-
Type:
Bug
-
Resolution: Won't Fix
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
2 - S (<= 1 week)
-
2416
tl;dr I'm hoping the included stack traces below might shed some light on what could be causing some EXC_BAD_ACCESS crashes from the JSC and Realm.
–
Since our latest release we have started getting crashes that all look to have Realm and JSC in the picture:
EXC_BAD_ACCESS Attempted to dereference garbage pointer 0x10.
And usually either from JSC::JSFunction::getOwnPropertySlot or JSC::JSCallbackObject<T>::getOwnPropertySlot called by a Realm function (e.g. get_property_names, get_property).
Unfortunately, this was a very large release for us so it's hard to know where I could look to try and provide a way to isolate the issue. Realm related in this release, we:
- Upgraded from realm-js 2.20.0 -> 2.26.1
- Started adopting Realm listeners in a few screens.
I would appreciate any insights the Realm team can provide. Happy to dig into any ideas or thoughts you all might have.
A few stack traces are included below for reference. All fairly similar but generally the crashes are coming up as unique in Sentry.
Version of Realm and Tooling
- Realm JS SDK Version: v2.26.1
- Node or React Native: RN v0.57.5
- Client OS & Version: All iOS: 12.2, 12.3
- Which debugger for React Native: None
Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: BUS_NOOP at 0x0000000000000010 Crashed Thread: 2 Application Specific Information: Attempted to dereference garbage pointer 0x10. Thread 2 Crashed: 0 JavaScriptCore 0x382a1ead0 JSC::JSCallbackObject<T>::getOwnPropertySlot 1 <unknown> 0x30ec81fec16ba0 <redacted> ... 4 <unknown> 0x54350104fbefc8 <redacted> 5 infusionsoftmobile 0x204fd802c realm::jsc::ObjectWrap<T>::get_property_names (jsc_class.hpp:288) 6 JavaScriptCore 0x382a1f1cc JSC::JSCallbackObject<T>::getOwnNonIndexPropertyNames 7 <unknown> 0x24cd81ff3f4494 <redacted> ... 26 <unknown> 0x1d170105007170 <redacted> 27 infusionsoftmobile 0x205002394 realm::js::wrap<T> (jsc_class.hpp:390) 28 JavaScriptCore 0x382a1d36c JSC::APICallbackFunction::call<T>
Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: BUS_NOOP at 0x0000000000000010 Crashed Thread: 2 Application Specific Information: Attempted to dereference garbage pointer 0x10. Thread 2 Crashed: 0 JavaScriptCore 0x325ee7ff4 JSC::JSFunction::getOwnPropertySlot 1 JavaScriptCore 0x325773f60 [inlined] JSC::JSObject::get 2 JavaScriptCore 0x325773f60 JSC::JSObject::get 3 JavaScriptCore 0x325793d54 JSObjectGetProperty 4 infusionsoftmobile 0x2007cd1d0 realm::js::Object<T>::get_property (jsc_object.hpp:29) 5 infusionsoftmobile 0x2007cd1c0 realm::js::Object<T>::validated_get_object (js_types.hpp:263) 6 infusionsoftmobile 0x2007fd118 realm::js::RealmObjectClass<T>::create_instance (js_realm_object.hpp:135) 7 infusionsoftmobile 0x200801c24 realm::js::NativeAccessor<T>::box (js_object_accessor.hpp:119) 8 infusionsoftmobile 0x200810d20 realm::Results::get<T> (results.hpp:306) 9 infusionsoftmobile 0x200810d0c realm::js::ResultsClass<T>::get_index (js_results.hpp:268) 10 infusionsoftmobile 0x20080d098 realm::js::wrap<T> (jsc_class.hpp:428) 11 JavaScriptCore 0x325789dfc JSC::JSCallbackObject<T>::getOwnPropertySlot 12 JavaScriptCore 0x32578a448 JSC::JSCallbackObject<T>::getOwnPropertySlotByIndex 13 JavaScriptCore 0x325d3bf58 llint_slow_path_get_by_val 14 JavaScriptCore 0x325759038 llint_entry 15 JavaScriptCore 0x325764cb4 [inlined] <redacted> 16 JavaScriptCore 0x325764cb4 [inlined] <redacted> 17 JavaScriptCore 0x325764cb4 <redacted> 18 JavaScriptCore 0x3257507f8 vmEntryToJavaScript 19 JavaScriptCore 0x325c8276c JSC::Interpreter::executeCall 20 JavaScriptCore 0x325ee115c JSC::boundThisNoArgsFunctionCall 21 JavaScriptCore 0x32576673c <redacted> ... 31 JavaScriptCore 0x325764cb4 <redacted> 32 JavaScriptCore 0x3257507f8 vmEntryToJavaScript 33 JavaScriptCore 0x325c8276c JSC::Interpreter::executeCall 34 JavaScriptCore 0x325e64524 JSC::profiledCall 35 JavaScriptCore 0x325795b20 JSObjectCallAsFunction 36 infusionsoftmobile 0x20080fe04 realm::js::Function<T>::call (jsc_function.hpp:29) 37 infusionsoftmobile 0x20080fdf0 [inlined] realm::js::Function<T>::callback (jsc_function.hpp:38) 38 infusionsoftmobile 0x20080fdf0 realm::js::ResultsClass<T>::add_listener<T>::lambda::operator() (js_results.hpp:430) 39 infusionsoftmobile 0x20080fdd8 realm::CollectionChangeCallback::Impl<T>::after (collection_notifications.hpp:158) 40 infusionsoftmobile 0x2007c514c realm::CollectionChangeCallback::after (collection_notifications.hpp:122) 41 infusionsoftmobile 0x2007c513c realm::_impl::CollectionNotifier::after_advance::lambda::operator()<T> (collection_notifier.cpp:332) 42 infusionsoftmobile 0x2007c5050 realm::_impl::CollectionNotifier::for_each_callback<T> (collection_notifier.cpp:378) 43 infusionsoftmobile 0x2007c5008 realm::_impl::CollectionNotifier::after_advance (collection_notifier.cpp:334) 44 infusionsoftmobile 0x2007c5ce8 realm::_impl::NotifierPackage::after_advance (collection_notifier.cpp:490) 45 infusionsoftmobile 0x20086df44 (anonymous namespace)::advance_with_notifications<T> (transact_log_handler.cpp:803) 46 infusionsoftmobile 0x20086ddf4 realm::_impl::transaction::begin (transact_log_handler.cpp:838) 47 infusionsoftmobile 0x20083e7c0 realm::_impl::RealmCoordinator::promote_to_write (realm_coordinator.cpp:868) 48 infusionsoftmobile 0x200853c6c realm::Realm::begin_transaction (shared_realm.cpp:677) 49 infusionsoftmobile 0x20081714c realm::js::RealmClass<T>::write (js_realm.hpp:1088) 50 infusionsoftmobile 0x200812394 realm::js::wrap<T> (jsc_class.hpp:390) 51 JavaScriptCore 0x325788aa0 JSC::APICallbackFunction::call<T>
Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: BUS_NOOP at 0x0000000000000010 Crashed Thread: 2 Application Specific Information: Attempted to dereference garbage pointer 0x10. Thread 2 Crashed: 0 JavaScriptCore 0x321591ff4 JSC::JSFunction::getOwnPropertySlot 1 JavaScriptCore 0x320e1df60 [inlined] JSC::JSObject::get 2 JavaScriptCore 0x320e1df60 JSC::JSObject::get 3 JavaScriptCore 0x320e3dd54 JSObjectGetProperty 4 infusionsoftmobile 0x2023a51d0 realm::js::Object<T>::get_property (jsc_object.hpp:29) 5 infusionsoftmobile 0x2023a51c0 realm::js::Object<T>::validated_get_object (js_types.hpp:263) 6 infusionsoftmobile 0x2023d5118 realm::js::RealmObjectClass<T>::create_instance (js_realm_object.hpp:135) 7 infusionsoftmobile 0x2023d9c24 realm::js::NativeAccessor<T>::box (js_object_accessor.hpp:119) 8 infusionsoftmobile 0x2023d95bc realm::List::get<T> (list.hpp:184) 9 infusionsoftmobile 0x2023d95a8 realm::js::ListClass<T>::get_index (js_list.hpp:147) 10 infusionsoftmobile 0x2023d0c38 realm::js::wrap<T> (jsc_class.hpp:428) 11 JavaScriptCore 0x320e33dfc JSC::JSCallbackObject<T>::getOwnPropertySlot 12 JavaScriptCore 0x320e34448 JSC::JSCallbackObject<T>::getOwnPropertySlotByIndex 13 JavaScriptCore 0x3213e6e94 llint_slow_path_get_by_val 14 JavaScriptCore 0x320e03038 llint_entry 15 JavaScriptCore 0x320e0ecb4 [inlined] <redacted> ... 26 JavaScriptCore 0x320e0ecb4 <redacted> 27 JavaScriptCore 0x320dfa7f8 vmEntryToJavaScript 28 JavaScriptCore 0x32132c76c JSC::Interpreter::executeCall 29 JavaScriptCore 0x32150e524 JSC::profiledCall 30 JavaScriptCore 0x320e3fb20 JSObjectCallAsFunction 31 infusionsoftmobile 0x2023e7e04 realm::js::Function<T>::call (jsc_function.hpp:29) 32 infusionsoftmobile 0x2023e7df0 [inlined] realm::js::Function<T>::callback (jsc_function.hpp:38) 33 infusionsoftmobile 0x2023e7df0 realm::js::ResultsClass<T>::add_listener<T>::lambda::operator() (js_results.hpp:430) 34 infusionsoftmobile 0x2023e7dd8 realm::CollectionChangeCallback::Impl<T>::after (collection_notifications.hpp:158) 35 infusionsoftmobile 0x20239d14c realm::CollectionChangeCallback::after (collection_notifications.hpp:122) 36 infusionsoftmobile 0x20239d13c realm::_impl::CollectionNotifier::after_advance::lambda::operator()<T> (collection_notifier.cpp:332) 37 infusionsoftmobile 0x20239d050 realm::_impl::CollectionNotifier::for_each_callback<T> (collection_notifier.cpp:378) 38 infusionsoftmobile 0x20239d008 realm::_impl::CollectionNotifier::after_advance (collection_notifier.cpp:334) 39 infusionsoftmobile 0x20239dce8 realm::_impl::NotifierPackage::after_advance (collection_notifier.cpp:490) 40 infusionsoftmobile 0x202445f44 (anonymous namespace)::advance_with_notifications<T> (transact_log_handler.cpp:803) 41 infusionsoftmobile 0x202445df4 realm::_impl::transaction::begin (transact_log_handler.cpp:838) 42 infusionsoftmobile 0x2024167c0 realm::_impl::RealmCoordinator::promote_to_write (realm_coordinator.cpp:868) 43 infusionsoftmobile 0x20242bc6c realm::Realm::begin_transaction (shared_realm.cpp:677) 44 infusionsoftmobile 0x2023ef14c realm::js::RealmClass<T>::write (js_realm.hpp:1088) 45 infusionsoftmobile 0x2023ea394 realm::js::wrap<T> (jsc_class.hpp:390) 46 JavaScriptCore 0x320e32aa0 JSC::APICallbackFunction::call<T>
Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: BUS_NOOP at 0x0000000000000010 Crashed Thread: 2 Application Specific Information: Attempted to dereference garbage pointer 0x10. Thread 2 Crashed: 0 JavaScriptCore 0x33a67fff4 JSC::JSFunction::getOwnPropertySlot 1 JavaScriptCore 0x339f0bf60 [inlined] JSC::JSObject::get 2 JavaScriptCore 0x339f0bf60 JSC::JSObject::get 3 JavaScriptCore 0x339f2bd54 JSObjectGetProperty 4 infusionsoftmobile 0x200b411d0 realm::js::Object<T>::get_property (jsc_object.hpp:29) 5 infusionsoftmobile 0x200b411c0 realm::js::Object<T>::validated_get_object (js_types.hpp:263) 6 infusionsoftmobile 0x200b71118 realm::js::RealmObjectClass<T>::create_instance (js_realm_object.hpp:135) 7 infusionsoftmobile 0x200b75c24 realm::js::NativeAccessor<T>::box (js_object_accessor.hpp:119) 8 infusionsoftmobile 0x200b755bc realm::List::get<T> (list.hpp:184) 9 infusionsoftmobile 0x200b755a8 realm::js::ListClass<T>::get_index (js_list.hpp:147) 10 infusionsoftmobile 0x200b6cc38 realm::js::wrap<T> (jsc_class.hpp:428) 11 JavaScriptCore 0x339f21dfc JSC::JSCallbackObject<T>::getOwnPropertySlot 12 JavaScriptCore 0x339f22448 JSC::JSCallbackObject<T>::getOwnPropertySlotByIndex 13 JavaScriptCore 0x33a4d3f58 llint_slow_path_get_by_val 14 JavaScriptCore 0x339ef1038 llint_entry 15 JavaScriptCore 0x339efccb4 [inlined] <redacted> ... 21 JavaScriptCore 0x339efccb4 <redacted> 22 JavaScriptCore 0x339ee87f8 vmEntryToJavaScript 23 JavaScriptCore 0x33a41a76c JSC::Interpreter::executeCall 24 JavaScriptCore 0x33a67915c JSC::boundThisNoArgsFunctionCall 25 JavaScriptCore 0x339efe73c <redacted> ... 35 JavaScriptCore 0x339efccb4 <redacted> 36 JavaScriptCore 0x339ee87f8 vmEntryToJavaScript 37 JavaScriptCore 0x33a41a76c JSC::Interpreter::executeCall 38 JavaScriptCore 0x33a5fc524 JSC::profiledCall 39 JavaScriptCore 0x339f2db20 JSObjectCallAsFunction 40 infusionsoftmobile 0x200b83e04 realm::js::Function<T>::call (jsc_function.hpp:29) 41 infusionsoftmobile 0x200b83df0 [inlined] realm::js::Function<T>::callback (jsc_function.hpp:38) 42 infusionsoftmobile 0x200b83df0 realm::js::ResultsClass<T>::add_listener<T>::lambda::operator() (js_results.hpp:430) 43 infusionsoftmobile 0x200b83dd8 realm::CollectionChangeCallback::Impl<T>::after (collection_notifications.hpp:158) 44 infusionsoftmobile 0x200b3914c realm::CollectionChangeCallback::after (collection_notifications.hpp:122) 45 infusionsoftmobile 0x200b3913c realm::_impl::CollectionNotifier::after_advance::lambda::operator()<T> (collection_notifier.cpp:332) 46 infusionsoftmobile 0x200b39050 realm::_impl::CollectionNotifier::for_each_callback<T> (collection_notifier.cpp:378) 47 infusionsoftmobile 0x200b39008 realm::_impl::CollectionNotifier::after_advance (collection_notifier.cpp:334) 48 infusionsoftmobile 0x200bb2af8 realm::_impl::RealmCoordinator::process_available_async (realm_coordinator.cpp:920) 49 infusionsoftmobile 0x200bc80c8 realm::Realm::notify (shared_realm.cpp:808) 50 infusionsoftmobile 0x200bed1a4 realm::_impl::WeakRealmNotifier::Callback::operator() (weak_realm_notifier.cpp:42) 51 CoreFoundation 0x32cdfa014 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
- is related to
-
RJS-1700 Meta-ticket: Memory Corruption
-
- Closed
-