281226 2024-10-10 08:11:30 -0700 REGRESSION(186594@main) Web Inspector: Crash SIGSEGV in g_type_check_instance_is_fundamentally_a 2024-10-14 01:53:49 -0700 1 1 1 Unclassified WebKit Web Inspector WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=281298 DoNotImportToRadar P2 Normal --- 1 psaavedra webkit-unassigned inspector-bugzilla-changes oldest_to_newest 2066904 0 psaavedra 2024-10-10 08:11:30 -0700 While using the Web Remote Inspector in WPEWebKit enabled via `WEBKIT_INSPECTOR_SERVER=0.0.0.0:11311`, the program terminates with a segmentation fault. Below are the details of the issue and backtrace. #### **Steps to Reproduce:** 1. Set the environment variable to enable the Web Inspector: ```bash export WEBKIT_INSPECTOR_SERVER=0.0.0.0:11311 ``` 2. Launch WPEWebKit: ```bash wpe-launcher https://wpewebkit.org ``` #### **Observed Behavior:** The program crashes with the following error: ``` Core was generated by `wpe-launcher https://wpewebkit.org'. Program terminated with signal SIGSEGV, Segmentation fault. #0 g_type_check_instance_is_fundamentally_a (type_instance=type_instance@entry=0xaaab0115c1c0, fundamental_type=fundamental_type@entry=80) at /usr/src/debug/glib-2.0/1_2.78.1-r0/gobject/gtype.c:4184 4184 node = lookup_type_node_I (type_instance->g_class->g_type); [Current thread is 1 (LWP 1480)] ``` ``` #0 g_type_check_instance_is_fundamentally_a (type_instance=type_instance@entry=0xaaab0115c1c0, fundamental_type=fundamental_type@entry=80) at /usr/src/debug/glib-2.0/1_2.78.1-r0/gobject/gtype.c:4184 #1 0x0000ffffaa25db7c in g_object_unref (_object=0xaaab0115c1c0) at /usr/src/debug/glib-2.0/1_2.78.1-r0/gobject/gobject.c:3810 #2 0x0000ffffabf6af28 in std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<Inspector::backendCommands()::{lambda()#1}>(std::once_flag&, Inspector::backendCommands()::{lambda()#1}&&)::{lambda()#1}>(Inspector::backendCommands()::{lambda()#1}&)::{lambda()#1}::_FUN() () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0 #3 0x0000ffffaa113c30 in __pthread_once_slow (once_control=0xffffb0a42dd0 <Inspector::backendCommands()::flag>, init_routine=0xffffa80b61b0 <std::__once_proxy()>) at pthread_once.c:116 #4 0x0000ffffabf6b02c in Inspector::backendCommands() () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0 #5 0x0000ffffabf6b154 in Inspector::backendCommandsHash() () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0 #6 0x0000ffffabf6452c in Inspector::RemoteInspectorServer::setupInspectorClient(WTF::SocketConnection&, char const*) () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0 #7 0x0000ffffabf64718 in Inspector::RemoteInspectorServer::messageHandlers()::{lambda(WTF::SocketConnection&, _GVariant*, void*)#3}::_FUN(WTF::SocketConnection&, _GVariant*, void*) () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0 #8 0x0000ffffac9cf938 in WTF::SocketConnection::readMessage() () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0 #9 0x0000ffffac9cfb18 in WTF::SocketConnection::read() () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0 #10 0x0000ffffac9cfc58 in WTF::Detail::CallableWrapper<WTF::SocketConnection::SocketConnection(WTF::GRefPtr<_GSocketConnection>&&, WTF::HashMap<WTF::CString, std::pair<WTF::CString, void (*)(WTF::SocketConnection&, _GVariant*, void*)>, WTF::DefaultHash<WTF::CString>, WTF::HashTraits<WTF::CString>, WTF::HashTraits<std::pair<WTF::CString, void (*)(WTF::SocketConnection&, _GVariant*, void*)> >, WTF::HashTableTraits> const&, void*)::{lambda(GIOCondition)#1}, int, GIOCondition>::call(GIOCondition) () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0 #11 0x0000ffffa9a170c0 in socket_source_dispatch (source=0xaaab01161b50, callback=0xffffac9cccf0 <WTF::GSocketMonitor::socketSourceCallback(_GSocket*, GIOCondition, WTF::GSocketMonitor*)>, user_data=0xffff9b02c5b0) at /usr/src/debug/glib-2.0/1_2.78.1-r0/gio/gsocket.c:4072 #12 0x0000ffffb0b5a138 in g_main_dispatch (context=context@entry=0xaaab0106a6c0) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:3476 #13 0x0000ffffb0b5dc44 in g_main_context_dispatch_unlocked (context=0xaaab0106a6c0) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:4284 #14 g_main_context_iterate_unlocked (context=0xaaab0106a6c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:4349 #15 0x0000ffffb0b5e740 in g_main_loop_run (loop=loop@entry=0xaaab01078d00) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:4551 #16 0x0000aaaad8ce2250 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/wpe-bare-app/git-r0/wpe-bare-app.c:123 ``` The crash appears to occur after trying to interact with the Web Inspector resources: ``` recvfrom(30, "\0\0\0>\1SetupInspectorClient\00047ABA4"..., 4096, 0, NULL, NULL) = 67 openat(AT_FDCWD, "/usr/share/wpe-webkit-2.0/inspector.gresource", O_RDONLY|O_CLOEXEC) = 31 newfstatat(31, "", {st_mode=S_IFREG|0644, st_size=1367398, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 1367398, PROT_READ, MAP_PRIVATE, 31, 0) = 0xffff60682000 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xaaa000000002} --- Segmentation fault (core dumped) ``` The `/usr/share/wpe-webkit-2.0/inspector.gresource` file exists and appears to be loaded correctly: ``` # ls -l /usr/share/wpe-webkit-2.0/inspector.gresource -rw-r--r-- 1 root root 1367398 Oct 10 13:26 /usr/share/wpe-webkit-2.0/inspector.gresource ``` #### **Expected Behavior:** Launch the Remote Web Inspector without crashing. #### **Additional Notes:** - WPEWebKit version: upstream - GLib version: 2.78.1 - The crash seems to occur within the `g_type_check_instance_is_fundamentally_a` function in GLib, when handling a type instance. - This is related to this change: 8ceb1da47e75 [WPE] Pack inspector resources in a .gresource file instead of a shared library https://bugs.webkit.org/show_bug.cgi?id=186594 2067688 1 psaavedra 2024-10-14 01:53:22 -0700 Fixed in https://bugs.webkit.org/show_bug.cgi?id=281298