Chrome_iOS: Crash Report - FullscreenMediator::StopAnimating |
||||||||
Issue descriptionreporter:pkl@google.com Magic Signature: FullscreenMediator::StopAnimating Crash link: https://crash.corp.google.com//browse?q=reportid%3D'268c955bc6363c7e'%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D'FullscreenMediator%3A%3AStopAnimating'&sql_dialect=googlesql&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#3 ------------------------------------------------------------------------------- Sample Report ------------------------------------------------------------------------------- Product name: Chrome_iOS Magic Signature : FullscreenMediator::StopAnimating Product Version: 65.0.3289.0 Process type: Report ID: 268c955bc6363c7e Report Url: https://crash.corp.google.com/268c955bc6363c7e Report Time: 2017-12-09T07:53:53-08:00 Upload Time: 2017-12-09T14:00:36.442-08:00 Uptime: 619000 ms CumulativeProductUptime: 0 ms OS Name: iOS OS Version: 11.2.0 15C114 CPU Architecture: arm64 CPU Info: ------------------------------------------------------------------------------- Crashing thread: Thread index: 0. Stack Quality: 48%. Thread id: 771. ------------------------------------------------------------------------------- 0x0000000183d66364 (CoreFoundation + 0x00146364) __exceptionPreprocess 0x0000000182fac524 (libobjc.A.dylib + 0x00008524) objc_exception_throw 0x0000000183d662a8 (CoreFoundation + 0x001462a8) +[NSException raise:format:] 0x000000018df1fd40 (UIKit + 0x00ce7d40) 0x000000018df2014c (UIKit + 0x00ce814c) 0x000000018df20248 (UIKit + 0x00ce8248) 0x0000000102917888 (Chrome - fullscreen_mediator.mm: 95) FullscreenMediator::StopAnimating() 0x00000001029188e0 (Chrome - fullscreen_model.mm: 118) FullscreenModel::SetScrollViewIsDragging(bool) 0x0000000183d6dccc (CoreFoundation + 0x0014dccc) __invoking___ 0x0000000183c4c568 (CoreFoundation + 0x0002c568) -[NSInvocation invoke] 0x0000000183c51018 (CoreFoundation + 0x00031018) -[NSInvocation invokeWithTarget:] 0x0000000102df6668 (Chrome - crb_protocol_observers.mm: 169) -[CRBProtocolObservers forwardInvocation:] 0x0000000183d6ba18 (CoreFoundation + 0x0014ba18) ___forwarding___ 0x0000000183c50ec8 (CoreFoundation + 0x00030ec8) _CF_forwarding_prep_0 0x0000000183d6dccc (CoreFoundation + 0x0014dccc) __invoking___ 0x0000000183c4c568 (CoreFoundation + 0x0002c568) -[NSInvocation invoke] 0x0000000183c51018 (CoreFoundation + 0x00031018) -[NSInvocation invokeWithTarget:] 0x000000010291ad04 (Chrome - chrome_broadcaster.mm: 287) -[ChromeBroadcaster observeValueForKeyPath:ofObject:change:context:] 0x000000018466e890 (Foundation + 0x00019890) 0x000000018466e3b8 (Foundation + 0x000193b8) 0x0000000184727f18 (Foundation + 0x000d2f18) 0x000000018466d854 (Foundation + 0x00018854) 0x0000000184724c0c (Foundation + 0x000cfc0c) 0x0000000102c94eac (Chrome - main_content_ui_state.mm: 87) -[MainContentUIStateUpdater scrollViewWillBeginDraggingWithGesture:] 0x0000000102c95540 (Chrome - web_scroll_view_main_content_ui_forwarder.mm: 91) -[WebScrollViewMainContentUIForwarder webViewScrollViewWillBeginDragging:] 0x0000000183d6dccc (CoreFoundation + 0x0014dccc) __invoking___ 0x0000000183c4c568 (CoreFoundation + 0x0002c568) -[NSInvocation invoke] 0x0000000183c51018 (CoreFoundation + 0x00031018) -[NSInvocation invokeWithTarget:] 0x0000000102df6668 (Chrome - crb_protocol_observers.mm: 169) -[CRBProtocolObservers forwardInvocation:] 0x0000000183d6ba18 (CoreFoundation + 0x0014ba18) ___forwarding___ 0x0000000183c50ec8 (CoreFoundation + 0x00030ec8) _CF_forwarding_prep_0 0x0000000102765664 (Chrome - crw_web_view_scroll_view_proxy.mm: 220) -[CRWWebViewScrollViewProxy scrollViewWillBeginDragging:] 0x0000000183d6dccc (CoreFoundation + 0x0014dccc) __invoking___ 0x0000000183c4c568 (CoreFoundation + 0x0002c568) -[NSInvocation invoke] 0x0000000183c51018 (CoreFoundation + 0x00031018) -[NSInvocation invokeWithTarget:] 0x00000001930eed74 (WebKit + 0x002ebd74) -[WKScrollViewDelegateForwarder forwardInvocation:] 0x0000000183d6ba18 (CoreFoundation + 0x0014ba18) ___forwarding___ 0x0000000183c50ec8 (CoreFoundation + 0x00030ec8) _CF_forwarding_prep_0 0x000000018d3d0e64 (UIKit + 0x00198e64) 0x000000018d3d0690 (UIKit + 0x00198690) 0x000000018d8e4ccc (UIKit + 0x006acccc) 0x000000018d8e92c0 (UIKit + 0x006b12c0) 0x000000018d3c1aa4 (UIKit + 0x00189aa4) 0x000000018d278c34 (UIKit + 0x00040c34) 0x000000018d8d2b30 (UIKit + 0x0069ab30) 0x000000018d8d26a0 (UIKit + 0x0069a6a0) 0x000000018d8d17fc (UIKit + 0x006997fc) 0x000000018d276f40 (UIKit + 0x0003ef40) 0x000000018d247f60 (UIKit + 0x0000ff60) 0x000000018db9d318 (UIKit + 0x00965318) 0x000000018db9f8a4 (UIKit + 0x009678a4) 0x000000018db9fc0c (UIKit + 0x00967c0c) 0x000000018db987bc (UIKit + 0x009607bc) 0x0000000183d0e978 (CoreFoundation + 0x000ee978) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x0000000183d0e8f8 (CoreFoundation + 0x000ee8f8) __CFRunLoopDoSource0 0x0000000183d0e1d4 (CoreFoundation + 0x000ee1d4) __CFRunLoopDoSources0 0x0000000183d0bd58 (CoreFoundation + 0x000ebd58) __CFRunLoopRun 0x0000000183c2be54 (CoreFoundation + 0x0000be54) CFRunLoopRunSpecific 0x0000000185ad8f80 (GraphicsServices + 0x0000af80) GSEventRunModal 0x000000018d2ab678 (UIKit + 0x00073678) 0x00000001026bc26c (Chrome - chrome_exe_main.mm: 55) main 0x0000000183748568 (libdyld.dylib + 0x00001568)
,
Dec 9 2017
,
Dec 11 2017
This crash was due to an exception thrown by UIKit. It was fixed in crrev.com/c/807593, specifically here: https://cs.chromium.org/chromium/src/ios/chrome/browser/ui/fullscreen/fullscreen_mediator.mm?q=fullscreen_mediator&sq=package:chromium&l=94
,
Dec 11 2017
Actually, it looks like that CL was landed in the referenced version, so I'll reopen to investigate.
,
Dec 12 2017
Steps to repro the bug. Steps to reproduce : 1. Launch chrome . 2. Open any webpage (say : cnn.com) 3. Keep scrolling the page below the omnibox quickly Observed results: App crashes Expected results: App should not crash Video : https://drive.google.com/file/d/1fe-dhF-RMdDLnMX704gXG-Z0NnfYTX38/view?usp=sharing
,
Dec 20 2017
,
Dec 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5c53878e5c5e51e8ab32e4a6d9cb3ce25a600765 commit 5c53878e5c5e51e8ab32e4a6d9cb3ce25a600765 Author: Kurt Horimoto <kkhorimoto@chromium.org> Date: Wed Dec 20 17:45:47 2017 [iOS] Stop animating without completion for new scroll events. The completion blocks of the property animator is not guaranteed to be called in the synchronously from |-finishAnimationAtPosition:|, so despite previous safeguards put in place, the animator was still sometimes deallocated when the state was active. This CL updates StopAnimating() to no longer perform property animator completion blocks. Bug: 793623 Cq-Include-Trybots: master.tryserver.chromium.mac:ios-simulator-cronet;master.tryserver.chromium.mac:ios-simulator-full-configs Change-Id: I5d6d08c229d5fabe78f2ff79ab69560f79532d21 Reviewed-on: https://chromium-review.googlesource.com/835790 Reviewed-by: Kurt Horimoto <kkhorimoto@chromium.org> Reviewed-by: Mark Cogan <marq@chromium.org> Commit-Queue: Kurt Horimoto <kkhorimoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#525362} [modify] https://crrev.com/5c53878e5c5e51e8ab32e4a6d9cb3ce25a600765/ios/chrome/browser/ui/fullscreen/fullscreen_mediator.mm
,
Dec 20 2017
,
Dec 21 2017
,
Dec 21 2017
Issue 794569 has been merged into this issue.
,
Dec 22 2017
,
Jan 2 2018
No crashes seen based on the steps from comment#5. Verified on M65.0.3310.0 canary Device: iPhoneX, iPhone8 iOS: 11.2.5, 11.1.1
,
Jan 3 2018
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by pkl@chromium.org
, Dec 9 2017Components: UI>Browser>FullScreen
Owner: kkhorimoto@chromium.org
Status: Assigned (was: Untriaged)