Crash when enabling 'Open Tabs' syncing

[Uni-verse]

Description

Crash occurs when syncing 'Open Tabs'

Translated Report (Full Report Below)
-------------------------------------

Incident Identifier: 36E8DAAA-E4C6-4210-BF59-53DC1BEEC455
Beta Identifier:     C6DD1DFF-5AA6-4DFE-9DD0-A90D570339C9
Hardware Model:      iPhone13,3
Process:             Client [5733]
Path:                /private/var/containers/Bundle/Application/FE297BB9-7FA4-499E-938B-EDE3C1C3ACAC/Client.app/Client
Identifier:          com.brave.ios.browser
Version:             1.76 (71)
AppStoreTools:       16C7009
AppVariant:          1:iPhone13,3:18
Beta:                YES
Code Type:           ARM-64 (Native)
Role:                Foreground
Parent Process:      launchd [1]
Coalition:           com.brave.ios.browser [2394]

Date/Time:           2025-03-03 14:44:25.9365 -0500
Launch Time:         2025-03-03 14:43:43.7072 -0500
OS Version:          iPhone OS 18.2 (22C152)
Release Type:        User
Baseband Version:    5.20.03
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000008
Exception Codes: 0x0000000000000001, 0x0000000000000008
VM Region Info: 0x8 is not in any region.  Bytes before following region: 4307582968
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                   100c08000-100c0c000 [   16K] r-x/r-x SM=COW  /var/containers/Bundle/Application/FE297BB9-7FA4-499E-938B-EDE3C1C3ACAC/Client.app/Client
Termination Reason: SIGNAL 11 Segmentation fault: 11
Terminating Process: exc handler [5733]

Triggered by Thread:  0

Thread 0 name:  CrWebMain Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   BraveCore                     	       0x105352570 cxxbridge1$rust_vec$u8$set_len + 1640944
1   BraveCore                     	       0x105313a14 cxxbridge1$rust_vec$u8$set_len + 1384084
2   BraveCore                     	       0x105312e24 cxxbridge1$rust_vec$u8$set_len + 1381028
3   BraveCore                     	       0x105313164 cxxbridge1$rust_vec$u8$set_len + 1381860
4   BraveCore                     	       0x10531f040 cxxbridge1$rust_vec$u8$set_len + 1430720
5   BraveCore                     	       0x105bb2f48 operator new[](unsigned long, std::align_val_t) + 414076
6   BraveCore                     	       0x105bb5a98 operator new[](unsigned long, std::align_val_t) + 425164
7   BraveCore                     	       0x105bb56b4 operator new[](unsigned long, std::align_val_t) + 424168
8   BraveCore                     	       0x105bea630 operator new[](unsigned long, std::align_val_t) + 641124
9   BraveCore                     	       0x104c63414 TabStripStaticSeparatorConstants.__deallocating_deinit + 6620
10  BraveCore                     	       0x105be9ef0 operator new[](unsigned long, std::align_val_t) + 639268
11  CoreFoundation                	       0x187e53f3c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
12  CoreFoundation                	       0x187e53ed0 __CFRunLoopDoSource0 + 176
13  CoreFoundation                	       0x187e56b30 __CFRunLoopDoSources0 + 244
14  CoreFoundation                	       0x187e55d2c __CFRunLoopRun + 840
15  CoreFoundation                	       0x187ea8274 CFRunLoopRunSpecific + 588
16  GraphicsServices              	       0x1d50214c0 GSEventRunModal + 164
17  UIKitCore                     	       0x18a9ee77c -[UIApplication _run] + 816
18  UIKitCore                     	       0x18a614e64 UIApplicationMain + 340
19  UIKitCore                     	       0x18ad51a7c 0x18a600000 + 7674492
20  Client                        	       0x100c0f5bc main + 120
21  dyld                          	       0x1ae07cde8 start + 2724

Thread 1:
0   libsystem_kernel.dylib        	       0x1d944397c read + 8
1   GRDWireGuardKit               	       0x109dbe67c runtime.read_trampoline.abi0 + 28

Steps to reproduce

1. New install 1.76.x
2. Join sync chain via 'Search Tabs from Other Devices' segmented tab
3. Enable 'Open Tabs' syncing

Actual result

Crash

Expected result

No crash

Reproduces how often

Easily reproduced

Brave version

1.76 (71)

Device/iOS version

iPhone / iOS 18.2.1

Affected browser versions

• latest AppStore
• latest TestFlight
• previous TestFlight

Reproducibility

• with Brave Shields disabled
• in the latest version of mobile Safari

Miscellaneous information

No response

[darkdh]

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Incident Identifier: FF1848E6-94F2-4E21-9C30-FBE97EF24839
Beta Identifier:     02FC140B-7BF9-446B-8E06-1562614C713A
Hardware Model:      iPhone17,2
Process:             Client [41414]
Path:                /private/var/containers/Bundle/Application/72658E15-D269-46C6-9C9F-63E019F6DE9B/Client.app/Client
Identifier:          com.brave.ios.BrowserBeta
Version:             1.78 (22)
AppStoreTools:       16C7015
AppVariant:          1:iPhone17,2:18
Beta:                YES
Code Type:           ARM-64 (Native)
Role:                Foreground
Parent Process:      launchd [1]
Coalition:           com.brave.ios.BrowserBeta [13059]

Date/Time:           2025-03-06 09:21:06.6705 -0800
Launch Time:         2025-03-06 09:21:04.2973 -0800
OS Version:          iPhone OS 18.3.1 (22D72)
Release Type:        User
Baseband Version:    1.40.03
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000058
Exception Codes: 0x0000000000000001, 0x0000000000000058
VM Region Info: 0x58 is not in any region.  Bytes before following region: 4306042792
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                   100a90000-100a94000 [   16K] r-x/r-x SM=COW  /var/containers/Bundle/Application/72658E15-D269-46C6-9C9F-63E019F6DE9B/Client.app/Client
Termination Reason: SIGNAL 11 Segmentation fault: 11
Terminating Process: exc handler [41414]

Triggered by Thread:  0

Thread 0 name:  CrWebMain Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   BraveCore                     	       0x10384c1f8 operator new[](unsigned long, std::align_val_t) + 116472
1   BraveCore                     	       0x1046f5b38 cbr_cxx$cxxbridge1$Error$is_ok + 7924060
2   BraveCore                     	       0x1030edb44 cxxbridge1$rust_vec$u8$set_len + 2680360
3   BraveCore                     	       0x1030ee5c8 cxxbridge1$rust_vec$u8$set_len + 2683052
4   BraveCore                     	       0x103894d20 operator new[](unsigned long, std::align_val_t) + 414240
5   BraveCore                     	       0x103897870 operator new[](unsigned long, std::align_val_t) + 425328
6   BraveCore                     	       0x10389748c operator new[](unsigned long, std::align_val_t) + 424332
7   BraveCore                     	       0x1038cc454 operator new[](unsigned long, std::align_val_t) + 641364
8   BraveCore                     	       0x10290f414 TabStripStaticSeparatorConstants.__deallocating_deinit + 6620
9   BraveCore                     	       0x1038cbd14 operator new[](unsigned long, std::align_val_t) + 639508
10  CoreFoundation                	       0x1998b4f4c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
11  CoreFoundation                	       0x1998b4ee0 __CFRunLoopDoSource0 + 176
12  CoreFoundation                	       0x1998b7b40 __CFRunLoopDoSources0 + 244
13  CoreFoundation                	       0x1998b6d3c __CFRunLoopRun + 840
14  CoreFoundation                	       0x199909284 CFRunLoopRunSpecific + 588
15  GraphicsServices              	       0x1e6b754c0 GSEventRunModal + 164
16  UIKitCore                     	       0x19c452674 -[UIApplication _run] + 816
17  UIKitCore                     	       0x19c078e88 UIApplicationMain + 340
18  UIKitCore                     	       0x19c7b515c 0x19c064000 + 7672156
19  Client                        	       0x100a96e6c 0x100a90000 + 28268
20  dyld                          	       0x1bfb61de8 start + 2724

Thread 1:
0   libsystem_pthread.dylib       	       0x22460246c start_wqthread + 0

I experienced the crash on similar call stack but it is a startup one. After crash, regardless whether to restore tab or not, it still crashes so basically I'm stuck in a startup crash loop.

[darkdh]

It's hitting DCHECK on my debug build with the same profile

[darkdh]

FWIW, my sync is disabled.
If I disable Brave news on Nightly build, it doesn't crash but if I enable news then it crashes and will be stuck in startup crash loop.

[darkdh]

moved above comments to #44484 since corrupted call stacks are probably all the same.