Crash "il2cpp::vm::object::AllocatePtrFree" while deserializing

Since yesterday we have a very frustrating and confusing crash on several hundreds of IOS users:


To be honest we're quite out of ideas, especially since we can't reproduce the issue.
According to the callstack the game tried to deserialize game templates from our cache. All of them are binary serialized on disk.

This never happened before and users are not getting any kind of exception, the game simply closes itself.

Anyone got some ideas? I tried going through the generated IL2CPP code based on the callstack but I couldn't find anything useful.

 

We have something familiar but a bit different stack, didn't dig deep yet:

Code (CSharp):

1. Crashed: MsgReader
2. 0  bingo                          0x1e9611c il2cpp::vm::Object::AllocatePtrFree(unsigned long, Il2CppClass*) + 63 (Object.cpp:63)
3. 1  bingo                          0x1e520db GC_malloc_atomic + 383 (misc.c:383)
4. 2  bingo                          0x1ea2cad il2cpp::vm::String::NewSize(int) + 110 (String.cpp:110)
5. 3  bingo                          0x1120123 StringBuilder__ctor_m3504405255 + 18801 (Bulk_mscorlib_11.cpp:18801)
6. 4  bingo                          0x1120405 StringBuilder__ctor_m2367297767 + 18854 (Bulk_mscorlib_11.cpp:18854)
7. 5  bingo                          0x644301 Msg_readString_m863114922 + 47571 (Bulk_Assembly-CSharp_38.cpp:47571)
8. 6  bingo                          0x5e602f SBanned_readImpl_m3186390710 + 12873 (Bulk_Assembly-CSharp_36.cpp:12873)
9. 7  bingo                          0x6406c7 Connection_read_m1188807603 + 45127 (Bulk_Assembly-CSharp_38.cpp:45127)
10. 8  bingo                          0x64b6ab MsgReader_run_m2634151300 + 30 (Bulk_Assembly-CSharp_38.cpp:30)
11. 9  bingo                          0x141ce99 RuntimeInvoker_Void_t1185182177(void (*)(), MethodInfo const*, void*, void**) + 62767 (Il2CppInvokerTable.cpp:62767)
12. 10 bingo                          0x1ea18cd il2cpp::vm::Runtime::Invoke(MethodInfo const*, void*, void**, Il2CppException**) + 514 (Runtime.cpp:514)
13. 11 bingo                          0x1e6bbc3 il2cpp::icalls::mscorlib::System::Threading::ThreadStart(void*) + 160 (Thread.cpp:160)
14. 12 bingo                          0x1e767c9 il2cpp::os::Thread::RunWrapper(void*) + 169 (Thread.cpp:169)
15. 13 bingo                          0x1e7d03f il2cpp::os::ThreadImpl::ThreadStartWrapper(void*) + 106 (ThreadImpl.cpp:106)
16. 14 libsystem_pthread.dylib        0x1d99893b _pthread_body + 216
17. 15 libsystem_pthread.dylib        0x1d99885d _pthread_start + 234
18. 16 libsystem_pthread.dylib        0x1d996468 thread_start + 8

 

Okay, our trouble was that some old client was trying to parse server socket message that was already changed on serverside. We simply had to force client update to some more actual version that uses fresher DTO