Native crash signal 11 (SIGSEGV), code 2

[EdwardvanRaak]

We have received a reasonable number of native crashes related to realm and we are having difficulties pinpointing what the cause is. We are unable to reproduce the problem so anything that could help us would be appreciated.

Some information:

• We use encryption, a SyncAdapter and multiple Realm files.
• The crashes only happen on devices running Android 5.0 or above.
• The crashes first started appearing after we upgraded to Realm 1.0.0 but also occur on Realm versions up to 1.2.0 which is what we are currently using in our release.

The stack traces below are a few examples of the native crashes on 1.2.0. There are more crash groups but they are all similar to these.

Build fingerprint: 'samsung/xcover3ltexx/xcover3lte:5.1.1/LMY48B/G388FXXU1BPB3:user/release-keys'
Revision: '7'
ABI: 'arm'
pid: 5015, tid: 7685, name: SyncAdapterThre >>> x.y.z <<<
signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x58f7fff0
r0 abd10760 r1 58f80058 r2 00000000 r3 abd10760
r4 00000012 r5 58f80310 r6 58f80058 r7 00000000
r8 abe552d0 r9 00000000 sl 00000012 fp 00000000
ip 4c91bc65 sp 58f80000 lr 4c93556d pc 4c997488 cpsr 40070030

backtrace:
#00 pc 000c6488 /data/app/x.y.z-2/lib/arm/librealm-jni.so

Build fingerprint: 'samsung/s5neoltexx/s5neolte:6.0.1/MMB29K/G903FXXU1BPE2:user/release-keys'
Revision: '0'
ABI: 'arm'
pid: 8861, tid: 8861, name: y.z >>> com.x.y.z <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x4
r0 dcf11008 r1 00006440 r2 dcf11228 r3 00000000
r4 00058000 r5 dcf11008 r6 00000024 r7 a1f4d4a5
r8 00000000 r9 00000258 sl 00000000 fp 00000000
ip f4a02018 sp ffe84990 lr df9173ef pc df90c266 cpsr 600b0030

backtrace:
#00 pc 00042266 /data/app/x.y.z-2/lib/arm/librealm-jni.so
#01 pc 0004d3eb /data/app//x.y.z-2/lib/arm/librealm-jni.so
#02 pc 0004d465 /data/app//x.y.z-2/lib/arm/librealm-jni.so
#03 pc 0006b1d5 /data/app//x.y.z/lib/arm/librealm-jni.so
#04 pc 000c502d /data/app//x.y.z/lib/arm/librealm-jni.so
#05 pc 00028b13 /data/app//x.y.z-2/lib/arm/librealm-jni.so (Java_io_realm_internal_Group_nativeGetTableNativePtr+286)
#06 pc 0167c2b5 /data/app/x.y.z-2/oat/arm/base.odex (offset 0xeb8000)

Build fingerprint: 'samsung/s5neoltexx/s5neolte:6.0.1/MMB29K/G903FXXU1BPE2:user/release-keys'
Revision: '0'
ABI: 'arm'
pid: 25806, tid: 25866, name: SyncAdapterThre >>> x.y.z <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x4
r0 ef285008 r1 00000420 r2 ef285228 r3 00000000
r4 00058000 r5 ef285008 r6 00000024 r7 a1f4d4a5
r8 00000000 r9 00000258 sl 00000000 fp 00000000
ip dafbf018 sp dfb2d9d0 lr dff173ef pc dff0c266 cpsr 600b0030

backtrace:
#00 pc 00042266 /data/app/x.y.z-2/lib/arm/librealm-jni.so
#01 pc 0004d3eb /data/app/x.y.z-2/lib/arm/librealm-jni.so
...
(Java_io_realm_internal_Group_nativeGetTableNativePtr+286)
#08 pc 0167c2b5 /data/app/x.y.z-2/oat/arm/base.odex (offset 0xeb8000
```)

[kneth]

@EdwardvanRaak Thanks for all the details. Can you provide us with a few details on the sync adapter? For example, how ofte does the app receives data? How much data?

[EdwardvanRaak]

@kneth The app received data about every 30 minutes. Syncing can also occur manually by users or when a certain screen is opened. We receive moderately to large sized JSON responses but nothing that I would consider out of the ordinary.

[kneth]

@EdwardvanRaak Do you get the Realm instance in the adapter or do you pass the instance to the adapter? In principle, you should get an error message in the latter case, but a case might have slipped through in our logic.

[EdwardvanRaak]

@kneth No we don't pass the instance to the adapter. It gets its own instance.

[kneth]

@finnschiermer Do you have any insights from Realm Core's point of view?

[finnschiermer]

@kneth: Unfortunately the backtraces are not showing much. The segfaults on address 0x4 is likely to arise by following a nullpointer, but that doesn't tell us much either.

[EdwardvanRaak]

Is it possible that these native crashes are caused by other unrecoverable realm errors that we receive? Can unrecoverable realm errors cause the realm file to stay in an erroneous state even after the app is reopened, causing the native crashes?

[kneth]

Realm is designed to resilient. If you have seen other errors just before your native crash, we are very interested to hear about it as it could indicate a corner case we haven't anticipated.

[trustratch]

we're also experiencing this issue
first, we got this crash (Out of memory error) error log below
after that we keep getting native crashes (error log at the second part)

THE FIRST ERROR LOG
10-17 10:31:44.377 19751-19751/? E/AndroidRuntime: FATAL EXCEPTION: main Process: com.ekoapp.eko, PID: 19751 io.realm.exceptions.RealmError: Unrecoverable error. mmap() failed: Out of memory size: 1476395008 in io_realm_internal_SharedGroup.cpp line 113 at io.realm.internal.SharedGroup.createNativeWithImplicitTransactions(Native Method) at io.realm.internal.SharedGroup.openSharedGroupOrFail(SharedGroup.java:95) at io.realm.internal.SharedGroup.<init>(SharedGroup.java:74) at io.realm.internal.SharedGroupManager.<init>(SharedGroupManager.java:49) at io.realm.BaseRealm.<init>(BaseRealm.java:86) at io.realm.Realm.<init>(Realm.java:135) at io.realm.Realm.createAndValidate(Realm.java:233) at io.realm.Realm.createInstance(Realm.java:214) at io.realm.RealmCache.createRealmOrGetFromCache(RealmCache.java:126) at io.realm.Realm.getInstance(Realm.java:178) at com.ekoapp.App.RealmLogger.getRealmInstance(RealmLogger.java:44) at com.ekoapp.Models.ModelSendQueue.execActions(ModelSendQueue.java:66) at com.ekoapp.Models.ModelSendQueue.getInstance(ModelSendQueue.java:28) at com.ekoapp.App.Eko.onCreate(Eko.java:150) at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1036) at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6321) at android.app.ActivityThread.access$1800(ActivityThread.java:222) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1861) at android.os.Handler.dispatchMessage(Handler.java:102) at android.os.Looper.loop(Looper.java:158) at android.app.ActivityThread.main(ActivityThread.java:7229) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1230) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1120)

THE SECOND ERROR LOG

10-17 10:32:21.717 19910-19910/? A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x6be618e0 in tid 19910 (com.ekoapp.eko) 10-17 10:32:21.767 3149-3149/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 10-17 10:32:21.767 3149-3149/? A/DEBUG: Build fingerprint: 'samsung/hero2ltexx/hero2lte:6.0.1/MMB29K/G935FXXU1BPIG:user/release-keys' 10-17 10:32:21.767 3149-3149/? A/DEBUG: Revision: '9' 10-17 10:32:21.767 3149-3149/? A/DEBUG: ABI: 'arm' 10-17 10:32:21.767 3149-3149/? A/DEBUG: pid: 19910, tid: 19910, name: com.ekoapp.eko >>> com.ekoapp.eko <<< 10-17 10:32:21.767 3149-3149/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x6be618e0 10-17 10:32:21.797 3149-3149/? A/DEBUG: r0 6be618dc r1 81b3b790 r2 db43f540 r3 00000006 10-17 10:32:21.797 3149-3149/? A/DEBUG: r4 c3e61f5c r5 8185c050 r6 ffb2e880 r7 ffb2e8ac 10-17 10:32:21.797 3149-3149/? A/DEBUG: r8 db0f90e0 r9 00000000 sl e88a8b28 fp 1347a580 10-17 10:32:21.797 3149-3149/? A/DEBUG: ip dc8eb147 sp ffb2e878 lr dc8e5251 pc dc915fba cpsr 300b0030 10-17 10:32:21.797 3149-3149/? A/DEBUG: backtrace: 10-17 10:32:21.797 3149-3149/? A/DEBUG: #00 pc 00072fba /data/app/com.ekoapp.eko-1/lib/arm/librealm-jni.so 10-17 10:32:22.487 3149-3149/? A/DEBUG: Tombstone written to: /data/tombstones/tombstone_03 10-17 10:32:22.487 3149-3149/? E/DEBUG: AM write failed: Broken pipe

[Zhuinden]

@trustratch there's at least one although probably more Realm instances on your background threads that are never closed.

[EdwardvanRaak]

@kneth
We also receive these error reports

io.realm.exceptions.RealmError: Unrecoverable error. Failure when converting short string to UTF-16 error_code = 1;

io.realm.exceptions.RealmMigrationNeededException: Field count does not match - expected 2 but was 663040

I did see some issues posted here about these but since we were never able to solve them we just try to clean the realm file whenever corruption(?) of the realm file occurs. We are not sure if they are related to the native crashes though.

[Zhuinden]

@EdwardvanRaak having 663040 fields sounds unhealthy, that definitely sounds like corruption.

[kneth]

Out-of-memory exceptions should be taken very seriously. Ignoring them can lead to file corruption. See also https://realm.io/docs/java/latest/#what-to-do-about-out-of-memory-exceptions

[Zhuinden]

@kneth Back in the day I got this kind of thing when I used realm.beginTransaction()/realm.commitTransaction() manually, and didn't realm.cancelTransaction() in case of failure.

[kneth]

@Zhuinden Good point (you were basically ignoring the out-of-memory exception).

[Sirrah]

We've updated all of our transactions to use Realm#executeTransaction. So even if an exception is thrown the transaction should be closed properly. Despite that we still see these crashes occurring.

Note, I'm a colleague of @EdwardvanRaak

[kneth]

@Sirrah @EdwardvanRaak It still sounds like you have an instance open in a background thread and it keep Realm from reclaiming space.

[Sirrah]

We'll continue looking for that.

If the error occurs once for an user, regardless of the cause. would you expect the same error to occur again once the application restarts? Even if the app doesn't do anything wrong on the second run?

[kneth]

No, Realm should be robust enough for app restarting.

[fabriciorod]

This happened with a rooted device, samsung SIII mini. the device is running Android 4.2.2.

D/CrashAnrDetector: Build: samsung/goldenve3gxx/goldenve3g:4.2.2/JDQ39/I8200NXXUAOC1:user/release-keys
Hardware: PXA986
Revision: 3
Bootloader: I8200NXXUAOC1
Radio: unknown
Kernel: Linux version 3.4.5-2826542 (se.infra@SWDB2805) (gcc version 4.6.x-google 20120106 (prerelease) (GCC) ) #2 SMP PREEMPT Thu Mar 26 22:31:40 KST 2015

                                             *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
                                             Build fingerprint: 'samsung/goldenve3gxx/goldenve3g:4.2.2/JDQ39/I8200NXXUAOC1:user/release-keys'
                                             Revision: '3'
                                             pid: 3823, tid: 3823, name: com.matilandia  >>> com.matilandia <<<
                                             signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 5ac36ff6
                                                 r0 5ac37003  r1 5ac36ff6  r2 5ac3aa73  r3 5ac36ff6
                                                 r4 00000000  r5 5ac37002  r6 5ac3bdf0  r7 5ab6deb0
                                                 r8 00000010  r9 00000010  sl 5e7ae6e8  fp 00000010
                                                 ip 0000000c  sp be9b5318  lr 00000000  pc 5e68ffe2  cpsr 20000030
                                                 d0  65706f72705f6b70  d1  532f6c616e726500
                                                 d2  56c7c19856c7c100  d3  56c7c20856c7c102
                                                 d4  6c6165722e746c75  d5  6567616e616d2e6d
                                                 d6  6363612f746e656d  d7  746e6f635f737365
                                                 d8  0000000000000000  d9  0000000000000000
                                                 d10 0000000000000000  d11 0000000000000000
                                                 d12 0000000000000000  d13 0000000000000000
                                                 d14 0000000000000000  d15 0000000000000000
                                                 d16 4026000000000000  d17 7e37e43c8800759c
                                                 d18 0000000000000000  d19 0000000000000000
                                                 d20 4008000000000000  d21 3fbc71c71c71c71c
                                                 d22 3fcc7288e957b53b  d23 3fd24998d6307188
                                                 d24 3fd99a27ad32ddf5  d25 3fe555b0aaeac752
                                                 d26 0000000000000000  d27 0000000000000000
                                                 d28 0000000000000000  d29 0000000000000000
                                                 d30 0000000000000000  d31 0000000000000000
                                                 scr 20000010
                                             
                                             backtrace:
                                                 #00  pc 00081fe2  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                 #01  pc 000a4f77  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                 #02  pc 0005a6cd  /data/app-lib/com.matilandia-1/librealm-jni.so
                                             
                                             stack:
                                                      be9b52d8  5ac3c3e8  
                                                      be9b52dc  00001680  
                                                      be9b52e0  5ac3c668  
                                                      be9b52e4  00001900  
                                                      be9b52e8  5e6881fb  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                      be9b52ec  5e68fe15  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                      be9b52f0  00000000  
                                                      be9b52f4  5e7c3170  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                      be9b52f8  5ac3c3f0  
                                                      be9b52fc  00000000  
                                                      be9b5300  be9b5330  [stack]
                                                      be9b5304  00000000  
                                                      be9b5308  5ab6deb0  
                                                      be9b530c  5ab6deb0  
                                                      be9b5310  df0027ad  
                                                      be9b5314  00000000  
                                                 #00  be9b5318  5e688c71  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                      be9b531c  00000001  
                                                      be9b5320  0000000f  
                                                      be9b5324  00000008  
                                                      be9b5328  5e7ae6e8  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                      be9b532c  00000008  
                                                      be9b5330  5ac3bdf8  
                                                      be9b5334  ffffffff  
                                                      be9b5338  00000000  
                                                      be9b533c  5ab6deb0  
                                                      be9b5340  00000001  
                                                      be9b5344  00000001  
                                                      be9b5348  00000000  
                                                      be9b534c  5e7ae6e8  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                      be9b5350  5ab6d198  
                                                      be9b5354  5e6b2f7b  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                 #01  be9b5358  ffffffff  
                                                      be9b535c  00000000  
                                                      be9b5360  00000000  
                                                      be9b5364  00000008  
                                                      be9b5368  5abd73b0  
                                                      be9b536c  00000000  
                                                      be9b5370  5ab6a350  
                                                      be9b5374  5abd7520  
                                                      be9b5378  5e7ae6e8  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                      be9b537c  00000008  
                                                      be9b5380  00000001  
                                                      be9b5384  5e6ca0b5  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                      be9b5388  5e7ae6e8  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                      be9b538c  00000008  
                                                      be9b5390  00000000  
                                                      be9b5394  5abd73b0  
                                                      ........  ........
                                                 #02  be9b53b8  00000000  
                                                      be9b53bc  00000000  
                                                      be9b53c0  5ab6deb0  
                                                      be9b53c4  5e6afaff  /data/app-lib/com.matilandia-1/librealm-jni.so
                                                      be9b53c8  00000000  
                                                      be9b53cc  5abd73b0  
                                                      be9b53d0  00000000  
                                                      be9b53d4  0

[kneth]

@fabriciorod We have some issues with older devices: #3651. Maybe your crash is related?

[Zhuinden]

@kneth this is definitely the same thing

[fabriciorod]

@kneth Yes is the same thing. I was able to track the method where the crash happened, but, i was not able to reproduce it on a emulator. Do you guys need a sample project? i can do that, the last method i can remember that received a call was setVersion(), after that call, the application crashes.

[kneth]

@fabriciorod If you can create a sample project or a unit test, we will be happy to get a copy. I have finally found an used Samsung Galaxy Tab 3 so I will be able to debug.

[OneManMobile]

I have the exact same problem with a Samsung SIII mini too!

It works on the device when I use Realm v. 1.1.0, but crashes when I upgrade. I hope this can narrow the issue down further.

Best regards

[kneth]

@OneManMobile Is your S3 mini a GT-I8190N or one of the other variants? We have a GT-I8190N in our test lab.

[OneManMobile]

Its a GT-18200N

With Android 4.2.2 and Kernelversion 3.4.5-2824661

[kneth]

@OneManMobile I believe that GT-I8200N has also been reported in #3651.

[Zhuinden]

#4402 might fix this once it's merged

[beeender]

#4402 is merged and has been released in v3.1.1