RELEASE ASSERT: http/tests/security/contentSecurityPolicy/multipart-three-part.py is a flaky crash by cdumez · Pull Request #64646 · WebKit/WebKit

cdumez · 2026-05-11T00:39:45Z

`071edf4`

RELEASE ASSERT: http/tests/security/contentSecurityPolicy/multipart-three-part.py is a flaky crash
https://bugs.webkit.org/show_bug.cgi?id=314243
rdar://169360779

Reviewed by Brent Fulgham and Brady Eidson.

http/tests/security/contentSecurityPolicy/multipart-three-part.py is
flaky because NetworkResourceLoader::didReceiveResponse() sometimes
overwrites m_responseCompletionHandler before the previous one has been
called, hitting the CompletionHandler destructor assertion.

For a multipart/x-mixed-replace main resource, the network layer can
deliver follow-up parts via didReceiveResponse() before the WebProcess
has answered ContinueDidReceiveResponse for the first part. The first
part's round-trip is async because it goes through
DocumentLoader::responseReceived() -> checkContentPolicy(), which IPCs
to the UIProcess. Assigning the new completion handler over the still-
pending one destroyed it without invoking it, asserting in
CompletionHandler's destructor.

Replace the single m_responseCompletionHandler with a Deque so each
incoming response queues its own handler, and each ContinueDidReceive-
Response IPC drains the front of the queue. This mirrors the WebProcess
flow (it processes each part in order, sending one ContinueDidReceive-
Response per approved part), so per-part validation is preserved. On
loader teardown / convertToDownload, any remaining handlers are drained
with PolicyAction::Ignore.

No new tests, covered by existing test.

* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::~NetworkResourceLoader):
(WebKit::NetworkResourceLoader::convertToDownload):
(WebKit::NetworkResourceLoader::transferToNewWebProcess):
(WebKit::NetworkResourceLoader::didReceiveResponse):
(WebKit::NetworkResourceLoader::continueDidReceiveResponse):
* Source/WebKit/NetworkProcess/NetworkResourceLoader.h:

Canonical link: https://commits.webkit.org/313118@main

67dff1a

Misc	iOS, visionOS, tvOS & watchOS	macOS	Linux	Windows	Apple Internal
✅ 🧪 style	✅ 🛠 ios	✅ 🛠 mac	✅ 🛠 wpe	✅ 🛠 win	🛠 ios-apple
	✅ 🛠 ios-sim	✅ 🛠 mac-AS-debug	✅ 🧪 wpe-wk2	❌ 🧪 win-tests	⏳ 🛠 mac-apple
✅ 🧪 webkitperl	✅ 🧪 ios-wk2	✅ 🧪 api-mac	✅ 🧪 api-wpe		⏳ 🛠 vision-apple
	✅ 🧪 ios-wk2-wpt	✅ 🧪 api-mac-debug	✅ 🛠 gtk3-libwebrtc
	✅ 🧪 api-ios		✅ 🛠 gtk
	✅ 🛠 ios-safer-cpp	✅ 🧪 mac-wk2	✅ 🧪 gtk-wk2
	✅ 🛠 vision	✅ 🧪 mac-AS-debug-wk2	✅ 🧪 api-gtk
	✅ 🛠 vision-sim	✅ 🧪 mac-wk2-stress	✅ 🛠 playstation
✅ 🛠 🧪 unsafe-merge	✅ 🧪 vision-wk2	✅ 🧪 mac-intel-wk2
	✅ 🛠 tv	✅ 🛠 mac-safer-cpp
	✅ 🛠 tv-sim
	✅ 🛠 watch
	✅ 🛠 watch-sim

webkit-early-warning-system · 2026-05-11T00:39:53Z

EWS run on previous version of this PR (hash 686699e)

Details

Misc	iOS, visionOS, tvOS & watchOS	macOS	Linux	Windows	Apple Internal
✅ 🧪 style	✅ 🛠 ios	✅ 🛠 mac	✅ 🛠 wpe	✅ 🛠 win	✅ 🛠 ios-apple
	✅ 🛠 ios-sim	✅ 🛠 mac-AS-debug	✅ 🧪 wpe-wk2	❌ 🧪 win-tests	✅ 🛠 mac-apple
✅ 🧪 webkitperl	✅ 🧪 ios-wk2	✅ 🧪 api-mac	✅ 🧪 api-wpe		❌ 🛠 vision-apple
	✅ 🧪 ios-wk2-wpt	~~🧪 api-mac-debug~~	✅ 🛠 gtk3-libwebrtc
	✅ 🧪 api-ios		✅ 🛠 gtk
	✅ 🛠 ios-safer-cpp	✅ 🧪 mac-wk2	✅ 🧪 gtk-wk2
	✅ 🛠 vision	✅ 🧪 mac-AS-debug-wk2	✅ 🧪 api-gtk
	✅ 🛠 vision-sim	✅ 🧪 mac-wk2-stress	✅ 🛠 playstation
	✅ 🧪 vision-wk2	✅ 🧪 mac-intel-wk2
	✅ 🛠 tv	✅ 🛠 mac-safer-cpp
	✅ 🛠 tv-sim
	✅ 🛠 watch
	✅ 🛠 watch-sim

webkit-early-warning-system · 2026-05-12T01:32:15Z

EWS run on previous version of this PR (hash 7c3e2a7)

Details

Misc	iOS, visionOS, tvOS & watchOS	macOS	Linux	Windows	Apple Internal
✅ 🧪 style	✅ 🛠 ios	✅ 🛠 mac	✅ 🛠 wpe	✅ 🛠 win	⏳ 🛠 ios-apple
	✅ 🛠 ios-sim	✅ 🛠 mac-AS-debug	✅ 🧪 wpe-wk2	~~🧪 win-tests~~	⏳ 🛠 mac-apple
✅ 🧪 webkitperl	❌ 🧪 ios-wk2	✅ 🧪 api-mac	✅ 🧪 api-wpe		⏳ 🛠 vision-apple
	❌ 🧪 ios-wk2-wpt	✅ 🧪 api-mac-debug	✅ 🛠 gtk3-libwebrtc
	~~🧪 api-ios~~		✅ 🛠 gtk
	✅ 🛠 ios-safer-cpp	✅ 🧪 mac-wk2	🧪 gtk-wk2
	✅ 🛠 vision	✅ 🧪 mac-AS-debug-wk2	✅ 🧪 api-gtk
	✅ 🛠 vision-sim	✅ 🧪 mac-wk2-stress	✅ 🛠 playstation
	✅ 🧪 vision-wk2	✅ 🧪 mac-intel-wk2
	✅ 🛠 tv	✅ 🛠 mac-safer-cpp
	✅ 🛠 tv-sim
	✅ 🛠 watch
	✅ 🛠 watch-sim

webkit-early-warning-system · 2026-05-12T10:37:34Z

EWS run on previous version of this PR (hash f9b30dc)

Details

Misc	iOS, visionOS, tvOS & watchOS	macOS	Linux	Windows	Apple Internal
✅ 🧪 style	✅ 🛠 ios	✅ 🛠 mac	✅ 🛠 wpe	~~🛠 win~~	⏳ 🛠 ios-apple
	✅ 🛠 ios-sim	✅ 🛠 mac-AS-debug	~~🧪 wpe-wk2~~	~~🧪 win-tests~~	⏳ 🛠 mac-apple
✅ 🧪 webkitperl	✅ 🧪 ios-wk2	~~🧪 api-mac~~	✅ 🧪 api-wpe		⏳ 🛠 vision-apple
	~~🧪 ios-wk2-wpt~~	~~🧪 api-mac-debug~~	✅ 🛠 gtk3-libwebrtc
	~~🧪 api-ios~~		✅ 🛠 gtk
	✅ 🛠 ios-safer-cpp	✅ 🧪 mac-wk2	~~🧪 gtk-wk2~~
	✅ 🛠 vision	✅ 🧪 mac-AS-debug-wk2	~~🧪 api-gtk~~
	❌ 🛠 vision-sim	✅ 🧪 mac-wk2-stress	✅ 🛠 playstation
	❌ 🧪 vision-wk2	✅ 🧪 mac-intel-wk2
	❌ 🛠 tv	✅ 🛠 mac-safer-cpp
	❌ 🛠 tv-sim
	❌ 🛠 watch
	✅ 🛠 watch-sim

webkit-early-warning-system · 2026-05-12T10:57:19Z

EWS run on current version of this PR (hash 67dff1a)

Details

Misc	iOS, visionOS, tvOS & watchOS	macOS	Linux	Windows	Apple Internal
✅ 🧪 style	✅ 🛠 ios	✅ 🛠 mac	✅ 🛠 wpe	✅ 🛠 win	🛠 ios-apple
	✅ 🛠 ios-sim	✅ 🛠 mac-AS-debug	✅ 🧪 wpe-wk2	❌ 🧪 win-tests	⏳ 🛠 mac-apple
✅ 🧪 webkitperl	✅ 🧪 ios-wk2	✅ 🧪 api-mac	✅ 🧪 api-wpe		⏳ 🛠 vision-apple
	✅ 🧪 ios-wk2-wpt	✅ 🧪 api-mac-debug	✅ 🛠 gtk3-libwebrtc
	✅ 🧪 api-ios		✅ 🛠 gtk
	✅ 🛠 ios-safer-cpp	✅ 🧪 mac-wk2	✅ 🧪 gtk-wk2
	✅ 🛠 vision	✅ 🧪 mac-AS-debug-wk2	✅ 🧪 api-gtk
	✅ 🛠 vision-sim	✅ 🧪 mac-wk2-stress	✅ 🛠 playstation
✅ 🛠 🧪 unsafe-merge	✅ 🧪 vision-wk2	✅ 🧪 mac-intel-wk2
	✅ 🛠 tv	✅ 🛠 mac-safer-cpp
	✅ 🛠 tv-sim
	✅ 🛠 watch
	✅ 🛠 watch-sim

brentfulgham · 2026-05-12T17:02:43Z

Looks like a Swift failure on watchOS:

mulator/usr/local/include/pal/ExportMacros.h:32:
#include <wtf/ExportMacros.h>
<module-includes>:38:9: note: in file included from <module-includes>:38:
#import "./AbstractRefCountedAndCanMakeWeakPtr.h"
/Volumes/Data/worker/watchOS-26-Simulator-Build-EWS/build/WebKitBuild/Release-watchsimulator/usr/local/include/wtf/./AbstractRefCountedAndCanMakeWeakPtr.h:29:10: note: in file included from /Volumes/Data/worker/watchOS-26-Simulator-Build-EWS/build/WebKitBuild/Release-watchsimulator/usr/local/include/wtf/./AbstractRefCountedAndCanMakeWeakPtr.h:29:
#include <wtf/CanMakeWeakPtr.h>
/Volumes/Data/worker/watchOS-26-Simulator-Build-EWS/build/WebKitBuild/Release-watchsimulator/usr/local/include/wtf/CanMakeWeakPtr.h:29:10: note: in file included from /Volumes/Data/worker/watchOS-26-Simulator-Build-EWS/build/WebKitBuild/Release-watchsimulator/usr/local/include/wtf/CanMakeWeakPtr.h:29:
#include <wtf/CompactRefPtrTuple.h>
/Volumes/Data/worker/watchOS-26-Simulator-Build-EWS/build/WebKitBuild/Release-watchsimulator/usr/local/include/wtf/CompactRefPtrTuple.h:28:10: note: in file included from /Volumes/Data/worker/watchOS-26-Simulator-Build-EWS/build/WebKitBuild/Release-watchsimulator/usr/local/include/wtf/CompactRefPtrTuple.h:28:
#include <wtf/CompactPointerTuple.h>
/Volumes/Data/worker/watchOS-26-Simulator-Build-EWS/build/WebKitBuild/Release-watchsimulator/usr/local/include/wtf/CompactPointerTuple.h:31:10: note: in file included from /Volumes/Data/worker/watchOS-26-Simulator-Build-EWS/build/WebKitBuild/Release-watchsimulator/usr/local/include/wtf/CompactPointerTuple.h:31:
#include <wtf/FastMalloc.h>
/Volumes/Data/worker/watchOS-26-Simulator-Build-EWS/build/WebKitBuild/Release-watchsimulator/usr/local/include/wtf/FastMalloc.h:23:10: error: could not build module 'bmalloc'
#include <bmalloc/BPlatform.h>
<module-includes>:1:9: note: in file included from <module-includes>:1:
#import "ExportMacros.h"
/Volumes/Data/worker/watchOS-26-Simulator-Build-EWS/build/WebKitBuild/Release-watchsimulator/usr/local/include/pal/ExportMacros.h:32:10: error: could not build module 'wtf'
#include <wtf/ExportMacros.h>
/Volumes/Data/worker/watchOS-26-Simulator-Build-EWS/build/Source/WebCore/PAL/pal/crypto/CryptoKit+UnsafeOverlays.swift:26:8: error: could not build Objective-C module 'pal'
import pal.Core.crypto.CryptoTypes
SwiftCompile CryptoKit+UnsafeOverlays.swift
<unknown>:0: warning: unknown warning group: 'ForeignReferenceType' [#UnknownWarningGroup]
<unknown>:0: warning: unknown warning group: 'ForeignReferenceType' [#UnknownWarningGroup]
SwiftCompile CryptoKit+UnsafeOverlays.swift
CompilationCacheMetrics

brentfulgham

r=me!

brentfulgham · 2026-05-12T22:25:14Z

-    if (m_responseCompletionHandler)
-        m_responseCompletionHandler(PolicyAction::Use);
+    if (!m_responseCompletionHandlers.isEmpty())
+        m_responseCompletionHandlers.takeFirst()(PolicyAction::Use);


I do wonder if we will ever need to move to a model where we get a specific completion handler to match with a specific response. But I think this is correct (and certainly an improvement over existing).

…hree-part.py is a flaky crash https://bugs.webkit.org/show_bug.cgi?id=314243 rdar://169360779 Reviewed by Brent Fulgham and Brady Eidson. http/tests/security/contentSecurityPolicy/multipart-three-part.py is flaky because NetworkResourceLoader::didReceiveResponse() sometimes overwrites m_responseCompletionHandler before the previous one has been called, hitting the CompletionHandler destructor assertion. For a multipart/x-mixed-replace main resource, the network layer can deliver follow-up parts via didReceiveResponse() before the WebProcess has answered ContinueDidReceiveResponse for the first part. The first part's round-trip is async because it goes through DocumentLoader::responseReceived() -> checkContentPolicy(), which IPCs to the UIProcess. Assigning the new completion handler over the still- pending one destroyed it without invoking it, asserting in CompletionHandler's destructor. Replace the single m_responseCompletionHandler with a Deque so each incoming response queues its own handler, and each ContinueDidReceive- Response IPC drains the front of the queue. This mirrors the WebProcess flow (it processes each part in order, sending one ContinueDidReceive- Response per approved part), so per-part validation is preserved. On loader teardown / convertToDownload, any remaining handlers are drained with PolicyAction::Ignore. No new tests, covered by existing test. * Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp: (WebKit::NetworkResourceLoader::~NetworkResourceLoader): (WebKit::NetworkResourceLoader::convertToDownload): (WebKit::NetworkResourceLoader::transferToNewWebProcess): (WebKit::NetworkResourceLoader::didReceiveResponse): (WebKit::NetworkResourceLoader::continueDidReceiveResponse): * Source/WebKit/NetworkProcess/NetworkResourceLoader.h: Canonical link: https://commits.webkit.org/313118@main

webkit-commit-queue · 2026-05-13T01:53:12Z

Committed 313118@main (071edf4): https://commits.webkit.org/313118@main

Reviewed commits have been landed. Closing PR #64646 and removing active labels.

cdumez self-assigned this May 11, 2026

cdumez added the New Bugs Unclassified bugs are placed in this component until the correct component can be determined. label May 11, 2026

brentfulgham mentioned this pull request May 11, 2026

RELEASE ASSERT: http/tests/security/contentSecurityPolicy/multipart-three-part.py is a flaky crash #64404

Closed

cdumez force-pushed the 314243_multipart_responses branch from 686699e to 7c3e2a7 Compare May 12, 2026 01:32

cdumez marked this pull request as ready for review May 12, 2026 01:32

cdumez requested review from achristensen07, beidson and brentfulgham May 12, 2026 01:32

webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label May 12, 2026

cdumez removed the merging-blocked Applied to prevent a change from being merged label May 12, 2026

cdumez force-pushed the 314243_multipart_responses branch from 7c3e2a7 to f9b30dc Compare May 12, 2026 10:37

webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label May 12, 2026

cdumez removed the merging-blocked Applied to prevent a change from being merged label May 12, 2026

cdumez force-pushed the 314243_multipart_responses branch from f9b30dc to 67dff1a Compare May 12, 2026 10:57

webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label May 12, 2026

brentfulgham removed the merging-blocked Applied to prevent a change from being merged label May 12, 2026

beidson approved these changes May 12, 2026

View reviewed changes

brentfulgham approved these changes May 12, 2026

View reviewed changes

cdumez added the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label May 13, 2026

webkit-commit-queue force-pushed the 314243_multipart_responses branch from 67dff1a to 071edf4 Compare May 13, 2026 01:53

webkit-commit-queue merged commit 071edf4 into WebKit:main May 13, 2026

webkit-commit-queue removed the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label May 13, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RELEASE ASSERT: http/tests/security/contentSecurityPolicy/multipart-three-part.py is a flaky crash#64646

RELEASE ASSERT: http/tests/security/contentSecurityPolicy/multipart-three-part.py is a flaky crash#64646
webkit-commit-queue merged 1 commit into
WebKit:mainfrom
cdumez:314243_multipart_responses

cdumez commented May 11, 2026 •

edited by webkit-early-warning-system

Loading

Uh oh!

webkit-early-warning-system commented May 11, 2026 •

edited

Loading

Uh oh!

webkit-early-warning-system commented May 12, 2026 •

edited

Loading

Uh oh!

webkit-early-warning-system commented May 12, 2026 •

edited

Loading

Uh oh!

webkit-early-warning-system commented May 12, 2026 •

edited

Loading

Uh oh!

brentfulgham commented May 12, 2026

Uh oh!

brentfulgham left a comment

Uh oh!

brentfulgham May 12, 2026

Uh oh!

webkit-commit-queue commented May 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Conversation

cdumez commented May 11, 2026 • edited by webkit-early-warning-system Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

071edf4

Uh oh!

webkit-early-warning-system commented May 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

webkit-early-warning-system commented May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

webkit-early-warning-system commented May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

webkit-early-warning-system commented May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

brentfulgham commented May 12, 2026

Uh oh!

brentfulgham left a comment

Choose a reason for hiding this comment

Uh oh!

brentfulgham May 12, 2026

Choose a reason for hiding this comment

Uh oh!

webkit-commit-queue commented May 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

cdumez commented May 11, 2026 •

edited by webkit-early-warning-system

Loading

`071edf4`

webkit-early-warning-system commented May 11, 2026 •

edited

Loading

webkit-early-warning-system commented May 12, 2026 •

edited

Loading

webkit-early-warning-system commented May 12, 2026 •

edited

Loading

webkit-early-warning-system commented May 12, 2026 •

edited

Loading