realm-core: Encryption still crashes on ARM devices

Reported by https://github.com/realm/realm-java/issues/4343

There is a testing project in the java issue which can easily reproduce the crash. It is using realm-java 3.0.0/realm-core 2.3.2 .

From our testing:

  1. no crashes has been see on emulator (x86)
  2. takes 10 minutes on @kneth 's OPO (armeabi-v7a)
  3. takes 3 seconds to crash on my Huawei Honor 7 and Xiaomi Mi5 (both arm64-v8a)

The original crash log shows some string corruption, but since it would only crash if the string conversion fails but not other value types, so it might not only happen to string_array.

By disable asm for openssl with no-asm and enable core assertions, it crashes with:

03-21 23:31:25.315 18766-19119/io.binarysolutions.realmmemtest E/REALM: ../realm/array_string.hpp:145: [realm-core-2.3.2] Assertion failed: data[array_size] == 0 with (data[array_size], array_size) =  [35, 18446744073709551538]
                                                                        IMPORTANT: if you see this error, please send this log to help@realm.io.
03-21 23:31:25.318 18766-19119/io.binarysolutions.realmmemtest A/libc: Fatal signal 6 (SIGABRT), code -6 in tid 19119 (Thread-5)
                                                                       
                                                                       [ 03-21 23:31:25.322   458:  458 W/         ]
                                                                       debuggerd: handling request: pid=18766 uid=10066 gid=10066 tid=19119
03-21 23:31:25.510 19160-19160/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-21 23:31:25.510 19160-19160/? A/DEBUG: Build fingerprint: 'Xiaomi/gemini/gemini:7.0/NRD90M/V8.2.1.0.NAACNEB:user/release-keys'
03-21 23:31:25.510 19160-19160/? A/DEBUG: Revision: '0'
03-21 23:31:25.510 19160-19160/? A/DEBUG: ABI: 'arm64'
03-21 23:31:25.511 19160-19160/? A/DEBUG: pid: 18766, tid: 19119, name: Thread-5  >>> io.binarysolutions.realmmemtest <<<
03-21 23:31:25.511 19160-19160/? A/DEBUG: signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
03-21 23:31:25.511 19160-19160/? A/DEBUG:     x0   0000000000000000  x1   0000000000004aaf  x2   0000000000000006  x3   0000000000000008
03-21 23:31:25.511 19160-19160/? A/DEBUG:     x4   000000000000016d  x5   0000000000000000  x6   0000007f8ab54000  x7   0000000000000000
03-21 23:31:25.511 19160-19160/? A/DEBUG:     x8   0000000000000083  x9   ffffffffffffffdf  x10  0000000000000000  x11  0000000000000001
03-21 23:31:25.511 19160-19160/? A/DEBUG:     x12  ffffffffffffffff  x13  0000000000000000  x14  0000000000000000  x15  0012cff458ea48fd
03-21 23:31:25.512 19160-19160/? A/DEBUG:     x16  0000007f881deed0  x17  0000007f88188638  x18  00000000000000bb  x19  0000007f65ef14f8
03-21 23:31:25.512 19160-19160/? A/DEBUG:     x20  0000000000000006  x21  0000007f65ef1450  x22  0000000000000011  x23  00000000130d3970
03-21 23:31:25.512 19160-19160/? A/DEBUG:     x24  0000000013062880  x25  00000000130cf980  x26  0000000000000000  x27  00000000130c6c00
03-21 23:31:25.512 19160-19160/? A/DEBUG:     x28  0000000012ce8800  x29  0000007f65eefc30  x30  0000007f88185ac8
03-21 23:31:25.512 19160-19160/? A/DEBUG:     sp   0000007f65eefc10  pc   0000007f88188640  pstate 0000000060000000
03-21 23:31:25.539 19160-19160/? A/DEBUG: backtrace:
03-21 23:31:25.539 19160-19160/? A/DEBUG:     #00 pc 000000000006b640  /system/lib64/libc.so (tgkill+8)
03-21 23:31:25.540 19160-19160/? A/DEBUG:     #01 pc 0000000000068ac4  /system/lib64/libc.so (pthread_kill+64)
03-21 23:31:25.540 19160-19160/? A/DEBUG:     #02 pc 0000000000024010  /system/lib64/libc.so (raise+24)
03-21 23:31:25.540 19160-19160/? A/DEBUG:     #03 pc 000000000001ca94  /system/lib64/libc.so (abort+52)
03-21 23:31:25.540 19160-19160/? A/DEBUG:     #04 pc 00000000001ec990  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so
03-21 23:31:25.540 19160-19160/? A/DEBUG:     #05 pc 00000000001ec9e4  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so
03-21 23:31:25.540 19160-19160/? A/DEBUG:     #06 pc 00000000001ecb2c  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so
03-21 23:31:25.540 19160-19160/? A/DEBUG:     #07 pc 0000000000173d3c  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so
03-21 23:31:25.540 19160-19160/? A/DEBUG:     #08 pc 0000000000188ca8  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so
03-21 23:31:25.540 19160-19160/? A/DEBUG:     #09 pc 0000000000058578  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so (Java_io_realm_internal_Table_nativeGetName+256)
03-21 23:31:25.540 19160-19160/? A/DEBUG:     #10 pc 00000000005e8f88  /data/app/io.binarysolutions.realmmemtest-2/oat/arm64/base.odex (offset 0x576000)

parsed stack:

Stack frame #00 pc 000000000006b640  /system/lib64/libc.so (tgkill+8)
Stack frame #01 pc 0000000000068ac4  /system/lib64/libc.so (pthread_kill+64)
Stack frame #02 pc 0000000000024010  /system/lib64/libc.so (raise+24)
Stack frame #03 pc 000000000001ca94  /system/lib64/libc.so (abort+52)
Stack frame #04 pc 00000000001ec990  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so: Routine please_report_this_error_to_help_at_realm_dot_io at :?
Stack frame #05 pc 00000000001ec9e4  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so: Routine realm::util::terminate_internal(std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >&) at terminate.cpp:?
Stack frame #06 pc 00000000001ecb2c  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so: Routine realm::util::terminate_with_info(char const*, char const*, long, char const*, std::initializer_list<realm::util::Printable>&&) at :?
Stack frame #07 pc 0000000000173d3c  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so: Routine realm::ArrayString::get(unsigned long) const at :?
Stack frame #08 pc 0000000000188ca8  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so: Routine realm::Group::get_child_name(unsigned long) const at :?
Stack frame #09 pc 0000000000058578  /data/app/io.binarysolutions.realmmemtest-2/lib/arm64/librealm-jni.so (Java_io_realm_internal_Table_nativeGetName+256): Routine Java_io_realm_internal_Table_nativeGetName at ??:?
Stack frame #10 pc 00000000005e8f88  /data/app/io.binarysolutions.realmmemtest-2/oat/arm64/base.odex (offset 0x576000)

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 27 (14 by maintainers)

Most upvoted comments

@lucasleongit The fix passed my internal tests and I think it will work for you too. We will make a release shortly and notify you when it is ready to try out. Thanks for your patience!

+4
ironage on May 17, 2017

I can now reproduce the crash in Visual Studio at https://github.com/realm/realm-core/pull/2433 - it happens in the LangBindHelper_HandoverBetweenThreads unit test, which was one of those that crashed immediately before our fix.

It now crashes too, just after a long while (1 minute or so).

+3
rrrlasse on Apr 3, 2017

I have made a core level test that is modelled after the sample java application (with 2 reader threads and 2 writer threads). It only finds crashes when run on an actual android device (I am testing with a LG G5). For another data point, an example crash that I am seeing is below (spec accessor is reporting a wrong column type).

03-28 14:44:39.376 16382 16403 E REALM   : table.cpp:2814: [realm-core-2.5.1] Assertion failed: type == col_type_StringEnum
03-28 14:44:39.376 16382 16403 E REALM   : IMPORTANT: if you see this error, please send this log to help@realm.io.
03-28 14:44:39.379 16382 16403 F libc    : Fatal signal 6 (SIGABRT), code -6 in tid 16403 (.realm.coretest)
03-28 14:44:39.380   467   467 W         : debuggerd: handling request: pid=16382 uid=10285 gid=10285 tid=16403
03-28 14:44:39.446 16998 16998 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-28 14:44:39.447 16998 16998 F DEBUG   : Build fingerprint: 'lge/h1_rgs_ca/h1:7.0/NRD90U/1632310030db6:user/release-keys'
03-28 14:44:39.447 16998 16998 F DEBUG   : Revision: '12'
03-28 14:44:39.447 16998 16998 F DEBUG   : ABI: 'arm'
03-28 14:44:39.447 16998 16998 F DEBUG   : pid: 16382, tid: 16403, name: .realm.coretest  >>> io.realm.coretest <<<
03-28 14:44:39.447 16998 16998 F DEBUG   : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
03-28 14:44:39.447 16998 16998 F DEBUG   :     r0 00000000  r1 00004013  r2 00000006  r3 00000008
03-28 14:44:39.447 16998 16998 F DEBUG   :     r4 e2e6e978  r5 00000006  r6 e2e6e920  r7 0000010c
03-28 14:44:39.447 16998 16998 F DEBUG   :     r8 e8ffd7a8  r9 da10c428  sl cc02873c  fp e2e6e89c
03-28 14:44:39.448 16998 16998 F DEBUG   :     ip 00000011  sp e2e6cdf8  lr ebf789b7  pc ebf7b238  cpsr 200f0010
03-28 14:44:39.455 16998 16998 F DEBUG   :
03-28 14:44:39.455 16998 16998 F DEBUG   : backtrace:
03-28 14:44:39.455 16998 16998 F DEBUG   :     #00 pc 0004a238  /system/lib/libc.so (tgkill+12)
03-28 14:44:39.455 16998 16998 F DEBUG   :     #01 pc 000479b3  /system/lib/libc.so (pthread_kill+34)
03-28 14:44:39.455 16998 16998 F DEBUG   :     #02 pc 0001d87d  /system/lib/libc.so (raise+10)
03-28 14:44:39.455 16998 16998 F DEBUG   :     #03 pc 00019375  /system/lib/libc.so (__libc_android_abort+34)
03-28 14:44:39.456 16998 16998 F DEBUG   :     #04 pc 000173e8  /system/lib/libc.so (abort+4)
03-28 14:44:39.456 16998 16998 F DEBUG   :     #05 pc 00ff07f9  /data/app/io.realm.coretest-2/lib/arm/libnative-activity.so (please_report_this_error_to_help_at_realm_dot_io+4)
03-28 14:44:39.456 16998 16998 F DEBUG   :     #06 pc 00ff08f7  /data/app/io.realm.coretest-2/lib/arm/libnative-activity.so
03-28 14:44:39.456 16998 16998 F DEBUG   :     #07 pc 00ff0a2b  /data/app/io.realm.coretest-2/lib/arm/libnative-activity.so (_ZN5realm4util9terminateEPKcS2_lOSt16initializer_listINS0_9PrintableEE+142)
03-28 14:44:39.456 16998 16998 F DEBUG   :     #08 pc 012daaf7  /data/app/io.realm.coretest-2/lib/arm/libnative-activity.so (_ZNK5realm5Table3getINS_10StringDataEEET_jj+362)
03-28 14:44:39.456 16998 16998 F DEBUG   :     #09 pc 012dbd41  /data/app/io.realm.coretest-2/lib/arm/libnative-activity.so (_ZNK5realm5Table10get_stringEjj+24)
+3
ironage on Mar 28, 2017

@lucasleongit Realm Java 3.2.1 was released with the fix for this

@ironage I believe this issue can be closed now?

+1
cmelchior on May 19, 2017

@l1git @nielssimonides @GershonLin @KynoYang Thank you for stating your interest. Unfortunately we don’t have a final fix yet, but we understand the importance of this and are actively working on it. We’ll be sure to update you when we have a release for you to try!

+1
ironage on May 10, 2017
Read more comments on GitHub
← realm-core: Decryption failed - page zero has wrong checksum
realm-core: group.cpp:298: [realm-core-1.4.1] Assertion failed: m_top.get_as_ref_or_tagged(2).get_as_int() <= m_alloc.get_baseline() [10485760, 3145728] →