Mash chrome crashes accessing ash::Shell with context menus |
||||||||
Issue descriptionChrome crashes when running inside mash when trying to access ash::Shell. This seems to happens if a context menu is open and there is keyboard input. [25053:25053:0425/104242:FATAL:shell.cc(212)] Check failed: instance_. #0 0x7fa8760f3536 base::debug::StackTrace::StackTrace() #1 0x7fa8761145ae logging::LogMessage::~LogMessage() #2 0x7fa874e61e33 ash::Shell::GetInstance() #3 0x7fa8752511e3 ChromeViewsDelegate::ProcessAcceleratorWhileMenuShowing() #4 0x7fa87074b2ef views::MenuKeyEventHandler::OnKeyEvent() #5 0x7fa87002ba47 ui::EventDispatcher::DispatchEvent() #6 0x7fa87002bd68 ui::EventDispatcher::DispatchEventToEventHandlers() #7 0x7fa87002bf4d ui::EventDispatcher::ProcessEvent() #8 0x7fa87002c077 ui::EventDispatcherDelegate::DispatchEventToTarget() #9 0x7fa87002c196 ui::EventDispatcherDelegate::DispatchEvent() #10 0x7fa87002c949 ui::EventProcessor::OnEventFromSource() #11 0x7fa87002cad0 ui::EventSource::DeliverEventToProcessor() #12 0x7fa87002ccad ui::EventSource::SendEventToProcessor() #13 0x7fa870dfe90d aura::WindowTreeHost::DispatchKeyEventPostIME() #14 0x7fa870766624 ui::InputMethodBase::DispatchKeyEventPostIME() #15 0x7fa87446f1ff views::InputMethodMUS::DispatchKeyEvent() #16 0x7fa87447b295 views::WindowTreeHostMus::DispatchEvent() #17 0x7fa874473c40 views::PlatformWindowMus::OnWindowInputEvent() #18 0x7fa87443f384 mus::WindowTreeClientImpl::OnWindowInputEvent() #19 0x7fa8716d0811 mus::mojom::WindowTreeClientStub::Accept() #20 0x7fa870e8b386 mojo::internal::InterfaceEndpointClient::HandleValidatedMessage() #21 0x7fa8716c9295 mus::mojom::WindowTreeClientRequestValidator::Accept() #22 0x7fa870e8aa5d mojo::internal::InterfaceEndpointClient::HandleIncomingMessage() #23 0x7fa870e914cf mojo::internal::MultiplexRouter::ProcessIncomingMessage() #24 0x7fa870e9353b mojo::internal::MultiplexRouter::Accept() #25 0x7fa870e8cc50 mojo::internal::MessageHeaderValidator::Accept() #26 0x7fa870e8812a mojo::internal::Connector::ReadSingleMessage() #27 0x7fa870e88253 mojo::internal::Connector::ReadAllAvailableMessages() #28 0x7fa870e884c6 mojo::internal::Connector::OnHandleReadyInternal() #29 0x7fa870e9b8ea mojo::Watcher::OnHandleReady() #30 0x7fa870e9bb3f _ZN4base8internal7InvokerINS_13IndexSequenceIJLm0ELm1EEEENS0_9BindStateINS0_15RunnableAdapterIMN4mojo7WatcherEFvjEEEFvPS7_jEJRNS_7WeakPtrIS7_EERjEEENS0_12InvokeHelperILb1EvSA_EEFvvEE3RunEPNS0_13BindStateBaseE #31 0x7fa8760f504a base::debug::TaskAnnotator::RunTask() #32 0x7fa8761200d2 base::MessageLoop::RunTask() #33 0x7fa87612052e base::MessageLoop::DeferOrRunPendingTask() #34 0x7fa876121ec4 base::MessageLoop::DoWork() #35 0x7fa8761247c9 base::MessagePumpLibevent::Run() #36 0x7fa8761210c9 base::MessageLoop::RunHandler() #37 0x7fa8761569e8 base::RunLoop::Run() #38 0x7fa87074b5f6 views::MenuMessageLoopAura::Run() #39 0x7fa8706e0b3a views::MenuController::Run() #40 0x7fa8706ed182 views::internal::MenuRunnerImpl::RunMenuAt() #41 0x7fa8769372ad ToolkitDelegateViews::RunMenuAt() #42 0x7fa87534f082 RenderViewContextMenuViews::Show() #43 0x7fa87534f4b2 ChromeWebContentsViewDelegateViews::ShowContextMenu() #44 0x7fa8713e7e53 content::WebContentsImpl::ShowContextMenu() #45 0x7fa8710761f8 content::RenderFrameHostImpl::OnContextMenu() #46 0x7fa8710862b4 content::RenderFrameHostImpl::OnMessageReceived() #47 0x7fa8712a7479 content::RenderProcessHostImpl::OnMessageReceived() #48 0x7fa870306f16 IPC::ChannelProxy::Context::OnDispatchMessage() #49 0x7fa8760f504a base::debug::TaskAnnotator::RunTask() #50 0x7fa8761200d2 base::MessageLoop::RunTask() #51 0x7fa87612052e base::MessageLoop::DeferOrRunPendingTask() #52 0x7fa876121ec4 base::MessageLoop::DoWork() #53 0x7fa8761247c9 base::MessagePumpLibevent::Run() #54 0x7fa8761210c9 base::MessageLoop::RunHandler() #55 0x7fa8761569e8 base::RunLoop::Run() #56 0x7fa86edbd0e7 ChromeBrowserMainParts::MainMessageLoopRun() #57 0x7fa870f57d70 content::BrowserMainLoop::RunMainMessageLoopParts() #58 0x7fa870f5a8c0 content::BrowserMainRunnerImpl::Run() #59 0x7fa870f52eb9 content::BrowserMain() #60 0x7fa8760224b0 content::RunNamedProcessTypeMain() #61 0x7fa8760225dc content::ContentMainRunnerImpl::Run() ChromeViewsDelegate is accessing ash::Shell which it shouldn't. I haven't had much luck reproducing this off device (Oxygen configuration) but it happens regularly on device (Pixel configuration). I think this is related to event targeting inside the chrome browser processes being semi-broken only on device?
,
Jun 13 2016
,
Jun 13 2016
,
Jun 17 2016
,
Jun 20 2016
,
Jun 20 2016
The bug has been fixed in 2073783003
,
Jun 20 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/92c518d4ecafd8a81a8e4aa4606d93bdb0eb53df commit 92c518d4ecafd8a81a8e4aa4606d93bdb0eb53df Author: staraz <staraz@google.com> Date: Mon Jun 20 18:07:46 2016 fixed issue 606368 : early return from ProcessAcceleratorWhileMenuShowing() if chrome::IsRunningInMash() BUG= 606368 TEST=Start Chrome with mash. Right click on a webpage to open the context menu. Trigger a keyboard event by pressing the Ctrl key. Chrome should not crash. Review-Url: https://codereview.chromium.org/2073783003 Cr-Commit-Position: refs/heads/master@{#400724} [modify] https://crrev.com/92c518d4ecafd8a81a8e4aa4606d93bdb0eb53df/chrome/browser/ui/views/chrome_views_delegate.cc
,
Feb 26 2018
,
Feb 26 2018
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by sadrul@chromium.org
, May 31 2016