Brave-browser: Brave Dev - Opening "Rewards Settings" immediately closes browser

Created on 5 Dec 2018 · 15Comments · Source: brave/brave-browser

Description

Trying to view Brave Rewards settings in Developer build crashes the browser on macOS (Mojave 10.14.1).

Crash occurs when navigating to Rewards Settings from the extension or via address bar (brave://rewards)

devcrash3

Steps to Reproduce

Update Developer build to v0.59.2
Try to open Rewards Setting from Rewards extension in address bar
Try to open Rewards Setting by entering brave://rewards into address bar.

Actual result:

Browser freezes and crashes almost instantly.

Expected result:

Rewards settings appear for me to fiddle with.

Reproduces how often:

Every time.

Brave version (brave://version info)

Developer Build version 0.59.2 on macOS Mojave 10.14.11

Reproducible on current release:

No, seems to be just fine on Live and Beta release

Additional Information

Worth noting that I can only reproduce this on macOS. Rewards functions as intended on Windows 10.

QA Pass-Linux QA Pass-Win64 QA Pass-macOS QYes crash featurrewards prioritP1 release-noteinclude

Source

Brave-Matt

Most helpful comment

@NejcZdovc @simonhong
I had a quick look, and here is the line added recently that can obviously cause crash when wallet_properties is nullptr (and it can be nullptr)
https://github.com/brave/brave-core/blob/master/browser/ui/webui/brave_rewards_ui.cc#L342

iefremov on 10 Dec 2018

👍2

All 15 comments

Can confirm same thing on brave-browser-dev on Ubuntu 18.04. Here are some logs:

[1782:1782:1205/163944.901232:ERROR:x11_input_method_context_impl_gtk.cc(144)] Not implemented reached in virtual void libgtkui::X11InputMethodContextImplGtk::SetSurroundingText(const base::string16 &, const gfx::Range &)
[1782:1782:1205/163946.056578:ERROR:CONSOLE(1)] "Uncaught ReferenceError: brave_new_tab is not defined", source:  (1)
[1782:1782:1205/164001.008109:ERROR:CONSOLE(1)] "Uncaught ReferenceError: brave_new_tab is not defined", source: chrome://rewards/ (1)
Segmentation fault (core dumped)

kirkins on 5 Dec 2018

+1 from me. Reproduced 100% of the time.

Miyayes on 6 Dec 2018

same, 100% segfault on mac. may just be a coincidence but i was logged out of all sites when i opened brave again.

diracdeltas on 6 Dec 2018

crash id: 5c08d78e64ff83001e2afe4d

NejcZdovc on 6 Dec 2018

@NejcZdovc Can you copy crash stack trace here? (I can't access it)

simonhong on 6 Dec 2018

@simonhong crash bellow

GPU: UNKNOWN

Crash reason:  EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash address: 0x20
Process uptime: 35 seconds

Thread 0 (crashed)
 0  Brave Browser Dev Framework!(anonymous namespace)::RewardsDOMHandler::OnWalletProperties(brave_rewards::RewardsService*, int, std::__1::unique_ptr >) [brave_rewards_ui.cc : 323 + 0x0]
    rax = 0x0000000000000000   rdx = 0x00000000000acc01
    rcx = 0x0000000000000000   rbx = 0x0000000000000000
    rsi = 0x00007f8c9b500000   rdi = 0x00000000d6413ef6
    rbp = 0x00007ffee8b373e0   rsp = 0x00007ffee8b372f0
     r8 = 0x0000000000000002    r9 = 0x0000000000000000
    r10 = 0x0000000000000003   r11 = 0x0000000000000003
    r12 = 0x0000000000000001   r13 = 0x00007f8ca4665ad0
    r14 = 0x00007ffee8b37488   r15 = 0x65725f6576617262
    rip = 0x0000000108669953
    Found by: given as instruction pointer in context
 1  Brave Browser Dev Framework!brave_rewards::RewardsServiceImpl::TriggerOnWalletProperties(int, std::__1::unique_ptr >) [rewards_service_impl.cc : 1000 + 0xe]
    rbp = 0x00007ffee8b374c0   rsp = 0x00007ffee8b373f0
    rip = 0x000000010868bc00
    Found by: previous frame's frame pointer
 2  Brave Browser Dev Framework!non-virtual thunk to brave_rewards::RewardsServiceImpl::OnWalletProperties(ledger::Result, std::__1::unique_ptr >) [rewards_service_impl.cc : 575 + 0x5]
    rbp = 0x00007ffee8b374e0   rsp = 0x00007ffee8b374d0
    rip = 0x000000010868bd61
    Found by: previous frame's frame pointer
 3  Brave Browser Dev Framework!bat_ledger::LedgerImpl::OnWalletProperties(ledger::Result, braveledger_bat_helper::WALLET_PROPERTIES_ST const&) [ledger_impl.cc : 509 + 0xd]
    rbp = 0x00007ffee8b37590   rsp = 0x00007ffee8b374f0
    rip = 0x00000001086f5141
    Found by: previous frame's frame pointer
 4  Brave Browser Dev Framework!braveledger_bat_client::BatClient::walletPropertiesCallback(bool, std::__1::basic_string, std::__1::allocator > const&, std::__1::map, std::__1::allocator >, std::__1::basic_string, std::__1::allocator >, std::__1::less, std::__1::allocator > >, std::__1::allocator, std::__1::allocator > const, std::__1::basic_string, std::__1::allocator > > > > const&) [bat_client.cc : 0 + 0x14]
    rbp = 0x00007ffee8b37690   rsp = 0x00007ffee8b375a0
    rip = 0x000000010869d5a8
    Found by: previous frame's frame pointer
 5  Brave Browser Dev Framework!bat_ledger::URLRequestHandler::RunRequestHandler(unsigned long long, bool, std::__1::basic_string, std::__1::allocator > const&, std::__1::map, std::__1::allocator >, std::__1::basic_string, std::__1::allocator >, std::__1::less, std::__1::allocator > >, std::__1::allocator, std::__1::allocator > const, std::__1::basic_string, std::__1::allocator > > > > const&) [functional : 1923 + 0x10]
    rbp = 0x00007ffee8b37730   rsp = 0x00007ffee8b376a0
    rip = 0x00000001086f78d9
    Found by: previous frame's frame pointer
 6  Brave Browser Dev Framework!brave_rewards::RewardsServiceImpl::OnURLFetchComplete(net::URLFetcher const*) [callback.h : 129 + 0xa]
    rbp = 0x00007ffee8b37820   rsp = 0x00007ffee8b37740
    rip = 0x000000010868f79f
    Found by: previous frame's frame pointer
 7  Brave Browser Dev Framework!base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) [callback.h : 99 + 0x3]
    rbp = 0x00007ffee8b378b0   rsp = 0x00007ffee8b37830
    rip = 0x0000000109930d5a
    Found by: previous frame's frame pointer
 8  Brave Browser Dev Framework!base::MessageLoop::RunTask(base::PendingTask*) [message_loop.cc : 434 + 0xf]
    rbp = 0x00007ffee8b37950   rsp = 0x00007ffee8b378c0
    rip = 0x000000010994c4cf
    Found by: previous frame's frame pointer
 9  Brave Browser Dev Framework!base::MessageLoop::DoWork() [message_loop.cc : 445 + 0x12]
    rbp = 0x00007ffee8b37b60   rsp = 0x00007ffee8b37960
    rip = 0x000000010994c823
    Found by: previous frame's frame pointer
10  Brave Browser Dev Framework!base::MessagePumpCFRunLoopBase::RunWork() [message_pump_mac.mm : 455 + 0x6]
    rbp = 0x00007ffee8b37b90   rsp = 0x00007ffee8b37b70
    rip = 0x000000010994ea9a
    Found by: previous frame's frame pointer
11  Brave Browser Dev Framework!base::mac::CallWithEHFrame(void () block_pointer) + 0xa
    rbp = 0x00007ffee8b37ba0   rsp = 0x00007ffee8b37ba0
    rip = 0x000000010994099a
    Found by: previous frame's frame pointer
12  Brave Browser Dev Framework!base::MessagePumpCFRunLoopBase::RunWorkSource(void*) [message_pump_mac.mm : 431 + 0x5]
    rbp = 0x00007ffee8b37be0   rsp = 0x00007ffee8b37bb0
    rip = 0x000000010994e3ff
    Found by: previous frame's frame pointer
13  CoreFoundation + 0x58155
    rbp = 0x00007ffee8b37bf0   rsp = 0x00007ffee8b37bf0
    rip = 0x00007fff3b0ec155
    Found by: previous frame's frame pointer
14  CoreFoundation + 0x580fb
    rbp = 0x00007ffee8b37c20   rsp = 0x00007ffee8b37c00
    rip = 0x00007fff3b0ec0fb
    Found by: previous frame's frame pointer
15  CoreFoundation + 0x3bb95
    rbp = 0x00007ffee8b37c90   rsp = 0x00007ffee8b37c30
    rip = 0x00007fff3b0cfb95
    Found by: previous frame's frame pointer
16  CoreFoundation + 0x3b13e
    rbp = 0x00007ffee8b38980   rsp = 0x00007ffee8b37ca0
    rip = 0x00007fff3b0cf13e
    Found by: previous frame's frame pointer
17  CoreFoundation + 0x3aa28
    rbp = 0x00007ffee8b38a10   rsp = 0x00007ffee8b38990
    rip = 0x00007fff3b0cea28
    Found by: previous frame's frame pointer
18  HIToolbox + 0xab35
    rbp = 0x00007ffee8b38a60   rsp = 0x00007ffee8b38a20
    rip = 0x00007fff3a367b35
    Found by: previous frame's frame pointer
19  HIToolbox + 0xa86b
    rbp = 0x00007ffee8b38ae0   rsp = 0x00007ffee8b38a70
    rip = 0x00007fff3a36786b
    Found by: previous frame's frame pointer
20  HIToolbox + 0xa5e8
    rbp = 0x00007ffee8b38b00   rsp = 0x00007ffee8b38af0
    rip = 0x00007fff3a3675e8
    Found by: previous frame's frame pointer
21  AppKit + 0x1aeb7
    rbp = 0x00007ffee8b38f10   rsp = 0x00007ffee8b38b10
    rip = 0x00007fff38623eb7
    Found by: previous frame's frame pointer
22  AppKit + 0x19c56
    rbp = 0x00007ffee8b39190   rsp = 0x00007ffee8b38f20
    rip = 0x00007fff38622c56
    Found by: previous frame's frame pointer
23  Brave Browser Dev Framework!__71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke [chrome_browser_application_mac.mm : 255 + 0x1f]
    rbp = 0x00007ffee8b391c0   rsp = 0x00007ffee8b391a0
    rip = 0x000000010953f410
    Found by: previous frame's frame pointer
24  Brave Browser Dev Framework!base::mac::CallWithEHFrame(void () block_pointer) + 0xa
    rbp = 0x00007ffee8b391d0   rsp = 0x00007ffee8b391d0
    rip = 0x000000010994099a
    Found by: previous frame's frame pointer
25  Brave Browser Dev Framework!-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:] [chrome_browser_application_mac.mm : 254 + 0x5]
    rbp = 0x00007ffee8b39270   rsp = 0x00007ffee8b391e0
    rip = 0x000000010953f344
    Found by: previous frame's frame pointer
26  AppKit + 0x13cb9
    rbp = 0x00007ffee8b39340   rsp = 0x00007ffee8b39280
    rip = 0x00007fff3861ccb9
    Found by: previous frame's frame pointer
27  Brave Browser Dev Framework!base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) [message_pump_mac.mm : 808 + 0xd]
    rbp = 0x00007ffee8b393a0   rsp = 0x00007ffee8b39350
    rip = 0x000000010994f35c
    Found by: previous frame's frame pointer
28  Brave Browser Dev Framework!base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) [message_pump_mac.mm : 184 + 0xc]
    rbp = 0x00007ffee8b393d0   rsp = 0x00007ffee8b393b0
    rip = 0x000000010994dede
    Found by: previous frame's frame pointer
29  Brave Browser Dev Framework! [run_loop.cc : 102 + 0x9]
    rbp = 0x00007ffee8b393f0   rsp = 0x00007ffee8b393e0
    rip = 0x0000000109970be5
    Found by: previous frame's frame pointer
30  Brave Browser Dev Framework!ChromeBrowserMainParts::MainMessageLoopRun(int*) [chrome_browser_main.cc : 1903 + 0x5]
    rbp = 0x00007ffee8b39430   rsp = 0x00007ffee8b39400
    rip = 0x0000000109544f8d
    Found by: previous frame's frame pointer
31  Brave Browser Dev Framework!content::BrowserMainLoop::RunMainMessageLoopParts() [browser_main_loop.cc : 998 + 0x6]
    rbp = 0x00007ffee8b39460   rsp = 0x00007ffee8b39440
    rip = 0x0000000107de3304
    Found by: previous frame's frame pointer
32  Brave Browser Dev Framework!content::BrowserMainRunnerImpl::Run() [browser_main_runner_impl.cc : 165 + 0x5]
    rbp = 0x00007ffee8b39480   rsp = 0x00007ffee8b39470
    rip = 0x0000000107de5932
    Found by: previous frame's frame pointer
33  Brave Browser Dev Framework!content::BrowserMain(content::MainFunctionParams const&) [browser_main.cc : 47 + 0x9]
    rbp = 0x00007ffee8b394d0   rsp = 0x00007ffee8b39490
    rip = 0x0000000107de005b
    Found by: previous frame's frame pointer
34  Brave Browser Dev Framework!content::ContentMainRunnerImpl::Run(bool) [content_main_runner_impl.cc : 535 + 0x9]
    rbp = 0x00007ffee8b39550   rsp = 0x00007ffee8b394e0
    rip = 0x00000001094fb1c3
    Found by: previous frame's frame pointer
35  Brave Browser Dev Framework!service_manager::Main(service_manager::MainParams const&) [main.cc : 472 + 0x9]
    rbp = 0x00007ffee8b399c0   rsp = 0x00007ffee8b39560
    rip = 0x000000010b1fdbad
    Found by: previous frame's frame pointer
36  Brave Browser Dev Framework!content::ContentMain(content::ContentMainParams const&) [content_main.cc : 19 + 0x8]
    rbp = 0x00007ffee8b39a50   rsp = 0x00007ffee8b399d0
    rip = 0x00000001094fa404
    Found by: previous frame's frame pointer
37  Brave Browser Dev Framework!ChromeMain [chrome_main.cc : 102 + 0x5]
    rbp = 0x00007ffee8b39b40   rsp = 0x00007ffee8b39a60
    rip = 0x000000010710a21f
    Found by: previous frame's frame pointer
38  Brave Browser Dev!main [chrome_exe_main_mac.cc : 101 + 0x8]
    rbp = 0x00007ffee8b39b80   rsp = 0x00007ffee8b39b50
    rip = 0x00000001070c6dce
    Found by: previous frame's frame pointer
39  libdyld.dylib + 0x1708d
    rbp = 0x00007ffee8b39b98   rsp = 0x00007ffee8b39b90
    rip = 0x00007fff682b008d
    Found by: previous frame's frame pointer
40  libdyld.dylib + 0x1708d
    rbp = 0x00007ffee8b39b98   rsp = 0x00007ffee8b39b98
    rip = 0x00007fff682b008d
    Found by: stack scanning

NejcZdovc on 6 Dec 2018

To reproduce, is there any pre-condition?
I tried many times with clean profile, but can't reproduce.

simonhong on 7 Dec 2018

@simonhong I could only reproduce it with existing profile, couldn't reproduce it with clean profile

NejcZdovc on 7 Dec 2018

Hmm, still difficult to reproduce... (because of this, hard to debug)

simonhong on 10 Dec 2018

iefremov on 10 Dec 2018

👍2

cc @bsclifton

NejcZdovc on 10 Dec 2018

I believe this is happening on 0.57.x also - @srirambv ran into this

We should uplift to 0.57.x (if we do a hotfix)

bsclifton on 10 Dec 2018

(On Windows - 0.58.11) - I am able to Reproduce the issue contineously only when the n/w is disconnected.

Launch brave with clean profile from CLI BraveSoftware/Brave-Browser-Beta/Application/brave.exe
Enable Rewards through Rewards panel and accept the grants
Disconnect the internet (WIFI/vpn)
Click on BAT logo on Rewards page

Actual : Browser crashes

GeetaSarvadnya on 12 Dec 2018

👍1

sriram@Inspiron:~$ brave-browser-beta
[17121:17121:1212/144905.979045:ERROR:x11_input_method_context_impl_gtk.cc(144)] Not implemented reached in virtual void libgtkui::X11InputMethodContextImplGtk::SetSurroundingText(const base::string16 &, const gfx::Range &)
[17121:17150:1212/144907.142277:ERROR:rewards_service_impl.cc(141)] Failed to read file: /home/sriram/.config/BraveSoftware/Brave-Browser-Beta/Default/ledger_state
Segmentation fault (core dumped)
sriram@Inspiron:~$ brave-browser-beta
[17392:17418:1212/144918.645431:ERROR:rewards_service_impl.cc(141)] Failed to read file: /home/sriram/.config/BraveSoftware/Brave-Browser-Beta/Default/publishers_list
[17392:17392:1212/144921.396966:ERROR:x11_input_method_context_impl_gtk.cc(144)] Not implemented reached in virtual void libgtkui::X11InputMethodContextImplGtk::SetSurroundingText(const base::string16 &, const gfx::Range &)
Segmentation fault (core dumped)
sriram@Inspiron:~$ brave-browser-beta
[17679:17704:1212/144930.399670:ERROR:rewards_service_impl.cc(141)] Failed to read file: /home/sriram/.config/BraveSoftware/Brave-Browser-Beta/Default/publishers_list
[17679:17679:1212/144932.500276:ERROR:x11_input_method_context_impl_gtk.cc(144)] Not implemented reached in virtual void libgtkui::X11InputMethodContextImplGtk::SetSurroundingText(const base::string16 &, const gfx::Range &)
[17679:17679:1212/144932.526857:ERROR:CONSOLE(1)] "Uncaught ReferenceError: brave_new_tab is not defined", source: chrome://newtab/ (1)
[17679:17679:1212/144935.943837:ERROR:CONSOLE(1)] "Uncaught ReferenceError: brave_new_tab is not defined", source: chrome://crashes/ (1)
[17679:17679:1212/144952.903411:ERROR:rewards_service_impl.cc(1620)] [ LOG - GetReconcileById ]
[17679:17679:1212/144952.903463:ERROR:rewards_service_impl.cc(1620)] > time: 1544606392
[17679:17679:1212/144952.903480:ERROR:rewards_service_impl.cc(1620)] Could not find any reconcile tasks with the id  9afecc04-295f-47e1-9304-80f2d2d3aa86 
[17679:17679:1212/144952.903495:ERROR:rewards_service_impl.cc(1620)] [ END LOG ]

On Linux (0.58.11) I get consistent crashes when I perform the following steps

Clean profile
Click on rewards panel
Click Ok to dismiss the grant notification
Click on rewards settings in rewards panel, opens up rewards page in a new tab
Click on rewards button on brave://rewards, browser crashes with above log

srirambv on 12 Dec 2018

Verification passe on

Brave | 0.58.12 Chromium: 71.0.3578.80 (Official Build) (64-bit)
-- | --
Revision | 2ac50e7249fbd55e6f517a28131605c9fb9fe897-refs/branch-heads/3578@{#860}
OS | Linux

Verified clicking on panel and opening rewards page and clicking panel again doesnt crash as per https://github.com/brave/brave-browser/issues/2375#issuecomment-446599185
Verified disconnecting network and clicking on panel doesnt crash as per https://github.com/brave/brave-browser/issues/2375#issuecomment-446582485

Verified passed with

Brave | 0.58.12 Chromium: 71.0.3578.80 (Official Build) (64-bit)
-- | --
Revision | 2ac50e7249fbd55e6f517a28131605c9fb9fe897-refs/branch-heads/3578@{#860}
OS | Mac OS X

Verified clicking on panel and opening rewards page and clicking panel again doesnt crash as per https://github.com/brave/brave-browser/issues/2375#issuecomment-446599185
Verified disconnecting network and clicking on panel doesnt crash as per https://github.com/brave/brave-browser/issues/2375#issuecomment-446582485

Verification passed on

Brave | 0.58.12 Chromium: 71.0.3578.80 (Official Build) (64-bit)
-- | --
Revision | 2ac50e7249fbd55e6f517a28131605c9fb9fe897-refs/branch-heads/3578@{#860}
OS | Windows 7

Verified clicking on panel and opening rewards page and clicking panel again doesnt crash as per https://github.com/brave/brave-browser/issues/2375#issuecomment-446599185
Verified disconnecting network and clicking on panel doesnt crash as per https://github.com/brave/brave-browser/issues/2375#issuecomment-446582485

srirambv on 13 Dec 2018

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Merriam-Webster Resources Blocked

jonathansampson · 3Comments

Black Corner on Gnome

qingxiang-jia · 3Comments

Consider documenting command-line switches

bsclifton · 3Comments

Create an exclusion list for the Brave User Agent

bsclifton · 3Comments

When installed as normal user, two windows open after install

traffisco · 3Comments