I upped the logging level to DEBUG and managed to reproduce the crash. Couldn't see anything that interesting in the logs (sanitised below):
2021-09-08 23:42:05,552 [ZAP-PassiveScanner] DEBUG PassiveScanData - No Context found for: https://<an image>.jpg
2021-09-08 23:42:05,554 [ZAP-PassiveScanner] DEBUG PassiveScanData - No Context found for: https://<an image>.jpg
2021-09-08 23:42:05,577 [ZAP-PassiveScanner] DEBUG ExtensionAntiCSRF - Found 2 forms
2021-09-08 23:42:05,577 [ZAP-PassiveScanner] DEBUG ExtensionAntiCSRF - Found 1 inputs
2021-09-08 23:42:05,579 [ZAP-PassiveScanner] DEBUG ExtensionAntiCSRF - Found 11 inputs
2021-09-08 23:42:05,649 [ZAP-ProxyThread-20066] DEBUG ExtensionReplacer - Add in request header: User-Agent : <custom user agent>
2021-09-08 23:42:05,969 [ZAP-ProxyThread-20066] DEBUG ExtensionReplacer - Ignore request rule Custom user-agent
2021-09-08 23:42:06,237 [ZAP-ProxyThread-20057] DEBUG ExtensionReplacer - Ignore request rule Custom user-agent
2021-09-08 23:42:06,919 [ZAP-ProxyThread-20012] DEBUG ExtensionReplacer - Ignore request rule Custom user-agent
Perhaps Java crashed?
This is my version of Java:
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
openjdk version "11.0.11" 2021-04-20
OpenJDK Runtime Environment (build 11.0.11+9-post-Debian-1)
OpenJDK 64-Bit Server VM (build 11.0.11+9-post-Debian-1, mixed mode, sharing)
Any ideas? It would be great if I could run the DOM XSS scan rules.
Many thanks!