Bug 299635

Summary:	REGRESSION (300338@main): Null pointer crashes in WebFrameInspectorTargetProxy::disconnect()
Product:	WebKit	Reporter:	Yury Semikhatsky <yurys>
Component:	Web Inspector	Assignee:	Yury Semikhatsky <yurys>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	bburg, inspector-bugzilla-changes, qianlangchen, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Yury Semikhatsky

Reported 2025-09-26 14:38:08 PDT

We are seing the following crash because of null WebFrameProxy reference in WebFrameInspectorTargetProxy:

Attachments
Add attachment proposed patch, testcase, etc.

Yury Semikhatsky

Comment 1 2025-09-26 14:41:52 PDT

``` frame #6: 0x000077d74395fb06 libWPEWebKit-2.0.so.1`WebKit::WebFrameInspectorTargetProxy::disconnect() + 486 frame #7: 0x000077d744749bc3 libWPEWebKit-2.0.so.1`Inspector::InspectorTargetAgent::willDestroyFrontendAndBackend(Inspector::DisconnectReason) + 163 frame #8: 0x000077d74469251c libWPEWebKit-2.0.so.1`Inspector::AgentRegistry::willDestroyFrontendAndBackend(Inspector::DisconnectReason) + 44 frame #9: 0x000077d743965cf3 libWPEWebKit-2.0.so.1`WebKit::WebPageInspectorController::disconnectAllFrontends() + 35 frame #10: 0x000077d743965ab6 libWPEWebKit-2.0.so.1`WebKit::WebPageInspectorController::pageClosed() + 54 frame #11: 0x000077d743815df3 libWPEWebKit-2.0.so.1`WebKit::WebPageProxy::close() + 803 frame #12: 0x000077d7439105b1 libWPEWebKit-2.0.so.1`webkitWebViewDispose(_GObject*) + 417 frame #13: 0x000077d73e460ed1 libgobject-2.0.so.0`g_object_unref + 305 ``` It happens when inspected page is being closed after it crashed. In that case `destroyInspectorTarget` is not called here[1] because m_page is already null. [1] https://github.com/WebKit/WebKit/blob/1dbd421437f8d1929d74ae8bb8381c9e23b64702/Source/WebKit/UIProcess/WebFrameProxy.cpp#L128-L129

Yury Semikhatsky

Comment 2 2025-09-26 14:43:09 PDT

This started happening after https://github.com/WebKit/WebKit/pull/50623.

Yury Semikhatsky

Comment 3 2025-09-26 14:49:13 PDT

Pull request: https://github.com/WebKit/WebKit/pull/51409

Radar WebKit Bug Importer

Comment 4 2025-09-26 16:37:14 PDT

<rdar://problem/161445124>

Yury Semikhatsky

Comment 5 2025-09-29 09:59:18 PDT

Can be easily reproduced with playwright by running `npm run wtest -- tests/library/page-event-crash.spec.ts`, see the tests in https://github.com/microsoft/playwright/blob/main/tests/library/page-event-crash.spec.ts.

EWS

Comment 6 2025-09-29 17:50:53 PDT

Committed 300724@main (e38da632bbcf): <https://commits.webkit.org/300724@main> Reviewed commits have been landed. Closing PR #51409 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.