realm-js: /lib/arm64/librealmreact.so Crashes on app launch

Goals

Expected Results

Actual Results

[18:48] Jaideep Singh (Contractor)

Build fingerprint: ‘samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXU2ERGE:user/release-keys’

Revision: ‘9’

ABI: ‘arm64’

pid: 21491, tid: 21588, name: mqt_js >>> <<<

signal 7 (SIGBUS), code 1 (BUS_ADRALN), fault addr 0x37bf3a90253f5

x0 0000000000000000 x1 0000000000000000 x2 0000000000000005 x3 a9037bf3a90253f5

x4 0000000000000040 x5 0000007329905788 x6 0000000000ffffff x7 ffffffffffffffff

x8 00000000000000e2 x9 a0e2bc1e8f6365e0 x10 0000000000000001 x11 0000000000000000

x12 0000007337fbb2c8 x13 0000000000000050 x14 000000000000000d x15 aaaaaaaaaaaaaaab

x16 000000732a38c710 x17 000000733a046cb0 x18 0000007329905a84 x19 0000007337e6f690

x20 0000007337e6f690 x21 00000073299057b8 x22 0000007329905828 x23 0000007329907588x24 000000733baecbc8 x25 0000007329907588 x26 0000000000000000 x27 0000000000000000

x28 0000000000000001 x29 0000007329905660 x30 0000007329c65e84

sp 0000007329905600 pc 00037bf3a90253f5 pstate 0000000060000000

backtrace:

#00 pc 00037bf3a90253f5 <unknown>

#01 pc 0000000000258e80 /lib/arm64/librealmreact.so

#02 pc 0000000000022414 /lib/arm64/libjscexecutor.so (_ZN8facebook3jsc10JSCRuntimeC2Ev+28)

#03 pc 00000000000254d0 /lib/arm64/libjscexecutor.so (_ZN8facebook3jsc14makeJSCRuntimeEv+28)

#04 pc 0000000000018b58 /lib/arm64/libjscexecutor.so

#05 pc 00000000000a4468 /lib/arm64/libreactnativejni.so (_ZN8facebook5react16NativeToJsBridgeC2EPNS0_17JSExecutorFactoryENSt6__ndk110shared_ptrINS0_14ModuleRegistryEEENS5_INS0_18MessageQueueThreadEEENS5_INS0_16InstanceCallbackEEE+252)

#06 pc 000000000009c0e0 /lib/arm64/libreactnativejni.so

#07 pc 0000000000065d7c ==/lib/arm64/libreactnativejni.so

#08 pc 0000000000063cac /lib/arm64/libreactnativejni.so

#09 pc 0000000000059288 /lib/arm64/libreactnativejni.so (_ZN8facebook3jni6detail13MethodWrapperIMNS_5react15JNativeRunnableEFvvEXadL_ZNS4_3runEvEES4_vJEE8dispatchENS0_9alias_refIPNS1_8JTypeForINS0_11HybridClassIS4_NS3_8RunnableEE8JavaPartESB_vE11_javaobjectEEE+32)

#10 pc 0000000000059204 /lib/arm64/libreactnativejni.so (_ZN8facebook3jni6detail15FunctionWrapperIPFvNS0_9alias_refIPNS1_8JTypeForINS0_11HybridClassINS_5react15JNativeRunnableENS6_8RunnableEE8JavaPartES8_vE11_javaobjectEEEEXadL_ZNS1_13MethodWrapperIMS7_FvvEXadL_ZNS7_3runEvEES7_vJEE8dispatchESE_EESD_vJEE4callEP7_JNIEnvP8_jobject+56) #11 pc 000000000007a63c /oat/arm64/base.odex (offset 0x75000)

Steps to Reproduce

Launching the app

Code Sample

defaultConfig { applicationId “package-name” minSdkVersion rootProject.ext.minSdkVersion targetSdkVersion rootProject.ext.targetSdkVersion versionCode 137 versionName “8.2” multiDexEnabled true ndk { abiFilters ‘armeabi-v7a’,‘arm64-v8a’,‘x86’,‘x86_64’ // Added } vectorDrawables.useSupportLibrary = true resValue “string”, “build_config_package”, “package-name” if (BUILD_FOR_APPCENTER==‘false’) { signingConfig signingConfigs.release } }

Version of Realm and Tooling

  • Realm JS SDK Version: 2.28.0
  • Node or React Native: ^0.59.4
  • Client OS & Version: Android 8
  • Which debugger for React Native: ?/None

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 4
  • Comments: 52 (13 by maintainers)

Most upvoted comments

@manithin Does adding this to your proguard file fix the issue? -keep class io.realm.react.**

@kneth yes this did work. Just checking, is it mentioned somewhere in the documentation?

+11
manithin on Jun 28, 2019

I have released the fix as v2.28.1. React Native folks, please upgrade soon.

+7
kneth on Jun 3, 2019

v2.29.0-alpha.1 contains only this fix compared to v2.28.0 so I think it is safe to use. Due to public holidays, I prefer to wait until Monday to do a release.

+5
kneth on May 30, 2019

@manithin Does adding this to your proguard file fix the issue? -keep class io.realm.react.**

+4
8BallBomBom on Jun 25, 2019

I have published v2.29.0-alpha.1. We will appreciate any feedback (both 32 and 64 bit).

+3
kneth on May 29, 2019

@manithin Sounds like we need to update the documentation 😄

@8BallBomBom True - we don’t provide it for Realm JS. We should - or at least document it.

+2
kneth on Jun 28, 2019

@kneth it works!

Due to public holidays, we will not be able to pick up your feedback until Monday next week.

Do you have to release only on monday or can you release it today? Is it safe to use v2.29.0-alpha.1 on beta?

+2
diegolmello on May 29, 2019

Update: We have analyzed the situation today, and we’re pretty sure that the problem is a wrong call to __builtin___cache_clear() after overwriting instructions to install a hook in the RN runtime.

The call ends up not invalidating the instruction cache by mistake, and the effect is that we load a “garbage” target address for our trampoline.

The garbage is actually instructions from the function that we are hooking into. Several of the stack traces reported here have the pc register set to the exact same value, and if you disassemble the bytes of the address as ARM instructions, it turns out they are actually valid and plausible instructions from the function that we are hooking into. (ARM assembly is nice here because all instructions are 4 bytes long, so any 4-byte aligned load from a function body will yield instructions that can be disassembled.)

A couple of things have to be true for this hypothesis to fully explain the crashes:

  1. The thread must not be rescheduled to a CPU core with a different cache (otherwise the crash will not occur).
  2. The hook code (16 bytes in our case on ARM64) must span two different cache lines, or be loaded from different caches. Otherwise the hook would appear to not be installed at all, or it would appear to be fully installed.
  3. Interaction between icache and dcache can have an effect, and I’m not sure at all whether Samsung does something weird/different from other vendors here. It’s possible that the icache is actually updated, but reads an immediate value (the jump target) embedded in the assembly at pc + 8 via the dcache. I don’t know enough about ARM microarchitectures to say for sure…

As I understand, Samsung has historically made different choices with regards to the cache hierarchy on their ARM SoCs, so it seems not entirely implausible that a different cache design can explain the difference in behavior. It may work by accident on the more commonplace Snapdragon/Cortex cores.

Thank you to everyone here who posted crash reports and information, it has been extremely helpful in finding and diagnosing this bug! ❤️

I believe a new beta release will be out shortly. Unfortunately we don’t have access to any of the affected device models at the moment, so any help in testing the upcoming release with the bugfix is extremely appreciated!

+2
simonask on May 29, 2019

Just to chime in, I was seeing a lot of these crashes and after deploying (to several thousand users) last night they all seem to be fixed.

Thanks for the quick turnaround here.

+1
zzorba on May 30, 2019

I build a version and sent a version to the affected user, but I can’t rush him. I’ll keep you updated.

Finally had a second to test it. The new build works on my SM-N920V (Note 5)

+1
wreiske on May 29, 2019

2.29.0-alpha.1 also fixed the crashes on Xiaomi 9 with 64bit apk. Thanks guys!

+1
ouabing on May 29, 2019

I build a version and sent a version to the affected user, but I can’t rush him. I’ll keep you updated.

+1
diegolmello on May 29, 2019

@simonask @kneth I’m happy to help. I don’t have a device in hands neither, but I have a very helpful user who does.

+1
diegolmello on May 29, 2019

I’m having the same issue (gathered from Google Play)

signal 7 (SIGBUS), code 1 (BUS_ADRALN)
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> chat.rocket.reactnative <<<

backtrace:
  #00  pc 00037bf3a90253f5  <unknown>
  #01  pc 0000000000258e80  /data/data/chat.rocket.reactnative/lib-0/librealmreact.so
  #02  pc 0000000000022414  /data/data/chat.rocket.reactnative/lib-0/libjscexecutor.so
  #03  pc 00000000000254d0  /data/data/chat.rocket.reactnative/lib-0/libjscexecutor.so
  #04  pc 0000000000018b58  /data/data/chat.rocket.reactnative/lib-0/libjscexecutor.so
  #05  pc 00000000000a4468  /data/data/chat.rocket.reactnative/lib-0/libreactnativejni.so
  #06  pc 000000000009c0e0  /data/data/chat.rocket.reactnative/lib-0/libreactnativejni.so
  #07  pc 0000000000065d7c  /data/data/chat.rocket.reactnative/lib-0/libreactnativejni.so
  #08  pc 0000000000063cac  /data/data/chat.rocket.reactnative/lib-0/libreactnativejni.so
  #09  pc 0000000000059288  /data/data/chat.rocket.reactnative/lib-0/libreactnativejni.so
  #10  pc 0000000000059204  /data/data/chat.rocket.reactnative/lib-0/libreactnativejni.so
  #11  pc 0000000000d2e670  /data/app/chat.rocket.reactnative-1/oat/arm64/base.odex
+1
diegolmello on May 28, 2019
Read more comments on GitHub
← realm-java: Wrong transactional state (no active transaction, wrong type of transaction, or transaction already in progress) io.realm.internal.OsObject.nativeStartListening
realm-js: 10.20.0-beta.5 Missing Constructor Error →