238568 – [iOS 15] Crash in WKChildScrollView's gesture recognizer

Bug 238568 - [iOS 15] Crash in WKChildScrollView's gesture recognizer

Summary: [iOS 15] Crash in WKChildScrollView's gesture recognizer

Status:	RESOLVED MOVED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-03-30 12:17 PDT by Ali Juma
Modified:	2022-06-23 16:24 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ali Juma 2022-03-30 12:17:53 PDT

Chrome for iOS is getting crashes in WKChildScrollView's gesture recognizer.

The crash is an exception: CALayer bounds contains NaN: [#.# #.#; #.# #.#]. Layer: <CALayer:0x#; name = "scroll container"; position = CGPoint (# #); bounds = CGRect (# #; # #); delegate = <WKChildScrollView: 0x#; baseClass = UIScrollView

We don't have steps to reproduce, but more than 1/3 of these crashes are on a sniffies.com profile pages, and this is only happening on iOS 15+ (including 15.4).

The call stack is:

0x0000000180da305c (CoreFoundation + 0x0009905c)	__exceptionPreprocess
0x00000001992bdf50 (libobjc.A.dylib + 0x00015f50)	objc_exception_throw
0x0000000180dfa18c (CoreFoundation + 0x000f018c)	+[NSException raise:format:]
0x0000000184a7eb38 (QuartzCore + 0x00022b38)	CA::Layer::set_bounds(CA::Rect const&, bool)
0x0000000184b226c0 (QuartzCore + 0x000c66c0)	-[CALayer setBounds:]
0x000000018332179c (UIKitCore + 0x0016d79c)	-[UIView(Geometry) setBounds:]
0x000000018332e5bc (UIKitCore + 0x0017a5bc)	-[UIScrollView setBounds:]
0x0000000183332550 (UIKitCore + 0x0017e550)	-[UIScrollView setContentOffset:]
0x00000001833aba9c (UIKitCore + 0x001f7a9c)	-[UIScrollView _updatePanGesture]
0x0000000183394524 (UIKitCore + 0x001e0524)	-[UIGestureRecognizerTarget _sendActionWithGestureRecognizer:]
0x000000018335d170 (UIKitCore + 0x001a9170)	_UIGestureRecognizerSendTargetActions
0x0000000183325ffc (UIKitCore + 0x00171ffc)	_UIGestureRecognizerSendActions
0x000000018335f4e8 (UIKitCore + 0x001ab4e8)	-[UIGestureRecognizer _updateGestureForActiveEvents]
0x000000018331769c (UIKitCore + 0x0016369c)	_UIGestureEnvironmentUpdate
0x000000018334b658 (UIKitCore + 0x00197658)	-[UIGestureEnvironment _updateForEvent:window:]
0x0000000183358678 (UIKitCore + 0x001a4678)	-[UIWindow sendEvent:]
0x0000000183509404 (UIKitCore + 0x00355404)	-[UIApplication sendEvent:]
0x000000018332b9cc (UIKitCore + 0x001779cc)	__dispatchPreprocessedEventFromEventQueue
0x0000000183320608 (UIKitCore + 0x0016c608)	__processEventQueue
0x0000000183325c64 (UIKitCore + 0x00171c64)	__eventFetcherSourceCallback
0x0000000180dc502c (CoreFoundation + 0x000bb02c)	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x0000000180dd5cec (CoreFoundation + 0x000cbcec)	__CFRunLoopDoSource0
0x0000000180d0fff4 (CoreFoundation + 0x00005ff4)	__CFRunLoopDoSources0
0x0000000180d15800 (CoreFoundation + 0x0000b800)	__CFRunLoopRun
0x0000000180d293c4 (CoreFoundation + 0x0001f3c4)	CFRunLoopRunSpecific
0x000000019c53a388 (GraphicsServices + 0x00001388)	GSEventRunModal
0x00000001836cf05c (UIKitCore + 0x0051b05c)	-[UIApplication _run]
0x000000018344cb88 (UIKitCore + 0x00298b88)	UIApplicationMain
0x0000000102d8826c (Chrome - chrome_exe_main.mm: 65)	main

Comment 1 Sam Sneddon [:gsnedders] 2022-04-05 14:04:47 PDT

<rdar://53304939> I think? If so, not iOS 15 specific.

Comment 2 Radar WebKit Bug Importer 2022-04-06 12:18:15 PDT

<rdar://problem/91369381>

Comment 3 Brent Fulgham 2022-06-23 16:24:11 PDT

The cause of this crash is outside of the WebKit project. Resolving this as MOVED, as the radar is with the correct component for the fix.

Comment 4 Brent Fulgham 2022-06-23 16:24:37 PDT

And yes, this is tracked by:
rdar://53304939