cx=0xbd70f800, thisv=<unavailable>, getter=<unavailable>, rval=<unavailable>) at Interpreter.cpp:729
frame #60: 0xc4809f66 libxul.so`js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) at NativeObject.cpp:2216
frame #61: 0xc4809f2c libxul.so`js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) [inlined] bool GetExistingProperty<(js::AllowGC)1>(cx=<unavailable>, obj=<unavailable>, shape=<unavailable>, vp=<unavailable>)1>::HandleType, js::MaybeRooted<js::NativeObject*, (js::AllowGC)1>::HandleType, js::MaybeRooted<js::Shape*, (js::AllowGC)1>::HandleType, js::MaybeRooted<JS::Value, (js::AllowGC)1>::MutableHandleType) at NativeObject.cpp:2268
frame #62: 0xc4809f1c libxul.so`js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) at NativeObject.cpp:2517
frame #63: 0xc4809e96 libxul.so`js::NativeGetProperty(cx=0xbd70f800, obj=<unavailable>, receiver=<unavailable>, id=<unavailable>, vp=<unavailable>) at NativeObject.cpp:2554
frame #64: 0xc46dc870 libxul.so`js::GetProperty(JSContext*, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) [inlined] js::GetProperty(cx=<unavailable>, obj=<unavailable>) at ObjectOperations-inl.h:117
frame #65: 0xc46dc858 libxul.so`js::GetProperty(JSContext*, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) [inlined] js::GetProperty(cx=<unavailable>, name=<unavailable>) at ObjectOperations-inl.h:124
frame #66: 0xc46dc858 libxul.so`js::GetProperty(cx=0xbd70f800, v=<unavailable>, name=<unavailable>, vp=<unavailable>) at Interpreter.cpp:4485
frame #67: 0xc46d559a libxul.so`Interpret(JSContext*, js::RunState&) [inlined] GetPropertyOperation(cx=<unavailable>, fp=<unavailable>, script=<unavailable>, pc=<unavailable>, lval=<unavailable>) at Interpreter.cpp:215
frame #68: 0xc46d5398 libxul.so`Interpret(cx=<unavailable>, state=0xc74f8634) at Interpreter.cpp:2762
frame #69: 0xc46d1af4 libxul.so`js::RunScript(cx=0xbd70f800, state=0xc74f8634) at Interpreter.cpp:422
frame #70: 0xc46da972 libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f86e0, construct=<unavailable>) at Interpreter.cpp:562
frame #71: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f86e0) at Interpreter.cpp:589
frame #72: 0xc46dad2a libxul.so`js::Call(cx=<unavailable>, fval=<unavailable>, thisv=<unavailable>, args=0xc74f86e0, rval=<unavailable>) at Interpreter.cpp:605
frame #73: 0xc492622a libxul.so`JS_CallFunctionValue(cx=0xbd70f800, obj=<unavailable>, fval=<unavailable>, args=0xc74f8850, rval=<unavailable>) at jsapi.cpp:2558
frame #74: 0xc2e10680 libxul.so`nsXPCWrappedJSClass::CallMethod(wrapper=<unavailable>, methodIndex=<unavailable>, info=0xc23a9704, nativeParams=0xc74f8a98) at XPCWrappedJSClass.cpp:951
frame #75: 0xc28a91b0 libxul.so`::PrepareAndDispatch(self=0xb33ec0b0, methodIndex=<unavailable>, args=<unavailable>) at xptcstubs_arm.cpp:102
frame #76: 0xc28a88dc libxul.so`SharedStub + 16
frame #77: 0xc28a88ac libxul.so`::NS_InvokeByIndex(that=<unavailable>, methodIndex=<unavailable>, paramCount=<unavailable>, params=<unavailable>) at xptcinvoke_arm.cpp:167
frame #78: 0xc2e13612 libxul.so`XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) [inlined] CallMethodHelper::Invoke(this=<unavailable>) at XPCWrappedNative.cpp:1624
frame #79: 0xc2e13602 libxul.so`XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) [inlined] CallMethodHelper::Call(this=0xc74f8be0) at XPCWrappedNative.cpp:1171
frame #80: 0xc2e12fa2 libxul.so`XPCWrappedNative::CallMethod(ccx=<unavailable>, mode=<unavailable>) at XPCWrappedNative.cpp:1137
frame #81: 0xc2e14144 libxul.so`XPC_WN_CallMethod(cx=<unavailable>, argc=<unavailable>, vp=<unavailable>) at XPCWrappedNativeJSOps.cpp:942
frame #82: 0xc46da7cc libxul.so`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [inlined] CallJSNative(cx=<unavailable>, native=(libxul.so`XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) + 1 at XPCWrappedNativeJSOps.cpp:918), args=<unavailable>)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) at Interpreter.cpp:442
frame #83: 0xc46da7bc libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f90b0, construct=<unavailable>) at Interpreter.cpp:534
frame #84: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f90b0) at Interpreter.cpp:589
frame #85: 0xc46d6d2e libxul.so`Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=<unavailable>, args=0xb37db2f0) at Interpreter.cpp:593
frame #86: 0xc46d6d26 libxul.so`Interpret(cx=<unavailable>, state=0xc74f91fc) at Interpreter.cpp:3075
frame #87: 0xc46d1af4 libxul.so`js::RunScript(cx=0xbd70f800, state=0xc74f91fc) at Interpreter.cpp:422
frame #88: 0xc46da972 libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f92a8, construct=<unavailable>) at Interpreter.cpp:562
frame #89: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f92a8) at Interpreter.cpp:589
frame #90: 0xc46dad2a libxul.so`js::Call(cx=<unavailable>, fval=<unavailable>, thisv=<unavailable>, args=0xc74f92a8, rval=<unavailable>) at Interpreter.cpp:605
frame #91: 0xc492622a libxul.so`JS_CallFunctionValue(cx=0xbd70f800, obj=<unavailable>, fval=<unavailable>, args=0xc74f9418, rval=<unavailable>) at jsapi.cpp:2558
frame #92: 0xc2e10680 libxul.so`nsXPCWrappedJSClass::CallMethod(wrapper=<unavailable>, methodIndex=<unavailable>, info=0xc23b467c, nativeParams=0xc74f9660) at XPCWrappedJSClass.cpp:951
frame #93: 0xc28a91b0 libxul.so`::PrepareAndDispatch(self=0xb0e495d0, methodIndex=<unavailable>, args=<unavailable>) at xptcstubs_arm.cpp:102
frame #94: 0xc28a88dc libxul.so`SharedStub + 16
frame #95: 0xc3cd26f2 libxul.so`mozilla::widget::EventDispatcher::DispatchOnGecko(this=<unavailable>, list=0xb0e497c0, aEvent=0xc74f9790, aData=<unavailable>, aCallback=0x00000000) at EventDispatcher.cpp:748
frame #96: 0xc3cd28ca libxul.so`mozilla::widget::EventDispatcher::Dispatch(this=0xc75ba4f0, aEvent=<unavailable>, aData=<unavailable>, aCallback=<unavailable>, aFinalizer=0x00000000, aCx=0xbd70f800) at EventDispatcher.cpp:802
frame #97: 0xc28a88ac libxul.so`::NS_InvokeByIndex(that=<unavailable>, methodIndex=<unavailable>, paramCount=<unavailable>, params=<unavailable>) at xptcinvoke_arm.cpp:167
frame #98: 0xc2e13612 libxul.so`XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) [inlined] CallMethodHelper::Invoke(this=<unavailable>) at XPCWrappedNative.cpp:1624
frame #99: 0xc2e13602 libxul.so`XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) [inlined] CallMethodHelper::Call(this=0xc74f98f0) at XPCWrappedNative.cpp:1171
frame #100: 0xc2e12fa2 libxul.so`XPCWrappedNative::CallMethod(ccx=<unavailable>, mode=<unavailable>) at XPCWrappedNative.cpp:1137
frame #101: 0xc2e14144 libxul.so`XPC_WN_CallMethod(cx=<unavailable>, argc=<unavailable>, vp=<unavailable>) at XPCWrappedNativeJSOps.cpp:942
frame #102: 0xc46da7cc libxul.so`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [inlined] CallJSNative(cx=<unavailable>, native=(libxul.so`XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) + 1 at XPCWrappedNativeJSOps.cpp:918), args=<unavailable>)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) at Interpreter.cpp:442
frame #103: 0xc46da7bc libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f9dc0, construct=<unavailable>) at Interpreter.cpp:534
frame #104: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f9dc0) at Interpreter.cpp:589
frame #105: 0xc46d6d2e libxul.so`Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=<unavailable>, args=0xb37db238) at Interpreter.cpp:593
frame #106: 0xc46d6d26 libxul.so`Interpret(cx=<unavailable>, state=0xc74f9f0c) at Interpreter.cpp:3075
frame #107: 0xc46d1af4 libxul.so`js::RunScript(cx=0xbd70f800, state=0xc74f9f0c) at Interpreter.cpp:422
frame #108: 0xc46da972 libxul.so`js::InternalCallOrConstruct(cx=0xbd70f800, args=0xc74f9fb8, construct=<unavailable>) at Interpreter.cpp:562
frame #109: 0xc46dace0 libxul.so`InternalCall(cx=0xbd70f800, args=0xc74f9fb8) at Interpreter.cpp:589
frame #110: 0xc46dad2a libxul.so`js::Call(cx=<unavailable>, fval=<unavailable>, thisv=<unavailable>, args=0xc74f9fb8, rval=<unavailable>) at Interpreter.cpp:605
frame #111: 0xc49267ac libxul.so`JS::Call(cx=0xbd70f800, thisv=<unavailable>, fval=<unavailable>, args=0xc74fa0b8, rval=<unavailable>) at jsapi.cpp:2621
frame #112: 0xc35d5910 libxul.so`mozilla::dom::EventHandlerNonNull::Call(this=0xb2a9ee60, cx=<unavailable>, aThisVal=<unavailable>, event=<unavailable>, aRetVal=<unavailable>, aRv=0xc74fa318) at EventHandlerBinding.cpp:266
frame #113: 0xc380647a libxul.so`void mozilla::dom::EventHandlerNonNull::Call<nsCOMPtr<mozilla::dom::EventTarget> >(this=0xb2a9ee60, thisVal=0xc74fa2ec, event=0xb0e8b670, aRetVal=<unavailable>, aRv=0xc74fa318, aExecutionReason=<unavailable>, aExceptionHandling=eReportExceptions, aRealm=0x00000000) at EventHandlerBinding.h:363
frame #114: 0xc3802e2a libxul.so`mozilla::JSEventHandler::HandleEvent(this=<unavailable>, aEvent=0xb0e8b670) at JSEventHandler.cpp:205
frame #115: 0xc37fa59a libxul.so`mozilla::EventListenerManager::HandleEventSubType(this=0xb2aaa400, aListener=0xb29e1d18, aDOMEvent=0xb0e8b670, aCurrentTarget=<unavailable>) at EventListenerManager.cpp:1045
frame #116: 0xc37fa8c6 libxul.so`mozilla::EventListenerManager::HandleEventInternal(this=<unavailable>, aPresContext=0xb2f82a40, aEvent=0xc74fa850, aDOMEvent=0xc74fa670, aCurrentTarget=0xb331b800, aEventStatus=0xc74fa674, aItemInShadowTree=<unavailable>) at EventListenerManager.cpp:1240
frame #117: 0xc3806960 libxul.so`mozilla::EventListenerManager::HandleEvent(this=<unavailable>, aPresContext=<unavailable>, aEvent=<unavailable>, aDOMEvent=<unavailable>, aCurrentTarget=0xb331b800, aEventStatus=0xc74fa674, aItemInShadowTree=<unavailable>) at EventListenerManager.h:355
frame #118: 0xc3804e22 libxul.so`mozilla::EventTargetChainItem::HandleEvent(this=<unavailable>, aVisitor=<unavailable>, aCd=<unavailable>) at EventDispatcher.cpp:349
frame #119: 0xc37f7824 libxul.so`mozilla::EventTargetChainItem::HandleEventTargetChain(aChain=0xc74fa684, aVisitor=0xc74fa668, aCallback=0x00000000, aCd=0xc74fa688) at EventDispatcher.cpp:551
frame #120: 0xc37f804a libxul.so`mozilla::EventDispatcher::Dispatch(aTarget=<unavailable>, aPresContext=<unavailable>, aEvent=<unavailable>, aDOMEvent=<unavailable>, aEventStatus=0xc74fa8c4, aCallback=0x00000000, aTargets=0x00000000) at EventDispatcher.cpp:1046
frame #121: 0xc3dc9716 libxul.so`nsDocumentViewer::LoadComplete(this=0xb2a30d40, aStatus=<unavailable>) at nsDocumentViewer.cpp:1098
frame #122: 0xc447c27c libxul.so`nsDocShell::EndPageLoad(this=0xb330d800, aProgress=<unavailable>, aChannel=<unavailable>, aStatus=NS_OK) at nsDocShell.cpp:6596
frame #123: 0xc447c0b2 libxul.so`nsDocShell::OnStateChange(this=0xb330d800, aProgress=0xb330d800, aRequest=0xb358f160, aStateFlags=<unavailable>, aStatus=NS_OK) at nsDocShell.cpp:6397
frame #124: 0xc447c96e libxul.so`non-virtual thunk to nsDocShell::OnStateChange(this=<unavailable>, aProgress=<unavailable>, aRequest=<unavailable>, aStateFlags=<unavailable>, aStatus=NS_OK) at nsDocShell.cpp:0
frame #125: 0xc2edd5ce libxul.so`nsDocLoader::DoFireOnStateChange(this=0xb330d800, aProgress=0xb330d800, aRequest=0xb358f160, aStateFlags=0xc74fad08, aStatus=NS_OK) at nsDocLoader.cpp:1313
frame #126: 0xc2edd3b0 libxul.so`nsDocLoader::doStopDocumentLoad(this=<unavailable>, request=0xb358f160, aStatus=<unavailable>) at nsDocLoader.cpp:872
frame #127: 0xc2edc9e8 libxul.so`nsDocLoader::DocLoaderIsEmpty(this=0xb330d800, aFlushLayout=<unavailable>) at nsDocLoader.cpp:710
frame #128: 0xc2edd126 libxul.so`nsDocLoader::OnStopRequest(this=0xb330d800, aRequest=0xb2f87e18, aStatus=<unavailable>) at nsDocLoader.cpp:598
frame #129: 0xc2edd334 libxul.so`non-virtual thunk to nsDocLoader::OnStopRequest(this=<unavailable>, aRequest=<unavailable>, aStatus=<unavailable>) at nsDocLoader.cpp:0
frame #130: 0xc28f57de libxul.so`mozilla::net::nsLoadGroup::RemoveRequest(this=0xb2a29500, request=<unavailable>, ctxt=<unavailable>, aStatus=<unavailable>) at nsLoadGroup.cpp:568
frame #131: 0xc31ca7de libxul.so`mozilla::dom::Document::DoUnblockOnload(this=<unavailable>) at Document.cpp:7831
frame #132: 0xc31c5f26 libxul.so`mozilla::dom::Document::DispatchContentLoadedEvents(this=<unavailable>) at Document.cpp:4891
frame #133: 0xc31c6220 libxul.so`mozilla::dom::Document::EndLoad(this=0xb2a1a000) at Document.cpp:5010
frame #134: 0xc3b13108 libxul.so`mozilla::dom::PrototypeDocumentContentSink::DoneWalking(this=0xb2a3ed30) at PrototypeDocumentContentSink.cpp:636
frame #135: 0xc3b13042 libxul.so`mozilla::dom::PrototypeDocumentContentSink::MaybeDoneWalking(this=<unavailable>) at PrototypeDocumentContentSink.cpp:593
frame #136: 0xc3b129ec libxul.so`mozilla::dom::PrototypeDocumentContentSink::ResumeWalk(this=0xb2a3ed30) at PrototypeDocumentContentSink.cpp:576
frame #137: 0xc3b1341e libxul.so`mozilla::dom::PrototypeDocumentContentSink::OnScriptCompileComplete(this=0xb2a3ed30, aScript=<unavailable>, aStatus=NS_OK) at PrototypeDocumentContentSink.cpp:898
frame #138: 0xc3bfffc0 libxul.so`NotifyOffThreadScriptCompletedRunnable::Run(this=<unavailable>) at nsXULElement.cpp:2086
frame #139: 0xc289dcaa libxul.so`nsThread::ProcessNextEvent(this=0xc7522a00, aMayWait=<unavailable>, aResult=<unavailable>) at nsThread.cpp:1180
frame #140: 0xc289ea4a libxul.so`NS_ProcessNextEvent(aThread=<unavailable>, aMayWait=true) at nsThreadUtils.cpp:486
frame #141: 0xc2bb3e06 libxul.so`mozilla::ipc::MessagePump::Run(this=0xc75082b0, aDelegate=0xc7562030) at MessagePump.cpp:110
frame #142: 0xc2b79602 libxul.so`MessageLoop::Run() [inlined] MessageLoop::RunInternal(this=<unavailable>) at message_loop.cc:315
frame #143: 0xc2b795fa libxul.so`MessageLoop::Run() [inlined] MessageLoop::RunHandler(this=<unavailable>) at message_loop.cc:308
frame #144: 0xc2b795fa libxul.so`MessageLoop::Run(this=<unavailable>) at message_loop.cc:290
frame #145: 0xc3cb1298 libxul.so`nsBaseAppShell::Run(this=0xc7522d00) at nsBaseAppShell.cpp:137
frame #146: 0xc45b417c libxul.so`nsAppStartup::Run(this=0xc75ba190) at nsAppStartup.cpp:270
frame #147: 0xc461c8f8 libxul.so`XREMain::XRE_mainRun(this=0xc74fb7b8) at nsAppRunner.cpp:4587
frame #148: 0xc461cc9e libxul.so`XREMain::XRE_main(this=0xc74fb7b8, argc=<unavailable>, argv=<unavailable>, aConfig=0xc74fb87c) at nsAppRunner.cpp:4725
frame #149: 0xc461cf1c libxul.so`XRE_main(argc=<unavailable>, argv=<unavailable>, aConfig=<unavailable>) at nsAppRunner.cpp:4806
frame #150: 0xc461e766 libxul.so`::GeckoStart(env=<unavailable>, argv=0xc7506160, argc=6, aAppData=0xc78772c4) at nsAndroidStartup.cpp:47
frame #151: 0xc77a74ec libmozglue.so`::Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun(jenv=0xca4e8100, jc=<unavailable>, jargs=<unavailable>, prefsFd=<unavailable>, prefMapFd=-1, ipcFd=-1, crashFd=-1, crashAnnotationFd=-1) at APKOpen.cpp:371
frame #152: 0xed2a651a libart.so`art_quick_generic_jni_trampoline + 42
frame #153: 0xed2a1bc6 libart.so`art_quick_invoke_stub_internal + 70
frame #154: 0xed62061a libart.so`art_quick_invoke_static_stub + 250
frame #155: 0xed2aa20e libart.so`art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) + 174
frame #156: 0xed3ef10c libart.so`art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*) + 284
frame #157: 0xed3eb054 libart.so`bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) + 528
frame #158: 0xed3f5e2e libart.so`void art::interpreter::ExecuteSwitchImplCpp<false, false>(art::interpreter::SwitchImplContext*) + 10094
frame #159: 0xed2a7076 libart.so`ExecuteSwitchImplAsm + 6
frame #160: 0xed3cbbe8 libart.so`art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.llvm.8650392831108427790) + 468
frame #161: 0xed3d0a84 libart.so`art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*) + 128
frame #162: 0xed608f0a libart.so`artQuickToInterpreterBridge + 830
frame #163: 0xed2a65a4 libart.so`art_quick_to_interpreter_bridge + 36
frame #164: 0xed2a1bc6 libart.so`art_quick_invoke_stub_internal + 70
frame #165: 0xed620506 libart.so`art_quick_invoke_stub + 254
frame #166: 0xed2aa1fc libart.so`art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) + 156
frame #167: 0xed565676 libart.so`art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*) + 58
frame #168: 0xed5663b8 libart.so`art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue const*) + 308
frame #169: 0xed595bb0 libart.so`art::Thread::CreateCallback(void*) + 1140
frame #170: 0xee35b2f0 libc.so`__pthread_start(void*) + 22
frame #171: 0xee315b84 libc.so`__start_thread + 32
Ah, indeed strlen() seems to be going into the weeds, so this IFUNC stuff is likely in play.
So libfreebl3 is being loaded via the system linker because that's what we try first for the dlopen("libfreebl3") case (no path). I hacked it to load via the custom linker and I get the same crash.
In reference to strlen() going into the weeds, the strlen() here[0] returns a ridiculous result (like -271958475), so I assume it's not really pointing to strlen().
|
|
||
Comment 35•6 years ago
|
||
(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) (he/him) from comment #32)
So libfreebl3 is being loaded via the system linker because that's what we try first for the
dlopen("libfreebl3")case (no path). I hacked it to load via the custom linker and I get the same crash.
The problem is that NSS itself derives the libfreebl3 path from the path to libsoftokn3, so dlopen("libfreebl3") shouldn't be happening in the first place. So if you could figure out where that unqualified dlopen comes from and why, that'd be great.
Separately, could you attach here, or send me, the /bionic/lib/libc.so file from the OS?
The dlopen is happening from NSS:
* thread #26, name = 'Gecko', stop reason = breakpoint 2.1
* frame #0: 0xeec6b7b0 libart.so`art_sigsegv_fault
frame #1: 0xeec6baee libart.so`art::FaultManager::HandleFault(int, siginfo*, void*) + 230
frame #2: 0xaf234480 app_process32
frame #3: 0xefca292c libc.so
frame #4: 0xc8f1ba1a libmozglue.so`ElfLoader::Load(char const*, int, LibHandle*) [inlined] AnnotateMozCrashReason(reason=<unavailable>) at Assertions.h:38
frame #5: 0xc8f1ba08 libmozglue.so`ElfLoader::Load(this=<unavailable>, path="libfreebl3.so", flags=0, parent=0x00000000) at ElfLoader.cpp:488
frame #6: 0xc8f1b75a libmozglue.so`::__wrap_dlopen(path=<unavailable>, flags=<unavailable>) at ElfLoader.cpp:64
frame #7: 0xc7d64df6 libnss3.so`PR_LoadLibraryWithFlags at prlink.c:803
frame #8: 0xc7d64db0 libnss3.so`PR_LoadLibraryWithFlags(libSpec=<unavailable>, flags=10) at prlink.c:418
frame #9: 0xcb325676 libsoftokn3.so`freebl_LoadDSO at loader.c:46
frame #10: 0xc7d66c8c libnss3.so`PR_CallOnce(once=0xcb341018, func=<unavailable>) at prinit.c:778
frame #11: 0xcb3231b2 libsoftokn3.so`RNG_RNGInit at loader.c:728
frame #12: 0xcb32c29e libsoftokn3.so`nsc_CommonInitialize(pReserved=0xc8bf6ea0, isFIPS=0) at pkcs11.c:2994
frame #13: 0xcb32c4d6 libsoftokn3.so`NSC_Initialize(pReserved=0xc8bf6ea0) at pkcs11.c:3122
frame #14: 0xc7d9cfce libnss3.so`secmod_ModuleInit(mod=0xb4224010, reload=0xc8bf6f80, alreadyLoaded=0xc8bf6ef4) at pk11load.c:244
frame #15: 0xc7d9d384 libnss3.so`secmod_LoadPKCS11Module(mod=0xb4224010, oldModule=0xc8bf6f80) at pk11load.c:503
frame #16: 0xc7da4536 libnss3.so`SECMOD_LoadModule(modulespec="library= name=\"NSS Internal PKCS #11 Module\" NSS=\"Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})\" parameters=\"configdir='sql:/data/user/0/org.mozilla.fennec_snorp/files/mozilla/8k3742bq.default' certPrefix='' keyPrefix='' secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' \"", parent=<unavailable>, recurse=<unavailable>) at pk11pars.c:1840
frame #17: 0xc7da45dc libnss3.so`SECMOD_LoadModule(modulespec="name=\"NSS Internal Module\" parameters=\"configdir='sql:/data/user/0/org.mozilla.fennec_snorp/files/mozilla/8k3742bq.default' certPrefix='' keyPrefix='' secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' \" NSS=\"flags=internal,moduleDB,moduleDBOnly,critical,defaultModDB,internalKeySlot\"", parent=<unavailable>, recurse=<unavailable>) at pk11pars.c:1876
frame #18: 0xc7d869ac libnss3.so`nss_Init [inlined] nss_InitModules(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName=<unavailable>, updateDir=<unavailable>, updCertPrefix=<unavailable>, updKeyPrefix=<unavailable>, updateID=<unavailable>, updateName=<unavailable>, configName=<unavailable>, configStrings=<unavailable>, pwRequired=<unavailable>, readOnly=<unavailable>, noCertDB=<unavailable>, noModDB=<unavailable>, forceOpen=<unavailable>, optimizeSpace=<unavailable>) at nssinit.c:464
frame #19: 0xc7d866f6 libnss3.so`nss_Init(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName="secmod.db", updateDir="", updCertPrefix="", updKeyPrefix="", updateID="", updateName="", initContextPtr=0x00000000, initParams=0x00000000, readOnly=0, noCertDB=0, noModDB=0, forceOpen=0, noRootInit=1, optimizeSpace=1, noSingleThreadedModules=0, allowAlreadyInitializedModules=0, dontFinalizeModules=0) at nssinit.c:689
frame #20: 0xc7d86c5c libnss3.so`NSS_Initialize(configdir=<unavailable>, certPrefix=<unavailable>, keyPrefix=<unavailable>, secmodName=<unavailable>, flags=48) at nssinit.c:889
frame #21: 0xc3f2e7ee libxul.so`mozilla::psm::InitializeNSS(dir=<unavailable>, readOnly=false, loadPKCS11Modules=true) at NSSCertDBTrustDomain.cpp:1118
frame #22: 0xc5c4035a libxul.so`nsNSSComponent::InitializeNSS() [inlined] InitializeNSSWithFallbacks(profilePath=<unavailable>) at nsNSSComponent.cpp:1585
frame #23: 0xc5c40354 libxul.so`nsNSSComponent::InitializeNSS(this=0xaf7a3640) at nsNSSComponent.cpp:1696
frame #24: 0xc5c40a1e libxul.so`nsNSSComponent::Init(this=0xaf7a3640) at nsNSSComponent.cpp:1877
frame #25: 0xc3f8739e libxul.so`mozilla::xpcom::CreateInstanceImpl(aID=<unavailable>, aOuter=<unavailable>, aIID=0xc3a84f1c, aResult=<unavailable>) at StaticComponents.cpp:7596
frame #26: 0xc3f90abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc8bf73ec) at nsComponentManager.cpp:220
frame #27: 0xc3f90aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc8c023a0, aLock=<unavailable>, aEntry=0xc8bf7430, aIID=0xc3a84f1c, aResult=0xc8bf7474)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
frame #28: 0xc3f8f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc8c023a0, aContractID="@mozilla.org/psm;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
frame #29: 0xc3f91ef0 libxul.so`nsGetServiceByContractID::operator(this=<unavailable>, aIID=<unavailable>, aInstancePtr=0xc8bf7474)(nsID const&, void**) const at nsComponentManagerUtils.cpp:243
frame #30: 0xc3f4e4d6 libxul.so`nsCOMPtr_base::assign_from_gs_contractid(this=0xc8bf74a4, aGS=(mContractID = "@mozilla.org/psm;1"), aIID=<unavailable>) at nsCOMPtr.cpp:82
frame #31: 0xc3f92118 libxul.so`nsCOMPtr<nsISupports>::nsCOMPtr(this=0xc8bf74a4, aGS=<unavailable>) at nsCOMPtr.h:948
frame #32: 0xc5c3f4bc libxul.so`EnsureNSSInitializedChromeOrContent() at nsNSSComponent.cpp:114
frame #33: 0xc5c43fc4 libxul.so`nsresult mozilla::psm::NSSConstructor<nsPK11TokenDB>(nsISupports*, nsID const&, void**) [inlined] nsresult mozilla::psm::Constructor<nsPK11TokenDB, (nsresult (nsPK11TokenDB::*)())0, (mozilla::psm::ProcessRestriction)0, (mozilla::psm::ThreadRestriction)1>(aOuter=<unavailable>, aIID=0xc8bf7584, aResult=<unavailable>) at nsNSSModule.cpp:94
frame #34: 0xc5c43fb2 libxul.so`nsresult mozilla::psm::NSSConstructor<nsPK11TokenDB>(aOuter=<unavailable>, aIID=0xc8bf7584, aResult=<unavailable>) at nsNSSModule.cpp:131
frame #35: 0xc3f90abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc8bf74f4) at nsComponentManager.cpp:220
frame #36: 0xc3f90aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc8c023a0, aLock=<unavailable>, aEntry=0xc8bf7538, aIID=0xc8bf7584, aResult=0xc8bf7570)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
frame #37: 0xc3f8f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc8c023a0, aContractID="@mozilla.org/security/pk11tokendb;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
frame #38: 0xc4506064 libxul.so`xpc::CIGSHelper(aCx=0xbee0f800, aArgc=<unavailable>, aVp=0xb4edb4c8, aGetService=<unavailable>) at XPCJSID.cpp:512
frame #39: 0xc5dda7cc libxul.so`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [inlined] CallJSNative(cx=<unavailable>, native=(libxul.so`xpc::CID_GetService(JSContext*, unsigned int, JS::Value*) + 1 at XPCJSID.cpp:537), args=<unavailable>)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) at Interpreter.cpp:442
frame #40: 0xc5dda7bc libxul.so`js::InternalCallOrConstruct(cx=0xbee0f800, args=0xc8bf7870, construct=<unavailable>) at Interpreter.cpp:534
frame #41: 0xc5ddace0 libxul.so`InternalCall(cx=0xbee0f800, args=0xc8bf7870) at Interpreter.cpp:589
frame #42: 0xc5dd6d2e libxul.so`Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=<unavailable>, args=0xb4edb4d8) at Interpreter.cpp:593
frame #43: 0xc5dd6d26 libxul.so`Interpret(cx=<unavailable>, state=0xc8bf79bc) at Interpreter.cpp:3075
frame #44: 0xc5dd1af4 libxul.so`js::RunScript(cx=0xbee0f800, state=0xc8bf79bc) at Interpreter.cpp:422
frame #45: 0xc5dda972 libxul.so`js::InternalCallOrConstruct(cx=0xbee0f800, args=0xc8bf7a80, construct=<unavailable>) at Interpreter.cpp:562
frame #46: 0xc5ddaeee libxul.so`InternalConstruct(cx=0xbee0f800, args=0xc8bf7a80) at Interpreter.cpp:635
frame #47: 0xc5ddb24c libxul.so`js::Construct(cx=<unavailable>, fval=<unavailable>, args=0xc8bf7a80, newTarget=<unavailable>, objp=<unavailable>) at Interpreter.cpp:690
frame #48: 0xc6026b80 libxul.so`JS::Construct(cx=0xbee0f800, fval=<unavailable>, args=0xc8bf7b84, objp=<unavailable>) at jsapi.cpp:2671
frame #49: 0xc3f8a3e0 libxul.so`mozilla::xpcom::ConstructJSMComponent(aURI=<unavailable>, aConstructor="LoginManagerCrypto_SDR", aResult=0xc8bf7c30) at StaticComponents.cpp:1337
frame #50: 0xc3f89e5c libxul.so`mozilla::xpcom::CreateInstanceImpl(aID=<unavailable>, aOuter=<unavailable>, aIID=0xc8bf7cf4, aResult=<unavailable>) at StaticComponents.cpp:0
frame #51: 0xc3f90abe libxul.so`nsComponentManagerImpl::GetServiceLocked((anonymous namespace)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) [inlined] (anonymous namespace)::EntryWrapper::CreateInstance(this=<unavailable>, aOuter=<unavailable>, aIID=<unavailable>, aResult=0xc8bf7c64) at nsComponentManager.cpp:220
frame #52: 0xc3f90aa6 libxul.so`nsComponentManagerImpl::GetServiceLocked(this=0xc8c023a0, aLock=<unavailable>, aEntry=0xc8bf7ca8, aIID=0xc8bf7cf4, aResult=0xc8bf7ce0)::MutexLock&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) at nsComponentManager.cpp:1401
frame #53: 0xc3f8f306 libxul.so`nsComponentManagerImpl::GetServiceByContractID(this=0xc8c023a0, aContractID="@mozilla.org/login-manager/crypto/SDR;1", aIID=<unavailable>, aResult=<unavailable>) at nsComponentManager.cpp:1588
|
|
||
Comment 39•6 years ago
|
||
(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) (he/him) from comment #36)
The dlopen is happening from NSS:
* thread #26, name = 'Gecko', stop reason = breakpoint 2.1 * frame #0: 0xeec6b7b0 libart.so`art_sigsegv_fault frame #1: 0xeec6baee libart.so`art::FaultManager::HandleFault(int, siginfo*, void*) + 230 frame #2: 0xaf234480 app_process32 frame #3: 0xefca292c libc.so frame #4: 0xc8f1ba1a libmozglue.so`ElfLoader::Load(char const*, int, LibHandle*) [inlined] AnnotateMozCrashReason(reason=<unavailable>) at Assertions.h:38 frame #5: 0xc8f1ba08 libmozglue.so`ElfLoader::Load(this=<unavailable>, path="libfreebl3.so", flags=0, parent=0x00000000) at ElfLoader.cpp:488 frame #6: 0xc8f1b75a libmozglue.so`::__wrap_dlopen(path=<unavailable>, flags=<unavailable>) at ElfLoader.cpp:64 frame #7: 0xc7d64df6 libnss3.so`PR_LoadLibraryWithFlags at prlink.c:803 frame #8: 0xc7d64db0 libnss3.so`PR_LoadLibraryWithFlags(libSpec=<unavailable>, flags=10) at prlink.c:418
O_o Can you try the apk from comment 26 and check its logcat, and/or try the corresponding changes locally (https://hg.mozilla.org/try/rev/33837eb7aa0b36902d344523f794c327523f8d3d/)
|
|
||
Comment 40•6 years ago
|
||
I think there are overall two different problems at stake, and one of them would be in the OS. At this point, I guess I should just try to run this all locally, since AIUI, it happens in the emulator? How can I get this running? It looks like the Android SDK changed a lot and I have no clue.
|
|
||
Comment 43•6 years ago
|
||
Those logs are not doing dlopen("libfreedl3.so") :(
Flags: needinfo?(snorp)
|
|
||
Comment 44•6 years ago
|
||
(In reply to Mike Hommey [:glandium] from comment #23)
We're not building against libraries that use IFUNC, so we shouldn't end up with IFUNC/IRELATIVE relocations in our libraries. And we shouldn't be loading system libraries with our linker ; those should be loaded by the system linker, which supports the IFUNC/IRELATIVE relocations system libraries might have.
Aha! I had forgotten we actually use our symbol resolution for libc and libm, unlike other system libraries. Now, the reason we did that is that we couldn't resolve weak symbols with dlsym. That was actually solved in bionic... in 2014... https://issuetracker.google.com/issues/36996100. It seems that shipped in Lollipop.
I'm going to file a bug to make us stop doing that when running on a version of Android where we don't need to, which will mechanically solve the IFUNC problem.
We can keep this bug for the freebl problem.
|
|
||
Comment 45•6 years ago
|
||
Filed bug 1543555.
FWIW, one reason I don't want to fix the issue by implementing IFUNC in the linker is that more and more I'm thinking of retiring the linker for a variety of reasons, and I don't really want to add features to it as a consequence.
|
|
||
Comment 46•6 years ago
|
||
Doh, of course, this is all inter-related. The reason why we end up doing dlopen("libfreebl3.so") is because loader_LoadLibInReferenceDir uses strlen, which doesn't return the actual length, but a pointer. The result of that strlen is used to allocate memory, so the malloc looks like it wants gigantic amounts of memory, which fails, so it returns null, and we end up in the fallback case without using the full path.
Considering bug 1543555 has a patch, I'm dupe'ing forward.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(snorp)
Resolution: --- → DUPLICATE
(In reply to Mike Hommey [:glandium] from comment #45)
Filed bug 1543555.
FWIW, one reason I don't want to fix the issue by implementing IFUNC in the linker is that more and more I'm thinking of retiring the linker for a variety of reasons, and I don't really want to add features to it as a consequence.
I was thinking this too. We aren't getting the utility from it that we once did, and the system linker is much better than it used to be.
|
||
Updated•6 years ago
|
|
Assignee | |
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•