[Desktop] Dev-tools causing crashing with STATUS_ACCESS_VIOLATION

[Shadow505]

Description

I am having the exact same issues that has been reported at https://community.brave.com/t/devtools-crash-any-page/123939 but has not received any response. Apparently the issues still exists.

Steps to Reproduce

1. Launch Brave
2. Visit any website, for example https://stackoverflow.com/
3. Open DevTools
4. Change any CSS property
5. Close DevTools
6. Open DevTools

Actual result:

All tabs from the same domain (e.g. stackoverflow.com) are crashing with STATUS_ACCESS_VIOLATION after step 6.

Expected result:

Open the dev-tools

Reproduces how often:

Everytime.

Brave version (brave://version info)

Brave: 1.11.97 Chromium: 84.0.4147.89
Revision: 19abfe7bcba9318a0b2a6bc6634a67fc834aa592-refs/branch-heads/4147@{#852}
OS: Windows 10 OS Version 2004 (Build 19041.329)

Version/Channel Information:

• Can you reproduce this issue with the current release? Yes. (1.11.97)
• Can you reproduce this issue with the beta channel? Not tested.
• Can you reproduce this issue with the dev channel? Not tested.
• Can you reproduce this issue with the nightly channel? Yes.

Other Additional Information:

• Does the issue resolve itself when disabling Brave Shields? Yes, it look like it does!
• Does the issue resolve itself when disabling Brave Rewards?
• Is the issue reproducible on the latest version of Chrome? No.

Miscellaneous Information:

[bsclifton]

Was easily able to reproduce with the steps - thanks for the report, @Shadow505 😄 Verified this is not crashing in Chrome- my guess is that it's related to our recent Chromium 84 upgrade

cc: @mkarolin @iefremov

I was able to upload the crash and it has report ID# 81160000-5fc1-c604-0000-000000000000

[ 00 ] WTF::HashTable<WTF::String,WTF::KeyValuePair<WTF::String,WTF::String>,WTF::KeyValuePairKeyExtractor,WTF::StringHash,WTF::HashMapValueTraits<WTF::HashTraits<WTF::String>,WTF::HashTraits<WTF::String>>,WTF::HashTraits<WTF::String>,WTF::PartitionAllocator>::Contains<WTF::IdentityHashTranslator<WTF::StringHash,WTF::HashMapValueTraits<WTF::HashTraits<WTF::String>,WTF::HashTraits<WTF::String>>,WTF::PartitionAllocator>,WTF::String>
[ 01 ] WTF::String::String
[ 02 ] blink::InspectorResourceContainer::LoadStyleSheetContent
[ 03 ] blink::InspectorStyleSheet::ResourceStyleSheetText
[ 04 ] blink::InspectorStyleSheet::InspectorStyleSheet
[ 05 ] blink::InspectorCSSAgent::DetectOrigin
[ 06 ] blink::ThreadHeap::Allocate<blink::InspectorStyleSheetBase>
[ 07 ] blink::InspectorCSSAgent::BindStyleSheet
[ 08 ] crdtp::CreateNotification
[ 09 ] blink::protocol::CSS::Frontend::styleSheetAdded
[ 10 ] blink::InspectorCSSAgent::SetActiveStyleSheets
[ 11 ] WTF::Vector<std::__1::pair<blink::Member<blink::CSSStyleSheet>,blink::Member<blink::RuleSet>>,0,blink::HeapAllocator>::Vector
[ 12 ] blink::InspectorCSSAgent::CompleteEnabled
[ 13 ] blink::InspectorCSSAgent::ResourceContentLoaded
[ 14 ] WTF::VectorBufferBase<WTF::AtomicString,WTF::PartitionAllocator>::AllocateBufferNoBarrier
[ 15 ] blink::InspectorResourceContentLoader::CheckDone
[ 16 ] WTF::Vector<base::OnceCallback<void 
[ 17 ] blink::InspectorResourceContentLoader::EnsureResourcesContentLoaded
[ 18 ] blink::PersistentNodePtr<blink::kAnyThread,blink::kNonWeakPersistentConfiguration>::Initialize
[ 19 ] blink::InspectorCSSAgent::enable
[ 20 ] crdtp::DomainDispatcher::Callback::Callback
[ 21 ] blink::protocol::CSS::DomainDispatcherImpl::enable
[ 22 ] std::__1::__function::__policy_invoker<void (const crdtp::Dispatchable &)>::__call_impl<std::__1::__function::__default_alloc_func<`lambda at gen/third_party/blink/renderer/core/inspector/protocol/Accessibility.cpp:561:10',void 
[ 23 ] crdtp::UberDispatcher::DispatchResult::Run
[ 24 ] blink::DevToolsSession::DispatchProtocolCommandImpl
[ 25 ] blink::DevToolsSession::DispatchProtocolCommand
[ 26 ] mojo::internal::Serializer<mojo_base::mojom::ReadOnlyBufferDataView,base::span<const unsigned char,18446744073709551615>>::Deserialize
[ 27 ] blink::mojom::blink::DevToolsSessionStubDispatch::Accept
[ 28 ] mojo::InterfaceEndpointClient::HandleValidatedMessage
[ 29 ] mojo::MessageDispatcher::Accept
[ 30 ] IPC::`anonymous namespace'::ChannelAssociatedGroupController::AcceptOnProxyThread
[ 31 ] base::TimeTicks::Now
[ 32 ] mojo::Message::Message
[ 33 ] IPC::`anonymous namespace'::ChannelAssociatedGroupController::AcceptSyncMessage
[ 34 ] base::TaskAnnotator::RunTask
[ 35 ] base::sequence_manager::internal::SequenceManagerImpl::SelectNextTask
[ 36 ] IPC::`anonymous namespace'::ChannelAssociatedGroupController::Accept
[ 37 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl
[ 38 ] base::sequence_manager::internal::SequenceManagerImpl::NowTicks
[ 39 ] base::WaitableEvent::TimedWait
[ 40 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork
[ 41 ] base::MessagePumpDefault::Run
[ 42 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run
[ 43 ] base::internal::WeakPtrFactoryBase::WeakPtrFactoryBase
[ 44 ] base::ThreadLocalStorage::Slot::Get
[ 45 ] base::RunLoop::Run
[ 46 ] content::RendererMain
[ 47 ] base::FeatureList::InitializeFromSharedMemory
[ 48 ] base::FeatureList::RegisterExtraFeatureOverrides
[ 49 ] ChromeMainDelegate::RunProcess
[ 50 ] base::HighResolutionTimerManager::HighResolutionTimerManager
[ 51 ] content::ContentMainRunnerImpl::Run
[ 52 ] service_manager::Main
[ 53 ] MainDllLoader::Launch
[ 54 ] DllMain

[iefremov]

This is actually pretty popular crash - it is in top10 for renderer process (and even higher without OOM crashes). Similar instances can be found e.g. like this
https://brave.sp.backtrace.io/p/brave/triage?filters=((callstack%2Ccontains%2CKeyValuePairKeyExtractor))&aggregations=((channel%2Cdistribution%2C3)%2C(ptype%2Chead)%2C(uname.sysname%2Cdistribution%2C3))

[bsclifton]

I believe this was fixed with #10951 - which we released yesterday. Diff for the Chromium change:
https://chromium.googlesource.com/chromium/src/+log/84.0.4147.89..84.0.4147.105/?pretty=fuller&n=10000

@Shadow505 could you try again? Please let us know!