Crash in [ToolbarButton layoutSubviews] when opening new tab |
||||
Issue description
I don't have reliable repro steps. I am reproing fairly easily by opening a few tabs on an iPad Pro with a keyboard and typing "asdf" in the omnibox and navigating to an SRP.
It seems like this may only happen when there is at least one incognito tab, but I'm not sure.
Stack trace:
* thread #1, name = 'CrWebMain', queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
frame #0: 0x0000000181414500 libobjc.A.dylib`objc_exception_throw
frame #1: 0x00000001829b2f28 CoreFoundation`+[NSException raise:format:] + 116
frame #2: 0x00000001833a9660 Foundation`-[NSObject(NSKeyValueCoding) valueForKey:] + 360
frame #3: 0x0000000185d36254 QuartzCore`CAObject_valueForKey + 140
frame #4: 0x0000000188dbbc18 UIKit`-[_UIViewAdditiveAnimationAction runActionForKey:object:arguments:] + 1788
frame #5: 0x0000000185cc410c QuartzCore`-[CALayer setContents:] + 256
frame #6: 0x0000000188aecc74 UIKit`-[UIImageView _setImageViewContents:] + 1824
frame #7: 0x0000000188aec0dc UIKit`-[UIImageView _updateState] + 664
frame #8: 0x0000000188aedeb4 UIKit`-[UIImageView tintColorDidChange] + 140
frame #9: 0x0000000188ff3224 UIKit`-[_UITintColorVisitor _visitView:] + 352
frame #10: 0x0000000188ff3908 UIKit`_UIViewVisitorEntertainVisitors + 104
frame #11: 0x0000000188ff2a3c UIKit`_UIViewVisitorRecursivelyEntertainDescendingVisitors + 196
frame #12: 0x0000000188ff271c UIKit`+[_UIViewVisitor _startTraversalOfVisitor:withView:] + 332
frame #13: 0x0000000188dc702c UIKit`-[UIView _dispatchTintColorVisitorWithReasons:] + 144
frame #14: 0x0000000188b53c60 UIKit`-[UIView setTintColor:] + 120
frame #15: 0x0000000188b134d8 UIKit`+[UIView(UIViewAnimationWithBlocks) _setupAnimationWithDuration:delay:view:options:factory:animations:start:animationStateGenerator:completion:] + 644
frame #16: 0x0000000188b29bd0 UIKit`+[UIView(UIViewAnimationWithBlocks) animateWithDuration:delay:options:animations:completion:] + 108
frame #17: 0x0000000188fd8cf4 UIKit`-[UIButton _updateImageView] + 968
frame #18: 0x0000000188b32bb4 UIKit`-[UIButton layoutSubviews] + 192
* frame #19: 0x0000000101418bc8 Chromium`::-[ToolbarButton layoutSubviews](self=0x000000011dd5c180, _cmd="layoutSubviews") at toolbar_button.mm:57
frame #20: 0x0000000188adb178 UIKit`-[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 1200
frame #21: 0x0000000185ccb274 QuartzCore`-[CALayer layoutSublayers] + 148
frame #22: 0x0000000185cbfde8 QuartzCore`CA::Layer::layout_if_needed(CA::Transaction*) + 292
frame #23: 0x0000000188aef910 UIKit`-[UIView(Hierarchy) layoutBelowIfNeeded] + 548
frame #24: 0x0000000101643450 Chromium`::-[PrimaryToolbarViewController contractLocationBar](self=0x000000011dd54860, _cmd="contractLocationBar") at primary_toolbar_view_controller.mm:187
frame #25: 0x00000001016470dc Chromium`::__54-[OmniboxFocusOrchestrator updateUIToContractedState:]_block_invoke(.block_descriptor=0x0000000174e482b0) at omnibox_focus_orchestrator.mm:66
frame #26: 0x000000018957c48c UIKit`-[UIViewPropertyAnimator _runAnimations] + 204
frame #27: 0x0000000189582ccc UIKit`__41-[UIViewPropertyAnimator startAnimation:]_block_invoke + 304
frame #28: 0x0000000189582220 UIKit`-[UIViewPropertyAnimator _setupAnimationTracking:] + 148
frame #29: 0x00000001895829c0 UIKit`-[UIViewPropertyAnimator startAnimation:] + 1492
frame #30: 0x0000000101646eac Chromium`::-[OmniboxFocusOrchestrator updateUIToContractedState:](self=0x00000001700172f0, _cmd="updateUIToContractedState:", animated=YES) at omnibox_focus_orchestrator.mm:95
frame #31: 0x00000001016464c4 Chromium`::-[OmniboxFocusOrchestrator transitionToStateOmniboxFocused:toolbarExpanded:animated:](self=0x00000001700172f0, _cmd="transitionToStateOmniboxFocused:toolbarExpanded:animated:", omniboxFocused=YES, toolbarExpanded=NO, animated=YES) at omnibox_focus_orchestrator.mm:25
frame #32: 0x000000010216be40 Chromium`::-[PrimaryToolbarCoordinator transitionToLocationBarFocusedState:](self=0x0000000170108ee0, _cmd="transitionToLocationBarFocusedState:", focused=YES) at primary_toolbar_coordinator.mm:124
frame #33: 0x0000000101dd7ffc Chromium`::-[BrowserViewController locationBarDidBecomeFirstResponder](self=0x000000011e844400, _cmd="locationBarDidBecomeFirstResponder") at browser_view_controller.mm:4399
frame #34: 0x0000000101539da0 Chromium`::-[LocationBarCoordinator locationBarHasBecomeFirstResponder](self=0x00000001700d2bb0, _cmd="locationBarHasBecomeFirstResponder") at location_bar_coordinator.mm:245
frame #35: 0x0000000101401b98 Chromium`WebOmniboxEditControllerImpl::OnSetFocus(this=0x00000001701296a0) at web_omnibox_edit_controller_impl.mm:35
frame #36: 0x00000001013fb690 Chromium`OmniboxViewIOS::OnDidBeginEditing(this=0x00000001701f2000) at omnibox_view_ios.mm:436
frame #37: 0x00000001013fb390 Chromium`::-[AutocompleteTextFieldDelegate textFieldDidBeginEditing:](self=0x0000000174035de0, _cmd="textFieldDidBeginEditing:", textField=0x000000011e0a4a00) at omnibox_view_ios.mm:134
frame #38: 0x0000000188be3f1c UIKit`-[UITextField _becomeFirstResponder] + 644
frame #39: 0x0000000188b61578 UIKit`-[UIResponder becomeFirstResponder] + 388
frame #40: 0x0000000188b619bc UIKit`-[UIView(Hierarchy) becomeFirstResponder] + 148
frame #41: 0x0000000188be2930 UIKit`-[UITextField becomeFirstResponder] + 64
frame #42: 0x00000001013e33f8 Chromium`::-[ClippingTextField becomeFirstResponder](self=0x000000011e0a4a00, _cmd="becomeFirstResponder") at clipping_textfield.mm:25
frame #43: 0x00000001013eb158 Chromium`::-[OmniboxCoordinator focusOmnibox](self=0x0000000170474100, _cmd="focusOmnibox") at omnibox_coordinator.mm:96
frame #44: 0x0000000101539c68 Chromium`::-[LocationBarCoordinator focusOmnibox](self=0x00000001700d2bb0, _cmd="focusOmnibox") at location_bar_coordinator.mm:235
frame #45: 0x0000000101ddafd0 Chromium`::__36-[BrowserViewController openNewTab:]_block_invoke(.block_descriptor=0x0000000178091170) at browser_view_controller.mm:4592
frame #46: 0x0000000101de145c Chromium`::__62-[BrowserViewController tabModel:newTabWillOpen:inBackground:]_block_invoke(.block_descriptor=0x0000000178a45e50) at browser_view_controller.mm:5026
frame #47: 0x000000010cc89a50 libdispatch.dylib`_dispatch_call_block_and_release + 24
frame #48: 0x000000010cc89a10 libdispatch.dylib`_dispatch_client_callout + 16
frame #49: 0x000000010cc8eb78 libdispatch.dylib`_dispatch_main_queue_callback_4CF + 1204
frame #50: 0x00000001829610c8 CoreFoundation`__CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 12
frame #51: 0x000000018295ece4 CoreFoundation`__CFRunLoopRun + 1572
frame #52: 0x000000018288eda4 CoreFoundation`CFRunLoopRunSpecific + 424
frame #53: 0x00000001842f9074 GraphicsServices`GSEventRunModal + 100
frame #54: 0x0000000188b43154 UIKit`UIApplicationMain + 208
frame #55: 0x00000001000c32fc Chromium`(anonymous namespace)::RunUIApplicationMain(argc=1, argv=0x000000016fd43a98) at chrome_exe_main.mm:54
frame #56: 0x00000001000c2d1c Chromium`main(argc=1, argv=0x000000016fd43a98) at chrome_exe_main.mm:78
frame #57: 0x000000018189d59c libdyld.dylib`start + 4
,
Jun 26 2018
,
Jun 29 2018
Might be a UIKit bug: https://github.com/lionheart/openradar-mirror/issues/18543
,
Jul 2
Reproduction steps:
- Open few tabs using cmd + t on the physical keyboard.
- Search for something ("safds")
- Open a new tab using cmd + t
App crashes.
Open radar: http://www.openradar.me/34785863
,
Jul 6
Also, this only reproduces on iOS 10.
,
Jul 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c2d675f872b48d6c71679a15a0d933cc66188a12 commit c2d675f872b48d6c71679a15a0d933cc66188a12 Author: Gauthier Ambard <gambard@chromium.org> Date: Tue Jul 10 09:49:11 2018 Use UIView animation instead of PropertyAnimator This CL removes the use of UIViewPropertyAnimator and use [UIView animateWithDuration] instead to prevent a crash caused by UIKit. Bug: 856155 Cq-Include-Trybots: luci.chromium.try:ios-simulator-full-configs;master.tryserver.chromium.mac:ios-simulator-cronet Change-Id: If8c212185858bba4b095f1fc8c52ec1b7958a3b2 Reviewed-on: https://chromium-review.googlesource.com/1122132 Reviewed-by: Mark Cogan <marq@chromium.org> Commit-Queue: Gauthier Ambard <gambard@chromium.org> Cr-Commit-Position: refs/heads/master@{#573666} [modify] https://crrev.com/c2d675f872b48d6c71679a15a0d933cc66188a12/ios/chrome/browser/ui/orchestrator/omnibox_focus_orchestrator.mm
,
Jul 10
,
Jul 17
Verified in 69.0.3494.0 Canary, iPad Air iOS10.3.3 followed comment #4 steps Looks good. |
||||
►
Sign in to add a comment |
||||
Comment 1 by stkhapugin@chromium.org
, Jun 25 2018