WebKit revision: r295779 OS: Linux-5.4.0-122-generic-x86_64-with-glibc2.29 Build command: Tools/Scripts/build-webkit --gtk --debug SUT: MiniBrowser, WebKitTestRunner Fuzzer: Grammarinator (https://github.com/renatahodovan/grammarinator) Test: <style></style> <ins> <q></q> <q></q> <style> * { display : contents ; container-type : size ; } </style> Backtrace: ASSERTION FAILED: !lastQuote || m_updater.m_builder.hasBrokenContinuation() /app/webkit/Source/WebCore/rendering/updating/RenderTreeUpdaterGeneratedContent.cpp(69) : void WebCore::RenderTreeUpdater::GeneratedContent::updateQuotesUpTo(WebCore::RenderQuote*) 1 0x7fe0898255e1 WTFCrash 2 0x7fe08d018586 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe3f586) [0x7fe08d018586] 3 0x7fe092ad89cd /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x68ff9cd) [0x7fe092ad89cd] 4 0x7fe092ad93a3 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x69003a3) [0x7fe092ad93a3] 5 0x7fe092ad66c7 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x68fd6c7) [0x7fe092ad66c7] 6 0x7fe092ad6537 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x68fd537) [0x7fe092ad6537] 7 0x7fe092ad635c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x68fd35c) [0x7fe092ad635c] 8 0x7fe092ad5c31 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x68fcc31) [0x7fe092ad5c31] 9 0x7fe0911e6de9 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x500dde9) [0x7fe0911e6de9] 10 0x7fe0911e73e3 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x500e3e3) [0x7fe0911e73e3] 11 0x7fe0911e7cdb WebCore::Document::updateStyleIfNeeded() 12 0x7fe0911fc770 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5023770) [0x7fe0911fc770] 13 0x7fe0918bf443 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56e6443) [0x7fe0918bf443] 14 0x7fe0918fcd4c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5723d4c) [0x7fe0918fcd4c] 15 0x7fe0918c406c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb06c) [0x7fe0918c406c] 16 0x7fe0918c419c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb19c) [0x7fe0918c419c] 17 0x7fe0918c2ab6 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56e9ab6) [0x7fe0918c2ab6] 18 0x7fe0918c41d7 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb1d7) [0x7fe0918c41d7] 19 0x7fe0918c4287 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb287) [0x7fe0918c4287] 20 0x7fe091cd9f62 WebCore::DocumentWriter::end() 21 0x7fe091cc688b /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5aed88b) [0x7fe091cc688b] 22 0x7fe091cc62cf WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&) 23 0x7fe091e0ba5f /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5c32a5f) [0x7fe091e0ba5f] 24 0x7fe091e0bbc7 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5c32bc7) [0x7fe091e0bbc7] 25 0x7fe091e072dd /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5c2e2dd) [0x7fe091e072dd] 26 0x7fe091d9d331 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5bc4331) [0x7fe091d9d331] 27 0x7fe08e60c3c7 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x24333c7) [0x7fe08e60c3c7] 28 0x7fe08d622a91 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x1449a91) [0x7fe08d622a91] 29 0x7fe08d6217ce /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x14487ce) [0x7fe08d6217ce] 30 0x7fe08d620ab2 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x1447ab2) [0x7fe08d620ab2] 31 0x7fe08d61ffde /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x1446fde) [0x7fe08d61ffde] WebKitWebProcess terminated (pid 24) for reason: crash #CRASHED - WebKitWebProcess (pid 24) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Created attachment 461548 [details] Test
<rdar://problem/98852898>
I did some investigation and I believe the ASSERT is a false positive. It does trigger any failures with ASAN enabled and the logic reads to me like the ASSERT is only for debugging purposes.
(In reply to Patrick Griffis from comment #3) > It does trigger any failures with ASAN enabled Does not*