Issue metadata
Sign in to add a comment
|
Crash in ImeController::CanCycleIme |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5663332037296128 Fuzzer: meacer_chromebot_extensions Job Type: linux_asan_chrome_chromeos Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: ImeController::CanCycleIme ash::AcceleratorController::AcceleratorPressed ui::AcceleratorManager::Process Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=406241:406270 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95WOxf--HGVJaXbgXc_lvvnqPPAVAU4TdYw6tmzaUBAfZh-J4w_e9K0nB8O5KEb8aG_zvTGzaNUL9KISIZ0oyz0b9hVywAba6tyt6G9ZAAruBf2U8gkmJWUs3AODfPdadHHD5Pd5VZ-M9_jyCOIxJavyyLuw20-XF-d-U_CGZ8c2PAAavM6vlQ0YSecqBRT4IpMbemTlNvuz1-5vFlV_pucYbxUL1cCL1PXGAyxPjMTBSAa5aOZGjZWxA2bKwcDR1-W6PQiFJeB3k9sYO-IQuDk2fVQKRHW9DfNDb__Yw4oTkMuQd1CwIJhUGwtKveOIS0cEAG0KTvG_UyDzowgFD6Cmppey0ldkw2OpAJA1mfv58rt9gQ?testcase_id=5663332037296128 Additional requirements: Requires Gestures Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 28 2017
Could someone please take a look? Thank you
,
Feb 28 2017
+oshima@, warx@ Could this be because of https://bugs.chromium.org/p/chromium/issues/detail?id=692784 ? Stack trace includes Focus Manager: #0 0x7f014ea477ef in ImeController::CanCycleIme() chrome/browser/ui/ash/ime_controller_chromeos.cc:13:40 #1 0x7f014da905a5 in ash::AcceleratorController::AcceleratorPressed(ui::Accelerator const&) ash/common/accelerators/accelerator_controller.cc:633:8 #2 0x7f01557428ee in ui::AcceleratorManager::Process(ui::Accelerator const&) ui/base/accelerators/accelerator_manager.cc:101:20 #3 0x7f014b8c842c in ProcessAccelerator ui/views/focus/focus_manager.cc:507:23 #4 0x7f014b8c842c in views::FocusManager::OnKeyEvent(ui::KeyEvent const&) ui/views/focus/focus_manager.cc:97 #5 0x7f014b9ea746 in views::FocusManagerEventHandler::OnKeyEvent(ui::KeyEvent*) ui/views/widget/focus_manager_event_handler.cc:26:36 #6 0x7f0149011196 in DispatchEvent ui/events/event_dispatcher.cc:191:12 #7 0x7f0149011196 in ui::EventDispatcher::DispatchEventToEventHandlers(std::vector<ui::EventHandler*, std::allocator<ui::EventHandler*> >*, ui::Event*) ui/events/event_dispatcher.cc:170 #8 0x7f014900ff62 in ui::EventDispatcher::ProcessEvent(ui::EventTarget*, ui::Event*) ui/events/event_dispatcher.cc:127:3 #9 0x7f014900fa7a in DispatchEventToTarget ui/events/event_dispatcher.cc:86:14
,
Mar 28 2017
@oshima / @warx -- Could some one please provide an update for the issue. This bug looks related to Issue ID: 703510. Thanks in Advance.
,
Mar 28 2017
Yes, it looks similar to 703510. It looks to me that extension failure during startup leading to invoking a UI before everything is setup. It probably needs to wait until the initialization process completes. rdevlin.cronin@ can you find the right owner? #34 0x7fd52e0a8272 chrome::ShowWarningMessageBox() #35 0x7fd52c4801d7 ExtensionErrorReporter::ReportError() #36 0x7fd52c47f33b ExtensionErrorReporter::ReportLoadError() #37 0x7fd52c58e491 extensions::UnpackedInstaller::ReportExtensionLoadError() #38 0x7fd52c58ddb1 extensions::UnpackedInstaller::LoadFromCommandLine() #39 0x7fd52c4af9f7 ExtensionService::LoadExtensionsFromCommandLineFlag() #40 0x7fd52c4aee88 ExtensionService::Init() #41 0x7fd52c4e70e1 extensions::ExtensionSystemImpl::Shared::Init() #42 0x7fd52c4e81b5 extensions::ExtensionSystemImpl::InitForRegularProfile()
,
Mar 31 2017
This looks like a crash because the input IME is trying to listen to events before it's initialized. Over to an input IME owner.
,
Apr 5 2017
This seems a dup to issue 703510 . From the full stack below, #17 -> #14 are all in the stack so it is not in async. If IME had registered the listener (via chrome.input.ime.onKeyEvent API), the call path should be in async. So the IMF just passes the key event to the EventDispatcher for system default handlers. So far I have no clue how this is related to IMF/IME. The discussion in issue 703510 may have a better analysis on the possible fix solutions. #0 0x7f014ea477ef in ImeController::CanCycleIme() chrome/browser/ui/ash/ime_controller_chromeos.cc:13:40 #1 0x7f014da905a5 in ash::AcceleratorController::AcceleratorPressed(ui::Accelerator const&) ash/common/accelerators/accelerator_controller.cc:633:8 #2 0x7f01557428ee in ui::AcceleratorManager::Process(ui::Accelerator const&) ui/base/accelerators/accelerator_manager.cc:101:20 #3 0x7f014b8c842c in ProcessAccelerator ui/views/focus/focus_manager.cc:507:23 #4 0x7f014b8c842c in views::FocusManager::OnKeyEvent(ui::KeyEvent const&) ui/views/focus/focus_manager.cc:97 #5 0x7f014b9ea746 in views::FocusManagerEventHandler::OnKeyEvent(ui::KeyEvent*) ui/views/widget/focus_manager_event_handler.cc:26:36 #6 0x7f0149011196 in DispatchEvent ui/events/event_dispatcher.cc:191:12 #7 0x7f0149011196 in ui::EventDispatcher::DispatchEventToEventHandlers(std::vector<ui::EventHandler*, std::allocator<ui::EventHandler*> >*, ui::Event*) ui/events/event_dispatcher.cc:170 #8 0x7f014900ff62 in ui::EventDispatcher::ProcessEvent(ui::EventTarget*, ui::Event*) ui/events/event_dispatcher.cc:127:3 #9 0x7f014900fa7a in DispatchEventToTarget ui/events/event_dispatcher.cc:86:14 #10 0x7f014900fa7a in ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget*, ui::Event*) ui/events/event_dispatcher.cc:58 #11 0x7f01557534ca in ui::EventProcessor::OnEventFromSource(ui::Event*) ui/events/event_processor.cc:35:15 #12 0x7f014dc6b262 in DispatchKeyEventPostIME ash/host/ash_window_tree_host_x11.cc:220:26 #13 0x7f014dc6b262 in non-virtual thunk to ash::AshWindowTreeHostX11::DispatchKeyEventPostIME(ui::KeyEvent*) ash/host/ash_window_tree_host_x11.cc:0 #14 0x7f015642312f in ui::InputMethodBase::DispatchKeyEventPostIME(ui::KeyEvent*) const ui/base/ime/input_method_base.cc:130:26 #15 0x7f0156428692 in ProcessUnfilteredKeyPressEvent ui/base/ime/input_method_chromeos.cc:383:17 #16 0x7f0156428692 in ui::InputMethodChromeOS::DispatchKeyEvent(ui::KeyEvent*, std::unique_ptr<base::Callback<void (bool), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>, std::default_delete<base::Callback<void (bool), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> > >) ui/base/ime/input_method_chromeos.cc:96 #17 0x7f01564294e8 in ui::InputMethodChromeOS::DispatchKeyEvent(ui::KeyEvent*) ui/base/ime/input_method_chromeos.cc:151:3 #18 0x7f014dc6d540 in ash::InputMethodEventHandler::OnKeyEvent(ui::KeyEvent*) ash/ime/input_method_event_handler.cc:33:18 #19 0x7f0149011196 in DispatchEvent ui/events/event_dispatcher.cc:191:12 #20 0x7f0149011196 in ui::EventDispatcher::DispatchEventToEventHandlers(std::vector<ui::EventHandler*, std::allocator<ui::EventHandler*> >*, ui::Event*) ui/events/event_dispatcher.cc:170 #21 0x7f014900ff62 in ui::EventDispatcher::ProcessEvent(ui::EventTarget*, ui::Event*) ui/events/event_dispatcher.cc:127:3 #22 0x7f014900fa7a in DispatchEventToTarget ui/events/event_dispatcher.cc:86:14 #23 0x7f014900fa7a in ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget*, ui::Event*) ui/events/event_dispatcher.cc:58 #24 0x7f01557534ca in ui::EventProcessor::OnEventFromSource(ui::Event*) ui/events/event_processor.cc:35:15 #25 0x7f0149013cab in DeliverEventToProcessor ui/events/event_source.cc:73:21 #26 0x7f0149013cab in ui::EventSource::SendEventToProcessor(ui::Event*) ui/events/event_source.cc:51 #27 0x7f0156637e38 in aura::WindowTreeHostX11::DispatchEvent(_XEvent* const&) ui/aura/window_tree_host_x11.cc:248:9
,
Apr 5 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mummare...@chromium.org
, Feb 28 2017Labels: Test-Predator-Wrong M-57