New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 727208 link

Starred by 3 users
Status: Duplicate
Owner:
aboxhall@chromium.org
Closed: May 2017
Cc:
aboxhall@chromium.org
ajha@chromium.org
kavvaru@chromium.org
brajkumar@chromium.org
steve...@chromium.org
dpa...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Regression
Team-Accessibility



Sign in to add a comment

Regression : Tab Crash is seen on opening 'ChromeVox Settings' page

Project Member Reported by mmanchala@chromium.org, May 29 2017 
Chrome Version: 60.0.3112.0 / 9592.0.0 Dev-channel   Paine, Kip ,Minnie,Jerry & Quawks
OS: Chrome

What steps will reproduce the problem?
(1)Sign into user -> Go to chrome://settingsmanageAccessibility page
(2)Enable 'Enable ChromeVox (spoken feedback)' option so that 'Open ChromeVox Settings' option is enabled 
(3)Now click on 'Open ChromeVox Settings' -> Navigates to 'ChromeVox Options' page  and observe Tab Crash after the page is loaded(Please refer Video)

Expected: No Tab Crash should be seen on opening 'ChromeVox Settings' page 
Actual: Instead Tab Crash is seen

This is Regression Issue as same is working fine in 60.0.3110.0/9590.0.0 Paine

@dmazzoni : Please confirm the Issue 

Below is the Crash id:
74b4c0dcf0000000

Stack Trace:
Thread 0 CRASHED [SIGILL @ 0x000057f6ff791575 ] MAGIC SIGNATURE THREAD
Stack Quality
96%Show frame trust levels

0x000057f6ff791575
(chrome+ 0x0769b575)
blink::AXMenuListOption::ComputeParent() const
0x000057f6ff7763ef
(chrome+ 0x076803ef)
blink::AXObjectImpl::DocumentFrameView() const
0x000057f6ff77635c
(chrome+ 0x0768035c)
blink::AXObjectImpl::GetDocument() const
0x000057f6ff7731c7
(chrome+ 0x0767d1c7)
blink::AXObjectImpl::AccessibilityIsIgnored()
0x000057f6ff79c4b4
(chrome+ 0x076a64b4)
blink::AXNodeObject::InsertChild(blink::AXObjectImpl*, unsigned int)
0x000057f6ff79c3db
(chrome+ 0x076a63db)
blink::AXNodeObject::AddChildren()
0x000057f6ff791568
(chrome+ 0x0769b568)
blink::AXMenuListOption::ComputeParent() const
0x000057f6ff7763ef
(chrome+ 0x076803ef)
blink::AXObjectImpl::DocumentFrameView() const
0x000057f6ff77635c
(chrome+ 0x0768035c)
blink::AXObjectImpl::GetDocument() const
0x000057f6fde16952
(chrome+ 0x05d20952)
blink::WebAXObject::UpdateLayoutAndCheckValidity()
0x000057f6fe0b9dce
(chrome+ 0x05fc3dce)
content::RenderAccessibilityImpl::SendPendingAccessibilityEvents()
0x000057f6f905b200
(chrome+ 0x00f65200)
base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x000057f6f90d2ffb
(chrome+ 0x00fdcffb)
blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue*, bool, blink::scheduler::LazyNow, base::TimeTicks*)
0x000057f6f90d204f
(chrome+ 0x00fdc04f)
blink::scheduler::TaskQueueManager::DoWork(bool)
0x000057f6f905b200
(chrome+ 0x00f65200)
base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x000057f6f904b925
(chrome+ 0x00f55925)
base::MessageLoop::RunTask(base::PendingTask*)
0x000057f6f904c988
(chrome+ 0x00f56988)
base::MessageLoop::DoWork()
0x000057f6fb103969
(chrome+ 0x0300d969)
base::MessagePumpDefault::Run(base::MessagePump::Delegate*)
0x000057f6fb126f8f
(chrome+ 0x03030f8f)
base::RunLoop::Run()
0x000057f6fe0104c7
(chrome+ 0x05f1a4c7)
content::RendererMain(content::MainFunctionParams const&)
0x000057f6facb3fed
(chrome+ 0x02bbdfed)
Actual_ChromeVoxTabCrash.webm
911 KB View Download
Expected.webm
1.1 MB View Download

Comment 1 by ajha@chromium.org, May 29 2017

Cc: aboxhall@chromium.org
As per the stack trace, this looks similar to Issue 726598 but with consistent manual repro case. Keep this bug open and cc'ing aboxhall@ for further action on either of the bug.

Link to the list of the builds:
===============================
https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3AAXMenuListOption%3A%3AComputeParent%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D

Thank you!

Comment 2 by dmazz...@chromium.org, May 30 2017

Owner: aboxhall@chromium.org
Looks like the crash is in AXMenuListOption::ComputeParent() due to the new code added by the inert change.

Alice, can you use this repro to help debug?

Comment 3 by aboxhall@chromium.org, May 30 2017

Mergedinto: 726598
Status: Duplicate (was: Assigned)
I think this is a dup of #726598, which I am working on!

Sign in to add a comment