realm-js: [iOS only] Realm crash: EXC_BAD_ACCESS KERN_INVALID_ADDRESS

How frequently does the bug occur?

Sometimes

Description

I have 26 crashes in production precisely like this from 23 different uses. The crashes happened in various stages of the user journey, so I can not pinpoint it to any specific time when my code is interacting with Realm…

One user reported that the app crashes after using it for a long time (the whole day). The app would not open again after the crash. Just deleting and installing would fix the problem. -> This somehow sounds like the database would be corrupt, which would be the only reason to prevent the app from launching again.

Stacktrace & log output

0  MYAPP                       0x100b74bd4 realm::js::MixedLink<realm::jsc::Types>::add_strategy(std::__1::shared_ptr<realm::Realm>) + 1544580
1  MYAPP                       0x100b93f94 realm::js::NativeAccessor<realm::jsc::Types>::NativeAccessor(OpaqueJSContext const*, std::__1::shared_ptr<realm::Realm>, realm::ObjectSchema const&) + 1672516
2  MYAPP                       0x100b9e818 realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&) + 1715656
3  MYAPP                       0x100b9de08 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**) + 1713080

Can you reproduce the bug?

Not yet

Reproduction Steps

None.

Version

10.6.0

What SDK flavour are you using?

Local Database only

Are you using encryption?

No, not using encryption

Platform OS and version(s)

iOS: 14.6.0 & 14.7.1 (nearly 50/50 distribution)

Build environment

"react": "^17.0.1",
"react-native": "^0.64.2",
"realm": "^10.6.0",

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 1
Comments: 29 (7 by maintainers)

Most upvoted comments

@taikim8484 Unfortunately I couldn’t find the cause of this crashes so I kinda gave up, it’s effected more than 10k of our user base, but we haven’t received any report regarding this crashes from our users, so I assume user’s are not noticing this crashes as all of them happening in the background. looks like this crash started to appear after upgrading from 10.8.0 to 10.9.1.

N3TC4T on Jan 18, 2022

Getting same crash reports same as @mklb posted. crash analytics indicates this happens 100% when device states is background.

Realm v10.9.1 React Native 0.66.1

Crash report

Crashed: com.facebook.react.JavaScript
0  JavaScriptCore                 0xb09e04 bool JSC::symbolTableGet<JSC::JSGlobalObject>(JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) + 76
1  JavaScriptCore                 0x27dfd4 JSC::JSObject::get(JSC::JSGlobalObject*, JSC::PropertyName) const + 2100
2  JavaScriptCore                 0x27dfd4 JSC::JSObject::get(JSC::JSGlobalObject*, JSC::PropertyName) const + 2100
3  JavaScriptCore                 0x27d6f4 JSObjectGetProperty + 152
4  MYAPP                           0x4393b0 realm::js::is_object_of_type(OpaqueJSContext const*, OpaqueJSValue const*, realm::js::String<realm::jsc::Types>) + 3450052
5  MYAPP                           0x4387d4 realm::js::Value<realm::jsc::Types>::is_array(OpaqueJSContext const*, OpaqueJSValue const* const&) + 3447016
6  MYAPP                           0x4a74b8 realm::js::RealmClass<realm::jsc::Types>::create(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&) + 3900876
7  MYAPP                           0x48a61c OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmClass<realm::jsc::Types>::create(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 3782448
8  JavaScriptCore                 0x26bc34 long long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 420
9  JavaScriptCore                 0x217ee4 llint_entry + 159908
10 JavaScriptCore                 0x2151a4 llint_entry + 148324
11 JavaScriptCore                 0x215258 llint_entry + 148504
12 JavaScriptCore                 0x1f0b94 vmEntryToJavaScript + 276
13 JavaScriptCore                 0x8322ac JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
14 JavaScriptCore                 0xa3f0d0 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 164
15 JavaScriptCore                 0x28071c JSObjectCallAsFunction + 568
16 MYAPP                           0x4a8258 realm::js::RealmClass<realm::jsc::Types>::write(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&) + 3904364
17 MYAPP                           0x48a7d8 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmClass<realm::jsc::Types>::write(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 3782892
18 JavaScriptCore                 0x26bc34 long long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 420
19 JavaScriptCore                 0x217ee4 llint_entry + 159908
20 JavaScriptCore                 0x2151a4 llint_entry + 148324
21 JavaScriptCore                 0x2151a4 llint_entry + 148324
22 JavaScriptCore                 0x215258 llint_entry + 148504
23 JavaScriptCore                 0x2151a4 llint_entry + 148324
24 JavaScriptCore                 0x2151a4 llint_entry + 148324
25 JavaScriptCore                 0x216324 llint_entry + 152804
26 JavaScriptCore                 0x2151a4 llint_entry + 148324
27 JavaScriptCore                 0x2151a4 llint_entry + 148324
28 JavaScriptCore                 0x215258 llint_entry + 148504
29 JavaScriptCore                 0x2151a4 llint_entry + 148324
30 JavaScriptCore                 0x215258 llint_entry + 148504
31 JavaScriptCore                 0x2151a4 llint_entry + 148324
32 JavaScriptCore                 0x215258 llint_entry + 148504
33 JavaScriptCore                 0x215258 llint_entry + 148504
34 JavaScriptCore                 0x2151a4 llint_entry + 148324
35 JavaScriptCore                 0x2151a4 llint_entry + 148324
36 JavaScriptCore                 0x216324 llint_entry + 152804
37 JavaScriptCore                 0x215258 llint_entry + 148504
38 JavaScriptCore                 0x2151a4 llint_entry + 148324
39 JavaScriptCore                 0x2151a4 llint_entry + 148324
40 JavaScriptCore                 0x2151a4 llint_entry + 148324
41 JavaScriptCore                 0x215258 llint_entry + 148504
42 JavaScriptCore                 0x2151a4 llint_entry + 148324
43 JavaScriptCore                 0x215258 llint_entry + 148504
44 JavaScriptCore                 0x2151a4 llint_entry + 148324
45 JavaScriptCore                 0x215258 llint_entry + 148504
46 JavaScriptCore                 0x2151a4 llint_entry + 148324
47 JavaScriptCore                 0x215258 llint_entry + 148504
48 JavaScriptCore                 0x215258 llint_entry + 148504
49 JavaScriptCore                 0x2151a4 llint_entry + 148324
50 JavaScriptCore                 0x2168ec llint_entry + 154284
51 JavaScriptCore                 0x215258 llint_entry + 148504
52 JavaScriptCore                 0x2151a4 llint_entry + 148324
53 JavaScriptCore                 0x2151a4 llint_entry + 148324
54 JavaScriptCore                 0x2151a4 llint_entry + 148324
55 JavaScriptCore                 0x2151a4 llint_entry + 148324
56 JavaScriptCore                 0x215258 llint_entry + 148504
57 JavaScriptCore                 0x2151a4 llint_entry + 148324
58 JavaScriptCore                 0x1f0b94 vmEntryToJavaScript + 276
59 JavaScriptCore                 0x8322ac JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
60 JavaScriptCore                 0xae3f1c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 676
61 JavaScriptCore                 0x217de4 llint_entry + 159652
62 JavaScriptCore                 0x1f0b94 vmEntryToJavaScript + 276
63 JavaScriptCore                 0x8322ac JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
64 JavaScriptCore                 0xae3f1c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 676
65 JavaScriptCore                 0x1f0d50 vmEntryToNative + 288
66 JavaScriptCore                 0x8322dc JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 536
67 JavaScriptCore                 0xa3f0d0 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 164
68 JavaScriptCore                 0x28071c JSObjectCallAsFunction + 568
69 MYAPP                           0x1c5d88 facebook::jsc::JSCRuntime::call(facebook::jsi::Function const&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) + 1260 (JSCRuntime.cpp:1260)
70 MYAPP                           0x1d1020 facebook::jsi::Value facebook::jsi::Function::call<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value>(facebook::jsi::Runtime&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value&&) const + 228 (jsi-inl.h:228)
71 MYAPP                           0x1d0e84 std::__1::__function::__func<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4, std::__1::allocator<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4>, void ()>::operator()() + 256 (JSIExecutor.cpp:256)
72 MYAPP                           0xef184 void std::__1::__invoke_void_return_wrapper<void, true>::__call<void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()> >(void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>&&) + 1843 (functional:1843)
73 MYAPP                           0x1ce198 facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&) + 1843 (functional:1843)
74 MYAPP                           0x1c240c std::__1::__function::__func<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8, std::__1::allocator<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8>, void ()>::operator()() + 1732 (functional:1732)
75 MYAPP                           0x10e34c facebook::react::tryAndReturnError(std::__1::function<void ()> const&) + 1885 (functional:1885)
76 MYAPP                           0x11a52c facebook::react::RCTMessageThread::tryFunc(std::__1::function<void ()> const&) + 69 (RCTMessageThread.mm:69)
77 MYAPP                           0x11a2e0 invocation function for block in facebook::react::RCTMessageThread::runAsync(std::__1::function<void ()>) + 46 (RCTMessageThread.mm:46)
78 CoreFoundation                 0xa149c __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 28
79 CoreFoundation                 0xa06e4 __CFRunLoopDoBlocks + 408
80 CoreFoundation                 0x9ae18 __CFRunLoopRun + 1732
81 CoreFoundation                 0x9a21c CFRunLoopRunSpecific + 600
82 MYAPP                           0x1034d8 +[RCTCxxBridge runRunLoop] + 367 (RCTCxxBridge.mm:367)
83 Foundation                     0x17aa34 __NSThread__start__ + 864
84 libsystem_pthread.dylib        0x1cb0 _pthread_start + 320
85 libsystem_pthread.dylib        0xa778 thread_start + 8

N3TC4T on Nov 8, 2021

Thanks all for reporting this issue!

We’ve released Realm-JS v10.9.1, which addresses a memory leak in the add_strategy/remove_strategy code. Please try out the new version and feel free to re-open this issue if you are still seeing the problems above.

fronck on Oct 20, 2021

Hi @kneth could I know how is the issue going? I also faced the same. @N3TC4T do you have any workaround solution or any suspect on this one?

taikim8484 on Jan 18, 2022

@fronck I have other users with the same crash. Considering the very limited amount of people I released the app to, the fix seems to make the app crash even more than the original bug. Can I rollback to 10.0.3 which was working fine for me, or has the data structure changed? I’d like to avoid #4016, #3913 and #4007.

Pingou on Oct 22, 2021

@fronck I have just released my app with realm 10.9.1 to 1% of iOS users. Have already one user crashing, but in a different place this time, so not sure it is related to this issue and this fix.

EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000000000118 Crashed: com.facebook.react.JavaScript 0 row_counter 0x4a5e18 std::__1::__hash_const_iterator<std::__1::__hash_node<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, void*>*> std::__1::__hash_table<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::__unordered_map_hasher<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::hash<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, true>, std::__1::__unordered_map_equal<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, true>, std::__1::allocator<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*> > >::find<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) const + 2035140 1 row_counter 0x4a5928 realm::jsc::get_cached_property_name(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 2033876 2 row_counter 0x4b8fe8 realm::jsc::ObjectWrap<realm::js::RealmObjectClass<realm::jsc::Types> >::set_internal_property(OpaqueJSContext const*, OpaqueJSValue*&, realm::js::RealmObject<realm::jsc::Types>*) + 2113428 3 row_counter 0x4b7c2c realm::jsc::ObjectWrap<realm::js::RealmObjectClass<realm::jsc::Types> >::create_instance_by_schema(OpaqueJSContext const*, OpaqueJSValue*&, realm::ObjectSchema const&, realm::js::RealmObject<realm::jsc::Types>*) + 2108376 4 row_counter 0x4b7550 realm::js::RealmObjectClass<realm::jsc::Types>::create_instance(OpaqueJSContext const*, realm::js::RealmObject<realm::jsc::Types>) + 2106620 5 row_counter 0x4c79c8 realm::js::NativeAccessor<realm::jsc::Types>::box(realm::Obj) + 2173300 6 row_counter 0x4d2684 realm::js::NativeAccessor<realm::jsc::Types> realm::Results::dispatch<auto realm::Results::get<realm::js::NativeAccessor<realm::jsc::Types> >(realm::js::NativeAccessor<realm::jsc::Types>&, unsigned long)::'lambda'(realm::js::NativeAccessor<realm::jsc::Types>&)>(realm::js::NativeAccessor<realm::jsc::Types>&) const + 2217520 7 row_counter 0x4d2460 realm::js::ResultsClass<realm::jsc::Types>::get_index(OpaqueJSContext const*, OpaqueJSValue*, unsigned int, realm::js::ReturnValue<realm::jsc::Types>&) + 2216972 8 row_counter 0x4cbf80 OpaqueJSValue const* realm::js::wrap<&(realm::js::ResultsClass<realm::jsc::Types>::get_index(OpaqueJSContext const*, OpaqueJSValue*, unsigned int, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, unsigned int, OpaqueJSValue const**) + 2191148 9 JavaScriptCore 0x34cb88 JSC::JSCallbackObject<JSC::JSNonFinalObject>::getOwnPropertySlot(JSC::JSObject*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) + 348 10 JavaScriptCore 0x34d460 JSC::JSCallbackObject<JSC::JSNonFinalObject>::getOwnPropertySlotByIndex(JSC::JSObject*, JSC::JSGlobalObject*, unsigned int, JSC::PropertySlot&) + 124 11 JavaScriptCore 0xb0cebc llint_slow_path_get_by_val + 4460 12 JavaScriptCore 0x295538 llint_function_for_construct_arity_checkTagGateAfter + 37992 13 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 14 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 15 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 16 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 17 JavaScriptCore 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948 18 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 19 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 20 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 21 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 22 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 23 JavaScriptCore 0x285b88 vmEntryToJavaScriptTrampoline + 8 24 JavaScriptCore 0x9b8cf0 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488 25 JavaScriptCore 0xd1289c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 668 26 JavaScriptCore 0x2b1604 llint_function_for_construct_arity_checkTagGateAfter + 152884

Pingou on Oct 21, 2021

Hey! I’m having the exact same crash log. For me this crash happens when app is woken in background by BGAppRefreshTask

Crashed: com.facebook.react.JavaScript
0  MyAppName                         0x4f4538 realm::js::MixedLink<realm::jsc::Types>::add_strategy(std::__1::shared_ptr<realm::Realm>) + 2789812
1  MyAppName                         0x513828 realm::js::NativeAccessor<realm::jsc::Types>::NativeAccessor(OpaqueJSContext const*, std::__1::shared_ptr<realm::Realm>, realm::ObjectSchema const&) + 2917540
2  MyAppName                         0x51e0b8 realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&) + 2960692
3  MyAppName                         0x51d6e0 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**) + 2958172

max-prokopenko on Sep 30, 2021