Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
EXC_BAD_ACCESS JSC getOwnPropertySlot
See original GitHub issuetl;dr I’m hoping the included stack traces below might shed some light on what could be causing some EXC_BAD_ACCESS crashes from the JSC and Realm.
–
Since our latest release we have started getting crashes that all look to have Realm and JSC in the picture:
EXC_BAD_ACCESS Attempted to dereference garbage pointer 0x10.
And usually either from JSC::JSFunction::getOwnPropertySlot or JSC::JSCallbackObject<T>::getOwnPropertySlot called by a Realm function (e.g. get_property_names, get_property).
Unfortunately, this was a very large release for us so it’s hard to know where I could look to try and provide a way to isolate the issue. Realm related in this release, we:
- Upgraded from realm-js 2.20.0 -> 2.26.1
- Started adopting Realm listeners in a few screens.
I would appreciate any insights the Realm team can provide. Happy to dig into any ideas or thoughts you all might have.
A few stack traces are included below for reference. All fairly similar but generally the crashes are coming up as unique in Sentry.
Version of Realm and Tooling
- Realm JS SDK Version: v2.26.1
- Node or React Native: RN v0.57.5
- Client OS & Version: All iOS: 12.2, 12.3
- Which debugger for React Native: None
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: BUS_NOOP at 0x0000000000000010
Crashed Thread: 2
Application Specific Information:
Attempted to dereference garbage pointer 0x10.
Thread 2 Crashed:
0 JavaScriptCore 0x382a1ead0 JSC::JSCallbackObject<T>::getOwnPropertySlot
1 <unknown> 0x30ec81fec16ba0 <redacted>
...
4 <unknown> 0x54350104fbefc8 <redacted>
5 infusionsoftmobile 0x204fd802c realm::jsc::ObjectWrap<T>::get_property_names (jsc_class.hpp:288)
6 JavaScriptCore 0x382a1f1cc JSC::JSCallbackObject<T>::getOwnNonIndexPropertyNames
7 <unknown> 0x24cd81ff3f4494 <redacted>
...
26 <unknown> 0x1d170105007170 <redacted>
27 infusionsoftmobile 0x205002394 realm::js::wrap<T> (jsc_class.hpp:390)
28 JavaScriptCore 0x382a1d36c JSC::APICallbackFunction::call<T>
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: BUS_NOOP at 0x0000000000000010
Crashed Thread: 2
Application Specific Information:
Attempted to dereference garbage pointer 0x10.
Thread 2 Crashed:
0 JavaScriptCore 0x325ee7ff4 JSC::JSFunction::getOwnPropertySlot
1 JavaScriptCore 0x325773f60 [inlined] JSC::JSObject::get
2 JavaScriptCore 0x325773f60 JSC::JSObject::get
3 JavaScriptCore 0x325793d54 JSObjectGetProperty
4 infusionsoftmobile 0x2007cd1d0 realm::js::Object<T>::get_property (jsc_object.hpp:29)
5 infusionsoftmobile 0x2007cd1c0 realm::js::Object<T>::validated_get_object (js_types.hpp:263)
6 infusionsoftmobile 0x2007fd118 realm::js::RealmObjectClass<T>::create_instance (js_realm_object.hpp:135)
7 infusionsoftmobile 0x200801c24 realm::js::NativeAccessor<T>::box (js_object_accessor.hpp:119)
8 infusionsoftmobile 0x200810d20 realm::Results::get<T> (results.hpp:306)
9 infusionsoftmobile 0x200810d0c realm::js::ResultsClass<T>::get_index (js_results.hpp:268)
10 infusionsoftmobile 0x20080d098 realm::js::wrap<T> (jsc_class.hpp:428)
11 JavaScriptCore 0x325789dfc JSC::JSCallbackObject<T>::getOwnPropertySlot
12 JavaScriptCore 0x32578a448 JSC::JSCallbackObject<T>::getOwnPropertySlotByIndex
13 JavaScriptCore 0x325d3bf58 llint_slow_path_get_by_val
14 JavaScriptCore 0x325759038 llint_entry
15 JavaScriptCore 0x325764cb4 [inlined] <redacted>
16 JavaScriptCore 0x325764cb4 [inlined] <redacted>
17 JavaScriptCore 0x325764cb4 <redacted>
18 JavaScriptCore 0x3257507f8 vmEntryToJavaScript
19 JavaScriptCore 0x325c8276c JSC::Interpreter::executeCall
20 JavaScriptCore 0x325ee115c JSC::boundThisNoArgsFunctionCall
21 JavaScriptCore 0x32576673c <redacted>
...
31 JavaScriptCore 0x325764cb4 <redacted>
32 JavaScriptCore 0x3257507f8 vmEntryToJavaScript
33 JavaScriptCore 0x325c8276c JSC::Interpreter::executeCall
34 JavaScriptCore 0x325e64524 JSC::profiledCall
35 JavaScriptCore 0x325795b20 JSObjectCallAsFunction
36 infusionsoftmobile 0x20080fe04 realm::js::Function<T>::call (jsc_function.hpp:29)
37 infusionsoftmobile 0x20080fdf0 [inlined] realm::js::Function<T>::callback (jsc_function.hpp:38)
38 infusionsoftmobile 0x20080fdf0 realm::js::ResultsClass<T>::add_listener<T>::lambda::operator() (js_results.hpp:430)
39 infusionsoftmobile 0x20080fdd8 realm::CollectionChangeCallback::Impl<T>::after (collection_notifications.hpp:158)
40 infusionsoftmobile 0x2007c514c realm::CollectionChangeCallback::after (collection_notifications.hpp:122)
41 infusionsoftmobile 0x2007c513c realm::_impl::CollectionNotifier::after_advance::lambda::operator()<T> (collection_notifier.cpp:332)
42 infusionsoftmobile 0x2007c5050 realm::_impl::CollectionNotifier::for_each_callback<T> (collection_notifier.cpp:378)
43 infusionsoftmobile 0x2007c5008 realm::_impl::CollectionNotifier::after_advance (collection_notifier.cpp:334)
44 infusionsoftmobile 0x2007c5ce8 realm::_impl::NotifierPackage::after_advance (collection_notifier.cpp:490)
45 infusionsoftmobile 0x20086df44 (anonymous namespace)::advance_with_notifications<T> (transact_log_handler.cpp:803)
46 infusionsoftmobile 0x20086ddf4 realm::_impl::transaction::begin (transact_log_handler.cpp:838)
47 infusionsoftmobile 0x20083e7c0 realm::_impl::RealmCoordinator::promote_to_write (realm_coordinator.cpp:868)
48 infusionsoftmobile 0x200853c6c realm::Realm::begin_transaction (shared_realm.cpp:677)
49 infusionsoftmobile 0x20081714c realm::js::RealmClass<T>::write (js_realm.hpp:1088)
50 infusionsoftmobile 0x200812394 realm::js::wrap<T> (jsc_class.hpp:390)
51 JavaScriptCore 0x325788aa0 JSC::APICallbackFunction::call<T>
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: BUS_NOOP at 0x0000000000000010
Crashed Thread: 2
Application Specific Information:
Attempted to dereference garbage pointer 0x10.
Thread 2 Crashed:
0 JavaScriptCore 0x321591ff4 JSC::JSFunction::getOwnPropertySlot
1 JavaScriptCore 0x320e1df60 [inlined] JSC::JSObject::get
2 JavaScriptCore 0x320e1df60 JSC::JSObject::get
3 JavaScriptCore 0x320e3dd54 JSObjectGetProperty
4 infusionsoftmobile 0x2023a51d0 realm::js::Object<T>::get_property (jsc_object.hpp:29)
5 infusionsoftmobile 0x2023a51c0 realm::js::Object<T>::validated_get_object (js_types.hpp:263)
6 infusionsoftmobile 0x2023d5118 realm::js::RealmObjectClass<T>::create_instance (js_realm_object.hpp:135)
7 infusionsoftmobile 0x2023d9c24 realm::js::NativeAccessor<T>::box (js_object_accessor.hpp:119)
8 infusionsoftmobile 0x2023d95bc realm::List::get<T> (list.hpp:184)
9 infusionsoftmobile 0x2023d95a8 realm::js::ListClass<T>::get_index (js_list.hpp:147)
10 infusionsoftmobile 0x2023d0c38 realm::js::wrap<T> (jsc_class.hpp:428)
11 JavaScriptCore 0x320e33dfc JSC::JSCallbackObject<T>::getOwnPropertySlot
12 JavaScriptCore 0x320e34448 JSC::JSCallbackObject<T>::getOwnPropertySlotByIndex
13 JavaScriptCore 0x3213e6e94 llint_slow_path_get_by_val
14 JavaScriptCore 0x320e03038 llint_entry
15 JavaScriptCore 0x320e0ecb4 [inlined] <redacted>
...
26 JavaScriptCore 0x320e0ecb4 <redacted>
27 JavaScriptCore 0x320dfa7f8 vmEntryToJavaScript
28 JavaScriptCore 0x32132c76c JSC::Interpreter::executeCall
29 JavaScriptCore 0x32150e524 JSC::profiledCall
30 JavaScriptCore 0x320e3fb20 JSObjectCallAsFunction
31 infusionsoftmobile 0x2023e7e04 realm::js::Function<T>::call (jsc_function.hpp:29)
32 infusionsoftmobile 0x2023e7df0 [inlined] realm::js::Function<T>::callback (jsc_function.hpp:38)
33 infusionsoftmobile 0x2023e7df0 realm::js::ResultsClass<T>::add_listener<T>::lambda::operator() (js_results.hpp:430)
34 infusionsoftmobile 0x2023e7dd8 realm::CollectionChangeCallback::Impl<T>::after (collection_notifications.hpp:158)
35 infusionsoftmobile 0x20239d14c realm::CollectionChangeCallback::after (collection_notifications.hpp:122)
36 infusionsoftmobile 0x20239d13c realm::_impl::CollectionNotifier::after_advance::lambda::operator()<T> (collection_notifier.cpp:332)
37 infusionsoftmobile 0x20239d050 realm::_impl::CollectionNotifier::for_each_callback<T> (collection_notifier.cpp:378)
38 infusionsoftmobile 0x20239d008 realm::_impl::CollectionNotifier::after_advance (collection_notifier.cpp:334)
39 infusionsoftmobile 0x20239dce8 realm::_impl::NotifierPackage::after_advance (collection_notifier.cpp:490)
40 infusionsoftmobile 0x202445f44 (anonymous namespace)::advance_with_notifications<T> (transact_log_handler.cpp:803)
41 infusionsoftmobile 0x202445df4 realm::_impl::transaction::begin (transact_log_handler.cpp:838)
42 infusionsoftmobile 0x2024167c0 realm::_impl::RealmCoordinator::promote_to_write (realm_coordinator.cpp:868)
43 infusionsoftmobile 0x20242bc6c realm::Realm::begin_transaction (shared_realm.cpp:677)
44 infusionsoftmobile 0x2023ef14c realm::js::RealmClass<T>::write (js_realm.hpp:1088)
45 infusionsoftmobile 0x2023ea394 realm::js::wrap<T> (jsc_class.hpp:390)
46 JavaScriptCore 0x320e32aa0 JSC::APICallbackFunction::call<T>
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: BUS_NOOP at 0x0000000000000010
Crashed Thread: 2
Application Specific Information:
Attempted to dereference garbage pointer 0x10.
Thread 2 Crashed:
0 JavaScriptCore 0x33a67fff4 JSC::JSFunction::getOwnPropertySlot
1 JavaScriptCore 0x339f0bf60 [inlined] JSC::JSObject::get
2 JavaScriptCore 0x339f0bf60 JSC::JSObject::get
3 JavaScriptCore 0x339f2bd54 JSObjectGetProperty
4 infusionsoftmobile 0x200b411d0 realm::js::Object<T>::get_property (jsc_object.hpp:29)
5 infusionsoftmobile 0x200b411c0 realm::js::Object<T>::validated_get_object (js_types.hpp:263)
6 infusionsoftmobile 0x200b71118 realm::js::RealmObjectClass<T>::create_instance (js_realm_object.hpp:135)
7 infusionsoftmobile 0x200b75c24 realm::js::NativeAccessor<T>::box (js_object_accessor.hpp:119)
8 infusionsoftmobile 0x200b755bc realm::List::get<T> (list.hpp:184)
9 infusionsoftmobile 0x200b755a8 realm::js::ListClass<T>::get_index (js_list.hpp:147)
10 infusionsoftmobile 0x200b6cc38 realm::js::wrap<T> (jsc_class.hpp:428)
11 JavaScriptCore 0x339f21dfc JSC::JSCallbackObject<T>::getOwnPropertySlot
12 JavaScriptCore 0x339f22448 JSC::JSCallbackObject<T>::getOwnPropertySlotByIndex
13 JavaScriptCore 0x33a4d3f58 llint_slow_path_get_by_val
14 JavaScriptCore 0x339ef1038 llint_entry
15 JavaScriptCore 0x339efccb4 [inlined] <redacted>
...
21 JavaScriptCore 0x339efccb4 <redacted>
22 JavaScriptCore 0x339ee87f8 vmEntryToJavaScript
23 JavaScriptCore 0x33a41a76c JSC::Interpreter::executeCall
24 JavaScriptCore 0x33a67915c JSC::boundThisNoArgsFunctionCall
25 JavaScriptCore 0x339efe73c <redacted>
...
35 JavaScriptCore 0x339efccb4 <redacted>
36 JavaScriptCore 0x339ee87f8 vmEntryToJavaScript
37 JavaScriptCore 0x33a41a76c JSC::Interpreter::executeCall
38 JavaScriptCore 0x33a5fc524 JSC::profiledCall
39 JavaScriptCore 0x339f2db20 JSObjectCallAsFunction
40 infusionsoftmobile 0x200b83e04 realm::js::Function<T>::call (jsc_function.hpp:29)
41 infusionsoftmobile 0x200b83df0 [inlined] realm::js::Function<T>::callback (jsc_function.hpp:38)
42 infusionsoftmobile 0x200b83df0 realm::js::ResultsClass<T>::add_listener<T>::lambda::operator() (js_results.hpp:430)
43 infusionsoftmobile 0x200b83dd8 realm::CollectionChangeCallback::Impl<T>::after (collection_notifications.hpp:158)
44 infusionsoftmobile 0x200b3914c realm::CollectionChangeCallback::after (collection_notifications.hpp:122)
45 infusionsoftmobile 0x200b3913c realm::_impl::CollectionNotifier::after_advance::lambda::operator()<T> (collection_notifier.cpp:332)
46 infusionsoftmobile 0x200b39050 realm::_impl::CollectionNotifier::for_each_callback<T> (collection_notifier.cpp:378)
47 infusionsoftmobile 0x200b39008 realm::_impl::CollectionNotifier::after_advance (collection_notifier.cpp:334)
48 infusionsoftmobile 0x200bb2af8 realm::_impl::RealmCoordinator::process_available_async (realm_coordinator.cpp:920)
49 infusionsoftmobile 0x200bc80c8 realm::Realm::notify (shared_realm.cpp:808)
50 infusionsoftmobile 0x200bed1a4 realm::_impl::WeakRealmNotifier::Callback::operator() (weak_realm_notifier.cpp:42)
51 CoreFoundation 0x32cdfa014 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
Issue Analytics
- State:
- Created 4 years ago
- Reactions:6
- Comments:11 (6 by maintainers)
Top Results From Across the Web
Internal Methods [[GetOwnProperty]] - javascript - Stack Overflow
I faced an question when I was reading ECMAScript® 2021 Language Specification. In this document in section "6.1.7.2 Object Internal Methods ...
Read more >third_party/WebKit/Source/JavaScriptCore/ChangeLog-2010 ...
Make JS DOMObject inherit from JSObjectWithGlobalObject instead of JSObject ... and other classes with static function slots also gain a global object.
Read more >docs - Apple Open Source
getDirect() can be safely called on slotBase(): if getOwnPropertySlot() result is returned from JS code of ProxyObject's trap, it will never ...
Read more >Bug List - Bugzilla - allizom.org
ID Summary Product△ Comp
1160676 Uplift to fx‑team Add‑on SDK Graveyard General
1148464 Remove redundant addUploadedRecord method Android Background S Readin...
1153358 Investigate: why do records...
Read more >Property attributes: an introduction • Deep JavaScript
getOwnPropertyDescriptor () : retrieving a descriptor for a single property ... Internal slots are not object properties and they are not inherited.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@kneth we haven’t been able to reproduce it as well. Based on crash reports, it seems that this is happening during low memory situations. Here are more details about the issue:
Environment & crash details:
0x1017157b4 realm::util::ReclaimerThreadStopper::~ReclaimerThreadStopper() + 57380Besides
getOwnPropertySlot, I also see another crash withFatal Exception: std::__1::system_error: mutex lock failed: Invalid argumentWe have recently rewritten how we interact with JavaScriptCore (JSC) by using the new JSI api. I am closing this issue by suggesting you try v11.0.0-rc.1 or later.