Bug 243848

Summary:

ASSERTION FAILED isBaselinePosition(preference) in WebCore::GridBaselineAlignment::updateBaselineAlignmentContext

Product:

WebKit

Reporter:

Renata Hodovan <hodovan>

Component:

Layout and Rendering

Assignee:

Nobody <webkit-unassigned>

Status:

NEW ---

Severity:

Normal

CC:

bfulgham, rbuis, simon.fraser, webkit-bug-importer, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

116980

Attachments:

Description	Flags
Test	none

Description Renata Hodovan 2022-08-11 14:29:21 PDT

WebKit revision: r295779
OS: Linux-5.4.0-122-generic-x86_64-with-glibc2.29
Build command: Tools/Scripts/build-webkit --gtk --debug
SUT: MiniBrowser, WebKitTestRunner
Fuzzer: Grammarinator (https://github.com/renatahodovan/grammarinator)

Test:

<style>
* {
  display : grid ;
  place-items : baseline ;
  grid-template-rows : subgrid ;
}
html {
  align-items : center ;
}
</style>


Backtrace:

ASSERTION FAILED: isBaselinePosition(preference)
/app/webkit/Source/WebCore/rendering/GridBaselineAlignment.cpp(121) : void WebCore::GridBaselineAlignment::updateBaselineAlignmentContext(WebCore::ItemPosition, unsigned int, const WebCore::RenderBox&, WebCore::GridAxis)
1   0x7f31bb9dd5e1 WTFCrash
2   0x7f31bf1d0586 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe3f586) [0x7f31bf1d0586]
3   0x7f31c47d28ca /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64418ca) [0x7f31c47d28ca]
4   0x7f31c47f76d9 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64666d9) [0x7f31c47f76d9]
5   0x7f31c47faaeb /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6469aeb) [0x7f31c47faaeb]
6   0x7f31c47fa94b /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x646994b) [0x7f31c47fa94b]
7   0x7f31c497faf2 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65eeaf2) [0x7f31c497faf2]
8   0x7f31c4980473 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65ef473) [0x7f31c4980473]
9   0x7f31c4886b43 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64f5b43) [0x7f31c4886b43]
10  0x7f31c4899d02 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6508d02) [0x7f31c4899d02]
11  0x7f31c48997b5 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65087b5) [0x7f31c48997b5]
12  0x7f31c4898c44 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6507c44) [0x7f31c4898c44]
13  0x7f31c4886b43 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64f5b43) [0x7f31c4886b43]
14  0x7f31c4899d02 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6508d02) [0x7f31c4899d02]
15  0x7f31c48997b5 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65087b5) [0x7f31c48997b5]
16  0x7f31c4898c44 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6507c44) [0x7f31c4898c44]
17  0x7f31c4886b43 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64f5b43) [0x7f31c4886b43]
18  0x7f31c4b0abf6 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6779bf6) [0x7f31c4b0abf6]
19  0x7f31c4103702 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5d72702) [0x7f31c4103702]
20  0x7f31c4102eb0 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5d71eb0) [0x7f31c4102eb0]
21  0x7f31c33a4c2b /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5013c2b) [0x7f31c33a4c2b]
22  0x7f31c3ecfa21 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5b3ea21) [0x7f31c3ecfa21]
23  0x7f31c3ecf75a /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5b3e75a) [0x7f31c3ecf75a]
24  0x7f31c3ecf37b /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5b3e37b) [0x7f31c3ecf37b]
25  0x7f31c33b478c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x502378c) [0x7f31c33b478c]
26  0x7f31c3a77443 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56e6443) [0x7f31c3a77443]
27  0x7f31c3ab4d4c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5723d4c) [0x7f31c3ab4d4c]
28  0x7f31c3a7c06c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb06c) [0x7f31c3a7c06c]
29  0x7f31c3a7c19c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb19c) [0x7f31c3a7c19c]
30  0x7f31c3a7aab6 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56e9ab6) [0x7f31c3a7aab6]
31  0x7f31c3a7c1d7 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb1d7) [0x7f31c3a7c1d7]
WebKitWebProcess terminated (pid 24) for reason: crash
#CRASHED - WebKitWebProcess (pid 24)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy

Comment 1 Renata Hodovan 2022-08-11 14:33:31 PDT

Created attachment 461546 [details]
Test

Comment 2 Radar WebKit Bug Importer 2022-08-18 14:30:22 PDT

<rdar://problem/98851021>

Comment 3 Rob Buis 2023-01-19 03:44:57 PST

Still happens in trunk.

Comment 4 Rob Buis 2023-01-23 09:21:19 PST

(In reply to Rob Buis from comment #3)
> Still happens in trunk.

But no crash using Release ASAN.

Comment 5 Rob Buis 2023-01-23 09:21:24 PST

(In reply to Rob Buis from comment #3)
> Still happens in trunk.

But no crash using Release ASAN.