MacOS Sonoma 14.4 "scripting-addition failed to inject payload into Dock.app!" with SIP disabled

[jwhit445]

Description:
yabai's script-addition injection into Dock no longer works for the latest version of macOS 14.4 beta. I have reinstalled several times via the install.sh script, brew, brew head, and even a fork I found inside another issue. Every time I have done a full purge of the tmp session files and all of the commands listed in the wiki, removal from the Privacy & Security / Accessibility section, followed by a restart and reinstall. I have verified and redone the SIP disabling process and the nvram boot-args settings as well. Running out of things to try.

For quick reference, I am on yabai v6.0.15 and loader 2.0.28. When attempting to use head/forked versions I believe loader got upgraded to 2.1.2, however I always run yabai --uninstall-service between installs.

Here's the error with all of the goodies from the loader error:

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               loader [4399]
Path:                  /Library/ScriptingAdditions/yabai.osax/Contents/MacOS/loader
Identifier:            com.koekeishiya.yabai-osax
Version:               2.0.28 (2.0.28)
Code Type:             ARM-64 (Native)
Parent Process:        yabai [4398]
Responsible:           wezterm-gui [618]
User ID:               0

Date/Time:             2024-03-01 15:53:15.4170 -0700
OS Version:            macOS 14.4 (23E5211a)
Report Version:        12
Anonymous UUID:        329CC875-84BD-5ECF-8BE1-DF8A35F84916


Time Awake Since Boot: 610 seconds

System Integrity Protection: disabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_GUARD (SIGKILL)
Exception Codes:       GUARD_TYPE_MACH_PORT
Exception Codes:       0x0000000000000000, 0x0000000000000000

Termination Reason:    Namespace GUARD, Code 2305843030688530432 

External Modification Warnings:
Process used task_for_pid().

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	       0x19b5b61f4 mach_msg2_trap + 8
1   libsystem_kernel.dylib        	       0x19b5c8b24 mach_msg2_internal + 80
2   libsystem_kernel.dylib        	       0x19b5e538c thread_set_state + 260
3   loader                        	       0x1003db820 main + 1116
4   dyld                          	       0x19b26e0e0 start + 2360

Thread 1:
0   libsystem_pthread.dylib       	       0x19b5f1d20 start_wqthread + 0


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x0000000000000000   x1: 0x0000000200000003   x2: 0x0000014000001513   x3: 0x0000070700001603
    x4: 0x00000e1400000000   x5: 0x0000070700000000   x6: 0x000000000000002c   x7: 0x0000000000000000
    x8: 0xfffffffffffffbbf   x9: 0x0000000000000140  x10: 0x00000000ffffebbe  x11: 0x000000016fa26fa0
   x12: 0x0000000000000000  x13: 0x0000000000000001  x14: 0x0000000000000001  x15: 0x0000000203314238
   x16: 0xffffffffffffffd1  x17: 0x00000001003dc060  x18: 0x0000000000000000  x19: 0x0000000000000000
   x20: 0x000000000000002c  x21: 0x0000070700000000  x22: 0x00000e1400000000  x23: 0x0000070700001603
   x24: 0x000000016fa25d08  x25: 0x0000014000001513  x26: 0x0000000200000003  x27: 0x0000000200000003
   x28: 0x0000000000000000   fp: 0x000000016fa25cf0   lr: 0x000000019b5c8b24
    sp: 0x000000016fa25ca0   pc: 0x000000019b5b61f4 cpsr: 0x80001000
   far: 0x0000000000000000  esr: 0x56000080  Address size fault

Binary Images:
       0x1003d8000 -        0x1003dbfff com.koekeishiya.yabai-osax (2.0.28) <e02e5f67-38f5-383c-b212-2340510079ce> /Library/ScriptingAdditions/yabai.osax/Contents/MacOS/loader
       0x19b5b5000 -        0x19b5efffb libsystem_kernel.dylib (*) <1889ce0a-52e7-3122-8907-81af920ac472> /usr/lib/system/libsystem_kernel.dylib
       0x19b268000 -        0x19b2f09db dyld (*) <cc93bf78-b2d3-3446-8998-6fabe938462e> /usr/lib/dyld
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
       0x19b5f0000 -        0x19b5fcfff libsystem_pthread.dylib (*) <45239f06-cc53-36d0-9933-7776ac7ea2fa> /usr/lib/system/libsystem_pthread.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 1
    thread_create: 1
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 2
    thread_create: 2
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=766.8M resident=0K(0%) swapped_out_or_unallocated=766.8M(100%)
Writable regions: Total=531.2M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=531.2M(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Activity Tracing                   256K        1 
Kernel Alloc Once                   32K        1 
MALLOC                           522.2M       12 
MALLOC guard page                   96K        6 
STACK GUARD                       56.0M        2 
Stack                             8720K        2 
__AUTH                             729K      165 
__AUTH_CONST                      12.7M      306 
__DATA                            3054K      294 
__DATA_CONST                      15.6M      309 
__DATA_DIRTY                       698K      104 
__FONT_DATA                          4K        1 
__LINKEDIT                       525.4M        2 
__OBJC_RO                         71.7M        1 
__OBJC_RW                         2195K        1 
__TEXT                           241.4M      322 
dyld private memory                272K        2 
mapped file                         64K        1 
shared memory                      208K        5 
===========                     =======  ======= 
TOTAL                              1.4G     1537 


-----------
Full Report
-----------

{"app_name":"loader","timestamp":"2024-03-01 15:53:15.00 -0700","app_version":"2.0.28","sroute_id":12,"slice_uuid":"e02e5f67-38f5-383c-b212-2340510079ce","build_version":"2.0.28","platform":1,"bundleID":"com.koekeishiya.yabai-osax","share_with_app_devs":0,"is_first_party":1,"bug_type":"309","os_version":"macOS 14.4 (23E5211a)","roots_installed":0,"name":"loader","incident_id":"FB65650E-AC47-4CEE-A99B-7DFBA51E55A0"}
{
  "uptime" : 610,
  "procRole" : "Unspecified",
  "version" : 2,
  "userID" : 0,
  "deployVersion" : 210,
  "modelCode" : "MacBookPro18,2",
  "coalitionID" : 627,
  "osVersion" : {
    "train" : "macOS 14.4",
    "build" : "23E5211a",
    "releaseType" : "User"
  },
  "captureTime" : "2024-03-01 15:53:15.4170 -0700",
  "codeSigningMonitor" : 1,
  "incident" : "FB65650E-AC47-4CEE-A99B-7DFBA51E55A0",
  "pid" : 4399,
  "translated" : false,
  "cpuType" : "ARM-64",
  "roots_installed" : 0,
  "bug_type" : "309",
  "procLaunch" : "2024-03-01 15:53:15.3950 -0700",
  "procStartAbsTime" : 14843966342,
  "procExitAbsTime" : 14844482013,
  "procName" : "loader",
  "procPath" : "\/Library\/ScriptingAdditions\/yabai.osax\/Contents\/MacOS\/loader",
  "bundleInfo" : {"CFBundleShortVersionString":"2.0.28","CFBundleVersion":"2.0.28","CFBundleIdentifier":"com.koekeishiya.yabai-osax"},
  "parentProc" : "yabai",
  "parentPid" : 4398,
  "coalitionName" : "com.github.wez.wezterm",
  "crashReporterKey" : "329CC875-84BD-5ECF-8BE1-DF8A35F84916",
  "responsiblePid" : 618,
  "responsibleProc" : "wezterm-gui",
  "codeSigningID" : "com.koekeishiya.yabai-osax",
  "codeSigningTeamID" : "",
  "codeSigningFlags" : 570425345,
  "codeSigningValidationCategory" : 10,
  "codeSigningTrustLevel" : 4294967295,
  "instructionByteStream" : {"beforePC":"ARAA1MADX9aQBYCSARAA1MADX9awBYCSARAA1MADX9bQBYCSARAA1A==","atPC":"wANf1vAFgJIBEADUwANf1hAGgJIBEADUwANf1jAGgJIBEADUwANf1g=="},
  "sip" : "disabled",
  "sroute_id" : 12,
  "exception" : {"port":0,"signal":"SIGKILL","guardId":0,"codes":"0x0000000000000000, 0x0000000000000000","violations":["THREAD_SET_STATE"],"message":" THREAD_SET_STATE on mach port 0 (guarded with 0x0000000000000000)","subtype":"GUARD_TYPE_MACH_PORT","type":"EXC_GUARD","rawCodes":[0,0]},
  "termination" : {"namespace":"GUARD","flags":2,"code":2305843030688530432},
  "extMods" : {"caller":{"thread_create":1,"thread_set_state":0,"task_for_pid":1},"system":{"thread_create":2,"thread_set_state":0,"task_for_pid":2},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":1},
  "faultingThread" : 0,
  "threads" : [{"triggered":true,"id":27012,"threadState":{"x":[{"value":0},{"value":8589934595},{"value":1374389540115},{"value":7726646171139},{"value":15479062134784},{"value":7726646165504},{"value":44},{"value":0},{"value":18446744073709550527},{"value":320},{"value":4294962110},{"value":6167883680},{"value":0},{"value":1},{"value":1},{"value":8643494456,"symbolLocation":0,"symbol":"OBJC_CLASS_$_NSLock"},{"value":18446744073709551569},{"value":4299014240},{"value":0},{"value":0},{"value":44},{"value":7726646165504},{"value":15479062134784},{"value":7726646171139},{"value":6167878920},{"value":1374389540115},{"value":8589934595},{"value":8589934595},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":6901500708},"cpsr":{"value":2147487744},"fp":{"value":6167878896},"sp":{"value":6167878816},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6901424628,"matchesCrashFrame":1},"far":{"value":0}},"queue":"com.apple.main-thread","frames":[{"imageOffset":4596,"symbol":"mach_msg2_trap","symbolLocation":8,"imageIndex":1},{"imageOffset":80676,"symbol":"mach_msg2_internal","symbolLocation":80,"imageIndex":1},{"imageOffset":197516,"symbol":"thread_set_state","symbolLocation":260,"imageIndex":1},{"imageOffset":14368,"symbol":"main","symbolLocation":1116,"imageIndex":0},{"imageOffset":24800,"symbol":"start","symbolLocation":2360,"imageIndex":2}]},{"id":27013,"frames":[{"imageOffset":7456,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":4}],"threadState":{"x":[{"value":6168440832},{"value":6659},{"value":6167904256},{"value":0},{"value":409604},{"value":18446744073709551615},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0},{"value":0}],"flavor":"ARM_THREAD_STATE64","lr":{"value":0},"cpsr":{"value":4096},"fp":{"value":0},"sp":{"value":6168440832},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6901669152},"far":{"value":0}}}],
  "usedImages" : [
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 4298997760,
    "CFBundleShortVersionString" : "2.0.28",
    "CFBundleIdentifier" : "com.koekeishiya.yabai-osax",
    "size" : 16384,
    "uuid" : "e02e5f67-38f5-383c-b212-2340510079ce",
    "path" : "\/Library\/ScriptingAdditions\/yabai.osax\/Contents\/MacOS\/loader",
    "name" : "loader",
    "CFBundleVersion" : "2.0.28"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6901420032,
    "size" : 241660,
    "uuid" : "1889ce0a-52e7-3122-8907-81af920ac472",
    "path" : "\/usr\/lib\/system\/libsystem_kernel.dylib",
    "name" : "libsystem_kernel.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6897958912,
    "size" : 559580,
    "uuid" : "cc93bf78-b2d3-3446-8998-6fabe938462e",
    "path" : "\/usr\/lib\/dyld",
    "name" : "dyld"
  },
  {
    "size" : 0,
    "source" : "A",
    "base" : 0,
    "uuid" : "00000000-0000-0000-0000-000000000000"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6901661696,
    "size" : 53248,
    "uuid" : "45239f06-cc53-36d0-9933-7776ac7ea2fa",
    "path" : "\/usr\/lib\/system\/libsystem_pthread.dylib",
    "name" : "libsystem_pthread.dylib"
  }
],
  "sharedCache" : {
  "base" : 6897205248,
  "size" : 4189683712,
  "uuid" : "44a7df07-67e0-3c74-a555-a632101c5de4"
},
  "vmSummary" : "ReadOnly portion of Libraries: Total=766.8M resident=0K(0%) swapped_out_or_unallocated=766.8M(100%)\nWritable regions: Total=531.2M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=531.2M(100%)\n\n                                VIRTUAL   REGION \nREGION TYPE                        SIZE    COUNT (non-coalesced) \n===========                     =======  ======= \nActivity Tracing                   256K        1 \nKernel Alloc Once                   32K        1 \nMALLOC                           522.2M       12 \nMALLOC guard page                   96K        6 \nSTACK GUARD                       56.0M        2 \nStack                             8720K        2 \n__AUTH                             729K      165 \n__AUTH_CONST                      12.7M      306 \n__DATA                            3054K      294 \n__DATA_CONST                      15.6M      309 \n__DATA_DIRTY                       698K      104 \n__FONT_DATA                          4K        1 \n__LINKEDIT                       525.4M        2 \n__OBJC_RO                         71.7M        1 \n__OBJC_RW                         2195K        1 \n__TEXT                           241.4M      322 \ndyld private memory                272K        2 \nmapped file                         64K        1 \nshared memory                      208K        5 \n===========                     =======  ======= \nTOTAL                              1.4G     1537 \n",
  "legacyInfo" : {
  "threadTriggered" : {
    "queue" : "com.apple.main-thread"
  }
},
  "logWritingSignature" : "a617df3546bbab438d6f1b4a55bba038634a6986",
  "trialInfo" : {
  "rollouts" : [
    {
      "rolloutId" : "6246d6a916a70b047e454124",
      "factorPackIds" : {

      },
      "deploymentId" : 240000010
    },
    {
      "rolloutId" : "6112d17137f5d11121dcd4e2",
      "factorPackIds" : {

      },
      "deploymentId" : 250000507
    }
  ],
  "experiments" : [
    {
      "treatmentId" : "15fbe652-1354-4591-bab2-e1616c7bd990",
      "experimentId" : "65024de67d575f27b43072b0",
      "deploymentId" : 500000003
    }
  ]
}
}

Model: MacBookPro18,2, BootROM 10151.101.3, proc 10:8:2 processors, 64 GB, SMC 
Graphics: Apple M1 Max, Apple M1 Max, Built-In
Display: LG ULTRAGEAR+, 3440 x 1440 (UWQHD - Ultra-Wide Quad HD), Main, MirrorOff, Online
Display: Color LCD, 3456 x 2234 Retina, MirrorOff, Online
Display: LG HDR WQHD, 3440 x 1440 (UWQHD - Ultra-Wide Quad HD), MirrorOff, Online
Memory Module: LPDDR5, Hynix
AirPort: spairport_wireless_card_type_wifi (0x14E4, 0x4387), wl0: Jan 20 2024 04:08:41 version 20.103.12.0.8.7.171 FWID 01-e09d2675
AirPort: 
Bluetooth: Version (null), 0 services, 0 devices, 0 incoming serial ports
Network Service: Wi-Fi, AirPort, en0
USB Device: USB31Bus
USB Device: USB31Bus
USB Device: hub_device
USB Device: hub_device
USB Device: hub_device
USB Device: Sound BlasterX G6
USB Device: Controller
USB Device: hub_device
USB Device: Samson Q2U Microphone
USB Device: Moonlander Mark I
USB Device: USB Receiver
USB Device: USB31Bus
USB Device: Magic Trackpad
Thunderbolt Bus: MacBook Pro, Apple Inc.
Thunderbolt Bus: MacBook Pro, Apple Inc.
Thunderbolt Bus: MacBook Pro, Apple Inc.

And my minimum reproducible yabairc:

yabai -m signal --add event=dock_did_restart action="sudo yabai --load-sa"
sudo yabai --load-sa

[jwhit445]

Updating here because I just tried to fully disable SIP by running csrutil disable to no avail on latest release or latest head.

[jwhit445]

Also, if anyone knows how to debug this, I am more than happy to throw infinite time into understanding what's happening to potentially resolve it myself. Just don't even know how to start logging/troubleshooting 😛

[jwhit445]

Ok so after finding this comment from long ago (#725 (comment)), I decided to try to locally make the yabai executable and replace the existing one. I noticed that it was arm64 instead of arm64e, so I changed the arch to arm64e and replaced.

That made the initial error go away, however when running sudo yabai --load-sa from outside of the yabairc, it still gives an error with "yabai: scripting-addition failed to inject payload into Dock.app!"

I have no idea if this is a placebo, but right now its nice to not have an error window pop up every time I restart or kill Dock.

Back to blindly tinkering.

[sasha-id]

same issue on latest beta 14.4.

Installed it trying to resolve issue with cursor, it stop changing after some time, I think it related to second monitor (https://forums.macrumors.com/threads/mouse-pointer-not-changing-to-hand-or-text-cursor-macos-14-2.2415236/)

[jwhit445]

After a lot of clumsy debugging / learning, I have narrowed down the error to this line within the loader:

yabai/src/osax/loader.m

Line 238 in ab0a249

error = thread_set_state(thread, thread_flavor, (thread_state_t)&machine_thread_state, machine_thread_flavor_count);

error = thread_set_state(thread, thread_flavor, (thread_state_t)&machine_thread_state, machine_thread_flavor_count);

It seems the thread_set_state function throws unexpectedly vs returning an error value.

[mrpmohiburrahman]

I am also facing this issue on MacOS Sonoma 14.4

[koekeishiya]

Track #2146

[jwhit445]

Didn't have "will mark your issue as a duplicate of a much newer issue with less info" today's bingo card

[koekeishiya]

It was just the one I happened to see first and respond to.