Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Cannot Reproduce
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:

T-Shirt Size:
?
Github URL:
https://github.com/realm/realm-js/issues/4473
GitHub#:
4473

Description

This is related to https://github.com/realm/realm-js/issues/3112 and https://github.com/realm/realm-js/issues/2828 and has been observed since day 1 using RealmJS. Although there are different stack traces, and sometimes it may not even be Realm at all but a crash in JSC/Facebook code, I'm opening this one more time to see if the issue can be found.

In short, when the app goes to background and is getting terminated, native JSC pointer access seem to crash the entire app due to some null/memory checks missing, or freed-up memory being accessed. Even though Realm does not always appear in the stack trace, it may still be related to how it integrates itself with the JSC runtime.

Note that this happens since the beginning of times, but the current version reported is 10.20.0-beta.3 on iOS with Hermes disabled.

Stacktrace & log output

The following are various crash stack traces, all with the same behaviour where the app is in background and being terminated:

Hardware Model:     iPhone14,5
Role:               Background
OS Version:         iOS 15.3.1
Exception Type:     EXC_BAD_ACCESS 
Exception Subtype:  KERN_INVALID_ADDRESS


EXC_BAD_ACCESS: Attempted to dereference garbage pointer 0x8.

0  tmi3                    0x100284c34 (0x100284ba0 + 148) (tmi3)
1  tmi3                    0x100283d3c (0x100283ba8 + 404) (tmi3)
2  tmi3                    0x100281ddc (0x100281bec + 496) (tmi3)
3  tmi3                    0x100280cf4 (0x100280b90 + 356) (tmi3)
4  tmi3                    0x100251e6c (0x100251db0 + 188) (tmi3)
5  tmi3                    0x1001ba8d8 (0x1001ba8b0 + 40) (tmi3)
6  tmi3                    0x1001ba620 (0x1001ba4a8 + 376) (tmi3)
7  JavaScriptCore          JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*)
8  JavaScriptCore          JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*)
9  JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
10 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
11 JavaScriptCore          _vmEntryToJavaScriptTrampoline
12 JavaScriptCore          JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
13 JavaScriptCore          JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
14 JavaScriptCore          _JSObjectCallAsFunction
15 tmi3                    0x1001b8ad0 (0x1001b8a30 + 160) (tmi3)
16 tmi3                    0x1002a0c10 (0x1002a0b80 + 144) (tmi3)
17 tmi3                    0x1002a0a1c (0x1002a096c + 176) (tmi3)
18 tmi3                    0x10025262c (0x100252570 + 188) (tmi3)
19 tmi3                    0x1001ba8d8 (0x1001ba8b0 + 40) (tmi3)
20 tmi3                    0x1001ba620 (0x1001ba4a8 + 376) (tmi3)
21 JavaScriptCore          JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*)
22 JavaScriptCore          JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*)
23 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
24 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
... many similar to the above ...
25 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
59 JavaScriptCore          _vmEntryToJavaScriptTrampoline
60 JavaScriptCore          JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
61 JavaScriptCore          JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*)
62 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
... many similar to the above ...
75 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
76 JavaScriptCore          _vmEntryToJavaScriptTrampoline
77 JavaScriptCore          JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
78 JavaScriptCore          JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*)
79 JavaScriptCore          _vmEntryToNative
80 JavaScriptCore          JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
81 JavaScriptCore          JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
82 JavaScriptCore          _JSObjectCallAsFunction
83 tmi3                    0x1001b8ad0 (0x1001b8a30 + 160) (tmi3)
84 tmi3                    0x1001c4d54 (0x1001c4c64 + 240) (tmi3)
85 tmi3                    0x1001c4bb8 (0x1001c4b5c + 92) (tmi3)
86 tmi3                    0x1000e175c (0x1000e1718 + 68) (tmi3)
87 tmi3                    0x1001c1f7c (0x1001c1e20 + 348) (tmi3)
88 tmi3                    0x1001b51d8 (0x1001b51a0 + 56) (tmi3)
89 tmi3                    0x100100a98 (0x100100a7c + 28) (tmi3)
90 tmi3                    0x10010cdcc (0x10010cdb8 + 20) (tmi3)
91 tmi3                    0x10010cb80 (0x10010cb58 + 40) (tmi3)
92 CoreFoundation          ___CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__
93 CoreFoundation          ___CFRunLoopDoBlocks
94 CoreFoundation          ___CFRunLoopRun
95 CoreFoundation          _CFRunLoopRunSpecific
96 tmi3                    0x1000f5b5c (0x1000f5a58 + 260) (tmi3)
97 Foundation              ___NSThread__start__
98 libsystem_pthread.dylib __pthread_start

Other crash, similar behaviour:

Hardware Model:     iPhone13,4
Role:               Background
OS Version:         iOS 15.2.1
Exception Type:     EXC_BAD_ACCESS 
Exception Subtype:  KERN_INVALID_ADDRESS


EXC_BAD_ACCESS: Attempted to dereference garbage pointer 0x48.

0  tmi3                    0x10028054c (0x10028050c + 64) (tmi3)
1  tmi3                    0x10029f334 (0x10029f30c + 40) (tmi3)
2  tmi3                    0x100059d54 (0x100059d18 + 60) (tmi3)
3  tmi3                    0x1001b9140 (0x1001b9114 + 44) (tmi3)
4  JavaScriptCore          JSC::JSCallbackObject<JSC::JSNonFinalObject>::destroy(JSC::JSCell*)
5  JavaScriptCore          void JSC::MarkedBlock::Handle::specializedSweep<true, (JSC::MarkedBlock::Handle::EmptyMode)1, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)1, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)1, (JSC::MarkedBlock::Handle::MarksMode)1, JSC::IsoHeapCellType>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::IsoHeapCellType const&)
6  JavaScriptCore          void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::IsoHeapCellType>(JSC::FreeList*, JSC::IsoHeapCellType const&)::{lambda()#1}::operator()() const
7  JavaScriptCore          void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::IsoHeapCellType>(JSC::FreeList*, JSC::IsoHeapCellType const&)
8  JavaScriptCore          JSC::MarkedBlock::Handle::sweep(JSC::FreeList*)
9  JavaScriptCore          JSC::BlockDirectory::sweep()
10 JavaScriptCore          JSC::MarkedSpace::sweepBlocks()
11 JavaScriptCore          JSC::Heap::sweepSynchronously()
12 JavaScriptCore          JSC::Heap::finalize()
13 JavaScriptCore          JSC::Heap::handleNeedFinalize(unsigned int)
14 JavaScriptCore          JSC::Heap::acquireAccessSlow()
15 JavaScriptCore          JSC::JSLock::didAcquireLock()
16 JavaScriptCore          JSC::JSLockHolder::JSLockHolder(JSC::JSGlobalObject*)
17 JavaScriptCore          _JSValueUnprotect
18 tmi3                    0x1001b73d0 (0x1001b7398 + 56) (tmi3)
19 tmi3                    0x1001bbf70 (0x1001bbf44 + 44) (tmi3)
20 tmi3                    0x1001ba640 (0x1001ba4a8 + 408) (tmi3)
21 JavaScriptCore          JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*)
22 JavaScriptCore          JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*)
23 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
24 JavaScriptCore          _vmEntryToJavaScriptTrampoline
25 JavaScriptCore          JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
26 JavaScriptCore          JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*)
27 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
.... similar ....
42 JavaScriptCore          _llint_function_for_construct_arity_checkTagGateAfter
43 JavaScriptCore          _vmEntryToJavaScriptTrampoline
44 JavaScriptCore          JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
45 JavaScriptCore          JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*)
46 JavaScriptCore          _vmEntryToNative
47 JavaScriptCore          JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
48 JavaScriptCore          JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
49 JavaScriptCore          _JSObjectCallAsFunction
50 tmi3                    0x1001b8ad0 (0x1001b8a30 + 160) (tmi3)
.... similar ....
58 tmi3                    0x10010cb80 (0x10010cb58 + 40) (tmi3)
59 CoreFoundation          ___CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__
60 CoreFoundation          ___CFRunLoopDoBlocks
61 CoreFoundation          ___CFRunLoopRun
62 CoreFoundation          _CFRunLoopRunSpecific
63 tmi3                    0x1000f5b5c (0x1000f5a58 + 260) (tmi3)
64 Foundation              ___NSThread__start__
65 libsystem_pthread.dylib __pthread_start

The same crashes are reported as follows within XCode's crash reporting, in which Realm code appears:

#0  (null) in realm::js::notifications::NotificationBucket<realm::js::realmjsi::Types>::erase+ 2622796 (realm::js::notifications::NotificationHandle<realm::js::realmjsi::Types>&) ()
#1  (null) in realm::js::realmjsi::Wrapper<std::__1::unique_ptr<realm::js::Results<realm::js::realmjsi::Types>, std::__1::default_delete<realm::js::Results<realm::js::realmjsi::Types> > > >::~Wrapper+ 2622620 () ()
#2  0x00000001007e1d58 in std::__1::__shared_count::__release_shared() ()
#3  0x00000001007e1d58 in std::__1::__shared_weak_count::__release_shared() ()
#4  0x00000001007e1d58 in std::__1::shared_ptr<facebook::jsi::Runtime>::~shared_ptr() ()
#5  0x0000000100941144 in std::__1::shared_ptr<facebook::jsi::HostObject>::~shared_ptr() ()
#6  0x0000000100941144 in facebook::jsc::detail::HostObjectProxyBase::~HostObjectProxyBase() at tmi3/node_modules/react-native/ReactCommon/jsi/JSCRuntime.cpp:695
#7  0x0000000100941144 in facebook::jsc::JSCRuntime::createObject(std::__1::shared_ptr<facebook::jsi::HostObject>)::HostObjectProxy::~HostObjectProxy() at tmi3/node_modules/react-native/ReactCommon/jsi/JSCRuntime.cpp:712
#8  0x0000000100941144 in facebook::jsc::JSCRuntime::createObject(std::__1::shared_ptr<facebook::jsi::HostObject>)::HostObjectProxy::~HostObjectProxy() at tmi3/node_modules/react-native/ReactCommon/jsi/JSCRuntime.cpp:712
#9  0x0000000100941144 in facebook::jsc::JSCRuntime::createObject(std::__1::shared_ptr<facebook::jsi::HostObject>)::HostObjectProxy::finalize(OpaqueJSValue*) at tmi3/node_modules/react-native/ReactCommon/jsi/JSCRuntime.cpp:817
#10 (null) in JSC::JSCallbackObject<JSC::JSNonFinalObject>::destroy(JSC::JSCell*) ()
#11 (null) in void JSC::MarkedBlock::Handle::specializedSweep<true, (JSC::MarkedBlock::Handle::EmptyMode)1, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)1, (JSC::Marked... ()
#12 (null) in void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::IsoHeapCellType>(JSC::FreeList*, JSC::IsoHeapCellType const&)::'lambda'()::operator()() const ()
#13 (null) in void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::IsoHeapCellType>(JSC::FreeList*, JSC::IsoHeapCellType const&) ()
#14 (null) in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) ()
#15 (null) in JSC::BlockDirectory::sweep() ()
#16 (null) in JSC::MarkedSpace::sweepBlocks() ()
#17 (null) in JSC::Heap::sweepSynchronously() ()
#18 (null) in JSC::Heap::finalize() ()
#19 (null) in JSC::Heap::handleNeedFinalize(unsigned int) ()
#20 (null) in JSC::Heap::finishChangingPhase(JSC::GCConductor) ()
#21 (null) in JSC::Heap::runEndPhase(JSC::GCConductor) ()
#22 (null) in JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*) ()
#23 (null) in WTF::ScopedLambdaFunctor<void (JSC::CurrentThreadState&), JSC::Heap::collectInMutatorThread()::$_0>::implFunction(void*, JSC::CurrentThreadState&) ()
#24 (null) in JSC::callWithCurrentThreadState(WTF::ScopedLambda<void (JSC::CurrentThreadState&)> const&) ()
#25 (null) in JSC::Heap::collectInMutatorThread() ()
#26 (null) in JSC::Heap::stopIfNecessarySlow() ()
#27 (null) in JSC::Heap::collectIfNecessaryOrDefer(JSC::GCDeferralContext*) ()
#28 (null) in JSC::Structure::materializePropertyTable(JSC::VM&, bool) ()
#29 (null) in JSC::JSObject::putInlineSlow(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) ()
#30 (null) in llint_slow_path_put_by_id ()
#31 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
... similar ...
#42 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#43 (null) in vmEntryToJavaScriptTrampoline ()
#44 (null) in JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) ()
#45 (null) in JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) ()
#46 (null) in vmEntryToNative ()
#47 (null) in JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) ()
#48 (null) in JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) ()
#49 (null) in JSObjectCallAsFunction ()
#50 0x0000000100940ad4 in facebook::jsc::JSCRuntime::call(facebook::jsi::Function const&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) at tmi3/node_modules/react-native/ReactCommon/jsi/JSCRuntime.cpp:1260
#51 0x000000010094cd58 in facebook::jsi::Function::call(facebook::jsi::Runtime&, facebook::jsi::Value const*, unsigned long) const at tmi3/node_modules/react-native/ReactCommon/jsi/jsi/jsi-inl.h:228
#52 0x000000010094cd58 in facebook::jsi::Function::call(facebook::jsi::Runtime&, std::initializer_list<facebook::jsi::Value>) const at tmi3/node_modules/react-native/ReactCommon/jsi/jsi/jsi-inl.h:233
#53 0x000000010094cd58 in facebook::jsi::Value facebook::jsi::Function::call<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<c... at tmi3/node_modules/react-native/ReactCommon/jsi/jsi/jsi-inl.h:241
#54 0x000000010094cbbc in facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, st... at tmi3/node_modules/react-native/ReactCommon/jsiexecutor/jsireact/JSIExecutor.cpp:256
#55 0x000000010094cbbc in decltype(static_cast<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::... ()
#56 0x000000010094cbbc in void std::__1::__invoke_void_return_wrapper<void, true>::__call<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > cons... ()
#57 0x000000010094cbbc in std::__1::__function::__alloc_func<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<ch... ()
#58 0x000000010094cbbc in std::__1::__function::__func<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, st... ()
#59 0x0000000100869760 in decltype(static_cast<void (*&>(fp)(static_cast<std::__1::function<void ()> const&>(fp0), static_cast<std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator... ()
#60 0x0000000100869760 in void std::__1::__invoke_void_return_wrapper<void, true>::__call<void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::... ()
#61 0x0000000100949f80 in std::__1::__function::__value_func<void (std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>)>::operator... ()
#62 0x0000000100949f80 in std::__1::function<void (std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>)>::operator()(std::__1::fun... ()
#63 0x0000000100949f80 in facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, st... at tmi3/node_modules/react-native/ReactCommon/jsiexecutor/jsireact/JSIExecutor.cpp:254
#64 0x000000010093d1dc in std::__1::__function::__value_func<void (facebook::react::JSExecutor*)>::operator()(facebook::react::JSExecutor*&&) const ()
#65 0x000000010093d1dc in std::__1::function<void (facebook::react::JSExecutor*)>::operator()(facebook::react::JSExecutor*) const ()
#66 0x000000010093d1dc in facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8::operator()() const at tmi3/node_modules/react-native/ReactCommon/cxxreact/NativeToJsBridge.cpp:310
#67 0x000000010093d1dc in decltype(static_cast<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8&>(fp)()) std::__1::__invoke<facebook::react::NativeToJsBridg... ()
#68 0x000000010093d1dc in void std::__1::__invoke_void_return_wrapper<void, true>::__call<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8&>(facebook::react... ()
#69 0x000000010093d1dc in std::__1::__function::__alloc_func<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8, std::__1::allocator<facebook::react::NativeTo... ()
#70 0x000000010093d1dc in std::__1::__function::__func<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8, std::__1::allocator<facebook::react::NativeToJsBrid... ()
#71 0x0000000100888a9c in std::__1::__function::__value_func<void ()>::operator()() const ()
#72 0x0000000100888a9c in std::__1::function<void ()>::operator()() const ()
#73 0x0000000100888a9c in facebook::react::tryAndReturnError(std::__1::function<void ()> const&) at tmi3/node_modules/react-native/React/CxxModule/RCTCxxUtils.mm:74
#74 0x0000000100894dd0 in facebook::react::RCTMessageThread::tryFunc(std::__1::function<void ()> const&) at tmi3/node_modules/react-native/React/CxxBridge/RCTMessageThread.mm:69
#75 0x0000000100894b84 in std::__1::__function::__value_func<void ()>::operator()() const ()
#76 0x0000000100894b84 in std::__1::function<void ()>::operator()() const ()
#77 0x0000000100894b84 in invocation function for block in facebook::react::RCTMessageThread::runAsync(std::__1::function<void ()>) at tmi3/node_modules/react-native/React/CxxBridge/RCTMessageThread.mm:45
#78 (null) in __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ ()
#79 (null) in __CFRunLoopDoBlocks ()
#80 (null) in __CFRunLoopRun ()
#81 (null) in CFRunLoopRunSpecific ()
#82 0x000000010087db60 in +[RCTCxxBridge runRunLoop] at tmi3/node_modules/react-native/React/CxxBridge/RCTCxxBridge.mm:384
#83 (null) in __NSThread__start__ ()
#84 (null) in _pthread_start ()
#85 (null) in thread_start ()

#0 (null) in std::_1::unordered_map<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> >, std::1::unordered_map<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> >, facebook::jsi::Function, std::1::hash<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::equal_to<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::allocator<std::1::pair<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > const, facebook::jsi::Function> > >, std::1::hash<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::equal_to<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::allocator<std::1::pair<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > const, std::1::unordered_map<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> >, facebook::jsi::Function, std::1::hash<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::equal_to<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::allocator<std::1::pair<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > const, facebook::jsi::Function> > > > > >::operator[]+ 2640948 (std::1::basic_string<char, std::1::char_traits<char>, std::_1::allocator<char> > const&) ()
#1 (null) in std::_1::unordered_map<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> >, std::1::unordered_map<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> >, facebook::jsi::Function, std::1::hash<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::equal_to<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::allocator<std::1::pair<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > const, facebook::jsi::Function> > >, std::1::hash<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::equal_to<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::allocator<std::1::pair<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > const, std::1::unordered_map<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> >, facebook::jsi::Function, std::1::hash<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::equal_to<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > >, std::1::allocator<std::1::pair<std::1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > const, facebook::jsi::Function> > > > > >::operator[]+ 2640872 (std::1::basic_string<char, std::1::char_traits<char>, std::_1::allocator<char> > const&) ()
#2 (null) in realm::js::realmjsi::ObjectWrap<realm::js::RealmObjectClass<realm::js::realmjsi::Types> >::create_instance_by_schema+ 2637120 (realm::js::JsiEnv, realm::js::JsiFunc*, realm::ObjectSchema const&, realm::js::RealmObject<realm::js::realmjsi::Types>*) ()
#3 (null) in realm::js::RealmObjectClass<realm::js::realmjsi::Types>::create_instance+ 2629088 (realm::js::JsiEnv, realm::js::RealmObject<realm::js::realmjsi::Types>) ()
#4 (null) in realm::js::RealmClass<realm::js::realmjsi::Types>::object_for_primary_key+ 2624760 (realm::js::JsiEnv, realm::js::JsiObj, realm::js::Arguments<realm::js::realmjsi::Types>&, realm::js::ReturnValue<realm::js::realmjsi::Types>&) ()
#5 (null) in facebook::jsi::Value realm::js::wrap<&(realm::js::RealmClass<realm::js::realmjsi::Types>::object_for_primary_key(realm::js::JsiEnv, realm::js::JsiObj, realm::js::Arguments<realm::js::realmjsi::Types>&, realm::js::ReturnValue<realm::js::realmjsi::Types>&))>+ 2432624 (facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) ()
#6 0x00000001041de8dc in std::_1::function::_value_func<facebook::jsi::Value (facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long)>::operator()(facebook::jsi::Runtime&, face... ()
#7 0x00000001041de8dc in std::__1::function<facebook::jsi::Value (facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long)>::operator()(facebook::jsi::Runtime&, facebook::jsi::Value... ()
#8 0x00000001041de624 in facebook::jsc::JSCRuntime::createFunctionFromHostFunction(facebook::jsi::PropNameID const&, unsigned int, std::__1::function<facebook::jsi::Value (facebook::jsi::Runtime&, facebook::jsi::Value cons... at tmi3/node_modules/react-native/ReactCommon/jsi/JSCRuntime.cpp:1158
#9 (null) in JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*) ()
#10 (null) in JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) ()
#11 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#12 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#13 (null) in vmEntryToJavaScriptTrampoline ()
#14 (null) in JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) ()
#15 (null) in JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) ()
#16 (null) in JSObjectCallAsFunction ()
#17 0x00000001041dcad4 in facebook::jsc::JSCRuntime::call(facebook::jsi::Function const&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) at tmi3/node_modules/react-native/ReactCommon/jsi/JSCRuntime.cpp:1260
#18 (null) in realm::js::Function<realm::js::realmjsi::Types>::call+ 2755604 (realm::js::JsiEnv, realm::js::JsiFunc const&, realm::js::JsiObj const&, unsigned long, realm::js::JsiVal const*) ()
#19 (null) in realm::js::RealmClass<realm::js::realmjsi::Types>::write+ 2755104 (realm::js::JsiEnv, realm::js::JsiObj, realm::js::Arguments<realm::js::realmjsi::Types>&, realm::js::ReturnValue<realm::js::realmjsi::Types>&) ()
#20 (null) in facebook::jsi::Value realm::js::wrap<&(realm::js::RealmClass<realm::js::realmjsi::Types>::write(realm::js::JsiEnv, realm::js::JsiObj, realm::js::Arguments<realm::js::realmjsi::Types>&, realm::js::ReturnValue<realm::js::realmjsi::Types>&))>+ 2434608 (facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) ()
#21 0x00000001041de8dc in std::_1::function::_value_func<facebook::jsi::Value (facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long)>::operator()(facebook::jsi::Runtime&, face... ()
#22 0x00000001041de8dc in std::__1::function<facebook::jsi::Value (facebook::jsi::Runtime&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long)>::operator()(facebook::jsi::Runtime&, facebook::jsi::Value... ()
#23 0x00000001041de624 in facebook::jsc::JSCRuntime::createFunctionFromHostFunction(facebook::jsi::PropNameID const&, unsigned int, std::__1::function<facebook::jsi::Value (facebook::jsi::Runtime&, facebook::jsi::Value cons... at tmi3/node_modules/react-native/ReactCommon/jsi/JSCRuntime.cpp:1158
#24 (null) in JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*) ()
#25 (null) in JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) ()
#26 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#27 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#28 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#29 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#30 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#31 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#32 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#33 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#34 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#35 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#36 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#37 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#38 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#39 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#40 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#41 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#42 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#43 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#44 (null) in vmEntryToJavaScriptTrampoline ()
#45 (null) in JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) ()
#46 (null) in JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) ()
#47 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#48 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#49 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#50 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#51 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#52 (null) in llint_function_for_construct_arity_checkTagGateAfter ()
#53 (null) in vmEntryToJavaScriptTrampoline ()
#54 (null) in JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) ()
#55 (null) in JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) ()
#56 (null) in vmEntryToNative ()
#57 (null) in JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) ()
#58 (null) in JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) ()
#59 (null) in JSObjectCallAsFunction ()
#60 0x00000001041dcad4 in facebook::jsc::JSCRuntime::call(facebook::jsi::Function const&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) at tmi3/node_modules/react-native/ReactCommon/jsi/JSCRuntime.cpp:1260
#61 0x00000001041e8d58 in facebook::jsi::Function::call(facebook::jsi::Runtime&, facebook::jsi::Value const*, unsigned long) const at tmi3/node_modules/react-native/ReactCommon/jsi/jsi/jsi-inl.h:228
#62 0x00000001041e8d58 in facebook::jsi::Function::call(facebook::jsi::Runtime&, std::initializer_list<facebook::jsi::Value>) const at tmi3/node_modules/react-native/ReactCommon/jsi/jsi/jsi-inl.h:233
#63 0x00000001041e8d58 in facebook::jsi::Value facebook::jsi::Function::call<std::_1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > const&, std::1::basic_string<char, std::_1::char_traits<c... at tmi3/node_modules/react-native/ReactCommon/jsi/jsi/jsi-inl.h:241
#64 0x00000001041e8bbc in facebook::react::JSIExecutor::callFunction(std::_1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > const&, std::1::basic_string<char, std::_1::char_traits<char>, st... at tmi3/node_modules/react-native/ReactCommon/jsiexecutor/jsireact/JSIExecutor.cpp:256
#65 0x00000001041e8bbc in decltype(static_cast<facebook::react::JSIExecutor::callFunction(std::_1::basic_string<char, std::1::char_traits<char>, std::1::allocator<char> > const&, std::1::basic_string<char, std::_1::... ()
#66 0x00000001041e8bbc in void std::_1::invoke_void_return_wrapper<void, true>::call<facebook::react::JSIExecutor::callFunction(std::1::basic_string<char, std::1::char_traits<char>, std::_1::allocator<char> > cons... ()
#67 0x00000001041e8bbc in std::_1::function::_alloc_func<facebook::react::JSIExecutor::callFu

is related to

RJS-1700 Meta-ticket: Memory Corruption

Closed

Assignee:: Kræn Hansen

Reporter:: Unito Sync Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: Apr 05 2022 03:18:46 PM UTC

Updated:: Feb 16 2024 07:32:02 AM UTC

Resolved:: Feb 22 2023 03:25:23 PM UTC

Details

Description

Description

Stacktrace & log output

Attachments

Issue Links

Activity

People

Dates