The macOS sandbox profiles (com.apple.WebProcess.sb.in, com.apple.WebKit.GPUProcess.sb.in, ...) gate ASan-required syscalls behind #if ASAN_ENABLED SYS_sigaltstack #endif where ASAN_ENABLED is derived in wtf/Compiler.h from __has_feature(address_sanitizer). DerivedSources.make passes $(SANITIZE_FLAGS) (= -fsanitize=address) to the clang -E invocation that preprocesses .sb.in -> .sb, so the gate opens in Xcode ASan builds. The CMake equivalent in Source/WebKit/PlatformMac.cmake (WEBKIT_DEFINE_XPC_SERVICES) does not pass any -fsanitize flag, so the mac-asan preset (added in 312514@main) produces non-ASan sandbox profiles. Symptom: launching MiniBrowser from a mac-asan build, the WebContent process aborts the first time Security.framework throws a C++ exception: AddressSanitizer: CHECK failed: asan_posix.cpp:45 "((0)) == ((sigaltstack(nullptr, &signal_stack)))" (0x0, 0xffffffffffffffff) ... #3 __asan::PlatformUnpoisonStacks() #4 __asan_handle_no_return #5 __cxa_throw (ASan interceptor) #6 Security::UnixError::throwMe ... #17 WebKit::WebProcess::platformInitializeWebProcess sigaltstack(NULL, &oss) returns -1/EPERM because SYS_sigaltstack is not in the syscall allowlist. Fix: append -fsanitize=<each ENABLE_SANITIZERS entry> to the .sb.in preprocessing flags in PlatformMac.cmake, mirroring DerivedSources.make.