Crash downloading offline pack — mbgl::OnlineFileSource::Impl::activatePendingRequest()

[Gurbo]

Steps to reproduce:

1. Start downloading map region
2. Send application to background
3. Turn off internet connection
4. Return application to the foreground
5. Turn on internet-connection

After this steps map region will be downloading for a few seconds - and after it application will be crashed.

[1ec5]

Please provide a stack trace of the crash. (If you provide the full stack trace, please put it in a gist and link to it.) Also, please indicate which version of which SDK you're using. Thank you!

[Gurbo]

@1ec5 Simulator crash (iPhone 5s, 9.3):

Mapbox`mbgl::OnlineFileSource::Impl::activatePendingRequest:
    0x10e60ebb0 <+0>:   pushq  %rbp
    0x10e60ebb1 <+1>:   movq   %rsp, %rbp
    0x10e60ebb4 <+4>:   pushq  %r15
    0x10e60ebb6 <+6>:   pushq  %r14
    0x10e60ebb8 <+8>:   pushq  %r12
    0x10e60ebba <+10>:  pushq  %rbx
    0x10e60ebbb <+11>:  subq   $0x40, %rsp
    0x10e60ebbf <+15>:  movq   %rdi, %r14
    0x10e60ebc2 <+18>:  movq   0xc3ab7(%rip), %r12       ; (void *)0x000000010f392070: __stack_chk_guard
    0x10e60ebc9 <+25>:  movq   (%r12), %r12
    0x10e60ebcd <+29>:  movq   %r12, -0x28(%rbp)
    0x10e60ebd1 <+33>:  movq   0x38(%r14), %rax
    0x10e60ebd5 <+37>:  testq  %rax, %rax
    0x10e60ebd8 <+40>:  je     0x10e60ed83               ; <+467>
    0x10e60ebde <+46>:  movq   0x30(%r14), %rdi
    0x10e60ebe2 <+50>:  movq   0x10(%rdi), %rbx
    0x10e60ebe6 <+54>:  movq   (%rdi), %rcx
    0x10e60ebe9 <+57>:  movq   0x8(%rdi), %rdx
    0x10e60ebed <+61>:  movq   %rdx, 0x8(%rcx)
    0x10e60ebf1 <+65>:  movq   0x8(%rdi), %rdx
    0x10e60ebf5 <+69>:  movq   %rcx, (%rdx)
    0x10e60ebf8 <+72>:  decq   %rax
    0x10e60ebfb <+75>:  movq   %rax, 0x38(%r14)
    0x10e60ebff <+79>:  callq  0x10e683d14               ; symbol stub for: operator delete(void*)
    0x10e60ec04 <+84>:  movq   %rbx, %rax
    0x10e60ec07 <+87>:  shrq   $0x20, %rax
    0x10e60ec0b <+91>:  movl   %ebx, %ecx
    0x10e60ec0d <+93>:  andl   $0x1fffffff, %ecx         ; imm = 0x1FFFFFFF 
    0x10e60ec13 <+99>:  leaq   0x8(,%rcx,8), %rcx
    0x10e60ec1b <+107>: xorq   %rax, %rcx
    0x10e60ec1e <+110>: movabsq $-0x622015f714c7d297, %rdx ; imm = 0x9DDFEA08EB382D69 
    0x10e60ec28 <+120>: imulq  %rdx, %rcx
    0x10e60ec2c <+124>: movq   %rcx, %rsi
    0x10e60ec2f <+127>: shrq   $0x2f, %rsi
    0x10e60ec33 <+131>: xorq   %rax, %rcx
    0x10e60ec36 <+134>: xorq   %rsi, %rcx
    0x10e60ec39 <+137>: imulq  %rdx, %rcx
    0x10e60ec3d <+141>: movq   %rcx, %r15
    0x10e60ec40 <+144>: shrq   $0x2f, %r15
    0x10e60ec44 <+148>: xorq   %rcx, %r15
    0x10e60ec47 <+151>: imulq  %rdx, %r15
    0x10e60ec4b <+155>: movq   0x48(%r14), %rcx
    0x10e60ec4f <+159>: testq  %rcx, %rcx
    0x10e60ec52 <+162>: je     0x10e60eccf               ; <+287>
    0x10e60ec54 <+164>: leaq   0x40(%r14), %rdi
    0x10e60ec58 <+168>: leaq   -0x1(%rcx), %r9
    0x10e60ec5c <+172>: movq   %r9, %r10
    0x10e60ec5f <+175>: andq   %rcx, %r10
    0x10e60ec62 <+178>: je     0x10e60ec71               ; <+193>
    0x10e60ec64 <+180>: xorl   %edx, %edx
    0x10e60ec66 <+182>: movq   %r15, %rax
    0x10e60ec69 <+185>: divq   %rcx
    0x10e60ec6c <+188>: movq   %rdx, %r8
    0x10e60ec6f <+191>: jmp    0x10e60ec77               ; <+199>
    0x10e60ec71 <+193>: movq   %r15, %r8
    0x10e60ec74 <+196>: andq   %r9, %r8
    0x10e60ec77 <+199>: movq   (%rdi), %rax
    0x10e60ec7a <+202>: movq   (%rax,%r8,8), %rsi
    0x10e60ec7e <+206>: testq  %rsi, %rsi
    0x10e60ec81 <+209>: je     0x10e60eccf               ; <+287>
    0x10e60ec83 <+211>: testq  %r10, %r10
    0x10e60ec86 <+214>: je     0x10e60ecb0               ; <+256>
    0x10e60ec88 <+216>: nopl   (%rax,%rax)
    0x10e60ec90 <+224>: movq   (%rsi), %rsi
    0x10e60ec93 <+227>: testq  %rsi, %rsi
    0x10e60ec96 <+230>: je     0x10e60eccf               ; <+287>
    0x10e60ec98 <+232>: movq   0x8(%rsi), %rax
    0x10e60ec9c <+236>: xorl   %edx, %edx
    0x10e60ec9e <+238>: divq   %rcx
    0x10e60eca1 <+241>: cmpq   %r8, %rdx
    0x10e60eca4 <+244>: jne    0x10e60eccf               ; <+287>
    0x10e60eca6 <+246>: cmpq   %rbx, 0x10(%rsi)
    0x10e60ecaa <+250>: jne    0x10e60ec90               ; <+224>
    0x10e60ecac <+252>: jmp    0x10e60ecca               ; <+282>
    0x10e60ecae <+254>: nop    
    0x10e60ecb0 <+256>: movq   (%rsi), %rsi
    0x10e60ecb3 <+259>: testq  %rsi, %rsi
    0x10e60ecb6 <+262>: je     0x10e60eccf               ; <+287>
    0x10e60ecb8 <+264>: movq   0x8(%rsi), %rax
    0x10e60ecbc <+268>: andq   %r9, %rax
    0x10e60ecbf <+271>: cmpq   %r8, %rax
    0x10e60ecc2 <+274>: jne    0x10e60eccf               ; <+287>
    0x10e60ecc4 <+276>: cmpq   %rbx, 0x10(%rsi)
    0x10e60ecc8 <+280>: jne    0x10e60ecb0               ; <+256>
    0x10e60ecca <+282>: callq  0x10e60efa0               ; std::__1::__hash_table<std::__1::__hash_value_type<mbgl::FileRequest*, std::__1::__list_iterator<mbgl::FileRequest*, void*> >, std::__1::__unordered_map_hasher<mbgl::FileRequest*, std::__1::__hash_value_type<mbgl::FileRequest*, std::__1::__list_iterator<mbgl::FileRequest*, void*> >, std::__1::hash<mbgl::FileRequest*>, true>, std::__1::__unordered_map_equal<mbgl::FileRequest*, std::__1::__hash_value_type<mbgl::FileRequest*, std::__1::__list_iterator<mbgl::FileRequest*, void*> >, std::__1::equal_to<mbgl::FileRequest*>, true>, std::__1::allocator<std::__1::__hash_value_type<mbgl::FileRequest*, std::__1::__list_iterator<mbgl::FileRequest*, void*> > > >::erase(std::__1::__hash_const_iterator<std::__1::__hash_node<std::__1::__hash_value_type<mbgl::FileRequest*, std::__1::__list_iterator<mbgl::FileRequest*, void*> >, void*>*>)
    0x10e60eccf <+287>: movq   0x8(%r14), %rcx
    0x10e60ecd3 <+291>: leaq   -0x1(%rcx), %rax
    0x10e60ecd7 <+295>: testq  %rcx, %rax
    0x10e60ecda <+298>: je     0x10e60ecfb               ; <+331>
    0x10e60ecdc <+300>: xorl   %edx, %edx
    0x10e60ecde <+302>: movq   %r15, %rax
    0x10e60ece1 <+305>: divq   %rcx
    0x10e60ece4 <+308>: movq   (%r14), %rax
    0x10e60ece7 <+311>: movq   (%rax,%rdx,8), %rax
    0x10e60eceb <+315>: nopl   (%rax,%rax)
->  0x10e60ecf0 <+320>: movq   (%rax), %rax (EXC_BAD_ACCESS here)
    0x10e60ecf3 <+323>: cmpq   %rbx, 0x10(%rax)
    0x10e60ecf7 <+327>: jne    0x10e60ecf0               ; <+320>
    0x10e60ecf9 <+329>: jmp    0x10e60ed19               ; <+361>
    0x10e60ecfb <+331>: andq   %r15, %rax
    0x10e60ecfe <+334>: movq   (%r14), %rcx
    0x10e60ed01 <+337>: movq   (%rcx,%rax,8), %rax
    0x10e60ed05 <+341>: nopw   %cs:(%rax,%rax)
    0x10e60ed10 <+352>: movq   (%rax), %rax
    0x10e60ed13 <+355>: cmpq   %rbx, 0x10(%rax)
    0x10e60ed17 <+359>: jne    0x10e60ed10               ; <+352>
    0x10e60ed19 <+361>: movq   0x18(%rax), %rbx
    0x10e60ed1d <+365>: leaq   0x68(%r14), %rdi
    0x10e60ed21 <+369>: movq   %rbx, %rsi
    0x10e60ed24 <+372>: callq  0x10e60f0a0               ; std::__1::__hash_table<mbgl::FileRequest*, std::__1::hash<mbgl::FileRequest*>, std::__1::equal_to<mbgl::FileRequest*>, std::__1::allocator<mbgl::FileRequest*> >::__insert_unique(mbgl::FileRequest* const&)
    0x10e60ed29 <+377>: movq   0x90(%r14), %rdi
    0x10e60ed30 <+384>: movq   (%rdi), %rax
    0x10e60ed33 <+387>: movq   0x10(%rax), %rax
    0x10e60ed37 <+391>: leaq   0x8(%rbx), %rsi
    0x10e60ed3b <+395>: leaq   -0x60(%rbp), %r15
    0x10e60ed3f <+399>: movq   %r15, -0x40(%rbp)
    0x10e60ed43 <+403>: leaq   0xde6ae(%rip), %rcx       ; vtable for std::__1::__function::__func<mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequestImpl*)::'lambda'(mbgl::Response), std::__1::allocator<mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequestImpl*)::'lambda'(mbgl::Response)>, void (mbgl::Response)> + 16
    0x10e60ed4a <+410>: movq   %rcx, -0x60(%rbp)
    0x10e60ed4e <+414>: movq   %rbx, -0x58(%rbp)
    0x10e60ed52 <+418>: movq   %r14, -0x50(%rbp)
    0x10e60ed56 <+422>: movq   %r15, %rdx
    0x10e60ed59 <+425>: callq  *%rax
    0x10e60ed5b <+427>: movq   %rax, 0x98(%rbx)
    0x10e60ed62 <+434>: movq   -0x40(%rbp), %rdi
    0x10e60ed66 <+438>: cmpq   %r15, %rdi
    0x10e60ed69 <+441>: je     0x10e60ed78               ; <+456>
    0x10e60ed6b <+443>: testq  %rdi, %rdi
    0x10e60ed6e <+446>: je     0x10e60ed83               ; <+467>
    0x10e60ed70 <+448>: movq   (%rdi), %rax
    0x10e60ed73 <+451>: callq  *0x28(%rax)
    0x10e60ed76 <+454>: jmp    0x10e60ed83               ; <+467>
    0x10e60ed78 <+456>: movq   -0x60(%rbp), %rax
    0x10e60ed7c <+460>: leaq   -0x60(%rbp), %rdi
    0x10e60ed80 <+464>: callq  *0x20(%rax)
    0x10e60ed83 <+467>: cmpq   -0x28(%rbp), %r12
    0x10e60ed87 <+471>: jne    0x10e60ed96               ; <+486>
    0x10e60ed89 <+473>: addq   $0x40, %rsp
    0x10e60ed8d <+477>: popq   %rbx
    0x10e60ed8e <+478>: popq   %r12
    0x10e60ed90 <+480>: popq   %r14
    0x10e60ed92 <+482>: popq   %r15
    0x10e60ed94 <+484>: popq   %rbp
    0x10e60ed95 <+485>: retq   
    0x10e60ed96 <+486>: callq  0x10e6837fe               ; symbol stub for: __stack_chk_fail
    0x10e60ed9b <+491>: movq   %rax, %rbx
    0x10e60ed9e <+494>: movq   -0x40(%rbp), %rdi
    0x10e60eda2 <+498>: cmpq   %r15, %rdi
    0x10e60eda5 <+501>: jne    0x10e60edb5               ; <+517>
    0x10e60eda7 <+503>: movq   (%rdi), %rax
    0x10e60edaa <+506>: callq  *0x20(%rax)
    0x10e60edad <+509>: movq   %rbx, %rdi
    0x10e60edb0 <+512>: callq  0x10e6837ce               ; symbol stub for: _Unwind_Resume
    0x10e60edb5 <+517>: testq  %rdi, %rdi
    0x10e60edb8 <+520>: je     0x10e60edc0               ; <+528>
    0x10e60edba <+522>: movq   (%rdi), %rax
    0x10e60edbd <+525>: callq  *0x28(%rax)
    0x10e60edc0 <+528>: movq   %rbx, %rdi
    0x10e60edc3 <+531>: callq  0x10e6837ce               ; symbol stub for: _Unwind_Resume
    0x10e60edc8 <+536>: nopl   (%rax,%rax)

MapBox 3.2.3

[Gurbo]

@1ec5 Non-simulator iPhone6, ios 9.1, MapBox 3.2.2

Mapbox`mbgl::OnlineFileSource::Impl::activatePendingRequest:
    0x100fcca58 <+0>:   stp    x22, x21, [sp, #-48]!
    0x100fcca5c <+4>:   stp    x20, x19, [sp, #16]
    0x100fcca60 <+8>:   stp    x29, x30, [sp, #32]
    0x100fcca64 <+12>:  add    x29, sp, #32              ; =32 
    0x100fcca68 <+16>:  sub    sp, sp, #48               ; =48 
    0x100fcca6c <+20>:  mov    x19, x0
    0x100fcca70 <+24>:  nop    
    0x100fcca74 <+28>:  ldr    x21, #752300              ; (void *)0x00000001a138dcf0: __stack_chk_guard
    0x100fcca78 <+32>:  ldr    x21, [x21]
    0x100fcca7c <+36>:  str    x21, [sp, #40]
    0x100fcca80 <+40>:  ldr    x8, [x19, #56]
    0x100fcca84 <+44>:  cbz    x8, 0x100fccc34           ; <+476>
    0x100fcca88 <+48>:  ldr    x0, [x19, #48]
    0x100fcca8c <+52>:  ldp    x10, x20, [x0, #8]
    0x100fcca90 <+56>:  ldr    x9, [x0]
    0x100fcca94 <+60>:  str    x10, [x9, #8]
    0x100fcca98 <+64>:  ldr    x10, [x0, #8]
    0x100fcca9c <+68>:  str    x9, [x10]
    0x100fccaa0 <+72>:  sub    x8, x8, #1                ; =1 
    0x100fccaa4 <+76>:  str    x8, [x19, #56]
    0x100fccaa8 <+80>:  bl     0x1010350d0               ; symbol stub for: operator delete(void*)
    0x100fccaac <+84>:  lsr    x8, x20, #32
    0x100fccab0 <+88>:  ubfiz  x9, x20, #3, #29
    0x100fccab4 <+92>:  add    x9, x9, #8                ; =8 
    0x100fccab8 <+96>:  eor    x9, x9, x8
    0x100fccabc <+100>: movz   x10, #0x9ddf, lsl #48
    0x100fccac0 <+104>: movk   x10, #0xea08, lsl #32
    0x100fccac4 <+108>: movk   x10, #0xeb38, lsl #16
    0x100fccac8 <+112>: movk   x10, #0x2d69
    0x100fccacc <+116>: mul    x9, x9, x10
    0x100fccad0 <+120>: eor    x8, x9, x8
    0x100fccad4 <+124>: eor    x8, x8, x9, lsr #47
    0x100fccad8 <+128>: mul    x8, x8, x10
    0x100fccadc <+132>: eor    x8, x8, x8, lsr #47
    0x100fccae0 <+136>: mul    x22, x8, x10
    0x100fccae4 <+140>: ldr    x9, [x19, #72]
    0x100fccae8 <+144>: cbz    x9, 0x100fccb70           ; <+280>
    0x100fccaec <+148>: add    x0, x19, #64              ; =64 
    0x100fccaf0 <+152>: sub    x10, x9, #1               ; =1 
    0x100fccaf4 <+156>: and    x11, x10, x9
    0x100fccaf8 <+160>: udiv   x8, x22, x9
    0x100fccafc <+164>: msub   x8, x8, x9, x22
    0x100fccb00 <+168>: and    x12, x22, x10
    0x100fccb04 <+172>: cmp    x11, #0                   ; =0 
    0x100fccb08 <+176>: csel   x8, x8, x12, ne
    0x100fccb0c <+180>: ldr    x12, [x0]
    0x100fccb10 <+184>: ldr    x1, [x12, x8, lsl #3]
    0x100fccb14 <+188>: cbz    x1, 0x100fccb70           ; <+280>
    0x100fccb18 <+192>: cbz    x11, 0x100fccb48          ; <+240>
    0x100fccb1c <+196>: ldr    x1, [x1]
    0x100fccb20 <+200>: cbz    x1, 0x100fccb70           ; <+280>
    0x100fccb24 <+204>: ldr    x10, [x1, #8]
    0x100fccb28 <+208>: udiv   x11, x10, x9
    0x100fccb2c <+212>: msub   x10, x11, x9, x10
    0x100fccb30 <+216>: cmp    x10, x8
    0x100fccb34 <+220>: b.ne   0x100fccb70               ; <+280>
    0x100fccb38 <+224>: ldr    x10, [x1, #16]
    0x100fccb3c <+228>: cmp    x10, x20
    0x100fccb40 <+232>: b.ne   0x100fccb1c               ; <+196>
    0x100fccb44 <+236>: b      0x100fccb6c               ; <+276>
    0x100fccb48 <+240>: ldr    x1, [x1]
    0x100fccb4c <+244>: cbz    x1, 0x100fccb70           ; <+280>
    0x100fccb50 <+248>: ldr    x9, [x1, #8]
    0x100fccb54 <+252>: and    x9, x9, x10
    0x100fccb58 <+256>: cmp    x9, x8
    0x100fccb5c <+260>: b.ne   0x100fccb70               ; <+280>
    0x100fccb60 <+264>: ldr    x9, [x1, #16]
    0x100fccb64 <+268>: cmp    x9, x20
    0x100fccb68 <+272>: b.ne   0x100fccb48               ; <+240>
    0x100fccb6c <+276>: bl     0x100fcce6c               ; std::__1::__hash_table<std::__1::__hash_value_type<mbgl::FileRequest*, std::__1::__list_iterator<mbgl::FileRequest*, void*> >, std::__1::__unordered_map_hasher<mbgl::FileRequest*, std::__1::__hash_value_type<mbgl::FileRequest*, std::__1::__list_iterator<mbgl::FileRequest*, void*> >, std::__1::hash<mbgl::FileRequest*>, true>, std::__1::__unordered_map_equal<mbgl::FileRequest*, std::__1::__hash_value_type<mbgl::FileRequest*, std::__1::__list_iterator<mbgl::FileRequest*, void*> >, std::__1::equal_to<mbgl::FileRequest*>, true>, std::__1::allocator<std::__1::__hash_value_type<mbgl::FileRequest*, std::__1::__list_iterator<mbgl::FileRequest*, void*> > > >::erase(std::__1::__hash_const_iterator<std::__1::__hash_node<std::__1::__hash_value_type<mbgl::FileRequest*, std::__1::__list_iterator<mbgl::FileRequest*, void*> >, void*>*>)
    0x100fccb70 <+280>: ldr    x8, [x19, #8]
    0x100fccb74 <+284>: sub    x9, x8, #1                ; =1 
    0x100fccb78 <+288>: and    x10, x9, x8
    0x100fccb7c <+292>: cbz    x10, 0x100fccba8          ; <+336>
    0x100fccb80 <+296>: udiv   x9, x22, x8
    0x100fccb84 <+300>: mul    x8, x9, x8
    0x100fccb88 <+304>: sub    x8, x22, x8
    0x100fccb8c <+308>: ldr    x9, [x19]
    0x100fccb90 <+312>: ldr    x8, [x9, x8, lsl #3]
    0x100fccb94 <+316>: ldr    x8, [x8]
->  0x100fccb98 <+320>: ldr    x9, [x8, #16] (EXC_BAD_ACCESS here)
    0x100fccb9c <+324>: cmp    x9, x20
    0x100fccba0 <+328>: b.ne   0x100fccb94               ; <+316>
    0x100fccba4 <+332>: b      0x100fccbc4               ; <+364>
    0x100fccba8 <+336>: and    x8, x9, x22
    0x100fccbac <+340>: ldr    x9, [x19]
    0x100fccbb0 <+344>: ldr    x8, [x9, x8, lsl #3]
    0x100fccbb4 <+348>: ldr    x8, [x8]
    0x100fccbb8 <+352>: ldr    x9, [x8, #16]
    0x100fccbbc <+356>: cmp    x9, x20
    0x100fccbc0 <+360>: b.ne   0x100fccbb4               ; <+348>
    0x100fccbc4 <+364>: ldr    x20, [x8, #24]
    0x100fccbc8 <+368>: add    x0, x19, #104             ; =104 
    0x100fccbcc <+372>: mov    x1, x20
    0x100fccbd0 <+376>: bl     0x100fccf6c               ; std::__1::__hash_table<mbgl::FileRequest*, std::__1::hash<mbgl::FileRequest*>, std::__1::equal_to<mbgl::FileRequest*>, std::__1::allocator<mbgl::FileRequest*> >::__insert_unique(mbgl::FileRequest* const&)
    0x100fccbd4 <+380>: ldr    x0, [x19, #144]
    0x100fccbd8 <+384>: ldr    x8, [x0]
    0x100fccbdc <+388>: ldr    x8, [x8, #16]
    0x100fccbe0 <+392>: add    x1, x20, #8               ; =8 
    0x100fccbe4 <+396>: add    x22, sp, #8               ; =8 
    0x100fccbe8 <+400>: stp    x19, x22, [sp, #24]
    0x100fccbec <+404>: adr    x9, #861452               ; vtable for std::__1::__function::__func<mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequestImpl*)::'lambda'(mbgl::Response), std::__1::allocator<mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequestImpl*)::'lambda'(mbgl::Response)>, void (mbgl::Response)>
    0x100fccbf0 <+408>: nop    
    0x100fccbf4 <+412>: add    x9, x9, #16               ; =16 
    0x100fccbf8 <+416>: stp    x9, x20, [sp, #8]
    0x100fccbfc <+420>: add    x2, sp, #8                ; =8 
    0x100fccc00 <+424>: blr    x8
    0x100fccc04 <+428>: str    x0, [x20, #152]
    0x100fccc08 <+432>: ldr    x0, [sp, #32]
    0x100fccc0c <+436>: cmp    x0, x22
    0x100fccc10 <+440>: b.eq   0x100fccc24               ; <+460>
    0x100fccc14 <+444>: cbz    x0, 0x100fccc34           ; <+476>
    0x100fccc18 <+448>: ldr    x8, [x0]
    0x100fccc1c <+452>: ldr    x8, [x8, #40]
    0x100fccc20 <+456>: b      0x100fccc30               ; <+472>
    0x100fccc24 <+460>: ldr    x8, [sp, #8]
    0x100fccc28 <+464>: ldr    x8, [x8, #32]
    0x100fccc2c <+468>: add    x0, sp, #8                ; =8 
    0x100fccc30 <+472>: blr    x8
    0x100fccc34 <+476>: ldr    x8, [sp, #40]
    0x100fccc38 <+480>: sub    x8, x21, x8
    0x100fccc3c <+484>: cbnz   x8, 0x100fccc54           ; <+508>
    0x100fccc40 <+488>: sub    sp, x29, #32              ; =32 
    0x100fccc44 <+492>: ldp    x29, x30, [sp, #32]
    0x100fccc48 <+496>: ldp    x20, x19, [sp, #16]
    0x100fccc4c <+500>: ldp    x22, x21, [sp], #48
    0x100fccc50 <+504>: ret    
    0x100fccc54 <+508>: bl     0x101035c64               ; symbol stub for: __stack_chk_fail
    0x100fccc58 <+512>: mov    x19, x0
    0x100fccc5c <+516>: ldr    x0, [sp, #32]
    0x100fccc60 <+520>: cmp    x0, x22
    0x100fccc64 <+524>: b.ne   0x100fccc74               ; <+540>
    0x100fccc68 <+528>: ldr    x8, [x0]
    0x100fccc6c <+532>: ldr    x8, [x8, #32]
    0x100fccc70 <+536>: b      0x100fccc80               ; <+552>
    0x100fccc74 <+540>: cbz    x0, 0x100fccc84           ; <+556>
    0x100fccc78 <+544>: ldr    x8, [x0]
    0x100fccc7c <+548>: ldr    x8, [x8, #40]
    0x100fccc80 <+552>: blr    x8
    0x100fccc84 <+556>: mov    x0, x19
    0x100fccc88 <+560>: bl     0x101035bec               ; symbol stub for: _Unwind_Resume

[1ec5]

Please provide a stack trace instead of these disassemblies. It appears that you’re reproducing the crash while the debugger is attached to the process. In that case, please (temporarily) add the .dSYM file included with the SDK to your project, so that the stack trace can be symbolicated. Then, when you hit the crash, open the Debug navigator, select all the rows, and copy them using ⌘C.

[Gurbo]

@1ec5

Thread 1Queue : com.apple.main-thread (serial)
Thread 5Queue : com.apple.libdispatch-manager (serial)
gputools.smt_poll.0x13ff233e0 (6)Thread 7Thread 11Thread 12com.apple.NSURLConnectionLoader (13)Thread 14Thread 15Thread 17Thread 18Thread 19Thread 20Thread 21Thread 22Thread 23Thread 24com.apple.CFSocket.private (27)WebThread (29)Thread 30DefaultFileSource (31)OnlineFileSource (32)#0    0x0000000100f60b98 in mbgl::OnlineFileSource::Impl::activatePendingRequest() ()
#1  0x0000000100f61288 in void std::__1::__invoke_void_return_wrapper<void>::__call<mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequestImpl*)::'lambda'(mbgl::Response)&, mbgl::Response>(mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequestImpl*)::'lambda'(mbgl::Response)&&&, mbgl::Response&&) ()
#2  0x0000000100fa5f70 in mbgl::HTTPNSURLRequest::handleResponse() ()
#3  0x0000000100fbb224 in uv__async_event ()
#4  0x0000000100fbb3e4 in uv__async_io ()
#5  0x0000000100fc6d6c in uv__io_poll ()
#6  0x0000000100fbb8f8 in uv_run ()
#7  0x0000000100f5fdfc in void mbgl::util::Thread<mbgl::OnlineFileSource::Impl>::run<std::__1::tuple<int>, 0ul>(mbgl::util::ThreadContext, std::__1::tuple<int>&&, std::__1::integer_sequence<unsigned long, 0ul>) ()
#8  0x0000000100f5fd28 in std::__1::__thread_proxy<std::__1::tuple<mbgl::util::Thread<mbgl::OnlineFileSource::Impl>::Thread<int>(mbgl::util::ThreadContext const&, int&&)::'lambda'()> >(void*, void*) ()
#9  0x0000000183897b28 in _pthread_body ()
#10 0x0000000183897a8c in _pthread_start ()
#11 0x0000000183895028 in thread_start ()
AssetFileSource (33)Map (34)Worker (35)Worker (36)Worker (37)Worker (38)Thread 41Thread 47Thread 48Thread 49

[Gurbo]

@1ec5

<_NSCallStackArray 0x144bbaf60>(
0   ???                                 0x000000010475ccb4 0x0 + 4369796276,
1   venividi-app                        0x000000010011a678 main + 0,
2   Mapbox                              0x0000000100f61288 _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN4mbgl16OnlineFileSource4Impl15activateRequestEPNS3_21OnlineFileRequestImplEEUlNS3_8ResponseEE_S8_EEEvDpOT_ + 52,
3   Mapbox                              0x0000000100fa5f70 _ZN4mbgl16HTTPNSURLRequest14handleResponseEv + 80,
4   Mapbox                              0x0000000100fbb224 uv__async_event + 80,
5   Mapbox                              0x0000000100fbb3e4 uv__async_io + 168,
6   Mapbox                              0x0000000100fc6d6c uv__io_poll + 1248,
7   Mapbox                              0x0000000100fbb8f8 uv_run + 424,
8   Mapbox                              0x0000000100f5fdfc _ZN4mbgl4util6ThreadINS_16OnlineFileSource4ImplEE3runINSt3__15tupleIJiEEEJLm0EEEEvNS0_13ThreadContextEOT_NS6_16integer_sequenceImJXspT0_EEEE + 116,
9   Mapbox                              0x0000000100f5fd28 _ZNSt3__114__thread_proxyINS_5tupleIJZN4mbgl4util6ThreadINS2_16OnlineFileSource4ImplEEC1IJiEEERKNS3_13ThreadContextEDpOT_EUlvE_EEEEEPvSH_ + 168,
10  libsystem_pthread.dylib             0x0000000183897b28 <redacted> + 156,
11  libsystem_pthread.dylib             0x0000000183897a8c <redacted> + 0,
12  libsystem_pthread.dylib             0x0000000183895028 thread_start + 4
)

[Gurbo]

@1ec5 i hope it will help you, thanks

* thread #32: tid = 0x2bf6c9, 0x0000000100f60b98 Mapbox`mbgl::OnlineFileSource::Impl::activatePendingRequest() + 320, name = 'OnlineFileSource'
  * frame #0: 0x0000000100f60b98 Mapbox`mbgl::OnlineFileSource::Impl::activatePendingRequest() + 320
    frame #1: 0x0000000100f61288 Mapbox`void std::__1::__invoke_void_return_wrapper<void>::__call<mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequestImpl*)::'lambda'(mbgl::Response)&, mbgl::Response>(mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequestImpl*)::'lambda'(mbgl::Response)&&&, mbgl::Response&&) + 52
    frame #2: 0x0000000100fa5f70 Mapbox`mbgl::HTTPNSURLRequest::handleResponse() + 80
    frame #3: 0x0000000100fbb224 Mapbox`uv__async_event + 80
    frame #4: 0x0000000100fbb3e4 Mapbox`uv__async_io + 168
    frame #5: 0x0000000100fc6d6c Mapbox`uv__io_poll + 1248
    frame #6: 0x0000000100fbb8f8 Mapbox`uv_run + 424
    frame #7: 0x0000000100f5fdfc Mapbox`void mbgl::util::Thread<mbgl::OnlineFileSource::Impl>::run<std::__1::tuple<int>, 0ul>(mbgl::util::ThreadContext, std::__1::tuple<int>&&, std::__1::integer_sequence<unsigned long, 0ul>) + 116
    frame #8: 0x0000000100f5fd28 Mapbox`std::__1::__thread_proxy<std::__1::tuple<mbgl::util::Thread<mbgl::OnlineFileSource::Impl>::Thread<int>(mbgl::util::ThreadContext const&, int&&)::'lambda'()> >(void*, void*) + 168
    frame #9: 0x0000000183897b28 libsystem_pthread.dylib`_pthread_body + 156
    frame #10: 0x0000000183897a8c libsystem_pthread.dylib`_pthread_start + 156
    frame #11: 0x0000000183895028 libsystem_pthread.dylib`thread_start + 4

[1ec5]

I can reproduce this crash in iOS SDK v3.3.3 on iOS 9 on an iPhone 6. A couple seconds before the crash, the application receives HTTP error 429 (too many requests), just as reported in #5821.

/cc @jfirebaugh

[1ec5]

As a temporary measure, we’ve increased the rate limit on non-tile resources (including sprites) on the server side.

[ivovandongen]

@1ec5 I tried to reproduce this with ios-v3.4.0-alpha.4, but I see no crashes. How did you reproduce this?

[1ec5]

I haven’t retried since #5827 (comment), but note that the crash only occurs if you hit an HTTP 429 rate limiting error.

[ivovandongen]

@1ec5 I've handled #5821 in #6223. Isn't this just a duplicate of that?

[kkaefer]

I just saw a very similar crash during OnlineFileSource.Load on macOS. It seems to happen randomly.

#0  0x00000001019fbe48 in __gcd_queue_item_enqueue_hook_block_invoke ()
#1  0x00000001019fb476 in gcd_queue_item_enqueue_hook ()
#2  0x0000000101a334d9 in _dispatch_introspection_queue_item_enqueue_hook ()
#3  0x0000000101a0bcb7 in _dispatch_barrier_async_f_slow ()
#4  0x00007fff9842b943 in -[__NSCFURLSessionTask setPriority:] ()
#5  0x00007fff9842b082 in -[__NSCFURLSessionTask initWithOriginalRequest:updatedRequest:ident:session:] ()
#6  0x00007fff9842adaa in -[__NSCFLocalSessionTask initWithOriginalRequest:updatedRequest:ident:session:] ()
#7  0x00007fff9842a9c0 in -[__NSURLSessionLocal taskForClass:request:uploadFile:bodyData:completion:] ()
#8  0x00007fff9842a8f1 in -[__NSURLSessionLocal dataTaskForRequest:completion:] ()
#9  0x00000001004959e1 in mbgl::HTTPFileSource::request(mbgl::Resource const&, std::__1::function<void (mbgl::Response)>) at /Users/kkaefer/Code/gl/native/platform/darwin/src/http_file_source.mm:223
#10 0x0000000100505e24 in mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequest*) at /Users/kkaefer/Code/gl/native/platform/default/online_file_source.cpp:99
#11 0x0000000100503917 in mbgl::OnlineFileSource::Impl::activatePendingRequest() at /Users/kkaefer/Code/gl/native/platform/default/online_file_source.cpp:117
#12 0x00000001005082f7 in mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequest*)::'lambda'(mbgl::Response)::operator()(mbgl::Response) const at /Users/kkaefer/Code/gl/native/platform/default/online_file_source.cpp:101
#13 0x000000010050824b in decltype(std::__1::forward<mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequest*)::'lambda'(mbgl::Response)&>(fp)(std::__1::forward<mbgl::Response>(fp0))) std::__1::__invoke<mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequest*)::'lambda'(mbgl::Response)&, mbgl::Response>(mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequest*)::'lambda'(mbgl::Response)&&&, mbgl::Response&&) [inlined] at /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/__functional_base:416
#14 0x00000001005081fa in void std::__1::__invoke_void_return_wrapper<void>::__call<mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequest*)::'lambda'(mbgl::Response)&, mbgl::Response>(mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequest*)::'lambda'(mbgl::Response)&&&, mbgl::Response&&) at /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/__functional_base:468
#15 0x0000000100508109 in std::__1::__function::__func<mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequest*)::'lambda'(mbgl::Response), std::__1::allocator<mbgl::OnlineFileSource::Impl::activateRequest(mbgl::OnlineFileRequest*)::'lambda'(mbgl::Response)>, void (mbgl::Response)>::operator()(mbgl::Response&&) at /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/functional:1437
#16 0x00000001000c4311 in std::__1::function<void (mbgl::Response)>::operator()(mbgl::Response) const at /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/functional:1817
#17 0x000000010049d33f in _ZNK4mbgl11HTTPRequest5asyncMUlvE_clEv at /Users/kkaefer/Code/gl/native/platform/darwin/src/http_file_source.mm:76
#18 0x000000010049d29d in _ZNSt3__18__invokeIRN4mbgl11HTTPRequest5asyncMUlvE_EJEEEDTclclsr3std3__1E7forwardIT_Efp_Espclsr3std3__1E7forwardIT0_Efp0_EEEOS5_DpOS6_ [inlined] at /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/__functional_base:416
#19 0x000000010049d28c in _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRN4mbgl11HTTPRequest5asyncMUlvE_EEEEvDpOT_ at /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/__functional_base:468
#20 0x000000010049d1b9 in _ZNSt3__110__function6__funcIN4mbgl11HTTPRequest5asyncMUlvE_ENS_9allocatorIS4_EEFvvEEclEv at /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/functional:1437
#21 0x000000010013078e in std::__1::function<void ()>::operator()() const at /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/functional:1817
#22 0x0000000100a0c31e in mbgl::util::AsyncTask::Impl::runTask() at /Users/kkaefer/Code/gl/native/platform/darwin/src/async_task.cpp:45
#23 0x0000000100a0c285 in mbgl::util::AsyncTask::Impl::perform(void*) at /Users/kkaefer/Code/gl/native/platform/darwin/src/async_task.cpp:50
#24 0x00007fff89831881 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ ()
#25 0x00007fff89810fbc in __CFRunLoopDoSources0 ()
#26 0x00007fff898104df in __CFRunLoopRun ()
#27 0x00007fff8980fed8 in CFRunLoopRunSpecific ()
#28 0x00007fff898519b1 in CFRunLoopRun ()
#29 0x0000000100a0d911 in mbgl::util::RunLoop::run() at /Users/kkaefer/Code/gl/native/platform/darwin/src/run_loop.cpp:39
#30 0x00000001002445c2 in OnlineFileSource_Load_Test::TestBody() at /Users/kkaefer/Code/gl/native/test/storage/online_file_source.cpp:257
#31 0x00000001009ff9c3 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) ()
#32 0x00000001009ea947 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) ()
#33 0x00000001009ba5b5 in testing::Test::Run() ()
#34 0x00000001009bbafb in testing::TestInfo::Run() ()
#35 0x00000001009bc797 in testing::TestCase::Run() ()
#36 0x00000001009caf73 in testing::internal::UnitTestImpl::RunAllTests() ()
#37 0x0000000100a03883 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) ()
#38 0x00000001009ed027 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) ()
#39 0x00000001009cab70 in testing::UnitTest::Run() ()
#40 0x0000000100151311 in RUN_ALL_TESTS() at /Users/kkaefer/Code/gl/native/mason_packages/osx-x86_64/gtest/1.7.0/include/gtest/gtest.h:20058
#41 0x00000001001510f6 in mbgl::runTests(int, char**) at /Users/kkaefer/Code/gl/native/test/src/mbgl/test/test.cpp:14
#42 0x0000000100141e3f in main at /Users/kkaefer/Code/gl/native/test/src/main.cpp:19
#43 0x00007fff96f7e5ad in start ()

[jfirebaugh]

Until we understand what causes the crash, let's consider it a separate issue from #5821. It may be that #6223 prevents the crash, or it may not, or it may incidentally hide one cause of the crash but leave others.

[jfirebaugh]

There are some stack traces in #6210 that also implicate activatePendingRequest. It seems likely that the invariants OnlineFileSource::Impl attempts to keep are violated somehow. The intended invariants over the collections (allRequests, pendingRequestsList, pendingRequestsMap, and activeRequests) are:

• An OnlineFileRequest request that is waiting for its timer (OnlineFileRequest::timer) has a pointer entry only in allRequests.
• A request that has been scheduled, but not yet activated due to there already being HTTPFileSource::maximumConcurrentRequests() active requests, has exactly one entry in pendingRequestsList, an entry in pendingRequestsMap whose iterator value points to the entry in pendingRequestsList, an entry in allRequests, and no entry in activeRequests.
• An active request has entries only in allRequests and activeRequests.
• Just before an OnlineFileRequest is destroyed, it is removed from all collections containing a pointer to it.

OnlineFileSource::Impl::activateOrQueueRequest asserts some of these invariants as preconditions -- but is missing an assertions about pendingRequestsList and pendingRequestsMap. And the other methods should have assertions as well. Possibly we could assert postconditions as well as preconditions.

Where could these invariants be violated? Without exhaustively cataloging the possibilities, my gut guess is that activateOrQueueRequest is somehow called for a request that is already pending or active. The fact that there's one known crash related to restoring connectivity suggests that the OnlineFileRequest::networkIsReachableAgain() pathway is involved. One possibility that deserves investigation is whether or not Timer::start lives up to the expectations made of it, in particular whether restarting an active timer ensures that the prior callback is deregistered -- even, for instance, if it was already scheduled for execution in the current turn of the event loop.

Another contributing factor may be a throw from httpFileSource.request -- I suspect this can lead to a mis-scheduled request. We know that throws are sometimes happening here, though there is some evidence that a crash can happen even when that doesn't happen.