Bug 240514

Summary: Reproducible crash in ModelElementController::modelElementDidCreatePreview
Product: WebKit Reporter: Thomas Kumlehn <pixelpartner>
Component: WebXRAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: dino, graouts, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 15   
Hardware: Mac (Apple Silicon)   
OS: macOS 12   

Description Thomas Kumlehn 2022-05-17 05:05:00 PDT 
Updated to macOS 12.4 (21F79) with Safari 15.5 (17613.2.7.1.8)
Activated experimental <model> element
Tested vanilla Safari with https://kreativekk.de/wp-content/uploads/ar/_xA_CNC_example.html the includes a simple <model> with a USDZ that uses Behaviour Schemes.
Rotated the asset a bit (with inverted rotation direction up/down, as reported before).
Crash after a few seconds.

--- crash report ---
-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               Safari [6256]
Path:                  /Applications/Safari.app/Contents/MacOS/Safari
Identifier:            com.apple.Safari
Version:               15.5 (17613.2.7.1.8)
Build Info:            Safari-7613002007001008~4
Code Type:             ARM-64 (Native)
Parent Process:        launchd [1]
User ID:               501

Date/Time:             2022-05-17 13:53:34.8006 +0200
OS Version:            macOS 12.4 (21F79)
Report Version:        12
Anonymous UUID:        416A5562-26E4-A461-384D-4D806C30B009


Time Awake Since Boot: 970 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000008
Exception Codes:       0x0000000000000001, 0x0000000000000008
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [6256]

VM Region Info: 0x8 is not in any region.  Bytes before following region: 105553518919672
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      MALLOC_NANO (reserved)   600018000000-600020000000 [128.0M] rw-/rwx SM=NUL  ...(unallocated)

Kernel Triage:
VM - pmap_enter failed with resource shortage


Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebKit                        	       0x1b5f91fe0 WebKit::ModelElementController::modelElementDidCreatePreview(WTF::URL, WTF::String, WebCore::FloatSize, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<std::__1::pair<WTF::String, unsigned int>, WebCore::ResourceError>)>&&) + 60
1   WebKit                        	       0x1b618ff20 WebKit::WebPageProxy::modelElementDidCreatePreview(WTF::URL const&, WTF::String const&, WebCore::FloatSize const&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<std::__1::pair<WTF::String, unsigned int>, WebCore::ResourceError>)>&&) + 108
2   WebKit                        	       0x1b618ff20 WebKit::WebPageProxy::modelElementDidCreatePreview(WTF::URL const&, WTF::String const&, WebCore::FloatSize const&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<std::__1::pair<WTF::String, unsigned int>, WebCore::ResourceError>)>&&) + 108
3   WebKit                        	       0x1b64fbbc4 WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 81168
4   WebKit                        	       0x1b5f70f20 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 448
5   WebKit                        	       0x1b61a0130 WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 40
6   WebKit                        	       0x1b5f64358 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 268
7   WebKit                        	       0x1b5f63c64 IPC::Connection::dispatchIncomingMessages() + 468
8   JavaScriptCore                	       0x1afb8e610 WTF::RunLoop::performWork() + 200
9   JavaScriptCore                	       0x1afb8f3ac WTF::RunLoop::performWork(void*) + 36
10  CoreFoundation                	       0x1975cd034 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
11  CoreFoundation                	       0x1975ccf80 __CFRunLoopDoSource0 + 208
12  CoreFoundation                	       0x1975ccc80 __CFRunLoopDoSources0 + 268
13  CoreFoundation                	       0x1975cb600 __CFRunLoopRun + 828
14  CoreFoundation                	       0x1975cab24 CFRunLoopRunSpecific + 600
15  HIToolbox                     	       0x1a0203338 RunCurrentEventLoopInMode + 292
16  HIToolbox                     	       0x1a02030b4 ReceiveNextEventCommon + 564
17  HIToolbox                     	       0x1a0202e68 _BlockUntilNextEventMatchingListInModeWithFilter + 72
18  AppKit                        	       0x19a13178c _DPSNextEvent + 860
19  AppKit                        	       0x19a130084 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1328
20  Safari                        	       0x1bea770e8 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 236
21  AppKit                        	       0x19a122250 -[NSApplication run] + 596
22  AppKit                        	       0x19a0f396c NSApplicationMain + 1132
23  Safari                        	       0x1bea603e8 SafariMain + 464
24  dyld                          	       0x1044a108c start + 520

Thread 1:: com.apple.coreanimation.render-server
0   libsystem_kernel.dylib        	       0x1974c28b0 mach_msg_trap + 8
1   libsystem_kernel.dylib        	       0x1974c2d20 mach_msg + 76
2   QuartzCore                    	       0x19e48a61c CA::Render::Server::server_thread(void*) + 520
3   QuartzCore                    	       0x19e48a404 thread_fun(void*) + 32
4   libsystem_pthread.dylib       	       0x19750026c _pthread_start + 148
5   libsystem_pthread.dylib       	       0x1974fb08c thread_start + 8

Thread 2:
0   libsystem_pthread.dylib       	       0x1974fb078 start_wqthread + 0

Thread 3::  Dispatch queue: com.apple.WebInspector.deviceAccessQueue
0   libsystem_kernel.dylib        	       0x1974c3634 read + 8
1   libcrypto.35.dylib            	       0x1bc35954c sock_read + 60
2   libcrypto.35.dylib            	       0x1bc355098 BIO_read + 128
3   libssl.35.dylib               	       0x1c123ecf8 ssl23_read_bytes + 80
4   libssl.35.dylib               	       0x1c123e51c ssl23_connect + 936
5   MobileDevice                  	       0x1623f4764 lockssl_handshake + 704
6   MobileDevice                  	       0x162409974 AMDeviceSecureStartService + 3324
7   WebInspector                  	       0x1cc1914b4 -[RWIServiceLockdownConnection deviceQueue_startServiceWithName:completionHandler:] + 132
8   WebInspector                  	       0x1cc190490 __94-[RWIServiceLockdownConnection startServiceWithName:retryPolicy:setupBlock:completionHandler:]_block_invoke.56 + 260
9   libdispatch.dylib             	       0x19733a5f0 _dispatch_call_block_and_release + 32
10  libdispatch.dylib             	       0x19733c1b4 _dispatch_client_callout + 20
11  libdispatch.dylib             	       0x1973438a8 _dispatch_lane_serial_drain + 668
12  libdispatch.dylib             	       0x197344404 _dispatch_lane_invoke + 392
13  libdispatch.dylib             	       0x19734ec98 _dispatch_workloop_worker_thread + 648
14  libsystem_pthread.dylib       	       0x1974fc360 _pthread_wqthread + 288
15  libsystem_pthread.dylib       	       0x1974fb080 start_wqthread + 8

Thread 4:: com.apple.NSEventThread
0   libsystem_kernel.dylib        	       0x1974c28b0 mach_msg_trap + 8
1   libsystem_kernel.dylib        	       0x1974c2d20 mach_msg + 76
2   CoreFoundation                	       0x1975cd2b0 __CFRunLoopServiceMachPort + 372
3   CoreFoundation                	       0x1975cb760 __CFRunLoopRun + 1180
4   CoreFoundation                	       0x1975cab24 CFRunLoopRunSpecific + 600
5   AppKit                        	       0x19a29e374 _NSEventThread + 196
6   libsystem_pthread.dylib       	       0x19750026c _pthread_start + 148
7   libsystem_pthread.dylib       	       0x1974fb08c thread_start + 8

Thread 5:: com.apple.CFSocket.private
0   libsystem_kernel.dylib        	       0x1974cd598 __select + 8
1   CoreFoundation                	       0x1975f7890 __CFSocketManager + 644
2   libsystem_pthread.dylib       	       0x19750026c _pthread_start + 148
3   libsystem_pthread.dylib       	       0x1974fb08c thread_start + 8

Thread 6:: JavaScriptCore libpas scavenger
0   libsystem_kernel.dylib        	       0x1974c6270 __psynch_cvwait + 8
1   libsystem_pthread.dylib       	       0x19750083c _pthread_cond_wait + 1236
2   JavaScriptCore                	       0x1afc208bc scavenger_thread_main + 1232
3   libsystem_pthread.dylib       	       0x19750026c _pthread_start + 148
4   libsystem_pthread.dylib       	       0x1974fb08c thread_start + 8

Thread 7::  Dispatch queue: com.apple.WebInspector.deviceAccessQueue
0   libsystem_kernel.dylib        	       0x1974c3634 read + 8
1   libcrypto.35.dylib            	       0x1bc35954c sock_read + 60
2   libcrypto.35.dylib            	       0x1bc355098 BIO_read + 128
3   libssl.35.dylib               	       0x1c123ecf8 ssl23_read_bytes + 80
4   libssl.35.dylib               	       0x1c123e51c ssl23_connect + 936
5   MobileDevice                  	       0x1623f4764 lockssl_handshake + 704
6   MobileDevice                  	       0x162409974 AMDeviceSecureStartService + 3324
7   WebInspector                  	       0x1cc1914b4 -[RWIServiceLockdownConnection deviceQueue_startServiceWithName:completionHandler:] + 132
8   WebInspector                  	       0x1cc190490 __94-[RWIServiceLockdownConnection startServiceWithName:retryPolicy:setupBlock:completionHandler:]_block_invoke.56 + 260
9   libdispatch.dylib             	       0x19733a5f0 _dispatch_call_block_and_release + 32
10  libdispatch.dylib             	       0x19733c1b4 _dispatch_client_callout + 20
11  libdispatch.dylib             	       0x1973438a8 _dispatch_lane_serial_drain + 668
12  libdispatch.dylib             	       0x197344404 _dispatch_lane_invoke + 392
13  libdispatch.dylib             	       0x19734ec98 _dispatch_workloop_worker_thread + 648
14  libsystem_pthread.dylib       	       0x1974fc360 _pthread_wqthread + 288
15  libsystem_pthread.dylib       	       0x1974fb080 start_wqthread + 8

Thread 8:
0   libsystem_pthread.dylib       	       0x1974fb078 start_wqthread + 0

Thread 9:
0   libsystem_pthread.dylib       	       0x1974fb078 start_wqthread + 0

Thread 10:
0   libsystem_pthread.dylib       	       0x1974fb078 start_wqthread + 0

Thread 11:
0   libsystem_pthread.dylib       	       0x1974fb078 start_wqthread + 0


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x0000000000000000   x1: 0x000000016ba43d18   x2: 0x000000016ba43d10   x3: 0x43fb000000000000
    x4: 0x0000000043fb0000   x5: 0x000000016ba44c80   x6: 0x0000000000000035   x7: 0x0000600001c20000
    x8: 0x43fb000000000000   x9: 0x0000000000000004  x10: 0x000000000000003b  x11: 0x000000000000000b
   x12: 0x0000000000000010  x13: 0x0000000000000000  x14: 0x0000000011111111  x15: 0x00000001eff891c0
   x16: 0x00098001f2cf95f0  x17: 0xf13b00010d004fb0  x18: 0x0000000000000000  x19: 0x000000016ba44c80
   x20: 0x000000016ba43d18  x21: 0x0000000043fb0000  x22: 0x000000016ba43d10  x23: 0x0000000000000000
   x24: 0x0000000000000002  x25: 0x43fb000000000000  x26: 0x000000016ba44c80  x27: 0x000000010d020100
   x28: 0x00000001281cf018   fp: 0x000000016ba43d00   lr: 0x284f0001b618ff20
    sp: 0x000000016ba43bd0   pc: 0x00000001b5f91fe0 cpsr: 0x80001000
   far: 0x0000000000000008  esr: 0x92000006 (Data Abort) byte read Translation fault

Binary Images:
       0x1b5ba7000 -        0x1b668efff com.apple.WebKit (17613) <12a2e5c1-57ad-354f-9301-2c7c657ebaa7> /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit
       0x1af9f6000 -        0x1b0e71fff com.apple.JavaScriptCore (17613) <0955690f-fafd-3963-ae7e-309049449fe2> /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore
       0x197548000 -        0x197a8efff com.apple.CoreFoundation (6.9) <994db908-11a1-3e43-b7df-25c09d51368a> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
       0x1a01d1000 -        0x1a0504fff com.apple.HIToolbox (2.1.1) <f842b96a-54f3-36f3-9b94-b258fae1b7eb> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
       0x19a0f0000 -        0x19afa7fff com.apple.AppKit (6.9) <a773dd23-b1c8-3c9b-9175-9a71d210ace0> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
       0x1bea5b000 -        0x1bf346fff com.apple.Safari.framework (17613) <07061af5-10a1-3118-b2cd-52a795797583> /System/Library/PrivateFrameworks/Safari.framework/Versions/A/Safari
       0x10449c000 -        0x1044fbfff dyld (*) <d9c2a46e-8dc4-3950-9d6a-f799e8ccb683> /usr/lib/dyld
       0x1974c1000 -        0x1974f8fff libsystem_kernel.dylib (*) <03f48dc5-caa7-3678-af61-1a3c7fa8b06e> /usr/lib/system/libsystem_kernel.dylib
       0x19e43f000 -        0x19e76cfff com.apple.QuartzCore (1.11) <7a5838a0-104b-3896-9c99-66ee81786497> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
       0x1974f9000 -        0x197505fff libsystem_pthread.dylib (*) <42166a2c-89a9-3c38-a215-f028544cea23> /usr/lib/system/libsystem_pthread.dylib
       0x1bc333000 -        0x1bc424fff libcrypto.35.dylib (*) <ee1fcbc7-8bbf-3bd6-8552-604da4191a66> /usr/lib/libcrypto.35.dylib
       0x1c1233000 -        0x1c1264fff libssl.35.dylib (*) <0c6106eb-3de0-370e-8b9f-db6b9501bc7b> /usr/lib/libssl.35.dylib
       0x1622d0000 -        0x162597fff com.apple.mobiledevice (1369.121.2) <448367ff-e0f8-3d0b-9772-e925f525aa00> /Library/Apple/*/MobileDevice.framework/Versions/A/MobileDevice
       0x1cc103000 -        0x1cc1cefff com.apple.WebInspector (17613) <79b1b9d2-81f1-3007-b526-257f9462341e> /System/Library/PrivateFrameworks/WebInspector.framework/Versions/A/WebInspector
       0x197338000 -        0x19737efff libdispatch.dylib (*) <f9300d47-d3db-3349-8a6d-acb68cd9983b> /usr/lib/system/libdispatch.dylib
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=1.2G resident=0K(0%) swapped_out_or_unallocated=1.2G(100%)
Writable regions: Total=2.4G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=2.4G(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Accelerate framework              1664K       13 
Activity Tracing                   256K        1 
CG backing stores                  960K        4 
CG image                          42.2M      243 
ColorSync                          576K       29 
CoreAnimation                     19.7M      121 
CoreGraphics                        48K        3 
CoreImage                           48K        3 
CoreUI image data                 1488K       22 
Foundation                          48K        2 
Image IO                          6112K      124 
JS JIT generated code            512.0M        3 
Kernel Alloc Once                   32K        1 
MALLOC                           358.4M      120 
MALLOC guard page                  288K       16 
MALLOC_MEDIUM (reserved)         944.0M        8         reserved VM address space (unallocated)
MALLOC_NANO (reserved)           384.0M        1         reserved VM address space (unallocated)
SQLite page cache                 1792K       28 
STACK GUARD                       56.2M       12 
Stack                             14.3M       12 
VM_ALLOCATE                        592K       18 
WebKit Malloc                    192.0M        5 
__AUTH                            3987K      492 
__AUTH_CONST                      28.0M      725 
__CTF                               756        1 
__DATA                            21.3M      721 
__DATA_CONST                      27.2M      738 
__DATA_DIRTY                      2929K      323 
__FONT_DATA                          4K        1 
__GLSLBUILTINS                    5176K        1 
__LINKEDIT                       580.1M       15 
__OBJC_CONST                      6001K      451 
__OBJC_RO                         83.0M        1 
__OBJC_RW                         3152K        1 
__TEXT                           698.8M      757 
__UNICODE                          592K        1 
dyld private memory               1024K        1 
libnetwork                        5760K       32 
mapped file                      514.5M       73 
shared memory                      912K       14 
===========                     =======  ======= 
TOTAL                              4.4G     5137 
TOTAL, minus reserved VM space     3.1G     5137 



-----------
Full Report
-----------

{"app_name":"Safari","timestamp":"2022-05-17 13:53:52.00 +0200","app_version":"15.5","slice_uuid":"8533a1f9-351a-3491-8ac2-da916fd22765","build_version":"17613.2.7.1.8","platform":1,"bundleID":"com.apple.Safari","share_with_app_devs":1,"is_first_party":0,"bug_type":"309","os_version":"macOS 12.4 (21F79)","incident_id":"BCA85638-090B-4DF9-B01A-D1B6D0B762AB","name":"Safari"}
{
  "uptime" : 970,
  "procLaunch" : "2022-05-17 13:51:32.5091 +0200",
  "procRole" : "Foreground",
  "version" : 2,
  "userID" : 501,
  "deployVersion" : 210,
  "modelCode" : "Macmini9,1",
  "procStartAbsTime" : 20492247467,
  "coalitionID" : 10222,
  "osVersion" : {
    "train" : "macOS 12.4",
    "build" : "21F79",
    "releaseType" : "User"
  },
  "captureTime" : "2022-05-17 13:53:34.8006 +0200",
  "incident" : "BCA85638-090B-4DF9-B01A-D1B6D0B762AB",
  "bug_type" : "309",
  "pid" : 6256,
  "procExitAbsTime" : 23426585746,
  "translated" : false,
  "cpuType" : "ARM-64",
  "procName" : "Safari",
  "procPath" : "\/Applications\/Safari.app\/Contents\/MacOS\/Safari",
  "bundleInfo" : {"CFBundleShortVersionString":"15.5","CFBundleVersion":"17613.2.7.1.8","CFBundleIdentifier":"com.apple.Safari"},
  "buildInfo" : {"ProjectName":"Safari","SourceVersion":"7613002007001008","BuildVersion":"4"},
  "storeInfo" : {"deviceIdentifierForVendor":"2FBC4456-A24F-582B-A7FC-ECA136FE70E6","thirdParty":true},
  "parentProc" : "launchd",
  "parentPid" : 1,
  "coalitionName" : "com.apple.Safari",
  "crashReporterKey" : "416A5562-26E4-A461-384D-4D806C30B009",
  "sip" : "enabled",
  "vmRegionInfo" : "0x8 is not in any region.  Bytes before following region: 105553518919672\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  \n      MALLOC_NANO (reserved)   600018000000-600020000000 [128.0M] rw-\/rwx SM=NUL  ...(unallocated)",
  "isCorpse" : 1,
  "exception" : {"codes":"0x0000000000000001, 0x0000000000000008","rawCodes":[1,8],"type":"EXC_BAD_ACCESS","signal":"SIGSEGV","subtype":"KERN_INVALID_ADDRESS at 0x0000000000000008"},
  "termination" : {"flags":0,"code":11,"namespace":"SIGNAL","indicator":"Segmentation fault: 11","byProc":"exc handler","byPid":6256},
  "ktriageinfo" : "VM - pmap_enter failed with resource shortage\n",
  "vmregioninfo" : "0x8 is not in any region.  Bytes before following region: 105553518919672\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  \n      MALLOC_NANO (reserved)   600018000000-600020000000 [128.0M] rw-\/rwx SM=NUL  ...(unallocated)",
  "extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":0},
  "faultingThread" : 0,
  "threads" : [{"triggered":true,"id":38551,"threadState":{"x":[{"value":0},{"value":6100892952},{"value":6100892944},{"value":4898509019695546368},{"value":1140523008},{"value":6100896896},{"value":53},{"value":105553145757696},{"value":4898509019695546368},{"value":4},{"value":59},{"value":11},{"value":16},{"value":0},{"value":286331153},{"value":8321012160,"symbolLocation":0,"symbol":"OBJC_CLASS_$_WKObject"},{"value":2674020647409136,"symbolLocation":2674012278751248,"symbol":"vtable for WTF::Detail::CallableWrapper<WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<std::__1::pair<WTF::String, unsigned int>, WebCore::ResourceError> const&)>, void, std::experimental::fundamentals_v3::expected<std::__1::pair<WTF::String, unsigned int>, WebCore::ResourceError> >"},{"value":17382487191279652784},{"value":0},{"value":6100896896},{"value":6100892952},{"value":1140523008},{"value":6100892944},{"value":0},{"value":2},{"value":4898509019695546368},{"value":6100896896},{"value":4513202432},{"value":4967952408}],"flavor":"ARM_THREAD_STATE64","lr":{"value":2904540292027318048},"cpsr":{"value":2147487744},"fp":{"value":6100892928},"sp":{"value":6100892624},"esr":{"value":2449473542,"description":"(Data Abort) byte read Translation fault"},"pc":{"value":7347970016,"matchesCrashFrame":1},"far":{"value":8}},"queue":"com.apple.main-thread","frames":[{"imageOffset":4108256,"symbol":"WebKit::ModelElementController::modelElementDidCreatePreview(WTF::URL, WTF::String, WebCore::FloatSize, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<std::__1::pair<WTF::String, unsigned int>, WebCore::ResourceError>)>&&)","symbolLocation":60,"imageIndex":0},{"imageOffset":6197024,"symbol":"WebKit::WebPageProxy::modelElementDidCreatePreview(WTF::URL const&, WTF::String const&, WebCore::FloatSize const&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<std::__1::pair<WTF::String, unsigned int>, WebCore::ResourceError>)>&&)","symbolLocation":108,"imageIndex":0},{"imageOffset":6197024,"symbol":"WebKit::WebPageProxy::modelElementDidCreatePreview(WTF::URL const&, WTF::String const&, WebCore::FloatSize const&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<std::__1::pair<WTF::String, unsigned int>, WebCore::ResourceError>)>&&)","symbolLocation":108,"imageIndex":0},{"imageOffset":9784260,"symbol":"WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)","symbolLocation":81168,"imageIndex":0},{"imageOffset":3972896,"symbol":"IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)","symbolLocation":448,"imageIndex":0},{"imageOffset":6263088,"symbol":"WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)","symbolLocation":40,"imageIndex":0},{"imageOffset":3920728,"symbol":"IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)","symbolLocation":268,"imageIndex":0},{"imageOffset":3918948,"symbol":"IPC::Connection::dispatchIncomingMessages()","symbolLocation":468,"imageIndex":0},{"imageOffset":1672720,"symbol":"WTF::RunLoop::performWork()","symbolLocation":200,"imageIndex":1},{"imageOffset":1676204,"symbol":"WTF::RunLoop::performWork(void*)","symbolLocation":36,"imageIndex":1},{"imageOffset":544820,"symbol":"__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__","symbolLocation":28,"imageIndex":2},{"imageOffset":544640,"symbol":"__CFRunLoopDoSource0","symbolLocation":208,"imageIndex":2},{"imageOffset":543872,"symbol":"__CFRunLoopDoSources0","symbolLocation":268,"imageIndex":2},{"imageOffset":538112,"symbol":"__CFRunLoopRun","symbolLocation":828,"imageIndex":2},{"imageOffset":535332,"symbol":"CFRunLoopRunSpecific","symbolLocation":600,"imageIndex":2},{"imageOffset":205624,"symbol":"RunCurrentEventLoopInMode","symbolLocation":292,"imageIndex":3},{"imageOffset":204980,"symbol":"ReceiveNextEventCommon","symbolLocation":564,"imageIndex":3},{"imageOffset":204392,"symbol":"_BlockUntilNextEventMatchingListInModeWithFilter","symbolLocation":72,"imageIndex":3},{"imageOffset":268172,"symbol":"_DPSNextEvent","symbolLocation":860,"imageIndex":4},{"imageOffset":262276,"symbol":"-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]","symbolLocation":1328,"imageIndex":4},{"imageOffset":114920,"symbol":"-[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:]","symbolLocation":236,"imageIndex":5},{"imageOffset":205392,"symbol":"-[NSApplication run]","symbolLocation":596,"imageIndex":4},{"imageOffset":14700,"symbol":"NSApplicationMain","symbolLocation":1132,"imageIndex":4},{"imageOffset":21480,"symbol":"SafariMain","symbolLocation":464,"imageIndex":5},{"imageOffset":20620,"symbol":"start","symbolLocation":520,"imageIndex":6}]},{"id":39192,"name":"com.apple.coreanimation.render-server","frames":[{"imageOffset":6320,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":7},{"imageOffset":7456,"symbol":"mach_msg","symbolLocation":76,"imageIndex":7},{"imageOffset":308764,"symbol":"CA::Render::Server::server_thread(void*)","symbolLocation":520,"imageIndex":8},{"imageOffset":308228,"symbol":"thread_fun(void*)","symbolLocation":32,"imageIndex":8},{"imageOffset":29292,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":9},{"imageOffset":8332,"symbol":"thread_start","symbolLocation":8,"imageIndex":9}]},{"id":39194,"frames":[{"imageOffset":8312,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":9}]},{"id":39404,"queue":"com.apple.WebInspector.deviceAccessQueue","frames":[{"imageOffset":9780,"symbol":"read","symbolLocation":8,"imageIndex":7},{"imageOffset":157004,"symbol":"sock_read","symbolLocation":60,"imageIndex":10},{"imageOffset":139416,"symbol":"BIO_read","symbolLocation":128,"imageIndex":10},{"imageOffset":48376,"symbol":"ssl23_read_bytes","symbolLocation":80,"imageIndex":11},{"imageOffset":46364,"symbol":"ssl23_connect","symbolLocation":936,"imageIndex":11},{"imageOffset":1197924,"symbol":"lockssl_handshake","symbolLocation":704,"imageIndex":12},{"imageOffset":1284468,"symbol":"AMDeviceSecureStartService","symbolLocation":3324,"imageIndex":12},{"imageOffset":582836,"symbol":"-[RWIServiceLockdownConnection deviceQueue_startServiceWithName:completionHandler:]","symbolLocation":132,"imageIndex":13},{"imageOffset":578704,"symbol":"__94-[RWIServiceLockdownConnection startServiceWithName:retryPolicy:setupBlock:completionHandler:]_block_invoke.56","symbolLocation":260,"imageIndex":13},{"imageOffset":9712,"symbol":"_dispatch_call_block_and_release","symbolLocation":32,"imageIndex":14},{"imageOffset":16820,"symbol":"_dispatch_client_callout","symbolLocation":20,"imageIndex":14},{"imageOffset":47272,"symbol":"_dispatch_lane_serial_drain","symbolLocation":668,"imageIndex":14},{"imageOffset":50180,"symbol":"_dispatch_lane_invoke","symbolLocation":392,"imageIndex":14},{"imageOffset":93336,"symbol":"_dispatch_workloop_worker_thread","symbolLocation":648,"imageIndex":14},{"imageOffset":13152,"symbol":"_pthread_wqthread","symbolLocation":288,"imageIndex":9},{"imageOffset":8320,"symbol":"start_wqthread","symbolLocation":8,"imageIndex":9}]},{"id":39727,"name":"com.apple.NSEventThread","frames":[{"imageOffset":6320,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":7},{"imageOffset":7456,"symbol":"mach_msg","symbolLocation":76,"imageIndex":7},{"imageOffset":545456,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":372,"imageIndex":2},{"imageOffset":538464,"symbol":"__CFRunLoopRun","symbolLocation":1180,"imageIndex":2},{"imageOffset":535332,"symbol":"CFRunLoopRunSpecific","symbolLocation":600,"imageIndex":2},{"imageOffset":1762164,"symbol":"_NSEventThread","symbolLocation":196,"imageIndex":4},{"imageOffset":29292,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":9},{"imageOffset":8332,"symbol":"thread_start","symbolLocation":8,"imageIndex":9}]},{"id":43516,"name":"com.apple.CFSocket.private","frames":[{"imageOffset":50584,"symbol":"__select","symbolLocation":8,"imageIndex":7},{"imageOffset":718992,"symbol":"__CFSocketManager","symbolLocation":644,"imageIndex":2},{"imageOffset":29292,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":9},{"imageOffset":8332,"symbol":"thread_start","symbolLocation":8,"imageIndex":9}]},{"id":53272,"name":"JavaScriptCore libpas scavenger","frames":[{"imageOffset":21104,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":7},{"imageOffset":30780,"symbol":"_pthread_cond_wait","symbolLocation":1236,"imageIndex":9},{"imageOffset":2271420,"symbol":"scavenger_thread_main","symbolLocation":1232,"imageIndex":1},{"imageOffset":29292,"symbol":"_pthread_start","symbolLocation":148,"imageIndex":9},{"imageOffset":8332,"symbol":"thread_start","symbolLocation":8,"imageIndex":9}]},{"id":53680,"queue":"com.apple.WebInspector.deviceAccessQueue","frames":[{"imageOffset":9780,"symbol":"read","symbolLocation":8,"imageIndex":7},{"imageOffset":157004,"symbol":"sock_read","symbolLocation":60,"imageIndex":10},{"imageOffset":139416,"symbol":"BIO_read","symbolLocation":128,"imageIndex":10},{"imageOffset":48376,"symbol":"ssl23_read_bytes","symbolLocation":80,"imageIndex":11},{"imageOffset":46364,"symbol":"ssl23_connect","symbolLocation":936,"imageIndex":11},{"imageOffset":1197924,"symbol":"lockssl_handshake","symbolLocation":704,"imageIndex":12},{"imageOffset":1284468,"symbol":"AMDeviceSecureStartService","symbolLocation":3324,"imageIndex":12},{"imageOffset":582836,"symbol":"-[RWIServiceLockdownConnection deviceQueue_startServiceWithName:completionHandler:]","symbolLocation":132,"imageIndex":13},{"imageOffset":578704,"symbol":"__94-[RWIServiceLockdownConnection startServiceWithName:retryPolicy:setupBlock:completionHandler:]_block_invoke.56","symbolLocation":260,"imageIndex":13},{"imageOffset":9712,"symbol":"_dispatch_call_block_and_release","symbolLocation":32,"imageIndex":14},{"imageOffset":16820,"symbol":"_dispatch_client_callout","symbolLocation":20,"imageIndex":14},{"imageOffset":47272,"symbol":"_dispatch_lane_serial_drain","symbolLocation":668,"imageIndex":14},{"imageOffset":50180,"symbol":"_dispatch_lane_invoke","symbolLocation":392,"imageIndex":14},{"imageOffset":93336,"symbol":"_dispatch_workloop_worker_thread","symbolLocation":648,"imageIndex":14},{"imageOffset":13152,"symbol":"_pthread_wqthread","symbolLocation":288,"imageIndex":9},{"imageOffset":8320,"symbol":"start_wqthread","symbolLocation":8,"imageIndex":9}]},{"id":54690,"frames":[{"imageOffset":8312,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":9}]},{"id":55002,"frames":[{"imageOffset":8312,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":9}]},{"id":55003,"frames":[{"imageOffset":8312,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":9}]},{"id":55004,"frames":[{"imageOffset":8312,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":9}]}],
  "usedImages" : [
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 7343861760,
    "CFBundleShortVersionString" : "17613",
    "CFBundleIdentifier" : "com.apple.WebKit",
    "size" : 11436032,
    "uuid" : "12a2e5c1-57ad-354f-9301-2c7c657ebaa7",
    "path" : "\/System\/Library\/Frameworks\/WebKit.framework\/Versions\/A\/WebKit",
    "name" : "WebKit",
    "CFBundleVersion" : "17613.2.7.1.8"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 7241424896,
    "CFBundleShortVersionString" : "17613",
    "CFBundleIdentifier" : "com.apple.JavaScriptCore",
    "size" : 21479424,
    "uuid" : "0955690f-fafd-3963-ae7e-309049449fe2",
    "path" : "\/System\/Library\/Frameworks\/JavaScriptCore.framework\/Versions\/A\/JavaScriptCore",
    "name" : "JavaScriptCore",
    "CFBundleVersion" : "17613.2.7.1.8"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6833864704,
    "CFBundleShortVersionString" : "6.9",
    "CFBundleIdentifier" : "com.apple.CoreFoundation",
    "size" : 5533696,
    "uuid" : "994db908-11a1-3e43-b7df-25c09d51368a",
    "path" : "\/System\/Library\/Frameworks\/CoreFoundation.framework\/Versions\/A\/CoreFoundation",
    "name" : "CoreFoundation",
    "CFBundleVersion" : "1863"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6981226496,
    "CFBundleShortVersionString" : "2.1.1",
    "CFBundleIdentifier" : "com.apple.HIToolbox",
    "size" : 3358720,
    "uuid" : "f842b96a-54f3-36f3-9b94-b258fae1b7eb",
    "path" : "\/System\/Library\/Frameworks\/Carbon.framework\/Versions\/A\/Frameworks\/HIToolbox.framework\/Versions\/A\/HIToolbox",
    "name" : "HIToolbox"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6879641600,
    "CFBundleShortVersionString" : "6.9",
    "CFBundleIdentifier" : "com.apple.AppKit",
    "size" : 15433728,
    "uuid" : "a773dd23-b1c8-3c9b-9175-9a71d210ace0",
    "path" : "\/System\/Library\/Frameworks\/AppKit.framework\/Versions\/C\/AppKit",
    "name" : "AppKit",
    "CFBundleVersion" : "2113.50.132"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 7493496832,
    "CFBundleShortVersionString" : "17613",
    "CFBundleIdentifier" : "com.apple.Safari.framework",
    "size" : 9355264,
    "uuid" : "07061af5-10a1-3118-b2cd-52a795797583",
    "path" : "\/System\/Library\/PrivateFrameworks\/Safari.framework\/Versions\/A\/Safari",
    "name" : "Safari",
    "CFBundleVersion" : "17613.2.7.1.8"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 4366909440,
    "size" : 393216,
    "uuid" : "d9c2a46e-8dc4-3950-9d6a-f799e8ccb683",
    "path" : "\/usr\/lib\/dyld",
    "name" : "dyld"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6833311744,
    "size" : 229376,
    "uuid" : "03f48dc5-caa7-3678-af61-1a3c7fa8b06e",
    "path" : "\/usr\/lib\/system\/libsystem_kernel.dylib",
    "name" : "libsystem_kernel.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6950219776,
    "CFBundleShortVersionString" : "1.11",
    "CFBundleIdentifier" : "com.apple.QuartzCore",
    "size" : 3334144,
    "uuid" : "7a5838a0-104b-3896-9c99-66ee81786497",
    "path" : "\/System\/Library\/Frameworks\/QuartzCore.framework\/Versions\/A\/QuartzCore",
    "name" : "QuartzCore",
    "CFBundleVersion" : "964.28"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6833541120,
    "size" : 53248,
    "uuid" : "42166a2c-89a9-3c38-a215-f028544cea23",
    "path" : "\/usr\/lib\/system\/libsystem_pthread.dylib",
    "name" : "libsystem_pthread.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 7452438528,
    "size" : 991232,
    "uuid" : "ee1fcbc7-8bbf-3bd6-8552-604da4191a66",
    "path" : "\/usr\/lib\/libcrypto.35.dylib",
    "name" : "libcrypto.35.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 7535276032,
    "size" : 204800,
    "uuid" : "0c6106eb-3de0-370e-8b9f-db6b9501bc7b",
    "path" : "\/usr\/lib\/libssl.35.dylib",
    "name" : "libssl.35.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 5942083584,
    "CFBundleShortVersionString" : "1369.121.2",
    "CFBundleIdentifier" : "com.apple.mobiledevice",
    "size" : 2916352,
    "uuid" : "448367ff-e0f8-3d0b-9772-e925f525aa00",
    "path" : "\/Library\/Apple\/*\/MobileDevice.framework\/Versions\/A\/MobileDevice",
    "name" : "MobileDevice",
    "CFBundleVersion" : "1369.121.2"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 7718580224,
    "CFBundleShortVersionString" : "17613",
    "CFBundleIdentifier" : "com.apple.WebInspector",
    "size" : 835584,
    "uuid" : "79b1b9d2-81f1-3007-b526-257f9462341e",
    "path" : "\/System\/Library\/PrivateFrameworks\/WebInspector.framework\/Versions\/A\/WebInspector",
    "name" : "WebInspector",
    "CFBundleVersion" : "17613.2.7.1.8"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6831702016,
    "size" : 290816,
    "uuid" : "f9300d47-d3db-3349-8a6d-acb68cd9983b",
    "path" : "\/usr\/lib\/system\/libdispatch.dylib",
    "name" : "libdispatch.dylib"
  },
  {
    "size" : 0,
    "source" : "A",
    "base" : 0,
    "uuid" : "00000000-0000-0000-0000-000000000000"
  }
],
  "sharedCache" : {
  "base" : 6830243840,
  "size" : 3136077824,
  "uuid" : "513553bb-5ca5-3b9e-a613-b0603ffe3038"
},
  "vmSummary" : "ReadOnly portion of Libraries: Total=1.2G resident=0K(0%) swapped_out_or_unallocated=1.2G(100%)\nWritable regions: Total=2.4G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=2.4G(100%)\n\n                                VIRTUAL   REGION \nREGION TYPE                        SIZE    COUNT (non-coalesced) \n===========                     =======  ======= \nAccelerate framework              1664K       13 \nActivity Tracing                   256K        1 \nCG backing stores                  960K        4 \nCG image                          42.2M      243 \nColorSync                          576K       29 \nCoreAnimation                     19.7M      121 \nCoreGraphics                        48K        3 \nCoreImage                           48K        3 \nCoreUI image data                 1488K       22 \nFoundation                          48K        2 \nImage IO                          6112K      124 \nJS JIT generated code            512.0M        3 \nKernel Alloc Once                   32K        1 \nMALLOC                           358.4M      120 \nMALLOC guard page                  288K       16 \nMALLOC_MEDIUM (reserved)         944.0M        8         reserved VM address space (unallocated)\nMALLOC_NANO (reserved)           384.0M        1         reserved VM address space (unallocated)\nSQLite page cache                 1792K       28 \nSTACK GUARD                       56.2M       12 \nStack                             14.3M       12 \nVM_ALLOCATE                        592K       18 \nWebKit Malloc                    192.0M        5 \n__AUTH                            3987K      492 \n__AUTH_CONST                      28.0M      725 \n__CTF                               756        1 \n__DATA                            21.3M      721 \n__DATA_CONST                      27.2M      738 \n__DATA_DIRTY                      2929K      323 \n__FONT_DATA                          4K        1 \n__GLSLBUILTINS                    5176K        1 \n__LINKEDIT                       580.1M       15 \n__OBJC_CONST                      6001K      451 \n__OBJC_RO                         83.0M        1 \n__OBJC_RW                         3152K        1 \n__TEXT                           698.8M      757 \n__UNICODE                          592K        1 \ndyld private memory               1024K        1 \nlibnetwork                        5760K       32 \nmapped file                      514.5M       73 \nshared memory                      912K       14 \n===========                     =======  ======= \nTOTAL                              4.4G     5137 \nTOTAL, minus reserved VM space     3.1G     5137 \n",
  "legacyInfo" : {
  "threadTriggered" : {
    "queue" : "com.apple.main-thread"
  }
},
  "trialInfo" : {
  "rollouts" : [
    {
      "rolloutId" : "5fb4245a1bbfe8005e33a1e1",
      "factorPackIds" : {

      },
      "deploymentId" : 240000015
    },
    {
      "rolloutId" : "6112dda2fc54bc3389840642",
      "factorPackIds" : {
        "SIRI_DICTATION_ASSETS" : "62702e3c52dd330db9df185d"
      },
      "deploymentId" : 240000123
    }
  ],
  "experiments" : [

  ]
}
}

Model: Macmini9,1, BootROM 7459.121.3, proc 8:4:4 processors, 16 GB, SMC 
Graphics: Apple M1, Apple M1, Built-In
Display: BenQ LCD, 2560 x 1440 (QHD/WQHD - Wide Quad High Definition), Main, MirrorOff, Online
Memory Module: LPDDR4
AirPort: Wi-Fi, wl0: Mar 23 2022 19:57:59 version 18.60.27.0.7.8.129 FWID 01-570be953
Bluetooth: Version (null), 0 services, 0 devices, 0 incoming serial ports
Network Service: Wi-Fi, AirPort, en1
USB Device: USB31Bus
USB Device: USB31Bus
USB Device: USB3.0 Hub
USB Device: USB2.0 Hub
USB Device: Gaming Mouse G300
USB Device: USB 2.0 BILLBOARD
USB Device: USB Keyboard
USB Device: USB Billboard Device
USB Device: USB30Bus
USB Device: Logitech Webcam C925e
Thunderbolt Bus: Mac mini, Apple Inc.
Thunderbolt Bus: Mac mini, Apple Inc.
Comment 1 Thomas Kumlehn 2022-05-17 05:25:46 PDT 
Could not force a crash by using Safari TP 145
Comment 2 Alexey Proskuryakov 2022-05-17 10:04:23 PDT 
Given that this doesn't reproduce with STP 145, this is likely already fixed in WebKit. But it would be very good to find what fixed this, to confirm that it's gone for good, and has a regression test.

rdar://88767336