Remove access to UITouch instances from background thread #6231
Description
In certain circumstances the SentryTouchTracker accesses touch events from a background thread. That should never happen with UIKit objects. If touch events are required on background threads, they should be converted to thread-safe model objects, e.g. as data structs.
Analyze the customer stack trace and fix the issue.
EXC_BAD_ACCESS
closure #1 in s.trackTouchFrom(event:)
Attempted to dereference garbage pointer 0x400000000000bad0.
Sep 19 2025, 12:02:59 EDT
STACKTRACE
CrashReporter Key: f546dd3481a97ef2d6f95a0f7272b0e7c399cc89
Hardware Model: iPhone17,3
Process: REDACTED
Identifier: REDACTED
Version: 16.21.0
Role: Foreground
OS Version: iOS 26.0
Exception Type: EXC_BAD_ACCESS
Exception Subtype: KERN_INVALID_ADDRESS
EXC_BAD_ACCESS: Attempted to dereference garbage pointer 0x400000000000bad0.
0 libobjc.A.dylib +0x39a4 _objc_retainAutoreleaseReturnValue
1 UIKitCore +0x140fee0 -[UITouch locationInView:]
2 REDACTED +0xcbebc0 closure #1 in SentryTouchTracker.trackTouchFrom(event:)
3 REDACTED +0x47284 thunk for @escaping @callee_guaranteed () -> () (<compiler-generated>)
4 REDACTED +0xbd2f0c __62-[_SentryDispatchQueueWrapperInternal dispatchAsyncWithBlock:]_block_invoke
5 libdispatch.dylib +0x1ad8 __dispatch_call_block_and_release
6 libdispatch.dylib +0x1b7e8 __dispatch_client_callout
7 libdispatch.dylib +0xa464 __dispatch_lane_serial_drain
8 libdispatch.dylib +0xaf40 __dispatch_lane_invoke
9 libdispatch.dylib +0x153e8 __dispatch_root_queue_drain_deferred_wlh
10 libdispatch.dylib +0x14ce0 __dispatch_workloop_worker_thread
11 libsystem_pthread.dylib +0x13b4 __pthread_wqthread
THREADS
Thread 19 - (TH_STATE_WAITING)
0 libobjc.A.dylib +0x39a4 _objc_retainAutoreleaseReturnValue
1 UIKitCore +0x140fee0 -[UITouch locationInView:]
2 REDACTED +0xcbebc0 closure #1 in SentryTouchTracker.trackTouchFrom(event:)
3 REDACTED +0x47284 thunk for @escaping @callee_guaranteed () -> () (<compiler-generated>)
4 REDACTED +0xbd2f0c __62-[_SentryDispatchQueueWrapperInternal dispatchAsyncWithBlock:]_block_invoke
5 libdispatch.dylib +0x1ad8 __dispatch_call_block_and_release
6 libdispatch.dylib +0x1b7e8 __dispatch_client_callout
7 libdispatch.dylib +0xa464 __dispatch_lane_serial_drain
8 libdispatch.dylib +0xaf40 __dispatch_lane_invoke
9 libdispatch.dylib +0x153e8 __dispatch_root_queue_drain_deferred_wlh
10 libdispatch.dylib +0x14ce0 __dispatch_workloop_worker_thread
11 libsystem_pthread.dylib +0x13b4 __pthread_wqthread
Thread 0 - (TH_STATE_RUNNING)
0 <unknown> +0x1879295ac 0x1879295ac
1 libswiftCore.dylib +0x1b5b4 ObjCBridgeMemo::tryBridge(swift::OpaqueValue*, swift::TargetMetadata<swift::InProcess> const*, swift::OpaqueValue*, swift::TargetMetadata<swift::InProcess> const*, swift::TargetMetadata<swift::InProcess> const*&, swift::TargetMetadata<swift::InProcess> const*&, bool, bool)
2 libswiftCore.dylib +0x17f5c tryCast(swift::OpaqueValue*, swift::TargetMetadata<swift::InProcess> const*, swift::OpaqueValue*, swift::TargetMetadata<swift::InProcess> const*, swift::TargetMetadata<swift::InProcess> const*&, swift::TargetMetadata<swift::InProcess> const*&, bool, bool, bool)
3 libswiftCore.dylib +0x18310 tryCast(swift::OpaqueValue*, swift::TargetMetadata<swift::InProcess> const*, swift::OpaqueValue*, swift::TargetMetadata<swift::InProcess> const*, swift::TargetMetadata<swift::InProcess> const*&, swift::TargetMetadata<swift::InProcess> const*&, bool, bool, bool)
4 libswiftCore.dylib +0x188c0 tryCast(swift::OpaqueValue*, swift::TargetMetadata<swift::InProcess> const*, swift::OpaqueValue*, swift::TargetMetadata<swift::InProcess> const*, swift::TargetMetadata<swift::InProcess> const*&, swift::TargetMetadata<swift::InProcess> const*&, bool, bool, bool)
5 libswiftCore.dylib +0x17848 _swift_dynamicCast
6 UIKitCore +0x412a04 0x188d85a04 (0x188d857f4 + 528)
7 REDACTED +0x4c9eac8 REDACTED
8 REDACTED +0x28a8730 thunk for @escaping @callee_guaranteed (@guaranteed UITraitCollection) -> (@owned UIColor) (<compiler-generated>)
9 UIKitCore +0xee9834 -[UIDynamicProviderColor _resolvedColorWithTraitCollection:]
10 UIKitCore +0x40ba8 -[UIDynamicColor alphaComponent]
11 UIKitCore +0x1ad90 -[UIColor _isOpaque]
12 UIKitCore +0x18fe5ac -[UIView(Hierarchy) _setBackgroundColor:]
13 UIKitCore +0x32956c -[UIStandardTextCursorView layoutSubviews]
14 UIKitCore +0x27074 0x18899a074 (0x188999d3c + 824)
15 UIKitCore +0x27b34 0x18899ab34 (0x18899ab14 + 32)
16 UIKitCore +0x190df64 -[UIView(CALayerDelegate) layoutSublayersOfLayer:]
17 QuartzCore +0xac8b8 CA::Layer::perform_update_(CA::Layer*, CALayer*, unsigned int, CA::Transaction*)
18 QuartzCore +0x8f2f8 CA::Layer::update_if_needed(CA::Transaction*, unsigned int, unsigned int)
19 QuartzCore +0xadf80 CA::Layer::layout_and_display_if_needed(CA::Transaction*)
20 QuartzCore +0x6ef74 CA::Context::commit_transaction(CA::Transaction*, double, double*)
21 QuartzCore +0x9baac CA::Transaction::commit()
22 QuartzCore +0xa93bc CA::Transaction::flush_as_runloop_observer(bool)
23 UIKitCore +0x780ec __UIApplicationFlushCATransaction
24 UIKitCore +0x78020 ___setupUpdateSequence_block_invoke_2
25 UIKitCore +0x85ee4 __UIUpdateSequenceRunNext
26 UIKitCore +0x85374 _schedulerStepScheduledMainSectionContinue
27 UpdateCycle +0x15f4 UC::DriverCore::continueProcessing()
28 CoreFoundation +0x6a22c ___CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
29 CoreFoundation +0x6a1a0 ___CFRunLoopDoSource0
30 CoreFoundation +0x47c68 ___CFRunLoopDoSources0
31 CoreFoundation +0x1d8ac ___CFRunLoopRun
32 CoreFoundation +0x1cc40 __CFRunLoopRunSpecificWithOptions
33 GraphicsServices +0x1494 _GSEventRunModal
34 UIKitCore +0xa9dd8 -[UIApplication _run]
35 UIKitCore +0x4eb08 _UIApplicationMain
36 REDACTED +0x2c410 main (main.swift:36:1)
37 dyld +0x4e24 start
Thread 1 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xcd0 _mach_msg2_trap
1 libsystem_kernel.dylib +0x42f4 _mach_msg2_internal
2 libsystem_kernel.dylib +0x4210 _mach_msg_overwrite
3 libsystem_kernel.dylib +0x4058 _mach_msg
4 CoreFoundation +0x47a04 ___CFRunLoopServiceMachPort
5 CoreFoundation +0x1da1c ___CFRunLoopRun
6 CoreFoundation +0x1cc40 __CFRunLoopRunSpecificWithOptions
7 Foundation +0x98f730 -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
8 Foundation +0x98f908 -[NSRunLoop(NSRunLoop) runUntilDate:]
9 UIKitCore +0x7afe4 -[UIEventFetcher threadMain]
10 Foundation +0x61d38 ___NSThread__start__
11 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 2 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xcd0 _mach_msg2_trap
1 libsystem_kernel.dylib +0x42f4 _mach_msg2_internal
2 libsystem_kernel.dylib +0x4210 _mach_msg_overwrite
3 libsystem_kernel.dylib +0x4058 _mach_msg
4 CoreFoundation +0x47a04 ___CFRunLoopServiceMachPort
5 CoreFoundation +0x1da1c ___CFRunLoopRun
6 CoreFoundation +0x1cc40 __CFRunLoopRunSpecificWithOptions
7 CoreFoundation +0x9c428 _CFRunLoopRun
8 CoreMotion +0x14b18 0x19af7ab18 (0x19af7a490 + 1672)
9 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 3 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0x67f0 ___semwait_signal
1 libsystem_c.dylib +0xc7e0 _nanosleep
2 libsystem_c.dylib +0xc904 _sleep
3 REDACTED +0xc1aad0 monitorCachedData
4 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 4 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xcd0 _mach_msg2_trap
1 libsystem_kernel.dylib +0x42f4 _mach_msg2_internal
2 libsystem_kernel.dylib +0x22a0 _thread_suspend
3 REDACTED +0xc03cb0 handleExceptions
4 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 5 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xcd0 _mach_msg2_trap
1 libsystem_kernel.dylib +0x42f4 _mach_msg2_internal
2 libsystem_kernel.dylib +0x4210 _mach_msg_overwrite
3 libsystem_kernel.dylib +0x4058 _mach_msg
4 REDACTED +0xc03cdc handleExceptions
5 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 6 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0x67f0 ___semwait_signal
1 libsystem_c.dylib +0xc7e0 _nanosleep
2 Foundation +0x9b095c +[NSThread sleepForTimeInterval:]
3 REDACTED +0xbeac7c -[SentryANRTrackerV1 detectANRs]
4 Foundation +0x61d38 ___NSThread__start__
5 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 7 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xcd0 _mach_msg2_trap
1 libsystem_kernel.dylib +0x42f4 _mach_msg2_internal
2 libsystem_kernel.dylib +0x4210 _mach_msg_overwrite
3 libsystem_kernel.dylib +0x4058 _mach_msg
4 REDACTED +0xbbbf08 REDACTED
5 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 8 - KSCrash Exception Handler (Primary) - (TH_STATE_RUNNING)
0 unknown file +0x0 unknown method
Thread 9 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xc64 _semaphore_timedwait_trap
1 libdispatch.dylib +0x366c0 __dispatch_sema4_timedwait
2 libdispatch.dylib +0x3e84 __dispatch_semaphore_wait_slow
3 REDACTED +0xbb2250 REDACTED
4 REDACTED +0xbb21c4 REDACTED
5 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 10 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xcd0 _mach_msg2_trap
1 libsystem_kernel.dylib +0x42f4 _mach_msg2_internal
2 libsystem_kernel.dylib +0x4210 _mach_msg_overwrite
3 libsystem_kernel.dylib +0x4058 _mach_msg
4 CoreFoundation +0x47a04 ___CFRunLoopServiceMachPort
5 CoreFoundation +0x1da1c ___CFRunLoopRun
6 CoreFoundation +0x1cc40 __CFRunLoopRunSpecificWithOptions
7 CFNetwork +0x248864 +[__CFN_CoreSchedulingSetRunnable _run:]
8 Foundation +0x61d38 ___NSThread__start__
9 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 11 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xcd0 _mach_msg2_trap
1 libsystem_kernel.dylib +0x42f4 _mach_msg2_internal
2 libsystem_kernel.dylib +0x4210 _mach_msg_overwrite
3 libsystem_kernel.dylib +0x4058 _mach_msg
4 CoreFoundation +0x47a04 ___CFRunLoopServiceMachPort
5 CoreFoundation +0x1da1c ___CFRunLoopRun
6 CoreFoundation +0x1cc40 __CFRunLoopRunSpecificWithOptions
7 Foundation +0x98f730 -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
8 REDACTED +0x54e1888 -[_SRRunLoopThread main] (SRWebSocket.m:1903:16)
9 Foundation +0x61d38 ___NSThread__start__
10 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 12 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0x8368 _select$DARWIN_EXTSN
1 CoreFoundation +0xca770 ___CFSocketManager
2 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 13 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xc4c _semaphore_wait_trap
1 WebKit +0x96df0 IPC::StreamConnectionWorkQueue::startProcessingThread()::$_0::operator()()
2 JavaScriptCore +0x1c0da4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*)
3 JavaScriptCore +0x1c0e84 WTF::wtfThreadEntryPoint(void*)
4 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 21 - (TH_STATE_WAITING)
0 <unknown> +0x0 0x0
Thread 14 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xc4c _semaphore_wait_trap
1 caulk +0x4438 caulk::semaphore::timed_wait(double)
2 caulk +0x4484 caulk::concurrent::details::worker_thread::run()
3 caulk +0x8bf0 void* caulk::thread_proxy<std::__1::tuple<caulk::thread::attributes, void (caulk::concurrent::details::worker_thread::*)(), std::__1::tuple<caulk::concurrent::details::worker_thread*> > >(void*)
4 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 15 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xc4c _semaphore_wait_trap
1 caulk +0x4438 caulk::semaphore::timed_wait(double)
2 caulk +0x4484 caulk::concurrent::details::worker_thread::run()
3 caulk +0x8bf0 void* caulk::thread_proxy<std::__1::tuple<caulk::thread::attributes, void (caulk::concurrent::details::worker_thread::*)(), std::__1::tuple<caulk::concurrent::details::worker_thread*> > >(void*)
4 libsystem_pthread.dylib +0x4448 __pthread_start
Thread 16 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xa7c ___workq_kernreturn
1 libsystem_pthread.dylib +0x1400 __pthread_wqthread
Thread 17 - (TH_STATE_WAITING)
0 libsystem_kernel.dylib +0xa7c ___workq_kernreturn
1 libsystem_pthread.dylib +0x1400 __pthread_wqthread
Thread 18 - (TH_STATE_WAITING)
0 libsystem_pthread.dylib +0x8b4 _start_wqthread
Thread 20 - (TH_STATE_WAITING)
0 libsystem_pthread.dylib +0x8b4 _start_wqthread