v5.0.2: Segfault when warping windows between displays each containing initially a single window

[kiryph]

I have a segmentation fault with yabai version 5.0.2 installed via homebrew:

❯ brew info yabai

==> koekeishiya/formulae/yabai: stable 5.0.2, HEAD
A tiling window manager for macOS based on binary space partitioning.
https://github.com/koekeishiya/yabai
/usr/local/Cellar/yabai/5.0.2 (7 files, 1.7MB) *
  Built from source on 2022-12-17 at 08:45:40
From: https://github.com/koekeishiya/homebrew-formulae/blob/HEAD/yabai.rb
==> Requirements
Required: macOS >= 11 ✔

I have attached three displays to my macMini 2018 (Intel CPU) with macOS Monterey 12.6.1:

Display Settings

All spaces use the bsp layout.

❯ yabai -m query --spaces | jq '.[] | "\(.index),  \(.type)"'
"1,  bsp"
"2,  bsp"
"3,  bsp"
"4,  bsp"
"5,  bsp"
"6,  bsp"
"7,  bsp"
"8,  bsp"
"9,  bsp"
"10,  bsp"
"11,  bsp"
"12,  bsp"
"13,  bsp"
"14,  bsp"
"15,  bsp"
"16,  bsp"

I open on the left and central display a single iterm2 window:

❯ yabai -m query --windows | jq -r '.[] | select(."is-visible") | {"id": .id, "app": .app, "display": .display, "stack-index": ."stack-index", "frame": .frame}'
{
  "id": 444,
  "app": "iTerm2",
  "display": 2,
  "stack-index": 0,
  "frame": {
    "x": -1080,
    "y": 0,
    "w": 1080,
    "h": 1920
  }
}
{
  "id": 587,
  "app": "iTerm2",
  "display": 1,
  "stack-index": 0,
  "frame": {
    "x": 0,
    "y": 0,
    "w": 2560,
    "h": 1440
  }
}

Now, I want to warp the terminal window from the left display to the central display.

With the help of --insert west I want to bring in the window from the side where the originating display is located.

~
❯ yabai -m window 587 --insert west
~
❯ yabai -m window 444 --warp 587
# NOW SEGFAULT

If the window would be on the right display, I would use --insert east.

I have started yabai with the --verbose option which has as the last output following two lines:

EVENT_HANDLER_DAEMON_MESSAGE: window 444 --warp 587
[1]    9240 segmentation fault  yabai --verbose

For the full log see:

❯ yabai --verbose

process_is_observable: loginwindow (193) is blacklisted! ignoring..
process_is_observable: ViewBridgeAuxiliary (431) was marked as xpc service! ignoring..
process_is_observable: Dock (478) is blacklisted! ignoring..
process_is_observable: ViewBridgeAuxiliary (487) was marked as xpc service! ignoring..
process_is_observable: QuickLookUIService (PID 482) (502) was marked as xpc service! ignoring..
process_manager_add_running_processes: Finder (482) was found! caching psn..
process_is_observable: Google Drive (523) was marked as xpc service! ignoring..
process_is_observable: BetterZip Finder Extension (524) was marked as xpc service! ignoring..
process_is_observable: imklaunchagent (558) is blacklisted! ignoring..
process_is_observable: Dock Extra (565) was marked as xpc service! ignoring..
process_is_observable: VimR Networking (2848) was marked as xpc service! ignoring..
process_is_observable: UIKitSystem (4150) is blacklisted! ignoring..
application_observe: error 'kAXErrorCannotComplete' for application 'universalaccessd' and notification 'kAXCreatedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'universalaccessd' and notification 'kAXFocusedWindowChangedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'universalaccessd' and notification 'kAXWindowMovedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'universalaccessd' and notification 'kAXWindowResizedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'universalaccessd' and notification 'kAXTitleChangedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'universalaccessd' and notification 'kAXMenuOpenedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'universalaccessd' and notification 'kAXMenuClosedNotification'
window_manager_add_existing_application_windows: Google Chrome has windows that are not yet resolved
application_observe: error 'kAXErrorCannotComplete' for application 'skhd' and notification 'kAXCreatedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'skhd' and notification 'kAXFocusedWindowChangedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'skhd' and notification 'kAXWindowMovedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'skhd' and notification 'kAXWindowResizedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'skhd' and notification 'kAXTitleChangedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'skhd' and notification 'kAXMenuOpenedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'skhd' and notification 'kAXMenuClosedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'karabiner_console_user_server' and notification 'kAXCreatedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'karabiner_console_user_server' and notification 'kAXFocusedWindowChangedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'karabiner_console_user_server' and notification 'kAXWindowMovedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'karabiner_console_user_server' and notification 'kAXWindowResizedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'karabiner_console_user_server' and notification 'kAXTitleChangedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'karabiner_console_user_server' and notification 'kAXMenuOpenedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'karabiner_console_user_server' and notification 'kAXMenuClosedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'softwareupdated' and notification 'kAXCreatedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'softwareupdated' and notification 'kAXFocusedWindowChangedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'softwareupdated' and notification 'kAXWindowMovedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'softwareupdated' and notification 'kAXWindowResizedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'softwareupdated' and notification 'kAXTitleChangedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'softwareupdated' and notification 'kAXMenuOpenedNotification'
application_observe: error 'kAXErrorCannotComplete' for application 'softwareupdated' and notification 'kAXMenuClosedNotification'
window_manager_create_and_add_window:213 iTerm2 - Hotkey Window
window_manager_create_and_add_window:444 iTerm2 - kiryph@ichi20: ~
window_manager_create_and_add_window:587 iTerm2 - kiryph@ichi20: ~ 🔔
EVENT_HANDLER_DAEMON_MESSAGE: signal --add event=dock_did_restart action=sudo yabai --load-sa
EVENT_HANDLER_DAEMON_MESSAGE: space 2 --label s2
EVENT_HANDLER_DAEMON_MESSAGE: space 3 --label s5
EVENT_HANDLER_DAEMON_MESSAGE: space 4 --label s8
EVENT_HANDLER_DAEMON_MESSAGE: space 5 --label s11
EVENT_HANDLER_DAEMON_MESSAGE: space 6 --label s14
EVENT_HANDLER_DAEMON_MESSAGE: space 7 --label s3
EVENT_HANDLER_DAEMON_MESSAGE: space 8 --label s6
EVENT_HANDLER_DAEMON_MESSAGE: space 9 --label s9
EVENT_HANDLER_DAEMON_MESSAGE: space 10 --label s12
EVENT_HANDLER_DAEMON_MESSAGE: space 11 --label s15
EVENT_HANDLER_DAEMON_MESSAGE: space 12 --label s4
EVENT_HANDLER_DAEMON_MESSAGE: space 13 --label s7
EVENT_HANDLER_DAEMON_MESSAGE: space 14 --label s10
EVENT_HANDLER_DAEMON_MESSAGE: space 15 --label s13
EVENT_HANDLER_DAEMON_MESSAGE: space 16 --label s16
EVENT_HANDLER_DAEMON_MESSAGE: space --focus 2
cannot focus an already focused space.
EVENT_HANDLER_DAEMON_MESSAGE: config debug_output on
EVENT_HANDLER_DAEMON_MESSAGE: config mouse_follows_focus off
EVENT_HANDLER_DAEMON_MESSAGE: config focus_follows_mouse off
EVENT_HANDLER_DAEMON_MESSAGE: config window_origin_display focused
EVENT_HANDLER_DAEMON_MESSAGE: config window_placement first_child
EVENT_HANDLER_DAEMON_MESSAGE: config window_topmost off
EVENT_HANDLER_DAEMON_MESSAGE: config window_shadow off
EVENT_HANDLER_DAEMON_MESSAGE: config window_opacity off
EVENT_HANDLER_DAEMON_MESSAGE: config window_opacity_duration 0.0
EVENT_HANDLER_DAEMON_MESSAGE: config active_window_opacity 1.0
EVENT_HANDLER_DAEMON_MESSAGE: config normal_window_opacity 0.90
EVENT_HANDLER_DAEMON_MESSAGE: config window_border off
EVENT_HANDLER_DAEMON_MESSAGE: config window_border_width 3
EVENT_HANDLER_DAEMON_MESSAGE: config active_window_border_color 0xff775759
EVENT_HANDLER_DAEMON_MESSAGE: config normal_window_border_color 0xff555555
EVENT_HANDLER_DAEMON_MESSAGE: config insert_feedback_color 0xff000000
EVENT_HANDLER_DAEMON_MESSAGE: config split_ratio 0.50
EVENT_HANDLER_DAEMON_MESSAGE: config auto_balance on
EVENT_HANDLER_DAEMON_MESSAGE: config mouse_modifier fn
EVENT_HANDLER_DAEMON_MESSAGE: config mouse_action1 move
EVENT_HANDLER_DAEMON_MESSAGE: config mouse_action2 resize
EVENT_HANDLER_DAEMON_MESSAGE: config mouse_drop_action swap
EVENT_HANDLER_DAEMON_MESSAGE: config layout bsp
EVENT_HANDLER_DAEMON_MESSAGE: config top_padding 00
EVENT_HANDLER_DAEMON_MESSAGE: config bottom_padding 00
EVENT_HANDLER_DAEMON_MESSAGE: config left_padding 00
EVENT_HANDLER_DAEMON_MESSAGE: config right_padding 00
EVENT_HANDLER_DAEMON_MESSAGE: config window_gap 06
Mon Dec 26 11:07:48 CET 2022 yabai configuration loaded..
EVENT_HANDLER_WINDOW_FOCUSED: iTerm2 587
EVENT_HANDLER_WINDOW_TITLE_CHANGED: iTerm2 587
EVENT_HANDLER_WINDOW_DESTROYED: iTerm2 213
EVENT_HANDLER_MOUSE_DOWN: 444 -286.14, 293.62
EVENT_HANDLER_WINDOW_FOCUSED: iTerm2 444
EVENT_HANDLER_DISPLAY_CHANGED: 724064212 20
space_manager_refresh_application_windows: Google Chrome has windows that are not yet resolved
EVENT_HANDLER_MOUSE_UP: -286.14, 293.62
EVENT_HANDLER_DAEMON_MESSAGE: query --windows
EVENT_HANDLER_DAEMON_MESSAGE: window 587 --insert west
window_manager_create_and_add_window:213 iTerm2 - Hotkey Window
EVENT_HANDLER_DISPLAY_CHANGED: 722478165 6
space_manager_refresh_application_windows: Google Chrome has windows that are not yet resolved
EVENT_HANDLER_WINDOW_FOCUSED: iTerm2 213
EVENT_HANDLER_WINDOW_FOCUSED: iTerm2 587
EVENT_HANDLER_WINDOW_DESTROYED: iTerm2 213
EVENT_HANDLER_APPLICATION_FRONT_SWITCHED: Google Chrome (2212)
EVENT_HANDLER_APPLICATION_DEACTIVATED: iTerm2
EVENT_HANDLER_APPLICATION_ACTIVATED: Google Chrome
EVENT_HANDLER_APPLICATION_FRONT_SWITCHED: iTerm2 (635)
EVENT_HANDLER_APPLICATION_DEACTIVATED: Google Chrome
EVENT_HANDLER_APPLICATION_ACTIVATED: iTerm2
EVENT_HANDLER_WINDOW_FOCUSED: iTerm2 444
EVENT_HANDLER_DISPLAY_CHANGED: 724064212 20
space_manager_refresh_application_windows: Google Chrome has windows that are not yet resolved
EVENT_HANDLER_DAEMON_MESSAGE: window 444 --warp 587
[1]    9240 segmentation fault  yabai --verbose

Can someone else confirm this segmentation fault?

The weird thing is when I have two windows open on the originating or target display, the segfault disappears:

❯ yabai -m query --windows | jq -r '.[] | select(."is-visible") | {"id": .id, "app": .app, "display": .display, "stack-index": ."stack-index", "frame": .frame}'
{
  "id": 444,
  "app": "iTerm2",
  "display": 2,
  "stack-index": 0,
  "frame": {
    "x": -1080,
    "y": 0,
    "w": 1080,
    "h": 1920
  }
}
{
  "id": 698,
  "app": "iTerm2",
  "display": 1,
  "stack-index": 0,
  "frame": {
    "x": 1283,
    "y": 0,
    "w": 1277,
    "h": 1440
  }
}
{
  "id": 587,
  "app": "iTerm2",
  "display": 1,
  "stack-index": 0,
  "frame": {
    "x": -0,
    "y": 0,
    "w": 1277,
    "h": 1440
  }
}

Now I can execute the commands.

Do I do something wrong? If so, yabai should still not segfaulting but tell me that my command cannot be executed ideally with a helpful error message.

Update: Crash Report from Console.app

Crash report

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               yabai [4174]
Path:                  /usr/local/opt/yabai/bin/yabai
Identifier:            yabai
Version:               ???
Code Type:             X86-64 (Native)
Parent Process:        launchd [1]
User ID:               501

Date/Time:             2022-12-26 10:27:30.3800 +0100
OS Version:            macOS 12.6.1 (21G217)
Report Version:        12
Bridge OS Version:     7.0 (20P411)
Anonymous UUID:        0D681FE9-1C76-C6B6-014C-5A03857C3DA8


Time Awake Since Boot: 670 seconds

System Integrity Protection: disabled

Crashed Thread:        1

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000138
Exception Codes:       0x0000000000000001, 0x0000000000000138
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [4174]

VM Region Info: 0x138 is not in any region.  Bytes before following region: 140737486675656
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      VM_ALLOCATE              7fffffe66000-7fffffe67000 [    4K] r-x/r-x SM=ALI  

Thread 0::  Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	    0x7ff81f72897a mach_msg_trap + 10
1   libsystem_kernel.dylib        	    0x7ff81f728ce8 mach_msg + 56
2   CoreFoundation                	    0x7ff81f82c36d __CFRunLoopServiceMachPort + 319
3   CoreFoundation                	    0x7ff81f82a9f8 __CFRunLoopRun + 1276
4   CoreFoundation                	    0x7ff81f829e3c CFRunLoopRunSpecific + 562
5   yabai                         	       0x10419b634 main + 1972
6   dyld                          	       0x10787552e start + 462

Thread 1 Crashed:
0   yabai                         	       0x1041970ee window_manager_warp_window + 1182
1   yabai                         	       0x104179a07 handle_message + 11639
2   yabai                         	       0x1041a267f EVENT_HANDLER_DAEMON_MESSAGE + 319
3   yabai                         	       0x10417378e event_loop_run + 158
4   libsystem_pthread.dylib       	    0x7ff81f7654e1 _pthread_start + 125
5   libsystem_pthread.dylib       	    0x7ff81f760f6b thread_start + 15

Thread 2:
0   libsystem_kernel.dylib        	    0x7ff81f72f092 __accept + 10
1   yabai                         	       0x104181d7c message_loop_run + 60
2   libsystem_pthread.dylib       	    0x7ff81f7654e1 _pthread_start + 125
3   libsystem_pthread.dylib       	    0x7ff81f760f6b thread_start + 15

Thread 3:
0   libsystem_pthread.dylib       	    0x7ff81f760f48 start_wqthread + 0

Thread 4:
0   libsystem_pthread.dylib       	    0x7ff81f760f48 start_wqthread + 0

Thread 5:
0   libsystem_pthread.dylib       	    0x7ff81f760f48 start_wqthread + 0


Thread 1 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000000  rbx: 0x00006000034d6000  rcx: 0x0000000000000001  rdx: 0x000000000000011b
  rdi: 0x0000000000000001  rsi: 0x0000000000000000  rbp: 0x0000700005652b60  rsp: 0x0000700005652900
   r8: 0x00006000016f4380   r9: 0x0000000000000010  r10: 0x00000000000007fb  r11: 0x00000000000003ff
  r12: 0x00007fd5fba1c390  r13: 0x00006000016f4370  r14: 0x00007fd5fba0af20  r15: 0x000000010422f210
  rip: 0x00000001041970ee  rfl: 0x0000000000010246  cr2: 0x0000000000000138
  
Logical CPU:     2
Error Code:      0x00000006 (no mapping for user data write)
Trap Number:     14

Thread 1 instruction stream:
  bf 00 00 00 41 8b 8e 38-01 00 00 85 c9 75 1e 8b  ....A..8.....u..
  0d c5 81 09 00 83 f9 03-75 13 f3 41 0f 10 46 08  ........u..A..F.
  41 0f 2e 46 0c b9 02 00-00 00 83 d1 ff 48 8b 95  A..F.........H..
  c0 fd ff ff 80 7a 3b 00-0f 84 bd 02 00 00 f3 44  .....z;........D
  0f 2a 4a 30 f3 44 0f 59-0d 05 f6 00 00 e9 ad 02  .*J0.D.Y........
  00 00 4c 89 85 b0 fd ff-ff 41 8b 8e 38 01 00 00  ..L......A..8...
 [89]88 38 01 00 00 41 8b-8e 3c 01 00 00 89 88 3c  ..8...A..<.....<	<==
  01 00 00 48 8b bd c8 fd-ff ff 4c 89 ee e8 b0 d3  ...H......L.....
  fe ff 41 8b 45 10 89 85-d0 fe ff ff 4c 8b a5 a8  ..A.E.......L...
  fd ff ff 4d 8b 74 24 78-48 8d bd d0 fe ff ff 41  ...M.t$xH......A
  ff 54 24 68 49 63 4c 24-5c 48 89 c2 48 09 ca 48  .T$hIcL$\H..H..H
  c1 ea 20 0f 84 f4 01 00-00 31 d2 48 f7 f1 e9 ee  .. ......1.H....

Binary Images:
    0x7ff81f727000 -     0x7ff81f75efff libsystem_kernel.dylib (*) <0ea0d8ac-c27b-3a71-a59b-ec3a6f116acf> /usr/lib/system/libsystem_kernel.dylib
    0x7ff81f7ac000 -     0x7ff81fcaefff com.apple.CoreFoundation (6.9) <93c48919-68af-367e-9a67-db4159bc962c> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
       0x10416c000 -        0x1041abfff yabai (*) <5a5f8f1c-f0a8-3c19-b925-3c74e4065154> /usr/local/Cellar/yabai/5.0.2/bin/yabai
       0x107870000 -        0x1078dbfff dyld (*) <7b87a986-a153-33c4-8470-d56410b7f9d5> /usr/lib/dyld
    0x7ff81f75f000 -     0x7ff81f76afff libsystem_pthread.dylib (*) <b5454e27-e8c7-3fdb-b77f-714f1e82e70b> /usr/lib/system/libsystem_pthread.dylib
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 8
    thread_create: 8
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=846.6M resident=0K(0%) swapped_out_or_unallocated=846.6M(100%)
Writable regions: Total=930.8M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=930.8M(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Activity Tracing                   256K        1 
CG backing stores                 56.2M        1 
ColorSync                          204K       23 
CoreGraphics                         8K        1 
Kernel Alloc Once                    8K        1 
MALLOC                           235.2M       32 
MALLOC guard page                   24K        5 
MALLOC_MEDIUM (reserved)         240.0M        2         reserved VM address space (unallocated)
MALLOC_NANO (reserved)           384.0M        1         reserved VM address space (unallocated)
ObjC additional data                15K        1 
STACK GUARD                       56.0M        6 
Stack                             10.5M        6 
VM_ALLOCATE                       4648K       12 
VM_ALLOCATE (reserved)             128K        1         reserved VM address space (unallocated)
__CTF                               756        1 
__DATA                            17.4M      282 
__DATA_CONST                      12.0M      168 
__DATA_DIRTY                       534K       97 
__FONT_DATA                          4K        1 
__LINKEDIT                       645.4M        8 
__TEXT                           201.2M      303 
__UNICODE                          592K        1 
dyld private memory               1024K        1 
mapped file                       54.1M        9 
shared memory                      768K       14 
===========                     =======  ======= 
TOTAL                              1.9G      978 
TOTAL, minus reserved VM space     1.3G      978 



-----------
Full Report
-----------

{"app_name":"yabai","timestamp":"2022-12-26 10:27:30.00 +0100","app_version":"","slice_uuid":"5a5f8f1c-f0a8-3c19-b925-3c74e4065154","build_version":"","platform":1,"share_with_app_devs":0,"is_first_party":1,"bug_type":"309","os_version":"macOS 12.6.1 (21G217)","incident_id":"5CF7CA2D-8C14-4CD1-9D45-52F03BA9AE6B","name":"yabai"}
{
  "uptime" : 670,
  "procLaunch" : "2022-12-26 10:26:27.2386 +0100",
  "procRole" : "Unspecified",
  "version" : 2,
  "userID" : 501,
  "deployVersion" : 210,
  "modelCode" : "Macmini8,1",
  "procStartAbsTime" : 615492268373,
  "coalitionID" : 674,
  "osVersion" : {
    "train" : "macOS 12.6.1",
    "build" : "21G217",
    "releaseType" : "User"
  },
  "captureTime" : "2022-12-26 10:27:30.3800 +0100",
  "incident" : "5CF7CA2D-8C14-4CD1-9D45-52F03BA9AE6B",
  "bug_type" : "309",
  "pid" : 4174,
  "procExitAbsTime" : 678633669893,
  "cpuType" : "X86-64",
  "procName" : "yabai",
  "procPath" : "\/usr\/local\/opt\/yabai\/bin\/yabai",
  "parentProc" : "launchd",
  "parentPid" : 1,
  "coalitionName" : "homebrew.mxcl.yabai",
  "crashReporterKey" : "0D681FE9-1C76-C6B6-014C-5A03857C3DA8",
  "bridgeVersion" : {"build":"20P411","train":"7.0"},
  "sip" : "disabled",
  "vmRegionInfo" : "0x138 is not in any region.  Bytes before following region: 140737486675656\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  \n      VM_ALLOCATE              7fffffe66000-7fffffe67000 [    4K] r-x\/r-x SM=ALI  ",
  "isCorpse" : 1,
  "exception" : {"codes":"0x0000000000000001, 0x0000000000000138","rawCodes":[1,312],"type":"EXC_BAD_ACCESS","signal":"SIGSEGV","subtype":"KERN_INVALID_ADDRESS at 0x0000000000000138"},
  "termination" : {"flags":0,"code":11,"namespace":"SIGNAL","indicator":"Segmentation fault: 11","byProc":"exc handler","byPid":4174},
  "vmregioninfo" : "0x138 is not in any region.  Bytes before following region: 140737486675656\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      UNUSED SPACE AT START\n--->  \n      VM_ALLOCATE              7fffffe66000-7fffffe67000 [    4K] r-x\/r-x SM=ALI  ",
  "extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":8,"thread_set_state":0,"task_for_pid":8},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":0},
  "faultingThread" : 1,
  "threads" : [{"id":24686,"queue":"com.apple.main-thread","frames":[{"imageOffset":6522,"symbol":"mach_msg_trap","symbolLocation":10,"imageIndex":0},{"imageOffset":7400,"symbol":"mach_msg","symbolLocation":56,"imageIndex":0},{"imageOffset":525165,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":319,"imageIndex":1},{"imageOffset":518648,"symbol":"__CFRunLoopRun","symbolLocation":1276,"imageIndex":1},{"imageOffset":515644,"symbol":"CFRunLoopRunSpecific","symbolLocation":562,"imageIndex":1},{"imageOffset":194100,"symbol":"main","symbolLocation":1972,"imageIndex":2},{"imageOffset":21806,"symbol":"start","symbolLocation":462,"imageIndex":3}]},{"triggered":true,"id":24715,"instructionState":{"instructionStream":{"bytes":[191,0,0,0,65,139,142,56,1,0,0,133,201,117,30,139,13,197,129,9,0,131,249,3,117,19,243,65,15,16,70,8,65,15,46,70,12,185,2,0,0,0,131,209,255,72,139,149,192,253,255,255,128,122,59,0,15,132,189,2,0,0,243,68,15,42,74,48,243,68,15,89,13,5,246,0,0,233,173,2,0,0,76,137,133,176,253,255,255,65,139,142,56,1,0,0,137,136,56,1,0,0,65,139,142,60,1,0,0,137,136,60,1,0,0,72,139,189,200,253,255,255,76,137,238,232,176,211,254,255,65,139,69,16,137,133,208,254,255,255,76,139,165,168,253,255,255,77,139,116,36,120,72,141,189,208,254,255,255,65,255,84,36,104,73,99,76,36,92,72,137,194,72,9,202,72,193,234,32,15,132,244,1,0,0,49,210,72,247,241,233,238],"offset":96}},"threadState":{"r13":{"value":105553140335472},"rax":{"value":0},"rflags":{"value":66118},"cpu":{"value":2},"r14":{"value":140557026373408},"rsi":{"value":0},"r8":{"value":105553140335488},"cr2":{"value":312},"rdx":{"value":283},"r10":{"value":2043},"r9":{"value":16},"r15":{"value":4364366352,"symbolLocation":0,"symbol":"g_space_manager"},"rbx":{"value":105553171668992},"trap":{"value":14,"description":"(no mapping for user data write)"},"err":{"value":6},"r11":{"value":1023},"rip":{"value":4363743470,"matchesCrashFrame":1},"rbp":{"value":123145392827232},"rsp":{"value":123145392826624},"r12":{"value":140557026444176},"rcx":{"value":1},"flavor":"x86_THREAD_STATE","rdi":{"value":1}},"frames":[{"imageOffset":176366,"symbol":"window_manager_warp_window","symbolLocation":1182,"imageIndex":2},{"imageOffset":55815,"symbol":"handle_message","symbolLocation":11639,"imageIndex":2},{"imageOffset":222847,"symbol":"EVENT_HANDLER_DAEMON_MESSAGE","symbolLocation":319,"imageIndex":2},{"imageOffset":30606,"symbol":"event_loop_run","symbolLocation":158,"imageIndex":2},{"imageOffset":25825,"symbol":"_pthread_start","symbolLocation":125,"imageIndex":4},{"imageOffset":8043,"symbol":"thread_start","symbolLocation":15,"imageIndex":4}]},{"id":24721,"frames":[{"imageOffset":32914,"symbol":"__accept","symbolLocation":10,"imageIndex":0},{"imageOffset":89468,"symbol":"message_loop_run","symbolLocation":60,"imageIndex":2},{"imageOffset":25825,"symbol":"_pthread_start","symbolLocation":125,"imageIndex":4},{"imageOffset":8043,"symbol":"thread_start","symbolLocation":15,"imageIndex":4}]},{"id":25268,"frames":[{"imageOffset":8008,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":4}]},{"id":25627,"frames":[{"imageOffset":8008,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":4}]},{"id":26310,"frames":[{"imageOffset":8008,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":4}]}],
  "usedImages" : [
  {
    "source" : "P",
    "arch" : "x86_64",
    "base" : 140703656210432,
    "size" : 229376,
    "uuid" : "0ea0d8ac-c27b-3a71-a59b-ec3a6f116acf",
    "path" : "\/usr\/lib\/system\/libsystem_kernel.dylib",
    "name" : "libsystem_kernel.dylib"
  },
  {
    "source" : "P",
    "arch" : "x86_64h",
    "base" : 140703656755200,
    "CFBundleShortVersionString" : "6.9",
    "CFBundleIdentifier" : "com.apple.CoreFoundation",
    "size" : 5255168,
    "uuid" : "93c48919-68af-367e-9a67-db4159bc962c",
    "path" : "\/System\/Library\/Frameworks\/CoreFoundation.framework\/Versions\/A\/CoreFoundation",
    "name" : "CoreFoundation",
    "CFBundleVersion" : "1866"
  },
  {
    "source" : "P",
    "arch" : "x86_64",
    "base" : 4363567104,
    "size" : 262144,
    "uuid" : "5a5f8f1c-f0a8-3c19-b925-3c74e4065154",
    "path" : "\/usr\/local\/Cellar\/yabai\/5.0.2\/bin\/yabai",
    "name" : "yabai"
  },
  {
    "source" : "P",
    "arch" : "x86_64",
    "base" : 4421255168,
    "size" : 442368,
    "uuid" : "7b87a986-a153-33c4-8470-d56410b7f9d5",
    "path" : "\/usr\/lib\/dyld",
    "name" : "dyld"
  },
  {
    "source" : "P",
    "arch" : "x86_64",
    "base" : 140703656439808,
    "size" : 49152,
    "uuid" : "b5454e27-e8c7-3fdb-b77f-714f1e82e70b",
    "path" : "\/usr\/lib\/system\/libsystem_pthread.dylib",
    "name" : "libsystem_pthread.dylib"
  },
  {
    "size" : 0,
    "source" : "A",
    "base" : 0,
    "uuid" : "00000000-0000-0000-0000-000000000000"
  }
],
  "sharedCache" : {
  "base" : 140703653183488,
  "size" : 19331678208,
  "uuid" : "57de9b7b-39b3-3557-8aed-37ac450fa1f3"
},
  "vmSummary" : "ReadOnly portion of Libraries: Total=846.6M resident=0K(0%) swapped_out_or_unallocated=846.6M(100%)\nWritable regions: Total=930.8M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=930.8M(100%)\n\n                                VIRTUAL   REGION \nREGION TYPE                        SIZE    COUNT (non-coalesced) \n===========                     =======  ======= \nActivity Tracing                   256K        1 \nCG backing stores                 56.2M        1 \nColorSync                          204K       23 \nCoreGraphics                         8K        1 \nKernel Alloc Once                    8K        1 \nMALLOC                           235.2M       32 \nMALLOC guard page                   24K        5 \nMALLOC_MEDIUM (reserved)         240.0M        2         reserved VM address space (unallocated)\nMALLOC_NANO (reserved)           384.0M        1         reserved VM address space (unallocated)\nObjC additional data                15K        1 \nSTACK GUARD                       56.0M        6 \nStack                             10.5M        6 \nVM_ALLOCATE                       4648K       12 \nVM_ALLOCATE (reserved)             128K        1         reserved VM address space (unallocated)\n__CTF                               756        1 \n__DATA                            17.4M      282 \n__DATA_CONST                      12.0M      168 \n__DATA_DIRTY                       534K       97 \n__FONT_DATA                          4K        1 \n__LINKEDIT                       645.4M        8 \n__TEXT                           201.2M      303 \n__UNICODE                          592K        1 \ndyld private memory               1024K        1 \nmapped file                       54.1M        9 \nshared memory                      768K       14 \n===========                     =======  ======= \nTOTAL                              1.9G      978 \nTOTAL, minus reserved VM space     1.3G      978 \n",
  "legacyInfo" : {
  "threadTriggered" : {

  }
},
  "trialInfo" : {
  "rollouts" : [
    {
      "rolloutId" : "5fb4245a1bbfe8005e33a1e1",
      "factorPackIds" : {

      },
      "deploymentId" : 240000021
    },
    {
      "rolloutId" : "61301e3a61217b3110231469",
      "factorPackIds" : {
        "SIRI_FIND_MY_CONFIGURATION_FILES" : "6348493aa52bb16adc4e4d06"
      },
      "deploymentId" : 240000023
    }
  ],
  "experiments" : [

  ]
}
}

Attaching LLDB

$ lldb yabai -- --verbose
(lldb) target create "yabai"
Current executable set to 'yabai' (x86_64).
(lldb) settings set -- target.run-args  "--verbose"
(lldb) run

...

Process 15034 stopped
* thread #4, stop reason = EXC_BAD_ACCESS (code=1, address=0x138)
    frame #0: 0x000000010002b0ee yabai`window_manager_warp_window + 1182
yabai`window_manager_warp_window:
->  0x10002b0ee <+1182>: movl   %ecx, 0x138(%rax)
    0x10002b0f4 <+1188>: movl   0x13c(%r14), %ecx
    0x10002b0fb <+1195>: movl   %ecx, 0x13c(%rax)
    0x10002b101 <+1201>: movq   -0x238(%rbp), %rdi
Target 0: (yabai) stopped.
(lldb) bt
* thread #4, stop reason = EXC_BAD_ACCESS (code=1, address=0x138)
  * frame #0: 0x000000010002b0ee yabai`window_manager_warp_window + 1182
    frame #1: 0x000000010000da07 yabai`handle_message + 11639
    frame #2: 0x000000010003667f yabai`EVENT_HANDLER_DAEMON_MESSAGE + 319
    frame #3: 0x000000010000778e yabai`event_loop_run + 158
    frame #4: 0x00007ff81f7654e1 libsystem_pthread.dylib`_pthread_start + 125
    frame #5: 0x00007ff81f760f6b libsystem_pthread.dylib`thread_start + 15

yabai`window_manager_warp_window + 1182

yabai/src/window_manager.c

Lines 1619 to 1731 in 8da85c6

	enum window_op_error window_manager_warp_window(struct space_manager *sm, struct window_manager *wm, struct window *a, struct window *b)
	{
	if (a->id == b->id) return WINDOW_OP_ERROR_SAME_WINDOW;
	uint64_t a_sid = window_space(a);
	struct view *a_view = space_manager_find_view(sm, a_sid);
	if (a_view->layout != VIEW_BSP) return WINDOW_OP_ERROR_INVALID_SRC_VIEW;
	uint64_t b_sid = window_space(b);
	struct view *b_view = space_manager_find_view(sm, b_sid);
	if (b_view->layout != VIEW_BSP) return WINDOW_OP_ERROR_INVALID_DST_VIEW;
	struct window_node *a_node = view_find_window_node(a_view, a->id);
	if (!a_node) return WINDOW_OP_ERROR_INVALID_SRC_NODE;
	struct window_node *b_node = view_find_window_node(b_view, b->id);
	if (!b_node) return WINDOW_OP_ERROR_INVALID_DST_NODE;
	if (a_node == b_node) return WINDOW_OP_ERROR_SAME_STACK;
	if (a_node->parent == b_node->parent && a_node->window_count == 1) {
	if (window_node_contains_window(b_node, b_view->insertion_point)) {
	b_node->parent->split = b_node->split;
	b_node->parent->child = b_node->child;
	view_remove_window_node(a_view, a);
	window_manager_remove_managed_window(wm, a->id);
	window_manager_add_managed_window(wm, a, b_view);
	struct window_node *a_node_add = view_add_window_node_with_insertion_point(b_view, a, b->id);
	struct window_capture *window_list = NULL;
	window_node_capture_windows(a_node_add, &window_list);
	window_manager_animate_window_list(window_list, ts_buf_len(window_list));
	} else {
	if (window_node_contains_window(a_node, a_view->insertion_point)) {
	a_view->insertion_point = b->id;
	}
	window_node_swap_window_list(a_node, b_node);
	struct window_capture *window_list = NULL;
	window_node_capture_windows(a_node, &window_list);
	window_node_capture_windows(b_node, &window_list);
	window_manager_animate_window_list(window_list, ts_buf_len(window_list));
	}
	} else {
	if (a_view->sid == b_view->sid) {
	//
	// :NaturalWarp
	//
	// NOTE(koekeishiya): Precalculate both target areas and select the one that has the closest distance to the source area.
	// This allows the warp to feel more natural in terms of where the window is placed on screen, however, this is only utilized
	// for warp operations where both operands belong to the same space. There may be a better system to handle this if/when multiple
	// monitors should be supported.
	//
	struct area cf, cs;
	area_make_pair(window_node_get_split(b_node), window_node_get_gap(b_view), window_node_get_ratio(b_node), &b_node->area, &cf, &cs);
	CGPoint ca = { (int)(0.5f + a_node->area.x + a_node->area.w / 2.0f), (int)(0.5f + a_node->area.y + a_node->area.h / 2.0f) };
	float dcf = powf((ca.x - (int)(0.5f + cf.x + cf.w / 2.0f)), 2.0f) + powf((ca.y - (int)(0.5f + cf.y + cf.h / 2.0f)), 2.0f);
	float dcs = powf((ca.x - (int)(0.5f + cs.x + cs.w / 2.0f)), 2.0f) + powf((ca.y - (int)(0.5f + cs.y + cs.h / 2.0f)), 2.0f);
	if (dcf < dcs) {
	b_node->child = CHILD_FIRST;
	} else if (dcf > dcs) {
	b_node->child = CHILD_SECOND;
	} else {
	b_node->child = window_node_is_left_child(a_node) ? CHILD_FIRST : CHILD_SECOND;
	}
	struct window_node *a_node_rm = view_remove_window_node(a_view, a);
	struct window_node *a_node_add = view_add_window_node_with_insertion_point(b_view, a, b->id);
	struct window_capture *window_list = NULL;
	if (a_node_rm) {
	window_node_capture_windows(a_node_rm, &window_list);
	}
	if (a_node_rm != a_node_add && a_node_rm != a_node_add->parent) {
	window_node_capture_windows(a_node_add, &window_list);
	}
	window_manager_animate_window_list(window_list, ts_buf_len(window_list));
	} else {
	if (wm->focused_window_id == a->id) {
	struct window *next = window_manager_find_window_on_space_by_rank_filtering_window(wm, a_view->sid, 1, a->id);
	if (next) {
	window_manager_focus_window_with_raise(&next->application->psn, next->id, next->ref);
	} else {
	_SLPSSetFrontProcessWithOptions(&g_process_manager.finder_psn, 0, kCPSNoWindows);
	}
	}
	//
	// :NaturalWarp
	//
	// TODO(koekeishiya): Warp operations with operands that belong to different monitors does not yet implement a heuristic to select
	// the target area that feels the most natural in terms of where the window is placed on screen. Is it possible to do better when
	// warping between spaces that belong to the same monitor as well??
	//
	space_manager_untile_window(sm, a_view, a);
	window_manager_remove_managed_window(wm, a->id);
	window_manager_add_managed_window(wm, a, b_view);
	space_manager_move_window_to_space(b_view->sid, a);
	space_manager_tile_window_on_space_with_insertion_point(sm, a, b_view->sid, b->id);
	}
	}
	return WINDOW_OP_ERROR_SUCCESS;
	}

[kiryph]

My debugging session has revealed a problem within following code:

yabai/src/window_manager.c

Lines 1638 to 1641 in 8da85c6

	if (a_node->parent == b_node->parent && a_node->window_count == 1) {
	if (window_node_contains_window(b_node, b_view->insertion_point)) {
	b_node->parent->split = b_node->split;

When both windows are the only windows on each space, a_node->parent and b_node->parent are both nil. Then accessing b_node->parent->split (line 1641) results in a segmentation fault.

My naive fix is simply checking for nil of b_node->parent:

❯ git diff
diff --git a/src/window_manager.c b/src/window_manager.c
index e88e313..08bc07a 100644
--- a/src/window_manager.c
+++ b/src/window_manager.c
@@ -1636,7 +1636,7 @@ enum window_op_error window_manager_warp_window(struct space_manager *sm, struct

     if (a_node == b_node) return WINDOW_OP_ERROR_SAME_STACK;

-    if (a_node->parent == b_node->parent && a_node->window_count == 1) {
+    if (b_node->parent && a_node->parent == b_node->parent && a_node->window_count == 1) {
         if (window_node_contains_window(b_node, b_view->insertion_point)) {
             b_node->parent->split = b_node->split;
             b_node->parent->child = b_node->child;