Chrome crashes when text in virtual keyboard is selected |
||||||||
Issue descriptionChrome Version: 57.0.2987.6 OS: Chrome OS 9202.1.0 (Official build) dev-channel elm What steps will reproduce the problem? (1) On Login screen, open Virtual Keyboard by selecting password form (2) Long tap the menu icon (ellipsis) (3) Select the text "US" What is the expected result? Nothing happens, or the text is selected. What happens instead? Chrome crashes, and then virtual keyboard never appears until changing to laptop mode and back to tablet mode.
,
Jan 25 2017
Log from minnie (R57-9202.0.0): cat /var/log/ui/ui.LATEST SYS_ioctl: VIDIOC_ENUM_FMT(2): fd=27, ret=-1, errno=22 SYS_ioctl: VIDIOC_ENUM_FMT(2): fd=27, ret=-1, errno=22 device-enumerator: scan all dirs device-enumerator: scanning /sys/bus device-enumerator: scanning /sys/class device-enumerator: scan all dirs device-enumerator: scanning /sys/bus device-enumerator: scanning /sys/class [6472:6472:0125/231215.448458:ERROR:gles2_cmd_decoder.cc(2458)] [GroupMarkerNotSet( crbug.com/242999 )!:68A42E35]GL ERROR :GL_INVALID_FRAMEBUFFER_OPERATION : BackFramebuffer::Create: <- error from previous GL command [6472:6472:0125/231215.453881:ERROR:texture_manager.cc(3224)] [.DisplayCompositor-0x3fa96900]GL ERROR :GL_INVALID_FRAMEBUFFER_OPERATION : glTexImage2D: <- error from previous GL command device-enumerator: scan all dirs device-enumerator: scanning /sys/bus device-enumerator: scanning /sys/class [6238:6238:0125/231215.560815:ERROR:device_event_log_impl.cc(140)] [23:12:15.560] Network: network_handler_callbacks.cc:84 not-supported: /device/wlan0: org.chromium.flimflam.Error.NotSupported: This WiFi device does not support MAC addres s randomization [1:1:0125/231218.092030:ERROR:KeyboardEventManager.cpp(424)] Not implemented reached in static bool blink::KeyboardEventManager::currentCapsLockState() [1:1:0125/231223.990629:ERROR:KeyboardEventManager.cpp(424)] Not implemented reached in static bool blink::KeyboardEventManager::currentCapsLockState() [1,2982789120:14:12:32.466062] Native Client module will be loaded at base address 0x0000000000000000 [6238:6238:0125/231233.172136:ERROR:render_widget_host_view_base.cc(362)] Not implemented reached in virtual void content::RenderWidgetHostViewBase::SetInsets(const gfx::Insets&) [WARNING]native : storage_utils.cc:30 Cannot create mmap from the file: /en-t-i0-und-nacl_owner_user_dictionary [WARNING]native : user_dictionary.cc:513 Using default token category 0 [6238:6238:0125/231236.263649:ERROR:render_widget_host_view_base.cc(362)] Not implemented reached in virtual void content::RenderWidgetHostViewBase::SetInsets(const gfx::Insets&) [6238:6238:0125/231236.266507:ERROR:render_widget_host_view_base.cc(362)] Not implemented reached in virtual void content::RenderWidgetHostViewBase::SetInsets(const gfx::Insets&) [6238:6238:0125/231236.269077:ERROR:render_widget_host_view_base.cc(362)] Not implemented reached in virtual void content::RenderWidgetHostViewBase::SetInsets(const gfx::Insets&) [6238:6238:0125/231236.271597:ERROR:render_widget_host_view_base.cc(362)] Not implemented reached in virtual void content::RenderWidgetHostViewBase::SetInsets(const gfx::Insets&) [6238:6238:0125/231236.274062:ERROR:render_widget_host_view_base.cc(362)] Not implemented reached in virtual void content::RenderWidgetHostViewBase::SetInsets(const gfx::Insets&) [6238:6238:0125/231236.276658:ERROR:render_widget_host_view_base.cc(362)] Not implemented reached in virtual void content::RenderWidgetHostViewBase::SetInsets(const gfx::Insets&) ...
,
Jan 26 2017
IIUC, we fall back to system keyboard and not use a keyboard from extension for security reason when focusing on a password field. You can check what keyboard is used by checking SPACE key. This behavior might be related to the crash. I can't reproduce the crash on ToT(58.0.2993.0) on kevin.
,
Jan 26 2017
See https://goo.gl/photos/7uDiZJSvtpQGFjjB8 for screencast. First movie is US keyboard. Second one is system keyboard. For the first movie, chrome didn't crash but the keyboard window shrinks and become no longer operatable. Chrome sometimes crashs if I do the same operation.
,
Feb 2 2017
I found Chrome dies inside resolveExplicitLevels, a function in third_party/icu. https://cs.chromium.org/chromium/src/third_party/icu/source/common/ubidi.c?type=cs&q=resolveExplicitLevels&l=1070, though somehow stack trace below this was not obtained. I used board=link and minidump_stackwalk to emit stack trace from minidump. It emits the following errors and the stack trace log attached with this post. 2017-02-02 21:37:27: minidump.cc:1425: ERROR: MinidumpThread has a memory region problem, 0x7ffc23491fc0+0x0, RVA 0x0x968 2017-02-02 21:37:27: minidump_processor.cc:249: ERROR: No memory region for chrome.20170202.212640.16372.dmp:0/46 id 0x3ff4
,
Feb 2 2017
,
Feb 9 2017
RenderWidgetHostImpl::ForwardGestureEventWithLatencyInfo is also called a lot. https://cs.chromium.org/chromium/src/content/browser/renderer_host/render_widget_host_impl.cc?gsn=content/public/browser/web_contents.h&l=1078
,
Feb 9 2017
Got the stacktrace to ForwardGestureEventWithLatencyInfo. Seemingly the same stacktraces are emitted a lot of times while and after the area in question if being tapped. [4381:4381:0209/115841.583232:ERROR:render_widget_host_impl.cc(1081)] ForwardGestureEventWithLatencyInfo [4381:4381:0209/115845.636711:ERROR:render_widget_host_impl.cc(1082)] #0 0x7f1cc260afe3 base::debug::StackTrace::StackTrace() #1 0x7f1cc2609147 base::debug::StackTrace::StackTrace() #2 0x7f1cbed590ee content::RenderWidgetHostImpl::ForwardGestureEventWithLatencyInfo() #3 0x7f1cbed897af content::RenderWidgetHostViewAura::ProcessGestureEvent() #4 0x7f1cbed7bcff content::RenderWidgetHostInputEventRouter::RouteTouchscreenGestureEvent() #5 0x7f1cbed79471 content::RenderWidgetHostInputEventRouter::RouteGestureEvent() #6 0x7f1cbf1a3156 content::RenderWidgetHostViewEventHandler::OnGestureEvent() #7 0x7f1cbed899f8 content::RenderWidgetHostViewAura::OnGestureEvent() #8 0x7f1cc3eace13 ui::EventHandler::OnEvent() #9 0x7f1cc3ea9699 ui::EventDispatcher::DispatchEvent() #10 0x7f1cc3ea910f ui::EventDispatcher::ProcessEvent() #11 0x7f1cc3ea8cef ui::EventDispatcherDelegate::DispatchEventToTarget() #12 0x7f1cc3ea8b2e ui::EventDispatcherDelegate::DispatchEvent() #13 0x7f1cc5011877 aura::WindowEventDispatcher::ProcessGestures() #14 0x7f1cc5010e11 aura::WindowEventDispatcher::ProcessedTouchEvent() #15 0x7f1cbed87019 content::RenderWidgetHostViewAura::ProcessAckedTouchEvent() #16 0x7f1cbed5f0a5 content::RenderWidgetHostImpl::OnTouchEventAck() #17 0x7f1cbebee0c7 content::InputRouterImpl::OnTouchEventAck() #18 0x7f1cbebf916e content::CoalescedWebTouchEvent::DispatchAckToClient() #19 0x7f1cbebf6f62 content::LegacyTouchEventQueue::AckTouchEventToClient() #20 0x7f1cbebf6c66 content::LegacyTouchEventQueue::PopTouchEventToClient() #21 0x7f1cbebf593c content::LegacyTouchEventQueue::ProcessTouchAck() #22 0x7f1cbebefb70 content::InputRouterImpl::ProcessTouchAck() #23 0x7f1cbebef729 content::InputRouterImpl::ProcessInputEventAck() #24 0x7f1cbebeee98 content::InputRouterImpl::OnInputEventAck() #25 0x7f1cbd9a2a36 _ZN4base20DispatchToMethodImplIPN2ui21DrmThreadMessageProxyEMS2_FvRKNS_8FilePathEERKSt5tupleIJS4_EEJLm0EEEEvRKT_T0_OT1_NS_13IndexSequenceIJXspT2_EEEE #26 0x7f1cbebf2adc _ZN4base16DispatchToMethodIPN7content15InputRouterImplEMS2_FvRKNS1_13InputEventAckEERKSt5tupleIJS4_EEEEvRKT_T0_OT1_ #27 0x7f1cbebf1ef3 _ZN3IPC16DispatchToMethodIN7content15InputRouterImplEMS2_FvRKNS1_13InputEventAckEEvSt5tupleIJS3_EEEEvPT_T0_PT1_RKT2_ #28 0x7f1cbebf0c65 _ZN3IPC8MessageTI38InputHostMsg_HandleInputEvent_ACK_MetaSt5tupleIJN7content13InputEventAckEEEvE8DispatchINS3_15InputRouterImplES8_vMS8_FvRKS4_EEEbPKNS_7MessageEPT_PT0_PT1_T2_ #29 0x7f1cbebedad6 content::InputRouterImpl::OnMessageReceived() #30 0x7f1cbed56eb2 content::RenderWidgetHostImpl::OnMessageReceived() #31 0x7f1cbed0d845 content::RenderProcessHostImpl::OnMessageReceived() #32 0x7f1cc33ffe2a IPC::ChannelProxy::Context::OnDispatchMessage() #33 0x7f1cc3406cca _ZN4base8internal13FunctorTraitsIMN3IPC12ChannelProxy7ContextEFvRKNS2_7MessageEEvE6InvokeIRK13scoped_refptrIS4_EJS7_EEEvS9_OT_DpOT0_ #34 0x7f1cc340664b _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN3IPC12ChannelProxy7ContextEFvRKNS4_7MessageEEJRK13scoped_refptrIS6_ES9_EEEvOT_DpOT0_ #35 0x7f1cc34049ab _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE7RunImplIRKSA_RKSt5tupleIJSC_S6_EEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #36 0x7f1cc34039f0 _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE3RunEPNS0_13BindStateBaseE #37 0x7f1cbe6c4c94 _ZNO4base8internal8RunMixinINS_8CallbackIFvvELNS0_8CopyModeE0ELNS0_10RepeatModeE0EEEE3RunEv #38 0x7f1cc2808fa9 base::debug::TaskAnnotator::RunTask() #39 0x7f1cc266c852 base::MessageLoop::RunTask() #40 0x7f1cc266c9ae base::MessageLoop::DeferOrRunPendingTask() #41 0x7f1cc266cef7 base::MessageLoop::DoWork() #42 0x7f1cc268623e base::MessagePumpLibevent::Run() #43 0x7f1cc266c42e base::MessageLoop::RunHandler() #44 0x7f1cc26f6f55 base::RunLoop::Run() #45 0x7f1cc1a2c719 ChromeBrowserMainParts::MainMessageLoopRun() #46 0x7f1cbe5132f4 content::BrowserMainLoop::RunMainMessageLoopParts() #47 0x7f1cbe51de33 content::BrowserMainRunnerImpl::Run() #48 0x7f1cbe50f068 content::BrowserMain() #49 0x7f1cc19086ab content::RunNamedProcessTypeMain() #50 0x7f1cc1909906 content::ContentMainRunnerImpl::Run() #51 0x7f1cc19079ba content::ContentMain() #52 0x7f1cbd32c9d4 ChromeMain #53 0x7f1cbd32c8a0 main #54 0x7f1cbac98796 __libc_start_main #55 0x7f1cbd32c739 _start
,
Feb 9 2017
There are several paths leading to unimplemented SetInsets. Path2 is relevant to gesture events. Path1: [9153:9153:0209/121133.739959:ERROR:render_widget_host_view_base.cc(342)] #0 0x7fcb167f0fe3 base::debug::StackTrace::StackTrace() #1 0x7fcb167ef147 base::debug::StackTrace::StackTrace() #2 0x7fcb12f7877b content::RenderWidgetHostViewBase::SetInsets() #3 0x7fcb20f52d29 keyboard::KeyboardUIContent::ResetInsets() #4 0x7fcb19f6a807 keyboard::KeyboardController::NotifyKeyboardBoundsChanging() #5 0x7fcb19f6bca6 keyboard::KeyboardController::ShowAnimationFinished() #6 0x7fcb116c9ff4 _ZN4base8internal13FunctorTraitsIMN18OAuth2TokenService7FetcherEFvvEvE6InvokeIPS3_JEEEvS5_OT_DpOT0_ #7 0x7fcb116c8c5e _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN18OAuth2TokenService7FetcherEFvvEJPS5_EEEvOT_DpOT0_ #8 0x7fcb19f6f978 _ZN4base8internal7InvokerINS0_9BindStateIMN8keyboard18KeyboardControllerEFvvEJNS0_17UnretainedWrapperIS4_EEEEEFvvEE7RunImplIRKS6_RKSt5tupleIJS8_EEJLm0EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #9 0x7fcb19f6e7e8 _ZN4base8internal7InvokerINS0_9BindStateIMN8keyboard18KeyboardControllerEFvvEJNS0_17UnretainedWrapperIS4_EEEEEFvvEE3RunEPNS0_13BindStateBaseE #10 0x7fcb1152a106 base::internal::RunMixin<>::Run() #11 0x7fcb19f69e92 keyboard::CallbackAnimationObserver::OnLayerAnimationEnded() #12 0x7fcb1924a61b ui::LayerAnimationSequence::NotifyEnded() #13 0x7fcb19249cc4 ui::LayerAnimationSequence::ProgressToEnd() #14 0x7fcb19255166 ui::LayerAnimator::ProgressAnimationToEnd() #15 0x7fcb19255f42 ui::LayerAnimator::FinishAnimation() #16 0x7fcb192554b8 ui::LayerAnimator::Step() #17 0x7fcb1925fef5 ui::LayerAnimatorCollection::OnAnimationStep() #18 0x7fcb19219fcb ui::Compositor::BeginMainFrame() #19 0x7fcb18b27248 cc::LayerTreeHost::BeginMainFrame() #20 0x7fcb18be2509 cc::SingleThreadProxy::DoBeginMainFrame() #21 0x7fcb18be237d cc::SingleThreadProxy::BeginMainFrame() #22 0x7fcb18be45b7 _ZN4base8internal13FunctorTraitsIMN2cc17SingleThreadProxyEFvRKNS2_14BeginFrameArgsEEvE6InvokeIRKNS_7WeakPtrIS3_EEJS6_EEEvS8_OT_DpOT0_ #23 0x7fcb18be43e7 _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN2cc17SingleThreadProxyEFvRKNS4_14BeginFrameArgsEERKNS_7WeakPtrIS5_EEJS8_EEEvOT_OT0_DpOT1_ #24 0x7fcb18be3fd0 _ZN4base8internal7InvokerINS0_9BindStateIMN2cc17SingleThreadProxyEFvRKNS3_14BeginFrameArgsEEJNS_7WeakPtrIS4_EES5_EEEFvvEE7RunImplIRKS9_RKSt5tupleIJSB_S5_EEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #25 0x7fcb18be3ce7 _ZN4base8internal7InvokerINS0_9BindStateIMN2cc17SingleThreadProxyEFvRKNS3_14BeginFrameArgsEEJNS_7WeakPtrIS4_EES5_EEEFvvEE3RunEPNS0_13BindStateBaseE #26 0x7fcb128aac94 _ZNO4base8internal8RunMixinINS_8CallbackIFvvELNS0_8CopyModeE0ELNS0_10RepeatModeE0EEEE3RunEv #27 0x7fcb169eefa9 base::debug::TaskAnnotator::RunTask() #28 0x7fcb16852852 base::MessageLoop::RunTask() #29 0x7fcb168529ae base::MessageLoop::DeferOrRunPendingTask() #30 0x7fcb16852ef7 base::MessageLoop::DoWork() #31 0x7fcb1686c23e base::MessagePumpLibevent::Run() #32 0x7fcb1685242e base::MessageLoop::RunHandler() #33 0x7fcb168dcf55 base::RunLoop::Run() #34 0x7fcb15c12719 ChromeBrowserMainParts::MainMessageLoopRun() #35 0x7fcb126f92f4 content::BrowserMainLoop::RunMainMessageLoopParts() #36 0x7fcb12703e33 content::BrowserMainRunnerImpl::Run() #37 0x7fcb126f5068 content::BrowserMain() #38 0x7fcb15aee6ab content::RunNamedProcessTypeMain() #39 0x7fcb15aef906 content::ContentMainRunnerImpl::Run() #40 0x7fcb15aed9ba content::ContentMain() #41 0x7fcb115129d4 ChromeMain #42 0x7fcb115128a0 main #43 0x7fcb0ee7e796 __libc_start_main #44 0x7fcb11512739 _start [9153:9153:0209/121133.740045:ERROR:render_widget_host_view_base.cc(343)] Not implemented reached in virtual void content::RenderWidgetHostViewBase::SetInsets(const gfx::Insets&) Path2: [7149:7149:0209/120437.338178:VERBOSE1:gaia_screen_handler.cc(428)] OnPortalDetectionCompleted Online [7149:7149:0209/120447.553722:ERROR:render_widget_host_view_base.cc(342)] #0 0x7fe12d635fe3 base::debug::StackTrace::StackTrace() #1 0x7fe12d634147 base::debug::StackTrace::StackTrace() #2 0x7fe129dbd77b content::RenderWidgetHostViewBase::SetInsets() #3 0x7fe137d97d29 keyboard::KeyboardUIContent::ResetInsets() #4 0x7fe137d972c9 keyboard::KeyboardUIContent::~KeyboardUIContent() #5 0x7fe132dc78fa ChromeKeyboardUI::~ChromeKeyboardUI() #6 0x7fe132dc796e ChromeKeyboardUI::~ChromeKeyboardUI() #7 0x7fe12835a7fe std::default_delete<>::operator()() #8 0x7fe1285ab80f std::unique_ptr<>::~unique_ptr() #9 0x7fe130daf3c5 keyboard::KeyboardController::~KeyboardController() #10 0x7fe130daf432 keyboard::KeyboardController::~KeyboardController() #11 0x7fe130daf498 keyboard::KeyboardController::ResetInstance() #12 0x7fe132389ce5 ash::Shell::InitKeyboard() #13 0x7fe1323861e9 ash::Shell::CreateKeyboard() #14 0x7fe12b7e7ec5 chromeos::AccessibilityManager::UpdateVirtualKeyboardFromPref() #15 0x7fe12850eff4 _ZN4base8internal13FunctorTraitsIMN18OAuth2TokenService7FetcherEFvvEvE6InvokeIPS3_JEEEvS5_OT_DpOT0_ #16 0x7fe12850dc5e _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN18OAuth2TokenService7FetcherEFvvEJPS5_EEEvOT_DpOT0_ #17 0x7fe12b7f4100 _ZN4base8internal7InvokerINS0_9BindStateIMN8chromeos20AccessibilityManagerEFvvEJNS0_17UnretainedWrapperIS4_EEEEEFvvEE7RunImplIRKS6_RKSt5tupleIJS8_EEJLm0EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #18 0x7fe12b7f0e2a _ZN4base8internal7InvokerINS0_9BindStateIMN8chromeos20AccessibilityManagerEFvvEJNS0_17UnretainedWrapperIS4_EEEEEFvvEE3RunEPNS0_13BindStateBaseE #19 0x7fe12836f106 base::internal::RunMixin<>::Run() #20 0x7fe12f2be764 PrefChangeRegistrar::InvokeUnnamedCallback() #21 0x7fe12910da94 _ZN4base8internal13FunctorTraitsIPFvRKNS_8CallbackIFvvELNS0_8CopyModeE1ELNS0_10RepeatModeE1EEERKSsEvE6InvokeIJS8_SA_EEEvSC_DpOT_ #22 0x7fe12910d534 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKPFvRKNS_8CallbackIFvvELNS0_8CopyModeE1ELNS0_10RepeatModeE1EEERKSsEJSA_SC_EEEvOT_DpOT0_ #23 0x7fe12910c712 _ZN4base8internal7InvokerINS0_9BindStateIPFvRKNS_8CallbackIFvvELNS0_8CopyModeE1ELNS0_10RepeatModeE1EEERKSsEJS7_EEEFvSB_EE7RunImplIRKSD_RKSt5tupleIJS7_EEJLm0EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEESB_ #24 0x7fe12910ae00 _ZN4base8internal7InvokerINS0_9BindStateIPFvRKNS_8CallbackIFvvELNS0_8CopyModeE1ELNS0_10RepeatModeE1EEERKSsEJS7_EEEFvSB_EE3RunEPNS0_13BindStateBaseESB_ #25 0x7fe12837af63 base::internal::RunMixin<>::Run() #26 0x7fe12f2be746 PrefChangeRegistrar::OnPreferenceChanged() #27 0x7fe12f2d0da4 PrefNotifierImpl::FireObservers() #28 0x7fe12f2d099a PrefNotifierImpl::OnPreferenceChanged() #29 0x7fe12f2ce89d PrefValueStore::NotifyPrefChanged() #30 0x7fe12f2cefa3 PrefValueStore::OnPrefValueChanged() #31 0x7fe12f2ce21b PrefValueStore::PrefStoreKeeper::OnPrefValueChanged() #32 0x7fe136e8f430 OverlayUserPrefStore::ReportValueChanged() #33 0x7fe136e8f4fd OverlayUserPrefStore::OnPrefValueChanged() #34 0x7fe12f2b8cb8 JsonPrefStore::ReportValueChanged() #35 0x7fe12f2b7dc7 JsonPrefStore::SetValue() #36 0x7fe136e8f026 OverlayUserPrefStore::SetValue() #37 0x7fe12f2c77a1 PrefService::SetUserPrefValue() #38 0x7fe12f2c6597 PrefService::SetBoolean() #39 0x7fe12b7e7d47 chromeos::AccessibilityManager::EnableVirtualKeyboard() #40 0x7fe132c3ae5c (anonymous namespace)::AccessibilityDelegateImpl::SetVirtualKeyboardEnabled() #41 0x7fe1322c3f8a ash::tray::AccessibilityDetailedView::HandleViewClicked() #42 0x7fe1322b2639 ash::TrayDetailsView::OnViewClicked() #43 0x7fe13223b413 ash::HoverHighlightView::PerformAction() #44 0x7fe132238a82 ash::ActionableView::ButtonPressed() #45 0x7fe130739d09 views::Button::NotifyClick() #46 0x7fe13073cf60 views::CustomButton::NotifyClick() #47 0x7fe13073c607 views::CustomButton::OnGestureEvent() #48 0x7fe13223b6b1 ash::HoverHighlightView::OnGestureEvent() #49 0x7fe12eed7e13 ui::EventHandler::OnEvent() #50 0x7fe136e774b1 ui::ScopedTargetHandler::OnEvent() #51 0x7fe12eed4699 ui::EventDispatcher::DispatchEvent() #52 0x7fe12eed410f ui::EventDispatcher::ProcessEvent() #53 0x7fe12eed3cef ui::EventDispatcherDelegate::DispatchEventToTarget() #54 0x7fe12eed3b2e ui::EventDispatcherDelegate::DispatchEvent() #55 0x7fe136e76f6f ui::EventProcessor::OnEventFromSource() #56 0x7fe12eed90bd ui::EventSource::DeliverEventToProcessor() #57 0x7fe12eed8cdb ui::EventSource::SendEventToProcessor() #58 0x7fe1307eaad9 views::Widget::OnGestureEvent() #59 0x7fe130810a8e views::NativeWidgetAura::OnGestureEvent() #60 0x7fe12eed7e13 ui::EventHandler::OnEvent() #61 0x7fe12eed4699 ui::EventDispatcher::DispatchEvent()
,
Feb 10 2017
I found the cause of the crash. When users long press the menu window, the event lets chrome show a popup menu, because the preventDefault() is not called in javascript, unlike the case where the long tap happens on the keyboard keys. This popup menu is added to "KeyboardContainer" window and KeyboardLayoutManger's OnWindowAddedToLayout is called. Because KeyboardLayoutManager doesn't expect a window other than the WebContentsViewAura to be added, this messes thing up and eventually causes crash. Stacktrace is as below. [24540:24540:0210/105917.133223:ERROR:keyboard_layout_manager.cc(36)] keyboard::KeyboardLayoutManager::OnWindowAddedToLayout: BubbleDialogDelegateView. keyboard_ unexpectedly exists!!! [24540:24540:0210/105917.133290:FATAL:keyboard_layout_manager.cc(37)] Check failed: !keyboard_. #0 0x7fba18aa24db base::debug::StackTrace::StackTrace() #1 0x7fba18aa0b5c base::debug::StackTrace::StackTrace() #2 0x7fba18b0430c logging::LogMessage::~LogMessage() #3 0x7fba08b9cbde keyboard::KeyboardLayoutManager::OnWindowAddedToLayout() #4 0x7fba0b57e1fa aura::Window::AddChild() #5 0x7fba0d184ca1 views::NativeWidgetAura::InitNativeWidget() #6 0x7fba0d132b54 views::Widget::Init() #7 0x7fba0d02ba24 views::(anonymous namespace)::CreateBubbleWidget() #8 0x7fba0d02b822 views::BubbleDialogDelegateView::CreateBubble() #9 0x7fba0d16df0c views::TouchSelectionMenuRunnerViews::Menu::Menu() #10 0x7fba0d16ecdf views::TouchSelectionMenuRunnerViews::OpenMenu() #11 0x7fba1290a9a3 content::TouchSelectionControllerClientAura::ShowQuickMenu() #12 0x7fba1290abf8 content::TouchSelectionControllerClientAura::UpdateQuickMenu() #13 0x7fba1290b1e9 content::TouchSelectionControllerClientAura::OnSelectionEvent() #14 0x7fba008b9c5b ui::TouchSelectionController::OnSelectionChanged() #15 0x7fba008b9833 ui::TouchSelectionController::OnSelectionBoundsChanged() #16 0x7fba12a7b713 content::RenderWidgetHostViewAura::OnSwapCompositorFrame() #17 0x7fba12a4cc94 content::RenderWidgetHostImpl::OnSwapCompositorFrame() #18 0x7fba12a4b8e4 content::RenderWidgetHostImpl::OnMessageReceived() #19 0x7fba129fc39b content::RenderProcessHostImpl::OnMessageReceived() #20 0x7fba1703e808 IPC::ChannelProxy::Context::OnDispatchMessage() #21 0x7fba1704408f _ZN4base8internal13FunctorTraitsIMN3IPC12ChannelProxy7ContextEFvRKNS2_7MessageEEvE6InvokeIRK13scoped_refptrIS4_EJS7_EEEvS9_OT_DpOT0_ #22 0x7fba17043f76 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN3IPC12ChannelProxy7ContextEFvRKNS4_7MessageEEJRK13scoped_refptrIS6_ES9_EEEvOT_DpOT0_ #23 0x7fba17043f03 _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE7RunImplIRKSA_RKSt5tupleIJSC_S6_EEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #24 0x7fba17043e1c _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE3RunEPNS0_13BindStateBaseE #25 0x7fba18aa79f1 _ZNO4base8internal8RunMixinINS_8CallbackIFvvELNS0_8CopyModeE0ELNS0_10RepeatModeE0EEEE3RunEv #26 0x7fba18aa7429 base::debug::TaskAnnotator::RunTask() #27 0x7fba18b2b333 base::MessageLoop::RunTask() #28 0x7fba18b2b594 base::MessageLoop::DeferOrRunPendingTask() #29 0x7fba18b2b87e base::MessageLoop::DoWork() #30 0x7fba18b4082c base::MessagePumpGlib::HandleDispatch() #31 0x7fba18b40ed1 base::(anonymous namespace)::WorkSourceDispatch() #32 0x7fba043d6e04 g_main_context_dispatch #33 0x7fba043d7048 <unknown> #34 0x7fba043d70ec g_main_context_iteration #35 0x7fba18b4092f base::MessagePumpGlib::Run() #36 0x7fba18b2af22 base::MessageLoop::RunHandler() #37 0x7fba18bcdc04 base::RunLoop::Run() #38 0x7fba1ba68986 ChromeBrowserMainParts::MainMessageLoopRun() #39 0x7fba121c0ecb content::BrowserMainLoop::RunMainMessageLoopParts() #40 0x7fba121cf785 content::BrowserMainRunnerImpl::Run() #41 0x7fba121ba798 content::BrowserMain() #42 0x7fba138341a6 content::RunNamedProcessTypeMain() #43 0x7fba1383635e content::ContentMainRunnerImpl::Run() #44 0x7fba138333f2 content::ContentMain() #45 0x7fba19d55fd6 ChromeMain #46 0x7fba19d55e92 main #47 0x7fba01577f45 __libc_start_main #48 0x7fba19d55d95 <unknown> [
,
Feb 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/626fecb851db4b9d0547752645ab0dcccc780eea commit 626fecb851db4b9d0547752645ab0dcccc780eea Author: oka <oka@chromium.org> Date: Wed Feb 15 23:31:54 2017 Suppress context menu on virtual keyboard to fix crash KeyboardLayoutManager assumes WebContentsViewAura is the only child of the KeyboardContainer window and crash happens if this assumption is broken by context menus created on long tap. This CL fixes the issue by suppressing gesture events including the long press from being passed to renderer, who would create a context menu; gesture events which are not consumed by IME are first handled by KeyboardContentsDelegate, a WebContentsDelegate, and if the event is not a scroll event, it's consumed by the delegate. If it's a scroll event we let it go so that the renderer can scroll the IME menu element. BUG= 685140 TEST= - manually tested using Link that crash doesn't happen on long press, but scroll is doable. - out/Release/browser_tests --gtest_filter="VirtualKeyboard*" Review-Url: https://codereview.chromium.org/2692093005 Cr-Commit-Position: refs/heads/master@{#450833} [modify] https://crrev.com/626fecb851db4b9d0547752645ab0dcccc780eea/ui/keyboard/content/keyboard_ui_content.cc
,
Feb 16 2017
,
Feb 16 2017
,
Apr 17 2017
,
May 30 2017
,
Jul 10 2017
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by oka@chromium.org
, Jan 25 2017