NEW 243848
ASSERTION FAILED isBaselinePosition(preference) in WebCore::GridBaselineAlignment::updateBaselineAlignmentContext 
https://bugs.webkit.org/show_bug.cgi?id=243848
Summary ASSERTION FAILED isBaselinePosition(preference) in WebCore::GridBaselineAlign...
Renata Hodovan
Reported 2022-08-11 14:29:21 PDT
WebKit revision: r295779 OS: Linux-5.4.0-122-generic-x86_64-with-glibc2.29 Build command: Tools/Scripts/build-webkit --gtk --debug SUT: MiniBrowser, WebKitTestRunner Fuzzer: Grammarinator (https://github.com/renatahodovan/grammarinator) Test: <style> * { display : grid ; place-items : baseline ; grid-template-rows : subgrid ; } html { align-items : center ; } </style> Backtrace: ASSERTION FAILED: isBaselinePosition(preference) /app/webkit/Source/WebCore/rendering/GridBaselineAlignment.cpp(121) : void WebCore::GridBaselineAlignment::updateBaselineAlignmentContext(WebCore::ItemPosition, unsigned int, const WebCore::RenderBox&, WebCore::GridAxis) 1 0x7f31bb9dd5e1 WTFCrash 2 0x7f31bf1d0586 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe3f586) [0x7f31bf1d0586] 3 0x7f31c47d28ca /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64418ca) [0x7f31c47d28ca] 4 0x7f31c47f76d9 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64666d9) [0x7f31c47f76d9] 5 0x7f31c47faaeb /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6469aeb) [0x7f31c47faaeb] 6 0x7f31c47fa94b /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x646994b) [0x7f31c47fa94b] 7 0x7f31c497faf2 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65eeaf2) [0x7f31c497faf2] 8 0x7f31c4980473 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65ef473) [0x7f31c4980473] 9 0x7f31c4886b43 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64f5b43) [0x7f31c4886b43] 10 0x7f31c4899d02 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6508d02) [0x7f31c4899d02] 11 0x7f31c48997b5 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65087b5) [0x7f31c48997b5] 12 0x7f31c4898c44 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6507c44) [0x7f31c4898c44] 13 0x7f31c4886b43 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64f5b43) [0x7f31c4886b43] 14 0x7f31c4899d02 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6508d02) [0x7f31c4899d02] 15 0x7f31c48997b5 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65087b5) [0x7f31c48997b5] 16 0x7f31c4898c44 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6507c44) [0x7f31c4898c44] 17 0x7f31c4886b43 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64f5b43) [0x7f31c4886b43] 18 0x7f31c4b0abf6 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6779bf6) [0x7f31c4b0abf6] 19 0x7f31c4103702 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5d72702) [0x7f31c4103702] 20 0x7f31c4102eb0 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5d71eb0) [0x7f31c4102eb0] 21 0x7f31c33a4c2b /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5013c2b) [0x7f31c33a4c2b] 22 0x7f31c3ecfa21 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5b3ea21) [0x7f31c3ecfa21] 23 0x7f31c3ecf75a /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5b3e75a) [0x7f31c3ecf75a] 24 0x7f31c3ecf37b /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5b3e37b) [0x7f31c3ecf37b] 25 0x7f31c33b478c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x502378c) [0x7f31c33b478c] 26 0x7f31c3a77443 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56e6443) [0x7f31c3a77443] 27 0x7f31c3ab4d4c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5723d4c) [0x7f31c3ab4d4c] 28 0x7f31c3a7c06c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb06c) [0x7f31c3a7c06c] 29 0x7f31c3a7c19c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb19c) [0x7f31c3a7c19c] 30 0x7f31c3a7aab6 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56e9ab6) [0x7f31c3a7aab6] 31 0x7f31c3a7c1d7 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb1d7) [0x7f31c3a7c1d7] WebKitWebProcess terminated (pid 24) for reason: crash #CRASHED - WebKitWebProcess (pid 24) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
Test (136 bytes, text/html)
2022-08-11 14:33 PDT, Renata Hodovan 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Renata Hodovan
Comment 1 2022-08-11 14:33:31 PDT
Created attachment 461546 [details] Test
Radar WebKit Bug Importer
Comment 2 2022-08-18 14:30:22 PDT
<rdar://problem/98851021>
Rob Buis
Comment 3 2023-01-19 03:44:57 PST
Still happens in trunk.
Rob Buis
Comment 4 2023-01-23 09:21:19 PST
(In reply to Rob Buis from comment #3) > Still happens in trunk. But no crash using Release ASAN.
Rob Buis
Comment 5 2023-01-23 09:21:24 PST
(In reply to Rob Buis from comment #3) > Still happens in trunk. But no crash using Release ASAN.
Fujii Hironori
Comment 6 2024-09-09 21:22:06 PDT
I observe the following assertion failure for attachment#461546 [details] with Windows port Debug build 283365@main. ASSERTION FAILED: baselineAxis == GridAxis::GridColumnAxis => !m_renderGrid->isSubgridRows() C:\webkit\wc\Source\WebCore\rendering/GridTrackSizingAlgorithm.cpp(1221) : LayoutUnit WebCore::GridTrackSizingAlgorithm::baselineOffsetForGridItem(const RenderBox &, GridAxis) const 1 00007FFDC1ADA831 WebCore::GridTrackSizingAlgorithm::baselineOffsetForGridItem 2 00007FFDC1AD7E4F WebCore::GridTrackSizingAlgorithmStrategy::minContributionForGridItem 3 00007FFDC1AD77C0 WebCore::GridTrackSizingAlgorithm::sizeTrackToFitNonSpanningItem 4 00007FFDC1ADE72F WebCore::GridTrackSizingAlgorithm::accumulateIntrinsicSizesForTrack::<lambda_0>::operator() 5 00007FFDC1ADE200 WebCore::GridTrackSizingAlgorithm::accumulateIntrinsicSizesForTrack 6 00007FFDC1ADF1DE WebCore::GridTrackSizingAlgorithm::resolveIntrinsicTrackSizes 7 00007FFDC1AE0E54 WebCore::GridTrackSizingAlgorithm::run 8 00007FFDC1C67778 WebCore::RenderGrid::computeTrackSizesForIndefiniteSize 9 00007FFDC1C65BD1 WebCore::RenderGrid::layoutGrid 10 00007FFDC1C6579E WebCore::RenderGrid::layoutBlock 11 00007FFDC1B5821F WebCore::RenderBlock::layout 12 00007FFDC1C10429 WebCore::RenderElement::layoutIfNeeded 13 00007FFDC1C6769C WebCore::RenderGrid::performPreLayoutForGridItems 14 00007FFDC1C68FA5 WebCore::RenderGrid::computeIntrinsicLogicalWidths 15 00007FFDC1B68657 WebCore::RenderBlock::computePreferredLogicalWidths 16 00007FFDC1B929F9 WebCore::RenderBox::maxPreferredLogicalWidth 17 00007FFDC1B8ED67 WebCore::RenderBox::computeLogicalWidthInFragmentUsing 18 00007FFDC1B5ADBE WebCore::RenderBox::computeLogicalWidthInFragment 19 00007FFDC1B9A940 WebCore::RenderBox::updateLogicalWidth 20 00007FFDC1C6ADE7 WebCore::RenderGrid::placeItems 21 00007FFDC1C6B49A WebCore::insertIntoGrid 22 00007FFDC1C6C67E WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid 23 00007FFDC1C6BF8C WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid 24 00007FFDC1C6B516 WebCore::RenderGrid::placeItemsOnGrid::<lambda_0>::operator() 25 00007FFDC1C6732A WebCore::RenderGrid::placeItemsOnGrid 26 00007FFDC1C65AA1 WebCore::RenderGrid::layoutGrid 27 00007FFDC1C6579E WebCore::RenderGrid::layoutBlock 28 00007FFDC1B5821F WebCore::RenderBlock::layout 29 00007FFDC1B785F7 WebCore::RenderBlockFlow::layoutBlockChild 30 00007FFDC1B778A9 WebCore::RenderBlockFlow::layoutBlockChildren 31 00007FFDC1B766D6 WebCore::RenderBlockFlow::layoutInFlowChildren Exception thrown at 0x00007FFDBC702BF5 (JavaScriptCore.dll) in WebKitWebProcess.exe: 0xC0000005: Access violation writing location 0x00000000BBADBEEF.
Note You need to log in before you can comment on or make changes to this bug.