Failed to load native library on Android Marshmallow but works on Lollipop?

Question

My app uses native libs (libfoo.so) and it works great on Lollipop. But it fails on library loading on Marshmallow due to Fatal signal 11 (SIGSEGV), code 1,. What's the reason?

I know that M bring new permissions model but it seems not related to this as library is only loading and does not do anything.

log:

11-20 12:38:53.390  14997-15010/name.antonsmirnov.android.libfoo D/libfooIssueProject﹕ Start loading libraries
11-20 12:38:53.394  14997-15010/name.antonsmirnov.android.libfoo D/libfooIssueProject﹕ loading/data/user/0/name.antonsmirnov.android.libfoo/cache/sdk/libc.so, file exists=true
11-20 12:38:53.396  14997-15010/name.antonsmirnov.android.libfoo D/libfooIssueProject﹕ loading/data/user/0/name.antonsmirnov.android.libfoo/cache/sdk/libdl.so, file exists=true
11-20 12:38:53.397  14997-15010/name.antonsmirnov.android.libfoo D/libfooIssueProject﹕ loading/data/user/0/name.antonsmirnov.android.libfoo/cache/sdk/libm.so, file exists=true
11-20 12:38:53.398  14997-15010/name.antonsmirnov.android.libfoo D/libfooIssueProject﹕ loading/data/user/0/name.antonsmirnov.android.libfoo/cache/sdk/libstdc++.so, file exists=true
11-20 12:38:53.400  14997-15010/name.antonsmirnov.android.libfoo D/libfooIssueProject﹕ loading/data/user/0/name.antonsmirnov.android.libfoo/cache/sdk/libgnustl_shared.so, file exists=true
11-20 12:38:53.402  14997-15010/name.antonsmirnov.android.libfoo D/libfooIssueProject﹕ loading/data/user/0/name.antonsmirnov.android.libfoo/cache/sdk/libfoo.so, file exists=true
11-20 12:38:53.403  14997-15010/name.antonsmirnov.android.libfoo W/linker﹕ /data/data/name.antonsmirnov.android.libfoo/cache/sdk/libfoo.so: unused DT entry: type 0x1d arg 0x35ac
11-20 12:38:53.410  14997-15010/name.antonsmirnov.android.libfoo A/libc﹕ Fatal signal 11 (SIGSEGV), code 1, fault addr 0xd0 in tid 15010 (Thread-187)
11-20 12:38:53.976      243-243/? W/debuggerd﹕ type=1400 audit(0.0:68): avc: denied { search } for name="name.antonsmirnov.android.libfoo" dev="dm-2" ino=81264 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
11-20 12:38:53.980      243-243/? A/DEBUG﹕ *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
11-20 12:38:53.980      243-243/? A/DEBUG﹕ Build fingerprint: 'google/volantisg/flounder_lte:6.0/MRA58N/2289998:user/release-keys'
11-20 12:38:53.980      243-243/? A/DEBUG﹕ Revision: '0'
11-20 12:38:53.980      243-243/? A/DEBUG﹕ ABI: 'arm'
11-20 12:38:53.980      243-243/? A/DEBUG﹕ pid: 14997, tid: 15010, name: Thread-187  >>> name.antonsmirnov.android.libfoo <<<
11-20 12:38:53.980      243-243/? A/DEBUG﹕ signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xd0
11-20 12:38:53.996      243-243/? A/DEBUG﹕ r0 00000138  r1 000000dc  r2 000000f8  r3 e1fafa84
11-20 12:38:53.996      243-243/? A/DEBUG﹕ r4 000000bc  r5 00000000  r6 00000108  r7 000000ec
11-20 12:38:53.996      243-243/? A/DEBUG﹕ r8 f73186ec  r9 0000006d  sl f0c124e4  fp f73113f6
11-20 12:38:53.996      243-243/? A/DEBUG﹕ ip 00000010  sp f3fd6280  lr 00000008  pc e020d280  cpsr 20070010
11-20 12:38:53.997      243-243/? A/DEBUG﹕ backtrace:
11-20 12:38:53.997      243-243/? A/DEBUG﹕ #00 pc 01294280  /data/data/name.antonsmirnov.android.libfoo/cache/sdk/libfoo.so
11-20 12:38:53.997      243-243/? A/DEBUG﹕ #01 pc 00000004  <unknown>
11-20 12:38:53.976      243-243/? W/debuggerd﹕ type=1400 audit(0.0:69): avc: denied { search } for name="name.antonsmirnov.android.libfoo" dev="dm-2" ino=81264 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
11-20 12:38:53.976      243-243/? W/debuggerd﹕ type=1400 audit(0.0:70): avc: denied { search } for name="name.antonsmirnov.android.libfoo" dev="dm-2" ino=81264 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
11-20 12:38:53.976      243-243/? W/debuggerd﹕ type=1400 audit(0.0:71): avc: denied { search } for name="name.antonsmirnov.android.libfoo" dev="dm-2" ino=81264 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
11-20 12:38:53.976      243-243/? W/debuggerd﹕ type=1400 audit(0.0:72): avc: denied { search } for name="name.antonsmirnov.android.libfoo" dev="dm-2" ino=81264 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
11-20 12:38:53.976      243-243/? W/debuggerd﹕ type=1400 audit(0.0:73): avc: denied { search } for name="name.antonsmirnov.android.libfoo" dev="dm-2" ino=81264 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
11-20 12:38:53.986      243-243/? W/debuggerd﹕ type=1400 audit(0.0:74): avc: denied { search } for name="name.antonsmirnov.android.libfoo" dev="dm-2" ino=81264 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
11-20 12:38:54.383      243-243/? A/DEBUG﹕ Tombstone written to: /data/tombstones/tombstone_05
11-20 12:38:54.383      243-243/? E/DEBUG﹕ AM write failed: Broken pipe
11-20 12:38:54.409      680-696/? I/BootReceiver﹕ Copying /data/tombstones/tombstone_05 to DropBox (SYSTEM_TOMBSTONE)
11-20 12:38:54.422    680-15045/? W/ActivityManager﹕ Force finishing activity name.antonsmirnov.android.libfoo/.MainActivity
11-20 12:38:54.424      680-698/? E/JavaBinder﹕ !!! FAILED BINDER TRANSACTION !!!  (parcel size = 60)
11-20 12:38:54.430      680-752/? W/InputDispatcher﹕ channel 'adb9cab name.antonsmirnov.android.libfoo/name.antonsmirnov.android.libfoo.MainActivity (server)' ~ Consumer closed input channel or an error occurred.  events=0x9
11-20 12:38:54.430     680-6202/? D/GraphicsStats﹕ Buffer count: 7
11-20 12:38:54.439      680-752/? E/InputDispatcher﹕ channel 'adb9cab name.antonsmirnov.android.libfoo/name.antonsmirnov.android.libfoo.MainActivity (server)' ~ Channel is unrecoverably broken and will be disposed!
11-20 12:38:54.447      680-752/? W/InputDispatcher﹕ channel '7b55887 Toast (server)' ~ Consumer closed input channel or an error occurred.  events=0x9
11-20 12:38:54.447      680-752/? E/InputDispatcher﹕ channel '7b55887 Toast (server)' ~ Channel is unrecoverably broken and will be disposed!
11-20 12:38:54.449      252-252/? I/Zygote﹕ Process 14997 exited due to signal (11)
11-20 12:38:54.542      680-857/? I/WindowState﹕ WIN DEATH: Window{7b55887 u0 Toast}
11-20 12:38:54.542      680-857/? W/InputDispatcher﹕ Attempted to unregister already unregistered input channel '7b55887 Toast (server)'
11-20 12:38:54.553     680-1361/? I/WindowState﹕ WIN DEATH: Window{adb9cab u0 name.antonsmirnov.android.libfoo/name.antonsmirnov.android.libfoo.MainActivity}

code:

private void loadLibrary(File PATH, String libName) {
    File libFile = new File(PATH, "lib" + libName + ".so");
    String libPath = libFile.getAbsolutePath();
    Log.d(TAG, "loading" + libPath + ", file exists=" + libFile.exists());

    System.load(libPath);
}

private void loadLibs() {
    showMessage("Start loading libraries");

    // don't change load order!
    try {
        loadLibrary(sdkFolder, "c");
        loadLibrary(sdkFolder, "dl");
        loadLibrary(sdkFolder, "m");
        loadLibrary(sdkFolder, "stdc++");
        loadLibrary(sdkFolder, "gnustl_shared");
//        loadLibrary(sdkFolder, "z");

        loadLibrary(sdkFolder, "foo"); // crashes here

        showMessage("Libraries loaded !");
    } catch (Throwable t) {
        t.printStackTrace();
        showMessage("Error loading library: " + t.getMessage());
    }
}

PS. The library was compiled using latest android NDK 10e and the app was working for two years at least using same library.

PPS. I've analyzed for text relocations using readelf from ndk and found no relocations. Also i have no warning for relocations on Lollipop so i assume it's another issue.

Answer 1

Google has changed the use of private libraries for Marshmallow and above; this may be the case that you are experiencing.

Starting in Android 7.0, the system prevents apps from dynamically linking against non-NDK libraries, which may cause your app to crash.

According to this table: https://developer.android.com/about/versions/nougat/android-7.0-changes.html#ndk. You should be able to see logcat warnings when you are running Lollipop with private libraries. For example:

03-21 17:07:51.502 31234 31234 W linker  : library "libandroid_runtime.so"
("/system/lib/libandroid_runtime.so") needed or dlopened by
"/data/app/com.popular-app.android-2/lib/arm/libapplib.so" is not accessible
for the namespace "classloader-namespace" - the access is temporarily granted
as a workaround for http://b/26394120