Crashing in BraveShieldsDataController::ClearAllResourcesList() toggling Block scripts

[stephendonner]

Description

Steps to Reproduce

1. install 1.38.32
2. launch Brave
3. open brave://flags/#brave-shields-v2
4. click on Default and set it to Enabled
5. click on the Relaunch button
6. load https://www.aol.com/news/
7. open a new window
8. load https://www.aol.com/news/ in the 2nd window
9. now, click on the new Shields icon in the URL bar
10. toggle Block scripts to ON
11. reload your 1st window
12. toggle Block scripts to OFF
13. keep repeating around this flow: 1) disable Shields in one window 2) refresh in other window 3) either repeat the same, or alternative windows, and repeat

Actual result:

Crashes, here:

[ 00 ] brave_shields::BraveShieldsDataController::ClearAllResourcesList()
[ 01 ] void content::WebContentsImpl::WebContentsObserverList::NotifyObservers<void (content::WebContentsObserver::*)(content::NavigationHandle*), content::NavigationHandle*&>(void (content::WebContentsObserver::*)(content::NavigationHandle*), content::NavigationHandle*&)
[ 02 ] <name omitted>
[ 03 ] content::NavigationRequest::~NavigationRequest()
[ 04 ] <name omitted>
[ 05 ] <name omitted>
[ 06 ] <name omitted>
[ 07 ] base::internal::Invoker<base::internal::BindState<void (content::RenderFrameHostImpl::*)(content::NavigationRequest*, mojo::StructPtr<content::mojom::DidCommitProvisionalLoadParams>, mojo::StructPtr<content::mojom::DidCommitProvisionalLoadInterfaceParams>), base::internal::UnretainedWrapper<content::RenderFrameHostImpl>, base::internal::UnretainedWrapper<content::NavigationRequest> >, void (mojo::StructPtr<content::mojom::DidCommitProvisionalLoadParams>, mojo::StructPtr<content::mojom::DidCommitProvisionalLoadInterfaceParams>)>::RunOnce(base::internal::BindStateBase*, mojo::StructPtr<content::mojom::DidCommitProvisionalLoadParams>&&, mojo::StructPtr<content::mojom::DidCommitProvisionalLoadInterfaceParams>&&)
[ 08 ] content::mojom::NavigationClient_CommitNavigation_ForwardToCallback::Accept(mojo::Message*)
[ 09 ] <name omitted>
[ 10 ] <name omitted>
[ 11 ] <name omitted>
[ 12 ] base::internal::Invoker<base::internal::BindState<void (mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy::*)(mojo::Message), scoped_refptr<mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy>, mojo::Message>, void ()>::RunOnce(base::internal::BindStateBase*)
[ 13 ] <name omitted>
[ 14 ] non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
[ 15 ] invocation function for block in base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
[ 16 ] base::mac::CallWithEHFrame(void () block_pointer)
[ 17 ] base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
[ 18 ] 0x7fff2096237c
[ 19 ] 0x7fff209622e4
[ 20 ] 0x7fff20962064
[ 21 ] 0x7fff20960a8c
[ 22 ] 0x7fff2096004c
[ 23 ] 0x7fff28ba8a83
[ 24 ] 0x7fff28ba87e5
[ 25 ] 0x7fff28ba8583
[ 26 ] 0x7fff23168d72
[ 27 ] 0x7fff23167545
[ 28 ] __71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke
[ 29 ] base::mac::CallWithEHFrame(void () block_pointer)
[ 30 ] -[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
[ 31 ] 0x7fff23159869
[ 32 ] base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*)
[ 33 ] base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
[ 34 ] <name omitted>
[ 35 ] <name omitted>
[ 36 ] <name omitted>
[ 37 ] content::BrowserMain(content::MainFunctionParams)
[ 38 ] content::RunBrowserProcessMain(content::MainFunctionParams, content::ContentMainDelegate*)
[ 39 ] <name omitted>
[ 40 ] <name omitted>
[ 41 ] content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*)
[ 42 ] content::ContentMain(content::ContentMainParams)
[ 43 ] ChromeMain
[ 44 ] main
[ 45 ] 0x7fff20885f3d

Expected result:

No crash

Reproduces how often:

100%, given time

Brave version (brave://version info)

Brave	1.38.32 Chromium: 99.0.4844.51 (Official Build) nightly (x86_64)
Revision	d537ec02474b5afe23684e7963d538896c63ac77-refs/branch-heads/4844@{#875}
OS	macOS Version 11.6.3 (Build 20G415)

Version/Channel Information:

• Can you reproduce this issue with the current release? no
• Can you reproduce this issue with the beta channel? no
• Can you reproduce this issue with the nightly channel? yes

cc @nullhook @rebron @pes10k @antonok-edm

[stephendonner]

@srirambv

[simonhong]

I suspect this crash also comes from same cause of #22224

[kjozwiak]

Above requires 1.38.102 or higher for 1.38.x verification.

[stephendonner]

Verified PASSED using

Brave	1.38.103 Chromium: 100.0.4896.127 (Official Build) beta (x86_64)
Revision	ff0d0695743e65305d7194f9bd309e5e1c824aa0-refs/branch-heads/4896_88@{#4}
OS	macOS Version 11.6.5 (Build 20G527)

Followed my original steps to reproduce and confirmed no crash using the above build.

---

Verification passed on

Brave	1.38.105 Chromium: 101.0.4951.41 (Official Build) (64-bit)
Revision	93c720db8323b3ec10d056025ab95c23a31997c9-refs/branch-heads/4951@{#904}
OS	Ubuntu 18.04 LTS

Followed my original steps to reproduce and confirmed no crash using the above build.

[MadhaviSeelam]

Verification PASSED on

Brave	1.38.106 Chromium: 101.0.4951.41 (Official Build) (64-bit)
Revision	93c720db8323b3ec10d056025ab95c23a31997c9-refs/branch-heads/4951@{#904}
OS	Windows 11 Version 21H2 (Build 22000.613)

Followed steps from the bug and confirmed no crashes using the above build