RESOLVED FIXED305150
REGRESSION(302499@main): Hitting asserts in http/tests/security/contentSecurityPolicy* on WebKitLegacy 
https://bugs.webkit.org/show_bug.cgi?id=305150
Summary REGRESSION(302499@main): Hitting asserts in http/tests/security/contentSecuri...
Jonathan Bedard
Reported 2026-01-08 14:30:00 PST
We're hitting asserts on the following tests in WebKitLegacy: http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.py http/tests/security/private-browsing-http-auth.html History: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&suite=layout-tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Freport-cross-origin-no-cookies-when-private-browsing-toggled.py&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Freport-same-origin-no-cookies-when-private-browsing-toggled.py&test=http%2Ftests%2Fsecurity%2Fprivate-browsing-http-auth.html CI build: https://build.webkit.org/#/builders/1694/builds/750 Log: 1 0x17ab96dae WTF::RefPtr<WebCore::SQLTransaction, WTF::RawPtrTraits<WebCore::SQLTransaction>, WTF::DefaultRefDerefTraits<WebCore::SQLTransaction>>::releaseNonNull() 2 0x17ab92bd9 WebCore::SQLTransactionBackend::frontend() 3 0x17ab92aef WebCore::SQLTransactionBackend::~SQLTransactionBackend() 4 0x17ab8db05 WebCore::SQLTransactionBackend::~SQLTransactionBackend() 5 0x17ab8da3e WebCore::SQLTransaction::~SQLTransaction() 6 0x17ab8dbf5 WebCore::SQLTransaction::~SQLTransaction() 7 0x17ab8dc19 WebCore::SQLTransaction::~SQLTransaction() 8 0x178d5fabf void WTF::ThreadSafeWeakPtrControlBlock::strongDeref<WebCore::SQLTransaction, (WTF::DestructionThread)0>() const::'lambda'()::operator()() const 9 0x178d5f980 void WTF::ThreadSafeWeakPtrControlBlock::strongDeref<WebCore::SQLTransaction, (WTF::DestructionThread)0>() const 10 0x178d5f7d6 WTF::ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr<WebCore::SQLTransaction, (WTF::DestructionThread)0>::deref() const 11 0x178d5f6a0 WTF::DefaultRefDerefTraits<WebCore::SQLTransaction>::derefIfNotNull(WebCore::SQLTransaction*) 12 0x178d5f645 WTF::Ref<WebCore::SQLTransaction, WTF::RawPtrTraits<WebCore::SQLTransaction>, WTF::DefaultRefDerefTraits<WebCore::SQLTransaction>>::~Ref() 13 0x178ca9515 WTF::Ref<WebCore::SQLTransaction, WTF::RawPtrTraits<WebCore::SQLTransaction>, WTF::DefaultRefDerefTraits<WebCore::SQLTransaction>>::~Ref() 14 0x17ab404ca WebCore::Database::performClose() 15 0x17ab4b53d WebCore::DatabaseThread::databaseThread() 16 0x17ab70059 WebCore::DatabaseThread::start()::$_0::operator()() const 17 0x17ab6fe69 WTF::Detail::CallableWrapper<WebCore::DatabaseThread::start()::$_0, void>::call() 18 0x125d5091a WTF::Function<void ()>::operator()() const 19 0x125fb6146 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) 20 0x125fc3fc5 WTF::wtfThreadEntryPoint(void*) 21 0x7ff804760e4d _pthread_start 22 0x7ff80475c857 thread_start Reproduction: run-webkit-tests --no-build --no-retry --no-show-results --exit-after-n-failures=1 --expect-pass --iterations=30 --force -1 --debug http/tests/security/private-browsing-http-auth.html Bisected to 302499@main, it is certainly the caused-by.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2026-01-08 14:30:13 PST
<rdar://problem/167797804>
Ryosuke Niwa
Comment 2 2026-01-08 14:37:48 PST
The assertion is catching a legitimate memory safety issue.
Ryosuke Niwa
Comment 3 2026-01-08 14:46:54 PST
Pull request: https://github.com/WebKit/WebKit/pull/56287
Jonathan Bedard
Comment 4 2026-01-08 15:16:12 PST
Pull request: https://github.com/WebKit/WebKit/pull/56290
EWS
Comment 5 2026-01-08 17:25:08 PST
Committed 305322@main (682d2e4ee552): <https://commits.webkit.org/305322@main> Reviewed commits have been landed. Closing PR #56287 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.