realm-js: iOS crash when the app is being terminated/swiped out

Description

Regular use. The database is opened only once on app startup and never closed, and there are a few permanently rendered components with listeners to about two different collections (addListener).
When you swipe out the app, there will be ocasional crashes not visible to the user, unless the OS reports a “the app has crashed, do you want to report it?” prompt.
Stacktrace & log output

CrashReporter Key:  0efe0ef54dbc94f6507345177af9b6ae7583f073
Hardware Model:     iPhone13,3
Process:            zinspector3
Identifier:         com.zinspector.zinspector3
Version:            3.2.11
Role:               Background
OS Version:         iOS 15.1.1
Exception Type:     EXC_BAD_ACCESS 
Exception Subtype:  KERN_INVALID_ADDRESS


EXC_BAD_ACCESS: Attempted to dereference garbage pointer 0x8.

0  zinspector3             std::__1::unordered_map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::unordered_map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, facebook::jsi::Function, std::__1::hash<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, facebook::jsi::Function> > >, std::__1::hash<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, std::__1::unordered_map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, facebook::jsi::Function, std::__1::hash<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, facebook::jsi::Function> > > > > >::operator[](std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (zinspector3)
1  zinspector3             realm::js::realmjsi::ObjectWrap<realm::js::RealmObjectClass<realm::js::realmjsi::Types> >::create_instance_by_schema(realm::js::JsiEnv, realm::js::JsiFunc*, realm::ObjectSchema const&, realm::js::RealmObject<realm::js::realmjsi::Types>*) (zinspector3)
2  zinspector3             realm::js::RealmObjectClass<realm::js::realmjsi::Types>::create_instance(realm::js::JsiEnv, realm::js::RealmObject<realm::js::realmjsi::Types>) (zinspector3)
3  zinspector3             realm::js::RealmClass<realm::js::realmjsi::Types>::object_for_primary_key(realm::js::JsiEnv, realm::js::JsiObj, realm::js::Arguments<realm::js::realmjsi::Types>&, realm::js::ReturnValue<realm::js::realmjsi::Types>&) (zinspector3)
4  zinspector3             facebook::jsi::Value realm::js::wrap<&realm::js::RealmClass<realm::js::realmjsi::Types>::object_for_primary_key>(facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) (zinspector3)
5  zinspector3             std::__1::function<facebook::jsi::Value (facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long)>::operator()(facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) const (zinspector3)
6  zinspector3             facebook::jsc::JSCRuntime::createFunctionFromHostFunction(facebook::jsi::PropNameID const&, unsigned int, std::__1::function<facebook::jsi::Value (facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long)>)::HostFunctionMetadata::call(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) (zinspector3)
7  JavaScriptCore          JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*)
8  JavaScriptCore          JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*)
9  JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
10 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
11 JavaScriptCore          _vmEntryToJavaScriptTrampoline
12 JavaScriptCore          JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
13 JavaScriptCore          JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
14 JavaScriptCore          _JSObjectCallAsFunction
15 zinspector3             facebook::jsc::JSCRuntime::call(facebook::jsi::Function const&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) (zinspector3)
16 zinspector3             realm::js::Function<realm::js::realmjsi::Types>::call(realm::js::JsiEnv, realm::js::JsiFunc const&, realm::js::JsiObj const&, unsigned long, realm::js::JsiVal const*) (zinspector3)
17 zinspector3             realm::js::RealmClass<realm::js::realmjsi::Types>::write(realm::js::JsiEnv, realm::js::JsiObj, realm::js::Arguments<realm::js::realmjsi::Types>&, realm::js::ReturnValue<realm::js::realmjsi::Types>&) (zinspector3)
18 zinspector3             facebook::jsi::Value realm::js::wrap<&realm::js::RealmClass<realm::js::realmjsi::Types>::write>(facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) (zinspector3)
19 zinspector3             std::__1::function<facebook::jsi::Value (facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long)>::operator()(facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) const (zinspector3)
20 zinspector3             facebook::jsc::JSCRuntime::createFunctionFromHostFunction(facebook::jsi::PropNameID const&, unsigned int, std::__1::function<facebook::jsi::Value (facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long)>)::HostFunctionMetadata::call(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) (zinspector3)
21 JavaScriptCore          JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*)
22 JavaScriptCore          JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*)
23 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
24 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
25 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
26 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
27 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
28 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
29 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
30 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
31 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
32 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
33 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
34 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
35 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
36 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
37 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
38 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
39 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
40 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
41 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
42 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
43 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
44 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
45 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
46 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
47 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
48 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
49 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
50 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
51 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
52 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
53 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
54 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
55 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
56 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
57 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
58 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
59 JavaScriptCore          _vmEntryToJavaScriptTrampoline
60 JavaScriptCore          JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
61 JavaScriptCore          JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*)
62 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
63 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
64 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
65 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
66 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
67 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
68 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
69 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
70 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
71 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
72 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
73 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
74 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
75 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
76 JavaScriptCore          _vmEntryToJavaScriptTrampoline
77 JavaScriptCore          JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
78 JavaScriptCore          JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*)
79 JavaScriptCore          _vmEntryToNative
80 JavaScriptCore          JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
81 JavaScriptCore          JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
82 JavaScriptCore          _JSObjectCallAsFunction
83 zinspector3             facebook::jsc::JSCRuntime::call(facebook::jsi::Function const&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) (zinspector3)
84 zinspector3             facebook::jsi::Value facebook::jsi::Function::call<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value>(facebook::jsi::Runtime&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value&&) const (zinspector3)
85 zinspector3             std::__1::__function::__func<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4, std::__1::allocator<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4>, void ()>::operator()() (zinspector3)
86 zinspector3             void std::__1::__invoke_void_return_wrapper<void, true>::__call<void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()> >(void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>&&) (zinspector3)
87 zinspector3             facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&) (zinspector3)
88 zinspector3             std::__1::__function::__func<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8, std::__1::allocator<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8>, void ()>::operator()() (zinspector3)
89 zinspector3             facebook::react::tryAndReturnError(std::__1::function<void ()> const&) (zinspector3)
90 zinspector3             facebook::react::RCTMessageThread::tryFunc(std::__1::function<void ()> const&) (zinspector3)
91 zinspector3             ___ZN8facebook5react16RCTMessageThread8runAsyncENSt3__18functionIFvvEEE_block_invoke (zinspector3)
92 CoreFoundation          ___CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__
93 CoreFoundation          ___CFRunLoopDoBlocks
94 CoreFoundation          ___CFRunLoopRun
95 CoreFoundation          _CFRunLoopRunSpecific
96 zinspector3             +[RCTCxxBridge runRunLoop] (zinspector3)
97 Foundation              ___NSThread__start__
98 libsystem_pthread.dylib __pthread_start
Can you reproduce a bug?

Yes, sometimes
Reproduction Steps

Start the app, add some listeners, swipe out the app. Repeat until a crash is observed.
Note: NOT using Hermes for iOS, but using the alpha realm version.
Version

10.20.0-alpha.2
What SDK flavour are you using?

Local Database only
Are you using encryption?

No response
Platform OS and version(s)

iOS 15.1.1
About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 4
Comments: 18 (6 by maintainers)
Most upvoted comments

Please help, Facing the same issue!! 😦
irajeshverma2020 on Jan 6, 2022
@cristianoccazinsp we fixed an issue where the teardown of the JS runtime could cause use of the destructed JavaScriptCore environment after it had been destroyed. Since the fix affects the lifetime of listeners (ensuring they’ll be removed before the JavaScript engine gets destroyed), I think this might solve your original issue. I would love if you could try out the 10.20.0-beta.1 release and report back if this fixed your original issue.
kraenhansen on Jan 28, 2022