179656 – REGRESSION(r224799): WebKit crashes at launch on macOS Sierra due to a sandbox violation

Bug 179656 - REGRESSION(r224799): WebKit crashes at launch on macOS Sierra due to a sandbox violation

Summary: REGRESSION(r224799): WebKit crashes at launch on macOS Sierra due to a sandbo...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:	179548
Blocks:
	Show dependency tree / graph

Reported:	2017-11-13 21:40 PST by Ryosuke Niwa
Modified:	2017-11-15 09:32 PST (History)
CC List:	6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ryosuke Niwa 2017-11-13 21:40:20 PST

At r224801, Safari crashes upon launch:

ASSERTION FAILED: m_process->state() == WebProcessProxy::State::Running
/Volumes/Data/webkit2/Source/WebKit/UIProcess/WebPageProxy.cpp(4062) : void WebKit::WebPageProxy::processDidFinishLaunching()
1   0x1029dad0d WTFCrash
2   0x10693f7db WebKit::WebPageProxy::processDidFinishLaunching()
3   0x106b5c90c WebKit::WebProcessProxy::didFinishLaunching(WebKit::ProcessLauncher*, IPC::Connection::Identifier)
4   0x106440869 WebKit::ProcessLauncher::didFinishLaunchingProcess(int, IPC::Connection::Identifier)
5   0x1064424f1 WebKit::ProcessLauncher::launchProcess()::$_0::operator()(NSObject<OS_xpc_object>*) const
6   0x1064423a1 invocation function for block in WebKit::ProcessLauncher::launchProcess()
7   0x7fffabd05f96 _xpc_connection_call_event_handler
8   0x7fffabd07b98 do_mach_notify_port_destroyed
9   0x7fffabd07ad4 _Xmach_notify_port_destroyed
10  0x7fffabd07a76 notify_server
11  0x7fffabd10bdc _xpc_connection_pass2mig
12  0x7fffabd0492d _xpc_connection_mach_event
13  0x7fffaba82726 _dispatch_client_callout4
14  0x7fffaba82999 _dispatch_mach_msg_invoke
15  0x7fffaba927db _dispatch_queue_serial_drain
16  0x7fffaba81497 _dispatch_mach_invoke
17  0x7fffaba89908 _dispatch_main_queue_callback_4CF
18  0x7fff9633dbc9 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__
19  0x7fff962fec0d __CFRunLoopRun
20  0x7fff962fe114 CFRunLoopRunSpecific
21  0x7fff9585eebc RunCurrentEventLoopInMode
22  0x7fff9585ecf1 ReceiveNextEventCommon
23  0x7fff9585eb26 _BlockUntilNextEventMatchingListInModeWithFilter
24  0x7fff93df7a54 _DPSNextEvent
25  0x7fff945737ee -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
26  0x1007ad578 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
27  0x7fff93dec3db -[NSApplication run]
28  0x7fff93db6e0e NSApplicationMain
29  0x7fffabab2235 start

Comment 1 Ryosuke Niwa 2017-11-13 23:07:03 PST

Actually, I'm hitting the following sandbox violation:

com.apple.WebKit.WebContent.Development: Couldn't initialize sandbox profile [/Volumes/Data/webkit2/WebKitBuild/Debug/WebKit.framework/Resources/com.apple.WebProcess.sb], error '/Volumes/Data/webkit2/WebKitBuild/Debug/WebKit.framework/Resources/com.apple.WebProcess.sb:40:21: unbound variable:
	xpc-service-name-prefix
'

Comment 2 Ryosuke Niwa 2017-11-13 23:07:52 PST

This crash only reproduces on Sierra, not High Sierra.

Comment 3 Alexey Proskuryakov 2017-11-13 23:24:51 PST

Ryosuke, can you roll back (or fix) now? Better to not have a broken WebKit overnight.

Comment 4 Ryosuke Niwa 2017-11-13 23:26:37 PST

Committed r224805: <https://trac.webkit.org/changeset/224805>

Comment 5 Ryosuke Niwa 2017-11-13 23:28:14 PST

(In reply to Ryosuke Niwa from comment #4)
> Committed r224805: <https://trac.webkit.org/changeset/224805>

Temporarily reverted the sandbox change in macOS Sierra as follows:

Index: /trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
===================================================================
--- /trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	(revision 224804)
+++ /trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	(revision 224805)
@@ -26,5 +26,5 @@
 (allow system-audit file-read-metadata)
 
-#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101200
+#if __MAC_OS_X_VERSION_MIN_REQUIRED <= 101200
 (import "system.sb")
 #else


Please either come up with a proper fix or close the bug based on what you want.

Comment 6 Brent Fulgham 2017-11-14 08:21:48 PST

(In reply to Ryosuke Niwa from comment #5)
> (In reply to Ryosuke Niwa from comment #4)
> > Committed r224805: <https://trac.webkit.org/changeset/224805>
> 
> Temporarily reverted the sandbox change in macOS Sierra as follows:
> 
> Index: /trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
> ===================================================================
> --- /trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	(revision
> 224804)
> +++ /trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	(revision
> 224805)
> @@ -26,5 +26,5 @@
>  (allow system-audit file-read-metadata)
>  
> -#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101200
> +#if __MAC_OS_X_VERSION_MIN_REQUIRED <= 101200
>  (import "system.sb")
>  #else
> 
> 
> Please either come up with a proper fix or close the bug based on what you
> want.

This change is correct -- I should have used <= in the comparison, as we don't want to change behavior pre-High Sierra.

Sorry for the inconvenience, and thank you for fixing this.

Comment 7 Ryosuke Niwa 2017-11-14 08:25:17 PST

I think we need to fix the condition per Dan's comment.

Comment 8 Brent Fulgham 2017-11-14 08:37:31 PST

Committed r224816: <https://trac.webkit.org/changeset/224816>

Comment 9 Radar WebKit Bug Importer 2017-11-15 09:32:09 PST

<rdar://problem/35561887>