From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Pip Cet via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#72692: Emacs 31.05 (40eecd594ac) get SIGSEGV on Linux (Linux 6.6.45 Kde Wayland) Date: Sun, 18 Aug 2024 18:11:47 +0000 Message-ID: <87h6bhg0pq.fsf@protonmail.com> References: <8b1c8e1f-e0b9-4049-888c-3f723e0008a9@gmail.com> <877ccegfxj.fsf@protonmail.com> <86h6biymv4.fsf@gnu.org> <8734n2gd2x.fsf@protonmail.com> <86cym5zzq9.fsf@gnu.org> <87y14tg9ln.fsf@protonmail.com> <865xrxzvrt.fsf@gnu.org> <87ttfhg6ey.fsf@protonmail.com> <8634n1zpfm.fsf@gnu.org> Reply-To: Pip Cet Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="30001"; mail-complaints-to="usenet@ciao.gmane.io" Cc: execvy@gmail.com, 72692@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Aug 18 20:13:01 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sfkOi-0007ck-OG for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 18 Aug 2024 20:13:00 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sfkOM-0008Sj-Cs; Sun, 18 Aug 2024 14:12:38 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sfkOH-0008S9-6F for bug-gnu-emacs@gnu.org; Sun, 18 Aug 2024 14:12:33 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sfkO6-0000gI-CV for bug-gnu-emacs@gnu.org; Sun, 18 Aug 2024 14:12:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:From:Date:To:Subject; bh=aTypaLT4FhR+fCysRamRoNEw0q98LKCda1M8V+L9ClE=; b=KB16GiWMHVPS9RQnizdYMobwLlVop0vSnr/eoBgAj1HZXLJytckaehtfCd8iw5n48WVgPMqeWcmcP5RyiBnXnpUATkpsZ0ntOmTlxmnR2EMot3xJ99xRQ6BaxQmDefwTcJOXdp0S7zOJORaycLWF9WpHUNST+zjqjiwlp7bASG5pufPa8o3lfSHWtFV+3DZ2kVeyEKtNi47ZY+eBiyo3T//piBqcofQZluwAD4PXAYwNOdnEAgMnaSkQmqK9X1YUd6GuvcpsviST9ln8t+6YEwNXr65kNvWro2XfdOZ5WHn8Y8H5bN2s/Nkt+9TrKvG/oSEEh/k0SrAJGUNW6lXcxQ==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sfkOk-0006HK-Ec for bug-gnu-emacs@gnu.org; Sun, 18 Aug 2024 14:13:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Pip Cet Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 18 Aug 2024 18:13:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72692 X-GNU-PR-Package: emacs Original-Received: via spool by 72692-submit@debbugs.gnu.org id=B72692.172400475924090 (code B ref 72692); Sun, 18 Aug 2024 18:13:02 +0000 Original-Received: (at 72692) by debbugs.gnu.org; 18 Aug 2024 18:12:39 +0000 Original-Received: from localhost ([127.0.0.1]:56779 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfkOM-0006GT-LO for submit@debbugs.gnu.org; Sun, 18 Aug 2024 14:12:39 -0400 Original-Received: from mail-4322.protonmail.ch ([185.70.43.22]:21155) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfkOL-0006GH-4W for 72692@debbugs.gnu.org; Sun, 18 Aug 2024 14:12:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1724004710; x=1724263910; bh=aTypaLT4FhR+fCysRamRoNEw0q98LKCda1M8V+L9ClE=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=v5RZIfAGE0BpKlLi6kKLLHTEhZU/sNjNs9IyNSA8XDkJbjJMaQtez7QWbMhiB3xpJ 9uMhGnO16fcBQhwmJ7tznySJSvH6q37CB6Xv6I3DDcWvVH083KTvEqGwxGKmpBm+fy GNTrWZOTUZM94qtzyGjy/AQRKdxuTMZ4pQaw7IQo5ur4iHRHFLClBtxSxZabCcxnqB vX7rdR891WZzD6oAErFRYOn73N/YmklJ66V9CiwkCvWsN5e15i/FMDaBHLYvXvJAV2 QbLjMO+PgobJzu6NQ08qN+dbHpfjL1LJlMS114THrBnE6JWYW2ObUgrDYsSR2hPEK8 9IsOaO0aUpAtA== In-Reply-To: <8634n1zpfm.fsf@gnu.org> Feedback-ID: 112775352:user:proton X-Pm-Message-ID: e95abe1d82d22a0a3c39544d94965e419befc570 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:290344 Archived-At: "Eli Zaretskii" writes: >> Date: Sun, 18 Aug 2024 16:08:39 +0000 >> From: Pip Cet >> Cc: execvy@gmail.com, 72692@debbugs.gnu.org >> >> "Eli Zaretskii" writes: >> >> > I don't understand: is this patch needed to trigger a crash, or are >> > you saying we need it to fix crashes? >> >> It helps trigger the crash, which might take a long time without the >> patch. >> >> > next_fontset_id is used to assign an ID to the next fontset we create, >> > AFAIK. >> >> Indeed, and if we never reset it to a low value, we won't reuse slots in >> Vfontset_table. So the entries, rather than containing a different and >> incorrect fontset for our font, will remain zeroed. > > How can incorrect fontset in Vfontset_table cause a segfault of the > kind the OP reported? I said "rather than containing a different and incorrect fontset"; in the OP's case (and after the patch, on my system), it was Qnil. >> >> > A "non-ASCII face" is basically >> >> > the same face as its "ASCII face" counterpart, it just uses a >> >> > different font. An example would be some well-known face, like 'bo= ld' >> >> > or 'variable-pitch' or 'region' -- when we need to display a non-AS= CII >> >> > character in this face, and the "ASCII face"s font doesn't support = the >> >> > character, we internally create a new face that uses the same fonts= et >> >> > as the "ASCII face". This new face basically shadows the "ASCII fa= ce" >> >> > (and is never exposed to Lisp) and is for every practical purpose a= n >> >> > integral part of that "ASCII face" -- they always go together. >> >> >> >> Except they're not freed together? >> > >> > How do you see that? >> >> printf debugging. > > Which shows what exactly? See below. >> >> >> I meant "face", sorry! The non-ASCII face remains in the font cac= he, >> >> >> and its fontset is set to the newly freed fontset's ID, which is l= ikely >> >> >> soon to be reused; only if it isn't, we see a crash. >> >> > >> >> > That shouldn't happen, AFAIU, except for very brief periods of time= , >> >> > since we free the cached faces one by one, see free_realized_faces. >> >> >> >> Again, not what I'm seeing, because 'free_realized_faces' isn't where= the >> >> font is actually removed from the cache; it's 'free_realized_face'. >> > >> > Yes, but free_realized_faces calls free_realized_face, no? >> >> Yes, it does, but in my case, 'free_realized_face' is called by >> 'realize_face', and 'free_realized_faces' isn't. > > Which face was freed, the ASCII face or not? The ASCII face was freed, the non-ASCII face remained in the cache. In the log below, the ASCII face is 0x117cca0, the non-ASCII face is 0x2a7a3c0. >> I'll continue debugging this, but if there are any questions or further >> helpful information, that would be much appreciated. > > I don't yet understand well what you are seeing because there isn't > enough detailed information. Okay, maybe this helps. Here's the patch: diff --git a/src/fontset.c b/src/fontset.c index 16d14669c89..52149ebd6b2 100644 --- a/src/fontset.c +++ b/src/fontset.c @@ -921,8 +921,6 @@ free_face_fontset (struct frame *f, struct face *face) eassert (! BASE_FONTSET_P (fontset)); eassert (f =3D=3D XFRAME (FONTSET_FRAME (fontset))); ASET (Vfontset_table, face->fontset, Qnil); - if (face->fontset < next_fontset_id) - next_fontset_id =3D face->fontset; if (! NILP (FONTSET_DEFAULT (fontset))) { int id =3D XFIXNUM (FONTSET_ID (FONTSET_DEFAULT (fontset))); @@ -931,8 +929,6 @@ free_face_fontset (struct frame *f, struct face *face) eassert (!NILP (fontset) && ! BASE_FONTSET_P (fontset)); eassert (f =3D=3D XFRAME (FONTSET_FRAME (fontset))); ASET (Vfontset_table, id, Qnil); - if (id < next_fontset_id) -=09next_fontset_id =3D face->fontset; } face->fontset =3D -1; } @@ -1000,6 +996,7 @@ face_for_char (struct frame *f, struct face *face, int= c, and display it as "glyphless". That is certainly better than violating the assertion below or crashing when assertions are not compiled in. */ + fprintf (stderr, "fontset %d used for face %p\n", face->fontset, face); if (face->fontset < 0 && !face->font) return face->id; =20 diff --git a/src/xfaces.c b/src/xfaces.c index 684b6ccfac7..86ab8e1328a 100644 --- a/src/xfaces.c +++ b/src/xfaces.c @@ -4598,7 +4598,25 @@ free_realized_face (struct frame *f, struct face *fa= ce) =09{ =09 /* Free fontset of FACE if it is ASCII face. */ =09 if (face->fontset >=3D 0 && face =3D=3D face->ascii_face) -=09 free_face_fontset (f, face); +=09 { +=09 struct face_cache *cache =3D FRAME_FACE_CACHE (f); +=09 if (cache) +=09=09{ +=09=09 for (int i =3D 0; i < cache->used; i++) +=09=09 { +=09=09 struct face *face2 =3D cache->faces_by_id[i]; +=09=09 if (face2 !=3D 0 && face2 !=3D face && face2->fontset =3D=3D f= ace->fontset) +=09=09=09{ +=09=09=09 fprintf (stderr, "Freeing fontset %d that's still in use by %p!= \n", face->fontset, +=09=09=09=09 face2); +=09=09=09} +=09=09 } +=09=09} +=09 free_face_fontset (f, face); +=09 } +=09 else +=09 fprintf (stderr, "fontset %d not freed, used by %p\n", face->fontse= t, face); +=09dont: =20 #ifdef HAVE_X_WINDOWS =09 /* This function might be called with the frame's display Here's hibiscus.el: (display-time-mode t) (setq display-time-interval .1) (let ((i 0)) (while t (push (concat (make-string 1 (floor (random 132000))) (make-string 1 (floor (random 132000))) (make-string 1 (floor (random 132000))) (make-string 1 (floor (random 132000)))) mode-line-format) (dolist (f (frame-list)) (set-frame-parameter f 'alpha-background 1.0) (sit-for 0) (cl-incf i) (message "%S" i) (set-frame-parameter f 'alpha-background 0.9) (sit-for 0) (garbage-collect)))) And here's the output of emacs -Q --load hibiscus.el: fontset 103 used for face 0x117cca0 fontset 103 used for face 0x2a7a3c0 fontset 103 used for face 0x117cca0 fontset 103 used for face 0x2a62860 fontset 103 used for face 0x117cca0 fontset 103 used for face 0x2fb0dc0 fontset 103 used for face 0x117cca0 fontset 103 used for face 0x2a7a3c0 fontset 103 used for face 0x117cca0 fontset 103 used for face 0x2a62860 fontset 103 used for face 0x117cca0 fontset 103 used for face 0x2fb0dc0 fontset 103 used for face 0x117cca0 fontset 103 used for face 0x2a7a3c0 fontset 103 used for face 0x117cca0 fontset 103 used for face 0x2a62860 fontset 103 used for face 0x117cca0 fontset 103 used for face 0x2fb0dc0 Freeing fontset 103 that's still in use by 0x2a7a3c0! Freeing fontset 103 that's still in use by 0x2a62860! Freeing fontset 103 that's still in use by 0x2fb0dc0! Freeing fontset 103 that's still in use by 0x2fdb7a0! fontset 126 used for face 0x117cca0 fontset 103 used for face 0x2a7a3c0 lisp.h:2126: Emacs fatal error: assertion failed: CHAR_TABLE_P (a) Fatal error 6: Aborted Backtrace: ./emacs() [0x60f113] ./emacs() [0x5da076] ./emacs() [0x684c6d] ./emacs() [0x78d649] ./emacs() [0x790239] ./emacs() [0x44b7bd] ./emacs() [0x46933b] ./emacs() [0x4a9aef] ./emacs() [0x4a63af] ./emacs() [0x4a6dc3] ./emacs() [0x4a542f] ./emacs() [0x4a512e] ./emacs() [0x48dce3] ./emacs() [0x483053] ./emacs() [0x6b96a0] ./emacs() [0x482ec5] ./emacs() [0x4816c0] ./emacs() [0x482434] ./emacs() [0x433222] ./emacs() [0x6bd608] ./emacs() [0x718884] ./emacs() [0x6bdc5f] ./emacs() [0x6bdaf6] ./emacs() [0x6bc027] ./emacs() [0x6b6ae6] ./emacs() [0x6b8679] ./emacs() [0x6bbaae] ./emacs() [0x6b6ae6] ./emacs() [0x6b6b16] ./emacs() [0x6b86e1] ./emacs() [0x6bbaae] ./emacs() [0x6b6ae6] ./emacs() [0x6b8679] ./emacs() [0x6bbaae] ./emacs() [0x6b6ae6] ./emacs() [0x6b6b16] ./emacs() [0x6b86e1] ./emacs() [0x6bbaae] ./emacs() [0x6b6ae6] ./emacs() [0x6b8679] ./emacs() [0x6bbaae] ./emacs() [0x6fd2d6] ./emacs() [0x6fdb40] ./emacs() [0x6fde8f] ./emacs() [0x6bd6e6] ./emacs() [0x718884] ./emacs() [0x6bdc5f] ./emacs() [0x6bd059] ./emacs() [0x6bd308] ./emacs() [0x6fb7c7] ./emacs() [0x6bd6e6] ./emacs() [0x718884] ./emacs() [0x6bdc5f] ./emacs() [0x6bdaf6] ./emacs() [0x6bc027] ./emacs() [0x6bb55a] ./emacs() [0x5e1fdd] ./emacs() [0x6b95c9] ./emacs() [0x5e2038] ./emacs() [0x6b8a8d] ./emacs() [0x5e1ec0] ./emacs() [0x5e1327] ./emacs() [0x5e153a] ./emacs() [0x5dd18f] /lib64/libc.so.6(+0x26200) [0x7ffff5b63200] /lib64/libc.so.6(__libc_start_main+0x89) [0x7ffff5b632b9] ./emacs() [0x422155] Aborted Pip