App crashes on tapping show/hide button multiple times |
||||||||||||
Issue descriptionApp Version: 69.0.3497.6 Beta iOS Version: 10.3.3, 11.4.1, 12 Beta 4 Device: iPhone and iPad Steps to reproduce: 1. Launch chrome and let the content suggestions load 2. Clear browsing data from settings 3. Tap on hide button in the new tab page 4. Force quit and relaunch the app 5. Tap on show and hide button multiple times Observed results: Notice that app crashes Expected results: App shouldn’t crash Number of times you were able to reproduce: 5/5 Bug reproducible after clean install: Yes/No Bug reproducible after clearing cache and cookies: Yes/No Bug reproducible on Chrome Mobile on Android: Not tested Bug reproducible on Safari/Firefox: Firefox: NA, Safari: NA Bug reproducible on current stable build (App Version, iOS Version): NA on M68 (show/hide button available from M69) Bug reproducible on the current beta channel build (App Version, iOS Version): Yes on M69 Type-bug-regression? No Link to Video: https://drive.google.com/file/d/1a4Z4wUmZ9Cb9lls4AbblOqCiDYsVhJCL/view?usp=sharing Crash URL: https://crash.corp.google.com/browse?stbtiq=49e56b334ca78adc Stack Trace: Thread 0 (id: 0x403) CRASHED [EXC_SOFTWARE / UNCAUGHT_NS_EXCEPTION @ 0x00000001866a2fe0 ] MAGIC SIGNATURE THREAD Stack Quality84%Show frame trust levels 0x00000001866a2fe0 (CoreFoundation + 0x0012cfe0 ) __exceptionPreprocess 0x0000000185104534 (libobjc.A.dylib + 0x00008534 ) objc_exception_throw 0x00000001866a2eb0 (CoreFoundation + 0x0012ceb0 ) +[NSException raise:format:arguments:] 0x000000018713b75c (Foundation + 0x000ae75c ) -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] 0x000000018d0dedbc (UIKit + 0x00919dbc ) -[UICollectionView _endItemAnimationsWithInvalidationContext:tentativelyForReordering:animator:] 0x000000018d0db9dc (UIKit + 0x009169dc ) -[UICollectionView _updateSections:updateAction:] 0x00000001004a0f70 (Chrome -content_suggestions_collection_updater.mm:358 ) -[ContentSuggestionsCollectionUpdater reloadSection:] 0x00000001004797d4 (Chrome -content_suggestions_mediator.mm:384 ) -[ContentSuggestionsMediator toggleArticlesVisibility] 0x00000001004a3a14 (Chrome -content_suggestions_collection_updater.mm:695 ) __60-[ContentSuggestionsCollectionUpdater headerForSectionInfo:]_block_invoke 0x00000001004aef94 (Chrome -content_suggestions_articles_header_item.mm:65 ) -[ContentSuggestionsArticlesHeaderItem cellButtonTapped:] 0x00000001004afa54 (Chrome -content_suggestions_articles_header_item.mm:127 ) -[ContentSuggestionsArticlesHeaderCell buttonTapped] 0x000000018c809c50 (UIKit + 0x00044c50 ) -[UIApplication sendAction:to:from:forEvent:] 0x000000018c809bd0 (UIKit + 0x00044bd0 ) -[UIControl sendAction:to:forEvent:] 0x000000018c7f4144 (UIKit + 0x0002f144 ) -[UIControl _sendActionsForEvents:withEvent:] 0x000000018c8094b4 (UIKit + 0x000444b4 ) -[UIControl touchesEnded:withEvent:] 0x000000018cd9e0e4 (UIKit + 0x005d90e4 ) _UIGestureEnvironmentSortAndSendDelayedTouches 0x000000018cd9a430 (UIKit + 0x005d5430 ) _UIGestureEnvironmentUpdate 0x000000018cd99f74 (UIKit + 0x005d4f74 ) -[UIGestureEnvironment _deliverEvent:toGestureRecognizers:usingBlock:] 0x000000018cd99220 (UIKit + 0x005d4220 ) -[UIGestureEnvironment _updateGesturesForEvent:window:] 0x000000018c80434c (UIKit + 0x0003f34c ) -[UIWindow sendEvent:] 0x000000018c7d4f7c (UIKit + 0x0000ff7c ) -[UIApplication sendEvent:] 0x000000018cfcea1c (UIKit + 0x00809a1c ) __dispatchPreprocessedEventFromEventQueue 0x000000018cfc9178 (UIKit + 0x00804178 ) __handleEventQueue 0x000000018cfc95a4 (UIKit + 0x008045a4 ) __handleHIDEventFetcherDrain 0x0000000186651428 (CoreFoundation + 0x000db428 ) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x0000000186650d98 (CoreFoundation + 0x000dad98 ) __CFRunLoopDoSources0 0x000000018664e9a4 (CoreFoundation + 0x000d89a4 ) __CFRunLoopRun 0x000000018657eda0 (CoreFoundation + 0x00008da0 ) CFRunLoopRunSpecific 0x0000000187fe9070 (GraphicsServices + 0x0000c070 ) GSEventRunModal 0x000000018c839c98 (UIKit + 0x00074c98 ) UIApplicationMain 0x00000001000e1850 (Chrome -chrome_exe_main.mm:54 ) main 0x000000018558d598 (libdyld.dylib + 0x00004598 ) start
,
Jul 25
Assigning to Justin. If you don't have time to look at it before being OOO, please assign back to me.
,
Jul 25
Exception is: "Invalid update: invalid number of items in section 3. The number of items contained in an existing section after the update (1) must be equal to the number of items contained in that section before the update (0), plus or minus the number of items inserted or deleted from that section (0 inserted, 0 deleted) and plus or minus the number of items moved into or out of that section (0 moved in, 0 moved out)." gambard@ I'm unable to reproduce this. Any ideas?
,
Jul 25
I was able to reproduce. Doing a cold start with the suggestions hidden prevent the ContentSuggestionsProvider from starting. So when the provider is up, it is notifying the NTP that new suggestions are available. This triggers a change in the CollectionView, which adds the newly available items. At the end of this animation, we are checking if the section is empty, and if it is an empty item is added. If you press hide during this animation, then you remove all items. So the empty item is added but I guess there is a problem with it? I don't really know what is happening but I think it has to do with that.
,
Jul 25
gambard@ can you take a look while I'm OOO? Thanks!
,
Jul 30
I have easier reproduction step: 1. Hide the articles 2. Restart the app 3. Tap "show" then "hide" quickly 4. Wait 2-3s 5. Tap "show"
,
Jul 30
The crash is caused by the "Learn More" section being added while only the "Articles" section is being reloaded.
,
Jul 30
,
Jul 31
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/49983345b0047ab314b55876cc0032bb063d9ef8 commit 49983345b0047ab314b55876cc0032bb063d9ef8 Author: Gauthier Ambard <gambard@chromium.org> Date: Tue Jul 31 15:46:23 2018 Fix section reload in NTP When a ContentSuggestions section is reloaded in the NTP, it is possible that new sections/items in other sections are added. This CL makes sure that the collection is updated to take those new elements into account. Bug: 866849 Cq-Include-Trybots: luci.chromium.try:ios-simulator-full-configs;master.tryserver.chromium.mac:ios-simulator-cronet Change-Id: Id474ca33afdafb18871b2bb77e4a94e8bfe1cc68 Reviewed-on: https://chromium-review.googlesource.com/1154986 Commit-Queue: Gauthier Ambard <gambard@chromium.org> Reviewed-by: Stepan Khapugin <stkhapugin@chromium.org> Cr-Commit-Position: refs/heads/master@{#579416} [modify] https://crrev.com/49983345b0047ab314b55876cc0032bb063d9ef8/ios/chrome/browser/ui/content_suggestions/content_suggestions_collection_updater.mm [modify] https://crrev.com/49983345b0047ab314b55876cc0032bb063d9ef8/ios/chrome/browser/ui/content_suggestions/content_suggestions_egtest.mm
,
Jul 31
,
Aug 1
Verified on Canary. +kariahda@ for merge approval.
,
Aug 1
,
Aug 1
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/77d6650f234228e8b666c00f9564cccf21327bb3 commit 77d6650f234228e8b666c00f9564cccf21327bb3 Author: Gauthier Ambard <gambard@chromium.org> Date: Wed Aug 01 14:28:00 2018 Fix section reload in NTP When a ContentSuggestions section is reloaded in the NTP, it is possible that new sections/items in other sections are added. This CL makes sure that the collection is updated to take those new elements into account. Bug: 866849 Cq-Include-Trybots: luci.chromium.try:ios-simulator-full-configs;master.tryserver.chromium.mac:ios-simulator-cronet Change-Id: Id474ca33afdafb18871b2bb77e4a94e8bfe1cc68 Reviewed-on: https://chromium-review.googlesource.com/1154986 Commit-Queue: Gauthier Ambard <gambard@chromium.org> Reviewed-by: Stepan Khapugin <stkhapugin@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#579416}(cherry picked from commit 49983345b0047ab314b55876cc0032bb063d9ef8) Reviewed-on: https://chromium-review.googlesource.com/1158744 Reviewed-by: Gauthier Ambard <gambard@chromium.org> Cr-Commit-Position: refs/branch-heads/3497@{#311} Cr-Branched-From: 271eaf50594eb818c9295dc78d364aea18c82ea8-refs/heads/master@{#576753} [modify] https://crrev.com/77d6650f234228e8b666c00f9564cccf21327bb3/ios/chrome/browser/ui/content_suggestions/content_suggestions_collection_updater.mm [modify] https://crrev.com/77d6650f234228e8b666c00f9564cccf21327bb3/ios/chrome/browser/ui/content_suggestions/content_suggestions_egtest.mm
,
Aug 7
Verified in: App Version: 70.0.3515.0 canary Devices: iPhone 7 Plus, iPhone 8 Plus, iPad Air iOS Versions: 10.3.3, 11.4.1, 12.0 beta 6 Crash is not reproducible following the steps mentioned in Comment#0 & #6.
,
Aug 8
Issue verified Version: Chrome Beta 69.0.3497.31 Device: iPhone 8 iOS: 11.4 There is no crash on tapping show/hide multiple times https://drive.google.com/open?id=1-WDMW4ZKEJVjLJi7zenpsU_qSI4S2ue5
,
Aug 23
We have the same crash report on chrome beta version on 69.0.3497.41 https://crash.corp.google.com/browse?stbtiq=73973e000ef03f3b Rechecked and could not reproduce the crash following the steps mentioned in comment #6 on latest chrome beta version 69.0.3497.58. Will keep monitoring the crash reports.
,
Sep 5
Seeing quite a few of these in M69 1% rollout. This is making up 5% of all crashes (1950 reports).
The stack trace looks the same. The exceptionReason is:
*** -[NSIndexSet initWithIndexesInRange:]: Range {9223372036854775807, 1} exceeds maximum index value of NSNotFound - 1
,
Sep 5
Seems like sectionForSectionIdentifier:sectionIdentifier is returning NSNotFound (which would DCHECK in debug code, this shouldn't be possible).
We could add an extra return to be safe, but this is not ideal. Any idea how to reproduce?
diff --git a/ios/chrome/browser/ui/content_suggestions/content_suggestions_collection_updater.mm b/ios/chrome/browser/ui/content_suggestions/content_suggestions_collection_updater.mm
index d5aae12c8f3c..d1a05b9e8639 100644
--- a/ios/chrome/browser/ui/content_suggestions/content_suggestions_collection_updater.mm
+++ b/ios/chrome/browser/ui/content_suggestions/content_suggestions_collection_updater.mm
@@ -367,7 +367,8 @@ NSString* const kContentSuggestionsCollectionUpdaterSnackbarCategory =
// Make sure we get the right index for the section.
section = [model sectionForSectionIdentifier:sectionIdentifier];
-
+ if (section == NSNotFound)
+ return;
[self.collectionViewController.collectionView
reloadSections:[NSIndexSet indexSetWithIndex:section]];
}
,
Sep 5
I pinged test team to try and repro with above steps or new ones.
,
Sep 5
Verified on 70.0.3538.6 Beta, iPhone 7 iOS 12.0 beta#12, Crash is not reproducible following the steps mentioned in Comment#0 & #6.
,
Sep 5
Hi I'm seeing 19 AW Snap crashes since yesterday https://screenshot.googleplex.com/424EC5dKFOX Examples https://listnr.corp.google.com/product/5031434/report/85641601282 https://listnr.corp.google.com/product/5031434/report/85641297715 https://listnr.corp.google.com/product/5031434/report/85640059272 https://listnr.corp.google.com/product/5031434/report/85639804639 I see across both iPad and iPhone on iOS 11.4.1, Chrome 69.0.3497.71, across different locales.
,
Sep 5
We should really see about a fix for this. According to "gUP Chrome M69 Day 1 Launch Report" this is the top iOS trending issue.
,
Sep 6
This is currently assigned to someone who is OOO until the middle of next week. I don't know if anyone in MTV is still around to investigate tonight. I'll assign it to marq to see if anyone in Paris can pick this up in the morning, and I'll CC kkhorimoto in case he's still around tonight. Justin and I can pick it back up in the morning. It sounds like this is now for M69?
,
Sep 6
The Aw Snap reports from #21 are likely unrelated, because this bug is for a full browser crash, not renderer crashes. If we're seeing an uptick in Aw Snap reports, we should split that off into a new bug and investigate.
,
Sep 6
The prominent M69 crash is not this bug. This bug is for hammering show/hide, and the stack trace's relevant parts are: -[ContentSuggestionsCollectionUpdater reloadSection:] -[ContentSuggestionsMediator toggleArticlesVisibility] The M69 crash is: -[ContentSuggestionsCollectionUpdater reloadSection:] -[ContentSuggestionsMediator useFreshMostVisited] -[NTPHomeMediator removeMostVisited:] That is, deleting Most Visited items. This bug should probably be closed; I'll open a new bug to track the Most Visited issue.
,
Sep 6
Most Visited crash is crbug.com/881229 Note that the crash in #16 is also Most Visted, not hide/show.
,
Sep 6
|
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by marq@chromium.org
, Jul 24Owner: gambard@chromium.org
Status: Assigned (was: Untriaged)