Issue 888750 link

Starred by 2 users

Issue metadata

Status:	Fixed
Owner:	jamescook@chromium.org
Closed:	Oct 3
Cc:	dtseng@chromium.org dmazz...@chromium.org mustash-bugs@google.com katie@chromium.org chrome-os-gcon-escalation@google.com
Components:	Internals>Services>Ash UI>Accessibility>SelectToSpeak
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	2
Type:	Bug
Hotlist-ConOps-CrOS Proj-Mash-SingleProcess
Team-Accessibility

Blocking:
issue 888145

mash: crash on AutomationManagerAura::PerformHitTest

Project Member Reported by mukai@chromium.org, Sep 24

Issue description

What steps will reproduce the problem?
(1) start chrome with --enable-features=SingleProcessMash
(2) open settings, enable 'select to speak' accessibility feature
(3) open a browser window
(4) click to focus on the web contents -- on new tab page for example
(5) click on the accessibility button on the shelf (next to the status area widget)
(6) click on the "google" logo within the web contents

What is the expected result?
no crash

What happens instead?
crash with CHECK failed:
[71361:71361:0924/143055.766976:FATAL:automation_manager_aura.cc(307)] Check failed: widget.

stack trace:

#0 0x7f77657d2efd base::debug::StackTrace::StackTrace()                                                        
#1 0x7f77654f8b8c base::debug::StackTrace::StackTrace()                                                                                                                 
#2 0x7f776556283d logging::LogMessage::~LogMessage()                                      
#3 0x557b9a9878ed AutomationManagerAura::PerformHitTest()                                                               
#4 0x557b9a98747e AutomationManagerAura::PerformAction()                                                                                                                     
#5 0x557b97d12c9c extensions::AutomationInternalPerformActionFunction::Run()                                                                          
#6 0x557b92464fe0 ExtensionFunction::RunWithValidation()              
#7 0x557b9246a1e2 extensions::ExtensionFunctionDispatcher::DispatchWithCallbackInternal()                                            
#8 0x557b9246921c extensions::ExtensionFunctionDispatcher::Dispatch()                                                                                                                             
#9 0x557b924d4c8d extensions::ExtensionWebContentsObserver::OnRequest()                                                                                                                           
#10 0x557b923ce7b2 _ZN3IPC20DispatchToMethodImplIN10extensions21AppWindowContentsImplEMS2_FvPN7content15RenderFrameHostERKNSt3__16vectorINS1_15DraggableRegionENS6_9allocatorIS8_EEEEES4_NS6_5tupl
eIJSB_EEEJLm0EEEEvPT_T0_PT1_OT2_NS6_16integer_sequenceImJXspT3_EEEE                                                                    
#11 0x557b923ce6e0 _ZN3IPC16DispatchToMethodIN10extensions21AppWindowContentsImplEN7content15RenderFrameHostEJRKNSt3__16vectorINS1_15DraggableRegionENS5_9allocatorIS7_EEEEENS5_5tupleIJSA_EEEEENS
5_9enable_ifIXeqsZT1_sr3std10tuple_sizeINS5_5decayIT2_E4typeEEE5valueEvE4typeEPT_MSM_FvPT0_DpT1_ESP_OSH_                               
#12 0x557b924d5741 _ZN3IPC8MessageTI29ExtensionHostMsg_Request_MetaNSt3__15tupleIJ31ExtensionHostMsg_Request_ParamsEEEvE8DispatchIN10extensions28ExtensionWebContentsObserverES9_N7content15Render
FrameHostEMS9_FvPSB_RKS4_EEEbPKNS_7MessageEPT_PT0_PT1_T2_                                                                                                                               
#13 0x557b924d4b49 extensions::ExtensionWebContentsObserver::OnMessageReceived()                                                                         
#14 0x557b977e5b86 extensions::ChromeExtensionWebContentsObserver::OnMessageReceived()                                                                          
#15 0x7f775f9e87a3 content::WebContentsImpl::OnMessageReceived()                                                                                                       
#16 0x7f775f0ea6cc content::RenderFrameHostImpl::OnMessageReceived()                                                                                                          
#17 0x7f775f69a233 content::RenderProcessHostImpl::OnMessageReceived()                                                                                                           
#18 0x7f7761fcbfc5 IPC::ChannelProxy::Context::OnDispatchMessage()        


Seems the code assume window is DesktopNativeWidgetAura, however it is RenderWidgetHostViewAura in this case.

This is related to a test crash of SelectToSpeakTest.ActivatesWithTapOnSelectToSpeakTray in interactive_ui_tests with SingleProcessMash.

Comment 1 by jamescook@chromium.org, Sep 25

Blocking: 888145
Status: Assigned (was: Available)

dtseng, this is something we'll need to deal with for "Accessibility node tree support for mash". Marking as blocking that issue.

I can make it not crash, but this will be an issue when AutomationManagerAura moves to ash -- it may not know if a given aura Window is web content or not.

Comment 2 by aidrees@google.com, Sep 26

Labels: Hotlist-ConOps-CrOS

Comment 3 by jamescook@chromium.org, Oct 3

Status: Fixed (was: Assigned)

This doesn't crash after switching the kChildTreeID to an aura::Window property in https://chromium-review.googlesource.com/c/chromium/src/+/1252905

(Select-to-speak still doesn't work with SingleProcessMash, but that's a different bug.)

►

Issue 888750 link

Issue metadata

mash: crash on AutomationManagerAura::PerformHitTest

Issue description

Comment 1 by jamescook@chromium.org, Sep 25

Comment 1 Deleted

Comment 2 by aidrees@google.com, Sep 26

Comment 2 Deleted

Comment 3 by jamescook@chromium.org, Oct 3

Comment 3 Deleted

Sign in to add a comment