Brave Crashing When Visiting Some Mozilla Developer Sites (MDN)

KW-M commented 2 months ago

IMPORTANT: Your crash has already been automatically reported to our crash system. Please file this bug only if you can provide more information about it.

Brave Version: 1.68.128 Chromium: 127.0.6533.73 Operating System: Mac OS X 14.5.0

Providing more details on a crash previously documented here: https://community.brave.com/t/brave-crashes-whenever-i-open-mdn-developer-mozilla-org/561841

Crashes happen:

With or without shields on.
Typing in Omnibox or clicking a link to these URLs
With all extensions disabled
With cookies and site data for developer.mozilla.org domain cleared. Crashes DO NOT happen in private windows.

URLs that cause crashes https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Building_blocks/Events https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Building_blocks/Events#event_capture https://developer.mozilla.org/en-US/docs/Learn/JavaScript/First_steps/What_is_JavaScript https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Asynchronous/Implementing_a_promise-based_API https://developer.mozilla.org/en-US/docs/Web/CSS/::selection

Can you reproduce this crash? Yes, every time. MDN site will load and display for 1-2 seconds and then Brave crashes.

What steps will reproduce this crash? (If it's not reproducible, what were you doing just before the crash?)

Visit any site listed under "URLs that cause crashes"
Brave crashes.

DO NOT CHANGE BELOW THIS LINE Crash ID: crash/447e0800-ebf9-720c-0000-000000000000

KW-M commented 2 months ago

Additional Observations:

Crashes still occur with ALL site settings set to block including JavaScript off, Images off, V8 optimization off etc...
Crashes also occur if the site is opened in a background tab.

Crash does NOT occur if a crash page url is "fetched" (e.g. Pasting this in the browser console when at the URL https://developer.mozila.org does the expected behavior)

let a = await fetch("https://developer.mozilla.org/en-US/docs/Web/CSS/::selection")
let b = a.body.getReader()
await b.read() // outputs the page html source as usual

iefremov commented 1 month ago

[ 00 ] base::OnceCallback<void (unsigned long long)>::Run(unsigned long long) && ( immediate_crash.h:179 )
[ 01 ] ChromeBrowsingDataRemoverDelegate::OnTaskComplete(ChromeBrowsingDataRemoverDelegate::TracingDataType, unsigned long long, base::TimeTicks, bool) ( chrome_browsing_data_remover_delegate.cc:1506 )
[ 02 ] base::OnceCallback<void ()>::Run() && ( callback.h:156 )
[ 03 ] extensions::(anonymous namespace)::ValidateCrxHelper::FinishOnUIThread() ( startup_helper.cc:135 )
[ 04 ] void base::internal::DecayedFunctorTraits<void (*)(base::internal::PostTaskAndReplyRelay), base::internal::PostTaskAndReplyRelay&&>::Invoke<void (*)(base::internal::PostTaskAndReplyRelay), base::internal::PostTaskAndReplyRelay>(void (*&&)(base::internal::PostTaskAndReplyRelay), base::internal::PostTaskAndReplyRelay&&) ( bind_internal.h:671 )
[ 05 ] void base::internal::InvokeHelper<false, base::internal::FunctorTraits<void (*&&)(base::internal::PostTaskAndReplyRelay), base::internal::PostTaskAndReplyRelay&&>, void, 0ul>::MakeItSo<void (*)(base::internal::PostTaskAndReplyRelay), std::__Cr::tuple<base::internal::PostTaskAndReplyRelay>>(void (*&&)(base::internal::PostTaskAndReplyRelay), std::__Cr::tuple<base::internal::PostTaskAndReplyRelay>&&) ( bind_internal.h:930 )
[ 06 ] void base::internal::Invoker<base::internal::FunctorTraits<void (*&&)(base::internal::PostTaskAndReplyRelay), base::internal::PostTaskAndReplyRelay&&>, base::internal::BindState<false, true, false, void (*)(base::internal::PostTaskAndReplyRelay), base::internal::PostTaskAndReplyRelay>, void ()>::RunImpl<void (*)(base::internal::PostTaskAndReplyRelay), std::__Cr::tuple<base::internal::PostTaskAndReplyRelay>, 0ul>(void (*&&)(base::internal::PostTaskAndReplyRelay), std::__Cr::tuple<base::internal::PostTaskAndReplyRelay>&&, std::__Cr::integer_sequence<unsigned long, 0ul>) ( bind_internal.h:1067 )
[ 07 ] base::internal::Invoker<base::internal::FunctorTraits<void (*&&)(base::internal::PostTaskAndReplyRelay), base::internal::PostTaskAndReplyRelay&&>, base::internal::BindState<false, true, false, void (*)(base::internal::PostTaskAndReplyRelay), base::internal::PostTaskAndReplyRelay>, void ()>::RunOnce(base::internal::BindStateBase*) ( bind_internal.h:980 )
[ 08 ] base::OnceCallback<void ()>::Run() && ( callback.h:156 )
[ 09 ] base::TaskAnnotator::RunTaskImpl(base::PendingTask&) ( task_annotator.cc:203 )
[ 10 ] void base::TaskAnnotator::RunTask<base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*)::$_3>(perfetto::StaticString, base::PendingTask&, base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*)::$_3&&) ( task_annotator.h:90 )
[ 11 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*) ( thread_controller_with_message_pump_impl.cc:484 )
[ 12 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ( thread_controller_with_message_pump_impl.cc:346 )
[ 13 ] non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ( thread_controller_with_message_pump_impl.cc:0 )
[ 14 ] base::MessagePumpCFRunLoopBase::RunWork() ( message_pump_apple.mm:449 )
[ 15 ] invocation function for block in base::MessagePumpCFRunLoopBase::RunWorkSource(void*) ( message_pump_apple.mm:421 )
[ 16 ] base::apple::CallWithEHFrame(void () block_pointer)
[ 17 ] base::MessagePumpCFRunLoopBase::RunWorkSource(void*) ( message_pump_apple.mm:420 )
[ 18 ] 0x7ff80393b087
[ 19 ] 0x7ff80393b029
[ 20 ] 0x7ff80393adf4
[ 21 ] 0x7ff803939a71
[ 22 ] 0x7ff803939112
[ 23 ] 0x7ff80e352a09
[ 24 ] 0x7ff80e352816
[ 25 ] 0x7ff80e352561
[ 26 ] 0x7ff806fa9c61
[ 27 ] 0x7ff8078bddc0
[ 28 ] __71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke ( chrome_browser_application_mac.mm:335 )
[ 29 ] base::apple::CallWithEHFrame(void () block_pointer)
[ 30 ] -[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ( chrome_browser_application_mac.mm:334 )
[ 31 ] 0x7ff806f9b075
[ 32 ] base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) ( message_pump_apple.mm:807 )
[ 33 ] base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) ( message_pump_apple.mm:161 )
[ 34 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ( thread_controller_with_message_pump_impl.cc:654 )
[ 35 ] non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ( thread_controller_with_message_pump_impl.cc:0 )
[ 36 ] base::RunLoop::Run(base::Location const&) ( run_loop.cc:134 )
[ 37 ] content::BrowserMainLoop::RunMainMessageLoop() ( browser_main_loop.cc:1085 )
[ 38 ] content::BrowserMainRunnerImpl::Run() ( browser_main_runner_impl.cc:160 )
[ 39 ] content::BrowserMain(content::MainFunctionParams) ( browser_main.cc:34 )
[ 40 ] content::RunBrowserProcessMain(content::MainFunctionParams, content::ContentMainDelegate*) ( content_main_runner_impl.cc:721 )
[ 41 ] content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams, bool) ( content_main_runner_impl.cc:1302 )
[ 42 ] content::ContentMainRunnerImpl::Run() ( content_main_runner_impl.cc:1154 )
[ 43 ] content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*) ( content_main.cc:332 )
[ 44 ] content::ContentMain(content::ContentMainParams) ( content_main.cc:345 )
[ 45 ] ChromeMain ( chrome_main.cc:192 )
[ 46 ] main ( chrome_exe_main_mac.cc:217 )
[ 47 ] 0x7ff8034d2366

iefremov commented 1 month ago

@KW-M i hope it doesn't happen now? Pls reopen if it's not fixed

KW-M commented 1 month ago

Can confirm, MDN sites are NOT crashing any more for me. Thank you so much!

brave / brave-browser

Brave Crashing When Visiting Some Mozilla Developer Sites (MDN) #40508