[iOS only] Realm crash: EXC_BAD_ACCESS KERN_INVALID_ADDRESS

[mklb]

How frequently does the bug occur?

Sometimes

Description

I have 26 crashes in production precisely like this from 23 different uses. The crashes happened in various stages of the user journey, so I can not pinpoint it to any specific time when my code is interacting with Realm..

One user reported that the app crashes after using it for a long time (the whole day). The app would not open again after the crash. Just deleting and installing would fix the problem. -> This somehow sounds like the database would be corrupt, which would be the only reason to prevent the app from launching again.

Stacktrace & log output

0  MYAPP                       0x100b74bd4 realm::js::MixedLink<realm::jsc::Types>::add_strategy(std::__1::shared_ptr<realm::Realm>) + 1544580
1  MYAPP                       0x100b93f94 realm::js::NativeAccessor<realm::jsc::Types>::NativeAccessor(OpaqueJSContext const*, std::__1::shared_ptr<realm::Realm>, realm::ObjectSchema const&) + 1672516
2  MYAPP                       0x100b9e818 realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&) + 1715656
3  MYAPP                       0x100b9de08 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**) + 1713080

Can you reproduce the bug?

Not yet

Reproduction Steps

None.

Version

10.6.0

What SDK flavour are you using?

Local Database only

Are you using encryption?

No, not using encryption

Platform OS and version(s)

iOS: 14.6.0 & 14.7.1 (nearly 50/50 distribution)

Build environment

"react": "^17.0.1",
"react-native": "^0.64.2",
"realm": "^10.6.0",

[kneth]

@mklb Thank you for the bug report. We have seen some reports on EXC_BAD_ACCESS KERN_INVALID_ADDRESS but it is the first report involving our mixed data type.

We have two bug fixes in v10.6.2-beta.1 related to mixed and links (one is related to sync). Can you explain how you are using mixed so we can see if the fix will apply to your app or it is a new bug?

[mklb]

@kneth Thank you for the quick response!

Are you referring to the 'mixed' data type which is in beta? I am not using it and was not aware that it existed until now.

[kneth]

Are you referring to the 'mixed' data type which is in beta?

Yes, I am referring to the new mixed data type.

I am not using it and was not aware that it existed until now.

This is interesting information. The stack trace mentioned mixed (realm::js::MixedLink<realm::jsc::Types>) so first thought was that you are using mixed.

Do you call any aggregation function (min(), max(), etc.) on a Realm Results or Realm List? Internally these functions are using mixed as return type, and I wonder if you have uncovered an edge case which can lead to a crash (and our unit tests don't cover the case).

[mklb]

I am not using min() or max()

The most exotic thing I use for queries is sort

Does sort may use mixed data?

.filtered('start >= $0 AND end <= $1 SORT(id DESC)', someDate, someOtherDate)

I found this old code: Maybe this could be problematic? (I should use $1 for someId)

.filtered(`start >= $0 AND model.type == "${someId}"`, someDate)

Apart from these two calls, I just use filtered(something = $0, variable) where variable may be a number, string, bool or null

The weird thing: I never had a EXC_BAD_ACCESS KERN_INVALID_ADDRESS error in development. Just run both filter calls from above more than 100 times and had no issues.

[kneth]

The .filtered() calld and SORT shouldn't use mixed.

In the past, we have had report on crashes of apps in production and never in development. Something it has been related to the app being suspended. One user solved the issue by writing some code to handled the situation where the app is suspended: #3162 (comment)

I don't if this is applicable to your case.

[mklb]

Thanks for the quick response! Is there anything else I could do to help out / find that bug?

I just released my app with realm 10.6.1 instead of 10.6.0. Maybe that helps 🤷‍♂️

[mklb]

11 new crashes with "realm": "^10.6.1"

I may have found some similarities in the user journey this time.
In some cases the crash happens after a user reduces or increases an int value (unlocks something for virtual coins).

unlockSomething(otherRealmObject) {
  this.realm.write(() => {
    this.userState.coins -= otherRealmObject.coins
    this.userState.lastChanged = new Date()
  })
}

userState.coins and otherRealmObject.coins is both defined as coins: {type: 'int', default: 0}

However, this code may looks more dangerous due to the use of Remote Config from react-native-firebase

earnSomeCoins(someObjects) {
  var coins = 0
  for (let i = 0; i < someObjects.length; i++) {
    // do bunch of other stuff and..
    coins += remoteConfig().getValue('coin_reward_for_event_X').asNumber()
  }

  this.realm.write(() => {
    this.userState.coins += coins
  })
}

[mklb]

Received a different error log for the same crash now.

0  MyApp    0x104dd0790 facebook::react::JSIExecutor::defaultTimeoutInvoker(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>) + 1551636
1  MyApp    0x104def598 realm::js::NativeAccessor<realm::jsc::Types>::NativeAccessor(OpaqueJSContext const*, std::__1::shared_ptr<realm::Realm>, realm::ObjectSchema const&) + 1678108
2  MyApp    0x104df9de4 realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&) + 1721192
3  MyApp    0x104df93d4 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**) + 1718616

[max-prokopenko]

Hey! I'm having the exact same crash log. For me this crash happens when app is woken in background by BGAppRefreshTask

Crashed: com.facebook.react.JavaScript
0  MyAppName                         0x4f4538 realm::js::MixedLink<realm::jsc::Types>::add_strategy(std::__1::shared_ptr<realm::Realm>) + 2789812
1  MyAppName                         0x513828 realm::js::NativeAccessor<realm::jsc::Types>::NativeAccessor(OpaqueJSContext const*, std::__1::shared_ptr<realm::Realm>, realm::ObjectSchema const&) + 2917540
2  MyAppName                         0x51e0b8 realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&) + 2960692
3  MyAppName                         0x51d6e0 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**) + 2958172

[nelsliu9121]

I was experiencing the same issue on my iOS simulator (iOS 15.0, iPhone 12) using RealmJS v10.8.0
However, I switched to RealmJS v10.20.0-alpha.1 and the app can start without crashing.

[mklb]

Just got my first 8 crash reports in production with iOS 14.7.1, 14.4.0, 15.0.0, 15.0.1: realm 10.8.0, react native 0.65.1.

Crashed: com.facebook.react.JavaScript
0  MYAPP            0x295468 realm::js::MixedLink<realm::jsc::Types>::add_strategy(std::__1::shared_ptr<realm::Realm>) + 1540828
1  MYAPP            0x2b479c realm::js::NativeAccessor<realm::jsc::Types>::NativeAccessor(OpaqueJSContext const*, std::__1::shared_ptr<realm::Realm>, realm::ObjectSchema const&) + 1668624
2  MYAPP            0x2bf13c realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&) + 1712048
3  MYAPP            0x2be6d0 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**) + 1709380
4  JavaScriptCore   0x24c1d8 JSC::JSCallbackObject<JSC::JSNonFinalObject>::call(JSC::JSGlobalObject*, JSC::CallFrame*) + 420
5  JavaScriptCore   0x1d4f44 vmEntryToNative + 276
6  JavaScriptCore   0x7c265c JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 528
7  JavaScriptCore   0xa16c38 JSC::callGetter(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue) + 204
8  JavaScriptCore   0x88439c JSC::LLInt::performLLIntGetByID(JSC::Instruction const*, JSC::CodeBlock*, JSC::JSGlobalObject*, JSC::JSValue, JSC::Identifier const&, JSC::GetByIdModeMetadata&) + 2012
9  JavaScriptCore   0x883ad4 llint_slow_path_get_by_id + 292

[mklb]

All reported crashes were with MixedLink<realm::jsc::Types>::add_strategy so far. Now I got 2 new reports with remove_strategy() as well. Still realm 10.8.0, react native 0.65.1

Crashed: com.facebook.react.JavaScript
0  MYAPP            0x2ad6c0 realm::js::MixedLink<realm::jsc::Types>::remove_strategy() + 1639732
1  MYAPP            0x2ad5ec realm::js::NativeAccessor<realm::jsc::Types>::~NativeAccessor() + 1639520
2  MYAPP            0x2bf190 realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&) + 1712132
3  MYAPP            0x2be6d0 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**) + 1709380
4  JavaScriptCore   0x2e54dc JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*) + 428
5  JavaScriptCore   0x22786c vmEntryToNative + 284
6  JavaScriptCore   0x8b8170 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 536
7  JavaScriptCore   0xb5fd0c JSC::callGetter(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue) + 212
8  JavaScriptCore   0x9b2e4c JSC::LLInt::performLLIntGetByID(JSC::Instruction const*, JSC::CodeBlock*, JSC::JSGlobalObject*, JSC::JSValue, JSC::Identifier const&, JSC::GetByIdModeMetadata&) + 2148
9  JavaScriptCore   0x9b2500 llint_slow_path_get_by_id + 296

[Pingou]

Same issue here with realm 10.8.0.
Wasn't having this issue before I updated to 10.8.0, was previously using 10.3.0.

[fronck]

Thanks all for reporting this issue!

We've released Realm-JS v10.9.1, which addresses a memory leak in the add_strategy/remove_strategy code. Please try out the new version and feel free to re-open this issue if you are still seeing the problems above.

[Pingou]

@fronck Thank you!

[Pingou]

@fronck I have just released my app with realm 10.9.1 to 1% of iOS users.
Have already one user crashing, but in a different place this time, so not sure it is related to this issue and this fix.

EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000000000118
Crashed: com.facebook.react.JavaScript 0 row_counter 0x4a5e18 std::__1::__hash_const_iterator<std::__1::__hash_node<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, void*>*> std::__1::__hash_table<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::__unordered_map_hasher<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::hash<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, true>, std::__1::__unordered_map_equal<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, true>, std::__1::allocator<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*> > >::find<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) const + 2035140 1 row_counter 0x4a5928 realm::jsc::get_cached_property_name(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 2033876 2 row_counter 0x4b8fe8 realm::jsc::ObjectWrap<realm::js::RealmObjectClass<realm::jsc::Types> >::set_internal_property(OpaqueJSContext const*, OpaqueJSValue*&, realm::js::RealmObject<realm::jsc::Types>*) + 2113428 3 row_counter 0x4b7c2c realm::jsc::ObjectWrap<realm::js::RealmObjectClass<realm::jsc::Types> >::create_instance_by_schema(OpaqueJSContext const*, OpaqueJSValue*&, realm::ObjectSchema const&, realm::js::RealmObject<realm::jsc::Types>*) + 2108376 4 row_counter 0x4b7550 realm::js::RealmObjectClass<realm::jsc::Types>::create_instance(OpaqueJSContext const*, realm::js::RealmObject<realm::jsc::Types>) + 2106620 5 row_counter 0x4c79c8 realm::js::NativeAccessor<realm::jsc::Types>::box(realm::Obj) + 2173300 6 row_counter 0x4d2684 realm::js::NativeAccessor<realm::jsc::Types> realm::Results::dispatch<auto realm::Results::get<realm::js::NativeAccessor<realm::jsc::Types> >(realm::js::NativeAccessor<realm::jsc::Types>&, unsigned long)::'lambda'(realm::js::NativeAccessor<realm::jsc::Types>&)>(realm::js::NativeAccessor<realm::jsc::Types>&) const + 2217520 7 row_counter 0x4d2460 realm::js::ResultsClass<realm::jsc::Types>::get_index(OpaqueJSContext const*, OpaqueJSValue*, unsigned int, realm::js::ReturnValue<realm::jsc::Types>&) + 2216972 8 row_counter 0x4cbf80 OpaqueJSValue const* realm::js::wrap<&(realm::js::ResultsClass<realm::jsc::Types>::get_index(OpaqueJSContext const*, OpaqueJSValue*, unsigned int, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, unsigned int, OpaqueJSValue const**) + 2191148 9 JavaScriptCore 0x34cb88 JSC::JSCallbackObject<JSC::JSNonFinalObject>::getOwnPropertySlot(JSC::JSObject*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) + 348 10 JavaScriptCore 0x34d460 JSC::JSCallbackObject<JSC::JSNonFinalObject>::getOwnPropertySlotByIndex(JSC::JSObject*, JSC::JSGlobalObject*, unsigned int, JSC::PropertySlot&) + 124 11 JavaScriptCore 0xb0cebc llint_slow_path_get_by_val + 4460 12 JavaScriptCore 0x295538 llint_function_for_construct_arity_checkTagGateAfter + 37992 13 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 14 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 15 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 16 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 17 JavaScriptCore 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948 18 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 19 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 20 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 21 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 22 JavaScriptCore 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748 23 JavaScriptCore 0x285b88 vmEntryToJavaScriptTrampoline + 8 24 JavaScriptCore 0x9b8cf0 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488 25 JavaScriptCore 0xd1289c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 668 26 JavaScriptCore 0x2b1604 llint_function_for_construct_arity_checkTagGateAfter + 152884

[Pingou]

@fronck I have other users with the same crash. Considering the very limited amount of people I released the app to, the fix seems to make the app crash even more than the original bug. Can I rollback to 10.0.3 which was working fine for me, or has the data structure changed? I'd like to avoid #4016, #3913 and #4007.

[mklb]

@fronck I just got the same crash like @Pingou , however I am still running 10.8.0. So it is nothing new from 10.9.1

0  MYAPP          0x28a654 std::__1::__hash_const_iterator<std::__1::__hash_node<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, void*>*> std::__1::__hash_table<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::__unordered_map_hasher<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::hash<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, true>, std::__1::__unordered_map_equal<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, true>, std::__1::allocator<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*> > >::find<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) const + 1217128
1  MYAPP          0x28a170 realm::jsc::get_cached_property_name(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 1215876
2  MYAPP          0x2aa524 realm::jsc::ObjectWrap<realm::js::RealmObjectClass<realm::jsc::Types> >::get_internal(OpaqueJSContext const*, OpaqueJSValue* const&) + 1347896
3  MYAPP          0x303334 realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&) + 1711944
4  MYAPP          0x302930 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**) + 1709380
5  JavaScriptCore 0x35403c JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*) + 468
6  JavaScriptCore 0x285d4c vmEntryToNative + 284

[mklb]

There is also another new crash that no one mentioned, yet (10.8.0). Somehow realm feels really unstable right now. I have more than 30 devices affected at the moment (counting all EXC_BAD_ACCESS errors).

EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000100000205

Crashed: com.facebook.react.JavaScript
0  MYAPP             0x286f50 void std::__1::__tree_balance_after_insert<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*, std::__1::__tree_node_base<void*>*) + 1203044
1  MYAPP             0x2d978c realm::js::MixedLink<realm::jsc::Types>::add_strategy(std::__1::shared_ptr<realm::Realm>) + 1541024
2  MYAPP             0x2f89fc realm::js::NativeAccessor<realm::jsc::Types>::NativeAccessor(OpaqueJSContext const*, std::__1::shared_ptr<realm::Realm>, realm::ObjectSchema const&) + 1668624
3  MYAPP             0x30339c realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&) + 1712048
4  MYAPP             0x302930 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**) + 1709380
5  JavaScriptCore    0x2e54dc JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*) + 428
6  JavaScriptCore    0x22786c vmEntryToNative + 284

[sync-by-unito]

➤ Patrick commented:

There is also another new crash that no one mentioned, yet (10.8.0). Somehow realm feels really unstable right now. I have more than 30 devices affected at the moment.

EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000100000205

Crashed: com.facebook.react.JavaScript
0  MYAPP             0x286f50 void std::__1::__tree_balance_after_insert<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*, std::__1::__tree_node_base<void*>*) + 1203044
1  MYAPP             0x2d978c realm::js::MixedLink<realm::jsc::Types>::add_strategy(std::__1::shared_ptr<realm::Realm>) + 1541024
2  MYAPP             0x2f89fc realm::js::NativeAccessor<realm::jsc::Types>::NativeAccessor(OpaqueJSContext const*, std::__1::shared_ptr<realm::Realm>, realm::ObjectSchema const&) + 1668624
3  MYAPP             0x30339c realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&) + 1712048
4  MYAPP             0x302930 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**) + 1709380
5  JavaScriptCore    0x2e54dc JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*) + 428
6  JavaScriptCore    0x22786c vmEntryToNative + 284

[kneth]

@mklb Please try to upgrade to v10.9.1.

[mklb]

@kneth updated to v10.9.1 - Released the update to 100% of my users. So far I do not see the same crashes as above but I already got a new one from a iOS 15.0.2 user.

EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000000000010

Crashed: com.facebook.react.JavaScript
0  JavaScriptCore           0xd3fea0 bool JSC::symbolTableGet<JSC::JSGlobalObject>(JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) + 76
1  JavaScriptCore           0x282f18 JSC::JSObject::get(JSC::JSGlobalObject*, JSC::PropertyName) const + 2696
2  JavaScriptCore           0x282f18 JSC::JSObject::get(JSC::JSGlobalObject*, JSC::PropertyName) const + 2696
3  JavaScriptCore           0x35fa78 JSObjectGetProperty + 152
4  MYAPP                    0x28c7f4 realm::js::is_object_of_type(OpaqueJSContext const*, OpaqueJSValue const*, realm::js::String<realm::jsc::Types>) + 1223092
5  MYAPP                    0x28c1dc realm::js::Value<realm::jsc::Types>::is_date(OpaqueJSContext const*, OpaqueJSValue const* const&) + 1221532
6  MYAPP                    0x2b1b90 realm::js::NativeAccessor<realm::jsc::Types>::get_type_of(OpaqueJSValue const* const&) + 1375568
7  MYAPP                    0x2b1914 realm::query_parser::ArgumentConverter<OpaqueJSValue const*, realm::js::NativeAccessor<realm::jsc::Types> >::type_for_argument(unsigned long) + 1374932
8  MYAPP                    0x42346c realm::query_parser::ConstantNode::visit(realm::query_parser::ParserDriver*, realm::DataType) + 2889260
9  MYAPP                    0x41e198 realm::query_parser::ParserDriver::cmp(std::__1::vector<realm::query_parser::ValueNode*, std::__1::allocator<realm::query_parser::ValueNode*> > const&) + 2868056
10 MYAPP                    0x41cdb8 realm::query_parser::EqualityNode::visit(realm::query_parser::ParserDriver*) + 2862968
11 MYAPP                    0x42ba44 realm::Table::query(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, realm::query_parser::Arguments&, realm::query_parser::KeyPathMapping const&) const + 2923524
12 MYAPP                    0x2bf888 OpaqueJSValue* realm::js::ResultsClass<realm::jsc::Types>::create_filtered<realm::js::List<realm::jsc::Types> >(OpaqueJSContext const*, realm::js::List<realm::jsc::Types> const&, realm::js::Arguments<realm::jsc::Types>&) + 1432136
13 MYAPP                    0x2bca30 OpaqueJSValue const* realm::js::wrap<&(realm::js::ListClass<realm::jsc::Types>::filtered(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 1420272
14 JavaScriptCore           0x353d90 long long JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 420
15 JavaScriptCore           0x2b16fc llint_function_for_construct_arity_checkTagGateAfter + 153132
16 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
17 JavaScriptCore           0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
18 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
19 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
20 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
21 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
22 JavaScriptCore           0x285b88 vmEntryToJavaScriptTrampoline + 8
23 JavaScriptCore           0x9b8cf0 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
24 JavaScriptCore           0xc62b74 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 184
25 JavaScriptCore           0x361e10 JSObjectCallAsFunction + 548
26 MYAPP                    0x2fb69c realm::js::RealmClass<realm::jsc::Types>::write(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&) + 1677404
27 MYAPP                    0x2ddc1c OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmClass<realm::jsc::Types>::write(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 1555932
28 JavaScriptCore           0x353d90 long long JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 420
29 JavaScriptCore           0x2b16fc llint_function_for_construct_arity_checkTagGateAfter + 153132
30 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
31 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
32 JavaScriptCore           0x2affc0 llint_function_for_construct_arity_checkTagGateAfter + 147184
33 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
34 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
35 JavaScriptCore           0x2affc0 llint_function_for_construct_arity_checkTagGateAfter + 147184
36 JavaScriptCore           0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
37 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
38 JavaScriptCore           0x2affc0 llint_function_for_construct_arity_checkTagGateAfter + 147184
39 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
40 JavaScriptCore           0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
41 JavaScriptCore           0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
42 JavaScriptCore           0x285b88 vmEntryToJavaScriptTrampoline + 8
43 JavaScriptCore           0x9b8cf0 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
44 JavaScriptCore           0xd1289c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 668
45 JavaScriptCore           0x285d4c vmEntryToNative + 284
46 JavaScriptCore           0x9b8d18 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 528
47 JavaScriptCore           0xc62b74 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 184
48 JavaScriptCore           0x361e10 JSObjectCallAsFunction + 548
49 MYAPP                    0x238d2c facebook::jsc::JSCRuntime::call(facebook::jsi::Function const&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) + 1260 (JSCRuntime.cpp:1260)
50 MYAPP                    0x243fc4 facebook::jsi::Value facebook::jsi::Function::call<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value>(facebook::jsi::Runtime&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value&&) const + 228 (jsi-inl.h:228)
51 MYAPP                    0x243e28 std::__1::__function::__func<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4, std::__1::allocator<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4>, void ()>::operator()() + 256 (JSIExecutor.cpp:256)
52 MYAPP                    0x1620d8 void std::__1::__invoke_void_return_wrapper<void, true>::__call<void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()> >(void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>&&) + 1843 (functional:1843)
53 MYAPP                    0x24113c facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&) + 1843 (functional:1843)
54 MYAPP                    0x2353b0 std::__1::__function::__func<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8, std::__1::allocator<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8>, void ()>::operator()() + 1732 (functional:1732)
55 MYAPP                    0x181224 facebook::react::tryAndReturnError(std::__1::function<void ()> const&) + 1885 (functional:1885)
56 MYAPP                    0x18d404 facebook::react::RCTMessageThread::tryFunc(std::__1::function<void ()> const&) + 69 (RCTMessageThread.mm:69)
57 MYAPP                    0x18d1b8 invocation function for block in facebook::react::RCTMessageThread::runAsync(std::__1::function<void ()>) + 46 (RCTMessageThread.mm:46)
58 CoreFoundation           0x72934 __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 28
59 CoreFoundation           0x73830 __CFRunLoopDoBlocks + 412
60 CoreFoundation           0xb7f0 __CFRunLoopRun + 800
61 CoreFoundation           0x1f3c8 CFRunLoopRunSpecific + 600
62 MYAPP                    0x1763b0 +[RCTCxxBridge runRunLoop] + 367 (RCTCxxBridge.mm:367)
63 Foundation               0x6895c __NSThread__start__ + 792
64 libsystem_pthread.dylib  0x1a60 _pthread_start + 148
65 libsystem_pthread.dylib  0xf5c thread_start + 8

[fronck]

@mklb Thanks for the feedback. I'll reopen the issue and we'll investigate the new stack traces.

[mklb]

I just saw that the crash above is the same as my crash report from the 9th of Jul. #3602 (comment) . I can add that I have this crash happened a second time with the same Realm version v10.9.1 on iOS 14.8.0.

[N3TC4T]

Getting same crash reports same as @mklb posted. crash analytics indicates this happens 100% when device states
is background.

Realm v10.9.1
React Native 0.66.1

Crash report

Crashed: com.facebook.react.JavaScript
0  JavaScriptCore                 0xb09e04 bool JSC::symbolTableGet<JSC::JSGlobalObject>(JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) + 76
1  JavaScriptCore                 0x27dfd4 JSC::JSObject::get(JSC::JSGlobalObject*, JSC::PropertyName) const + 2100
2  JavaScriptCore                 0x27dfd4 JSC::JSObject::get(JSC::JSGlobalObject*, JSC::PropertyName) const + 2100
3  JavaScriptCore                 0x27d6f4 JSObjectGetProperty + 152
4  MYAPP                           0x4393b0 realm::js::is_object_of_type(OpaqueJSContext const*, OpaqueJSValue const*, realm::js::String<realm::jsc::Types>) + 3450052
5  MYAPP                           0x4387d4 realm::js::Value<realm::jsc::Types>::is_array(OpaqueJSContext const*, OpaqueJSValue const* const&) + 3447016
6  MYAPP                           0x4a74b8 realm::js::RealmClass<realm::jsc::Types>::create(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&) + 3900876
7  MYAPP                           0x48a61c OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmClass<realm::jsc::Types>::create(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 3782448
8  JavaScriptCore                 0x26bc34 long long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 420
9  JavaScriptCore                 0x217ee4 llint_entry + 159908
10 JavaScriptCore                 0x2151a4 llint_entry + 148324
11 JavaScriptCore                 0x215258 llint_entry + 148504
12 JavaScriptCore                 0x1f0b94 vmEntryToJavaScript + 276
13 JavaScriptCore                 0x8322ac JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
14 JavaScriptCore                 0xa3f0d0 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 164
15 JavaScriptCore                 0x28071c JSObjectCallAsFunction + 568
16 MYAPP                           0x4a8258 realm::js::RealmClass<realm::jsc::Types>::write(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&) + 3904364
17 MYAPP                           0x48a7d8 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmClass<realm::jsc::Types>::write(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 3782892
18 JavaScriptCore                 0x26bc34 long long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 420
19 JavaScriptCore                 0x217ee4 llint_entry + 159908
20 JavaScriptCore                 0x2151a4 llint_entry + 148324
21 JavaScriptCore                 0x2151a4 llint_entry + 148324
22 JavaScriptCore                 0x215258 llint_entry + 148504
23 JavaScriptCore                 0x2151a4 llint_entry + 148324
24 JavaScriptCore                 0x2151a4 llint_entry + 148324
25 JavaScriptCore                 0x216324 llint_entry + 152804
26 JavaScriptCore                 0x2151a4 llint_entry + 148324
27 JavaScriptCore                 0x2151a4 llint_entry + 148324
28 JavaScriptCore                 0x215258 llint_entry + 148504
29 JavaScriptCore                 0x2151a4 llint_entry + 148324
30 JavaScriptCore                 0x215258 llint_entry + 148504
31 JavaScriptCore                 0x2151a4 llint_entry + 148324
32 JavaScriptCore                 0x215258 llint_entry + 148504
33 JavaScriptCore                 0x215258 llint_entry + 148504
34 JavaScriptCore                 0x2151a4 llint_entry + 148324
35 JavaScriptCore                 0x2151a4 llint_entry + 148324
36 JavaScriptCore                 0x216324 llint_entry + 152804
37 JavaScriptCore                 0x215258 llint_entry + 148504
38 JavaScriptCore                 0x2151a4 llint_entry + 148324
39 JavaScriptCore                 0x2151a4 llint_entry + 148324
40 JavaScriptCore                 0x2151a4 llint_entry + 148324
41 JavaScriptCore                 0x215258 llint_entry + 148504
42 JavaScriptCore                 0x2151a4 llint_entry + 148324
43 JavaScriptCore                 0x215258 llint_entry + 148504
44 JavaScriptCore                 0x2151a4 llint_entry + 148324
45 JavaScriptCore                 0x215258 llint_entry + 148504
46 JavaScriptCore                 0x2151a4 llint_entry + 148324
47 JavaScriptCore                 0x215258 llint_entry + 148504
48 JavaScriptCore                 0x215258 llint_entry + 148504
49 JavaScriptCore                 0x2151a4 llint_entry + 148324
50 JavaScriptCore                 0x2168ec llint_entry + 154284
51 JavaScriptCore                 0x215258 llint_entry + 148504
52 JavaScriptCore                 0x2151a4 llint_entry + 148324
53 JavaScriptCore                 0x2151a4 llint_entry + 148324
54 JavaScriptCore                 0x2151a4 llint_entry + 148324
55 JavaScriptCore                 0x2151a4 llint_entry + 148324
56 JavaScriptCore                 0x215258 llint_entry + 148504
57 JavaScriptCore                 0x2151a4 llint_entry + 148324
58 JavaScriptCore                 0x1f0b94 vmEntryToJavaScript + 276
59 JavaScriptCore                 0x8322ac JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
60 JavaScriptCore                 0xae3f1c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 676
61 JavaScriptCore                 0x217de4 llint_entry + 159652
62 JavaScriptCore                 0x1f0b94 vmEntryToJavaScript + 276
63 JavaScriptCore                 0x8322ac JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
64 JavaScriptCore                 0xae3f1c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 676
65 JavaScriptCore                 0x1f0d50 vmEntryToNative + 288
66 JavaScriptCore                 0x8322dc JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 536
67 JavaScriptCore                 0xa3f0d0 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 164
68 JavaScriptCore                 0x28071c JSObjectCallAsFunction + 568
69 MYAPP                           0x1c5d88 facebook::jsc::JSCRuntime::call(facebook::jsi::Function const&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) + 1260 (JSCRuntime.cpp:1260)
70 MYAPP                           0x1d1020 facebook::jsi::Value facebook::jsi::Function::call<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value>(facebook::jsi::Runtime&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value&&) const + 228 (jsi-inl.h:228)
71 MYAPP                           0x1d0e84 std::__1::__function::__func<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4, std::__1::allocator<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4>, void ()>::operator()() + 256 (JSIExecutor.cpp:256)
72 MYAPP                           0xef184 void std::__1::__invoke_void_return_wrapper<void, true>::__call<void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()> >(void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>&&) + 1843 (functional:1843)
73 MYAPP                           0x1ce198 facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&) + 1843 (functional:1843)
74 MYAPP                           0x1c240c std::__1::__function::__func<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8, std::__1::allocator<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8>, void ()>::operator()() + 1732 (functional:1732)
75 MYAPP                           0x10e34c facebook::react::tryAndReturnError(std::__1::function<void ()> const&) + 1885 (functional:1885)
76 MYAPP                           0x11a52c facebook::react::RCTMessageThread::tryFunc(std::__1::function<void ()> const&) + 69 (RCTMessageThread.mm:69)
77 MYAPP                           0x11a2e0 invocation function for block in facebook::react::RCTMessageThread::runAsync(std::__1::function<void ()>) + 46 (RCTMessageThread.mm:46)
78 CoreFoundation                 0xa149c __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 28
79 CoreFoundation                 0xa06e4 __CFRunLoopDoBlocks + 408
80 CoreFoundation                 0x9ae18 __CFRunLoopRun + 1732
81 CoreFoundation                 0x9a21c CFRunLoopRunSpecific + 600
82 MYAPP                           0x1034d8 +[RCTCxxBridge runRunLoop] + 367 (RCTCxxBridge.mm:367)
83 Foundation                     0x17aa34 __NSThread__start__ + 864
84 libsystem_pthread.dylib        0x1cb0 _pthread_start + 320
85 libsystem_pthread.dylib        0xa778 thread_start + 8

[N3TC4T]

@kneth @fronck

for summary there is two crash reports posted here and we see it in crash logs that effects most of our users on realm v10.9.1

The device state for all the crashes is 100% in background and the crash is not related to a specific iOS version.

Crash report 1

Crashed: com.facebook.react.JavaScript
0  JavaScriptCore                 0xd49f5c bool JSC::symbolTableGet<JSC::JSGlobalObject>(JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) + 76
1  JavaScriptCore                 0x36dde0 JSC::JSObject::get(JSC::JSGlobalObject*, JSC::PropertyName) const + 2688
2  JavaScriptCore                 0x36dde0 JSC::JSObject::get(JSC::JSGlobalObject*, JSC::PropertyName) const + 2688
3  JavaScriptCore                 0x36d2b4 JSObjectGetProperty + 152
4  MYAPP                           0x4393b0 realm::js::is_object_of_type(OpaqueJSContext const*, OpaqueJSValue const*, realm::js::String<realm::jsc::Types>) + 3450052
5  MYAPP                           0x4387d4 realm::js::Value<realm::jsc::Types>::is_array(OpaqueJSContext const*, OpaqueJSValue const* const&) + 3447016
6  MYAPP                           0x4a74b8 realm::js::RealmClass<realm::jsc::Types>::create(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&) + 3900876
7  MYAPP                           0x48a61c OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmClass<realm::jsc::Types>::create(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 3782448
8  JavaScriptCore                 0x3612e8 long long JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 420
9  JavaScriptCore                 0x2bed80 llint_function_for_construct_arity_checkTagGateAfter + 157308
10 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
11 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
12 JavaScriptCore                 0x2923f8 vmEntryToJavaScriptGateAfter + 6
13 JavaScriptCore                 0x9ccc2c JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
14 JavaScriptCore                 0xc6c134 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 184
15 JavaScriptCore                 0x37050c JSObjectCallAsFunction + 572
16 MYAPP                           0x4a8258 realm::js::RealmClass<realm::jsc::Types>::write(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&) + 3904364
17 MYAPP                           0x48a7d8 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmClass<realm::jsc::Types>::write(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 3782892
18 JavaScriptCore                 0x3612e8 long long JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 420
19 JavaScriptCore                 0x2bed80 llint_function_for_construct_arity_checkTagGateAfter + 157308
20 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
21 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
22 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
23 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
24 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
25 JavaScriptCore                 0x2bce9c llint_function_for_construct_arity_checkTagGateAfter + 149400
26 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
27 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
28 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
29 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
30 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
31 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
32 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
33 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
34 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
35 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
36 JavaScriptCore                 0x2bce9c llint_function_for_construct_arity_checkTagGateAfter + 149400
37 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
38 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
39 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
40 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
41 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
42 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
43 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
44 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
45 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
46 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
47 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
48 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
49 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
50 JavaScriptCore                 0x2bd55c llint_function_for_construct_arity_checkTagGateAfter + 151128
51 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
52 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
53 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
54 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
55 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
56 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
57 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
58 JavaScriptCore                 0x2923f8 vmEntryToJavaScriptGateAfter + 6
59 JavaScriptCore                 0x9ccc2c JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
60 JavaScriptCore                 0xd1cb7c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 684
61 JavaScriptCore                 0x2bec78 llint_function_for_construct_arity_checkTagGateAfter + 157044
62 JavaScriptCore                 0x2923f8 vmEntryToJavaScriptGateAfter + 6
63 JavaScriptCore                 0x9ccc2c JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
64 JavaScriptCore                 0xd1cb7c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 684
65 JavaScriptCore                 0x2925a8 vmEntryToNative + 284
66 JavaScriptCore                 0x9ccc54 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 528
67 JavaScriptCore                 0xc6c134 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 184
68 JavaScriptCore                 0x37050c JSObjectCallAsFunction + 572
69 MYAPP                           0x1c5d88 facebook::jsc::JSCRuntime::call(facebook::jsi::Function const&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) + 1260 (JSCRuntime.cpp:1260)
70 MYAPP                           0x1d1020 facebook::jsi::Value facebook::jsi::Function::call<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value>(facebook::jsi::Runtime&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value&&) const + 228 (jsi-inl.h:228)
71 MYAPP                           0x1d0e84 std::__1::__function::__func<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4, std::__1::allocator<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4>, void ()>::operator()() + 256 (JSIExecutor.cpp:256)
72 MYAPP                           0xef184 void std::__1::__invoke_void_return_wrapper<void, true>::__call<void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()> >(void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>&&) + 1843 (functional:1843)
73 MYAPP                           0x1ce198 facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&) + 1843 (functional:1843)
74 MYAPP                           0x1c240c std::__1::__function::__func<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8, std::__1::allocator<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8>, void ()>::operator()() + 1732 (functional:1732)
75 MYAPP                           0x10e34c facebook::react::tryAndReturnError(std::__1::function<void ()> const&) + 1885 (functional:1885)
76 MYAPP                           0x11a52c facebook::react::RCTMessageThread::tryFunc(std::__1::function<void ()> const&) + 69 (RCTMessageThread.mm:69)
77 MYAPP                           0x11a2e0 invocation function for block in facebook::react::RCTMessageThread::runAsync(std::__1::function<void ()>) + 46 (RCTMessageThread.mm:46)
78 CoreFoundation                 0x72924 __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 28
79 CoreFoundation                 0x73820 __CFRunLoopDoBlocks + 412
80 CoreFoundation                 0xb808 __CFRunLoopRun + 840
81 CoreFoundation                 0x1f3b8 CFRunLoopRunSpecific + 600
82 MYAPP                           0x1034d8 +[RCTCxxBridge runRunLoop] + 367 (RCTCxxBridge.mm:367)
83 Foundation                     0x6836c __NSThread__start__ + 808
84 libsystem_pthread.dylib        0x19a4 _pthread_start + 148
85 libsystem_pthread.dylib        0xea0 thread_start + 8

Crash report 2

Crashed: com.facebook.react.JavaScript
0  MYAPP                           0x437320 std::__1::__hash_const_iterator<std::__1::__hash_node<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, void*>*> std::__1::__hash_table<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::__unordered_map_hasher<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::hash<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, true>, std::__1::__unordered_map_equal<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*>, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, true>, std::__1::allocator<std::__1::__hash_value_type<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, realm::js::String<realm::jsc::Types>*> > >::find<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) const + 3441716
1  MYAPP                           0x436e3c realm::jsc::get_cached_property_name(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 3440464
2  MYAPP                           0x43fc34 realm::jsc::ObjectWrap<realm::js::RealmObjectClass<realm::jsc::Types> >::get_internal(OpaqueJSContext const*, OpaqueJSValue* const&) + 3476808
3  MYAPP                           0x4ab944 realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&) + 3918424
4  MYAPP                           0x4aaf40 OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_property(OpaqueJSContext const*, OpaqueJSValue*, realm::js::String<realm::jsc::Types> const&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**) + 3915860
5  JavaScriptCore                 0x361594 JSC::JSCallbackObject<JSC::JSNonFinalObject>::callImpl(JSC::JSGlobalObject*, JSC::CallFrame*) + 468
6  JavaScriptCore                 0x2925a8 vmEntryToNative + 284
7  JavaScriptCore                 0x9ccc54 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 528
8  JavaScriptCore                 0xcd7640 JSC::GetterSetter::callGetter(JSC::JSGlobalObject*, JSC::JSValue) + 200
9  JavaScriptCore                 0xb128d4 JSC::LLInt::performLLIntGetByID(JSC::Instruction const*, JSC::CodeBlock*, JSC::JSGlobalObject*, JSC::JSValue, JSC::Identifier const&, JSC::GetByIdModeMetadata&) + 1584
10 JavaScriptCore                 0xb121b0 llint_slow_path_get_by_id + 304
11 JavaScriptCore                 0x2a01e4 llint_function_for_construct_arity_checkTagGateAfter + 31456
12 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
13 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
14 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
15 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
16 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
17 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
18 JavaScriptCore                 0x2923f8 vmEntryToJavaScriptGateAfter + 6
19 JavaScriptCore                 0x9ccc2c JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
20 JavaScriptCore                 0xd1cb7c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 684
21 JavaScriptCore                 0x2bec78 llint_function_for_construct_arity_checkTagGateAfter + 157044
22 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
23 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
24 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
25 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
26 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
27 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
28 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
29 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
30 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
31 JavaScriptCore                 0x2bd55c llint_function_for_construct_arity_checkTagGateAfter + 151128
32 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
33 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
34 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
35 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
36 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
37 JavaScriptCore                 0x2bbb50 llint_function_for_construct_arity_checkTagGateAfter + 144460
38 JavaScriptCore                 0x2bba7c llint_function_for_construct_arity_checkTagGateAfter + 144248
39 JavaScriptCore                 0x2923f8 vmEntryToJavaScriptGateAfter + 6
40 JavaScriptCore                 0x9ccc2c JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
41 JavaScriptCore                 0xd1cb7c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 684
42 JavaScriptCore                 0x2bec78 llint_function_for_construct_arity_checkTagGateAfter + 157044
43 JavaScriptCore                 0x2923f8 vmEntryToJavaScriptGateAfter + 6
44 JavaScriptCore                 0x9ccc2c JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
45 JavaScriptCore                 0xd1cb7c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 684
46 JavaScriptCore                 0x2925a8 vmEntryToNative + 284
47 JavaScriptCore                 0x9ccc54 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 528
48 JavaScriptCore                 0xc6c134 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 184
49 JavaScriptCore                 0x37050c JSObjectCallAsFunction + 572
50 MYAPP                           0x1c5d88 facebook::jsc::JSCRuntime::call(facebook::jsi::Function const&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) + 1260 (JSCRuntime.cpp:1260)
51 MYAPP                           0x1d1020 facebook::jsi::Value facebook::jsi::Function::call<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value>(facebook::jsi::Runtime&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value&&) const + 228 (jsi-inl.h:228)
52 MYAPP                           0x1d0e84 std::__1::__function::__func<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4, std::__1::allocator<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4>, void ()>::operator()() + 256 (JSIExecutor.cpp:256)
53 MYAPP                           0xef184 void std::__1::__invoke_void_return_wrapper<void, true>::__call<void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()> >(void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>&&) + 1843 (functional:1843)
54 MYAPP                           0x1ce198 facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&) + 1843 (functional:1843)
55 MYAPP                           0x1c240c std::__1::__function::__func<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8, std::__1::allocator<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8>, void ()>::operator()() + 1732 (functional:1732)
56 MYAPP                           0x10e34c facebook::react::tryAndReturnError(std::__1::function<void ()> const&) + 1885 (functional:1885)
57 MYAPP                           0x11a52c facebook::react::RCTMessageThread::tryFunc(std::__1::function<void ()> const&) + 69 (RCTMessageThread.mm:69)
58 MYAPP                           0x11a2e0 invocation function for block in facebook::react::RCTMessageThread::runAsync(std::__1::function<void ()>) + 46 (RCTMessageThread.mm:46)
59 CoreFoundation                 0x72924 __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 28
60 CoreFoundation                 0x73820 __CFRunLoopDoBlocks + 412
61 CoreFoundation                 0xb808 __CFRunLoopRun + 840
62 CoreFoundation                 0x1f3b8 CFRunLoopRunSpecific + 600
63 MYAPP                           0x1034d8 +[RCTCxxBridge runRunLoop] + 367 (RCTCxxBridge.mm:367)
64 Foundation                     0x6836c __NSThread__start__ + 808
65 libsystem_pthread.dylib        0x19a4 _pthread_start + 148
66 libsystem_pthread.dylib        0xea0 thread_start + 8

Crash report 3 (Not posted here)

Crashed: com.facebook.react.JavaScript
0  JavaScriptCore                 0xe82424 JSC::Structure::add(JSC::VM&, JSC::PropertyName, unsigned int) + 352
1  JavaScriptCore                 0xe82384 JSC::Structure::add(JSC::VM&, JSC::PropertyName, unsigned int) + 192
2  JavaScriptCore                 0xe81ebc JSC::Structure::addNewPropertyTransition(JSC::VM&, JSC::Structure*, JSC::PropertyName, unsigned int, int&, JSC::PutPropertySlot::Context, JSC::DeferredStructureTransitionWatchpointFire*) + 656
3  JavaScriptCore                 0x7e5acc bool JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)0>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&) + 892
4  JavaScriptCore                 0xd76dfc JSC::JSObject::put(JSC::JSCell*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 604
5  JavaScriptCore                 0x35fc9c JSObjectSetProperty + 372
6  MYAPP                           0x4a073c realm::js::Schema<realm::jsc::Types>::object_for_object_schema(OpaqueJSContext const*, realm::ObjectSchema const&) + 3872848
7  MYAPP                           0x4ab25c OpaqueJSValue const* realm::js::wrap<&(realm::js::RealmObjectClass<realm::jsc::Types>::get_object_schema(OpaqueJSContext const*, OpaqueJSValue*, realm::js::Arguments<realm::jsc::Types>&, realm::js::ReturnValue<realm::jsc::Types>&))>(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 3916656
8  JavaScriptCore                 0x353d90 long long JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 420
9  JavaScriptCore                 0x2b16fc llint_function_for_construct_arity_checkTagGateAfter + 153132
10 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
11 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
12 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
13 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
14 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
15 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
16 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
17 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
18 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
19 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
20 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
21 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
22 JavaScriptCore                 0x2af978 llint_function_for_construct_arity_checkTagGateAfter + 145576
23 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
24 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
25 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
26 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
27 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
28 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
29 JavaScriptCore                 0x2afa40 llint_function_for_construct_arity_checkTagGateAfter + 145776
30 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
31 JavaScriptCore                 0x2affc0 llint_function_for_construct_arity_checkTagGateAfter + 147184
32 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
33 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
34 JavaScriptCore                 0x2affc0 llint_function_for_construct_arity_checkTagGateAfter + 147184
35 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
36 JavaScriptCore                 0x2ae764 llint_function_for_construct_arity_checkTagGateAfter + 140948
37 JavaScriptCore                 0x2ae69c llint_function_for_construct_arity_checkTagGateAfter + 140748
38 JavaScriptCore                 0x285b88 vmEntryToJavaScriptTrampoline + 8
39 JavaScriptCore                 0x9b8cf0 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
40 JavaScriptCore                 0xd1289c JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 668
41 JavaScriptCore                 0x285d4c vmEntryToNative + 284
42 JavaScriptCore                 0x9b8d18 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 528
43 JavaScriptCore                 0xc62b74 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 184
44 JavaScriptCore                 0x361e10 JSObjectCallAsFunction + 548
45 MYAPP                           0x1c5d88 facebook::jsc::JSCRuntime::call(facebook::jsi::Function const&, facebook::jsi::Value const&, facebook::jsi::Value const*, unsigned long) + 1260 (JSCRuntime.cpp:1260)
46 MYAPP                           0x1d1020 facebook::jsi::Value facebook::jsi::Function::call<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value>(facebook::jsi::Runtime&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, facebook::jsi::Value&&) const + 228 (jsi-inl.h:228)
47 MYAPP                           0x1d0e84 std::__1::__function::__func<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4, std::__1::allocator<facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&)::$_4>, void ()>::operator()() + 256 (JSIExecutor.cpp:256)
48 MYAPP                           0xef184 void std::__1::__invoke_void_return_wrapper<void, true>::__call<void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()> >(void (*&)(std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>), std::__1::function<void ()> const&, std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>&&) + 1843 (functional:1843)
49 MYAPP                           0x1ce198 facebook::react::JSIExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&) + 1843 (functional:1843)
50 MYAPP                           0x1c240c std::__1::__function::__func<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8, std::__1::allocator<facebook::react::NativeToJsBridge::runOnExecutorQueue(std::__1::function<void (facebook::react::JSExecutor*)>)::$_8>, void ()>::operator()() + 1732 (functional:1732)
51 MYAPP                           0x10e34c facebook::react::tryAndReturnError(std::__1::function<void ()> const&) + 1885 (functional:1885)
52 MYAPP                           0x11a52c facebook::react::RCTMessageThread::tryFunc(std::__1::function<void ()> const&) + 69 (RCTMessageThread.mm:69)
53 MYAPP                           0x11a2e0 invocation function for block in facebook::react::RCTMessageThread::runAsync(std::__1::function<void ()>) + 46 (RCTMessageThread.mm:46)
54 CoreFoundation                 0x72934 __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 28
55 CoreFoundation                 0x73830 __CFRunLoopDoBlocks + 412
56 CoreFoundation                 0xbb90 __CFRunLoopRun + 1728
57 CoreFoundation                 0x1f3c8 CFRunLoopRunSpecific + 600
58 MYAPP                           0x1034d8 +[RCTCxxBridge runRunLoop] + 367 (RCTCxxBridge.mm:367)
59 Foundation                     0x6895c __NSThread__start__ + 792
60 libsystem_pthread.dylib        0x1a60 _pthread_start + 148
61 libsystem_pthread.dylib        0xf5c thread_start + 8

[taikim8484]

Hi @kneth could I know how is the issue going? I also faced the same.
@N3TC4T do you have any workaround solution or any suspect on this one?

[N3TC4T]

@taikim8484 Unfortunately I couldn't find the cause of this crashes so I kinda gave up, it's effected more than 10k of our user base, but we haven't received any report regarding this crashes from our users, so I assume user's are not noticing this crashes as all of them happening in the background. looks like this crash started to appear after upgrading from 10.8.0 to 10.9.1.

[kneth]

As our JSI implementation (version 11) is under way, we ask you to upgrade to v11.0.0-rc.1.

I am closing the issue, and if it is still observed after upgrading, please create a new issue.