bug#68940: 29.2; Random crashes in face for char / font

bug#68940: 29.2; Random crashes in face for char / font

[Robert Vojta via Bug reports for GNU Emacs, the Swiss army knife of text editors]

This was introduced in 29.2, works in 29.1.

1. emacs -Q does not crash

2. bisected it to the following ...

(use-package org
  :config
  (setq org-ellipsis (if (char-displayable-p ?⏷) "\t⏷" nil)))

... this randomly crashes (wild guess 80%). When it doesn't crash
(rare), it works as expected, even w/ the "⏷" character.

If I comment out this org-ellipsis line, everything's fine and it is not
crashing.

Here's the full report from the macOS:

https://gist.github.com/zrzka/373a8a860848efc9aa440dc1e8682a8b

If it does not help, I can build Emacs from source with the debug info,
and run it from gdb.


In GNU Emacs 29.2 (build 1, aarch64-apple-darwin21.6.0, NS
appkit-2113.60 Version 12.6.6 (Build 21G646)) of 2024-01-18 built on
armbob.lan
Windowing system distributor 'Apple', version 10.3.2487
System Description:  macOS 14.3

Configured using:
 'configure --with-ns '--enable-locallisppath=/Library/Application
Support/Emacs/${version}/site-lisp:/Library/Application
Support/Emacs/site-lisp' --with-modules 'CFLAGS=-DFD_SETSIZE=10000
-DDARWIN_UNLIMITED_SELECT' --with-x-toolkit=no'

Configured features:
ACL GLIB GMP GNUTLS JPEG JSON LIBXML2 MODULES NOTIFY KQUEUE NS PDUMPER
PNG RSVG SQLITE3 THREADS TIFF TOOLKIT_SCROLL_BARS TREE_SITTER ZLIB

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8

Major mode: ELisp/l

Minor modes in effect:
  ace-window-display-mode: t
  gcmh-mode: t
  goto-address-prog-mode: t
  subword-mode: t
  display-line-numbers-mode: t
  winner-mode: t
  delete-selection-mode: t
  global-auto-revert-mode: t
  electric-pair-mode: t
  global-hungry-delete-mode: t
  hungry-delete-mode: t
  global-undo-tree-mode: t
  undo-tree-mode: t
  server-mode: t
  save-place-mode: t
  recentf-mode: t
  savehist-mode: t
  default-text-scale-mode: t
  global-page-break-lines-mode: t
  page-break-lines-mode: t
  pixel-scroll-precision-mode: t
  shell-dirtrack-mode: t
  global-hl-line-mode: t
  yas-global-mode: t
  yas-minor-mode: t
  marginalia-mode: t
  which-key-mode: t
  windmove-mode: t
  override-global-mode: t
  direnv-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  show-paren-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  window-divider-mode: t
  size-indication-mode: t
  column-number-mode: t
  line-number-mode: t
  transient-mark-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t

Load-path shadows:
/Users/zrzka/.emacs.d/elpa/emacsql-sqlite-builtin-20240119.2314/emacsql-sqlite-builtin hides /Users/zrzka/.emacs.d/elpa/emacsql-20240124.1601/emacsql-sqlite-builtin
/Users/zrzka/.emacs.d/elpa/jsonrpc-1.0.24/jsonrpc hides /Applications/Emacs.app/Contents/Resources/lisp/jsonrpc
/Users/zrzka/.emacs.d/elpa/transient-20240201.1100/transient hides /Applications/Emacs.app/Contents/Resources/lisp/transient

Features:
(shadow sort mail-extr emacsbug vc-git vc-dispatcher ace-window gcmh
disp-table goto-addr cap-words superword subword display-line-numbers
winner delsel autorevert filenotify elec-pair hungry-delete undo-tree
diff queue avy server saveplace recentf tree-widget savehist
default-text-scale page-break-lines transient mixed-pitch face-remap
pixel-scroll cua-base emacsql-sqlite-builtin sqlite
emacsql-sqlite-common emacsql emacsql-compiler rv-org ob-java ob-C
cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine
cc-vars cc-defs ob-sass ob-css ob-js ob-ruby ob-python python treesit
ob-perl ob-shell shell ob-rust ob-go ox-odt rng-loc rng-uri rng-parse
rng-match rng-dt rng-util rng-pttrn nxml-parse nxml-ns nxml-enc xmltok
nxml-util ox-latex ox-icalendar org-agenda ox-ascii ox-gfm ox-md ox-html
table ox-publish ox org-element org-persist xdg org-id avl-tree
generator org-mac-link org-goto org-refile rv-email mu4e mu4e-org org ob
ob-tangle ob-ref ob-lob ob-table ob-exp org-macro org-src ob-comint
org-pcomplete pcomplete org-list org-footnote org-faces org-entities
noutline outline icons ob-emacs-lisp ob-core ob-eval org-cycle org-table
ol rx org-fold org-fold-core org-keys oc org-loaddefs find-func
org-version org-compat org-macs format-spec mu4e-notification
notifications mu4e-main mu4e-view gnus-art mm-uu mml2015 mm-view
mml-smime smime gnutls dig gnus-sum gnus-group gnus-undo gnus-start
gnus-dbus dbus gnus-cloud nnimap nnmail mail-source utf7 nnoo parse-time
iso8601 gnus-spec gnus-int gnus-range gnus-win gnus nnheader range
wid-edit cal-menu calendar cal-loaddefs mu4e-headers mu4e-compose
mu4e-draft mu4e-actions smtpmail mu4e-search mu4e-lists mu4e-bookmarks
mu4e-mark mu4e-message shr pixel-fill kinsoku url-file svg xml dom
flow-fill hl-line mu4e-contacts mu4e-update mu4e-folders mu4e-context
mu4e-query-items mu4e-server mu4e-modeline mu4e-vars mu4e-helpers
mu4e-config mu4e-window bookmark pp ido message sendmail yank-media puny
dired dired-loaddefs rfc822 mml mml-sec epa derived epg rfc6068
epg-config gnus-util time-date mm-decode mm-bodies mm-encode mail-parse
rfc2231 rfc2047 rfc2045 mm-util ietf-drums mail-prsvr mailabbrev
mail-utils gmm-utils mailheader mu4e-obsolete rv-lang-markdown
rv-lang-http uuidgen calc-misc calc-ext calc calc-loaddefs rect
calc-macs rv-lang-yaml yaml-mode rv-lang-ruby bundler inf-ruby compile
text-property-search comint ansi-osc ansi-color ring ruby-mode smie
ruby-hash-syntax rv-snippets yasnippet-capf thingatpt yasnippet-snippets
yasnippet rv-flymake rv-spelling rv-completion orderless marginalia
compat rv-copilot rv-gpt rv-eglot rv-vc rv-treesit rv-editor which-key
use-package-diminish rv-windows windmove rv-buffers ibuffer-project
project ibuf-ext ibuffer ibuffer-loaddefs edmacro kmacro
use-package-bind-key bind-key rv-theme modus-vivendi-theme
modus-operandi-theme modus-themes rv-keychain rv-env direnv diff-mode
easy-mmode dash exec-path-from-shell rv-packages diminish cl-extra
help-mode use-package-ensure use-package-core finder-inf
ace-pinyin-autoloads ace-window-autoloads aggressive-indent-autoloads
all-the-icons-autoloads async-autoloads avy-zap-autoloads avy-autoloads
beginend-autoloads borland-blue-theme-autoloads bundler-autoloads
consult-eglot-autoloads consult-autoloads copilot-autoloads
csv-mode-autoloads default-text-scale-autoloads diminish-autoloads
direnv-autoloads dockerfile-mode-autoloads drag-stuff-autoloads
dumb-jump-autoloads editorconfig-autoloads eglot-jl-autoloads
emacsql-sqlite-builtin-autoloads engrave-faces-autoloads
exec-path-from-shell-autoloads expand-region-autoloads
flycheck-autoloads forge-autoloads closql-autoloads emacsql-autoloads
gcmh-autoloads ghub-autoloads goto-chg-autoloads gptel-autoloads
haml-mode-autoloads hide-mode-line-autoloads ht-autoloads
hungry-delete-autoloads ialign-autoloads ibuffer-project-autoloads
jsonrpc-autoloads know-your-http-well-autoloads lv-autoloads
magit-autoloads pcase git-commit-autoloads magit-section-autoloads
marginalia-autoloads markdown-mode-autoloads minitest-autoloads
mixed-pitch-autoloads mwim-autoloads nerd-icons-autoloads
ob-go-autoloads ob-rust-autoloads orderless-autoloads
org-fragtog-autoloads org-mac-link-autoloads org-mime-autoloads
org-modern-autoloads org-pomodoro-autoloads alert-autoloads
log4e-autoloads gntp-autoloads org-preview-html-autoloads
org-rich-yank-autoloads org-timeline-autoloads org-tree-slide-autoloads
ox-gfm-autoloads page-break-lines-autoloads pfuture-autoloads
pinyinlib-autoloads pkg-info-autoloads epl-autoloads popup-autoloads
rainbow-delimiters-autoloads rbenv-autoloads restclient-autoloads
rg-autoloads ripgrep-autoloads robe-autoloads inf-ruby-autoloads
ruby-hash-syntax-autoloads ruby-refactor-autoloads scss-mode-autoloads
shrink-path-autoloads f-autoloads s-autoloads sly-autoloads
solaire-mode-autoloads solarized-theme-autoloads spinner-autoloads
sqlite3-autoloads terraform-mode-autoloads dash-autoloads
hcl-mode-autoloads toc-org-autoloads toml-mode-autoloads
transient-autoloads treepy-autoloads tsc-autoloads
typescript-mode-autoloads undo-tree-autoloads queue-autoloads
uuidgen-autoloads vterm-autoloads vundo-autoloads wfnames-autoloads
wgrep-autoloads which-key-autoloads with-editor-autoloads info
compat-autoloads yaml-autoloads yaml-mode-autoloads yard-mode-autoloads
yari-autoloads yasnippet-capf-autoloads yasnippet-snippets-autoloads
yasnippet-autoloads package browse-url url url-proxy url-privacy
url-expand url-methods url-history url-cookie generate-lisp-file
url-domsuf url-util mailcap url-handlers url-parse auth-source cl-seq
eieio eieio-core cl-macs password-cache json map byte-opt gv bytecomp
byte-compile url-vars cl-loaddefs cl-lib subr-x rmc iso-transl tooltip
cconv eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type
elisp-mode mwheel term/ns-win ns-win ucs-normalize mule-util
term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode lisp-mode prog-mode register
page tab-bar menu-bar rfn-eshadow isearch easymenu timer select
scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors
frame minibuffer nadvice seq simple cl-generic indonesian philippine
cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech
european ethiopic indian cyrillic chinese composite emoji-zwj charscript
charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure
cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp
files window text-properties overlay sha1 md5 base64 format env
code-pages mule custom widget keymap hashtable-print-readable backquote
threads kqueue cocoa ns multi-tty make-network-process emacs)

Memory information:
((conses 16 741972 556806)
 (symbols 48 45280 0)
 (strings 32 204232 53998)
 (string-bytes 1 6071164)
 (vectors 16 72322)
 (vector-slots 8 857646 566423)
 (floats 8 424 2185)
 (intervals 56 900 77)
 (buffers 984 14))

bug#68940: 29.2; Random crashes in face for char / font

[Eli Zaretskii]

> Date: Mon, 05 Feb 2024 23:46:18 +0100
> From:  Robert Vojta via "Bug reports for GNU Emacs,
>  the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
> 
> This was introduced in 29.2, works in 29.1.
> 
> 1. emacs -Q does not crash
> 
> 2. bisected it to the following ...
> 
> (use-package org
>   :config
>   (setq org-ellipsis (if (char-displayable-p ?⏷) "\t⏷" nil)))
> 
> ... this randomly crashes (wild guess 80%). When it doesn't crash
> (rare), it works as expected, even w/ the "⏷" character.
> 
> If I comment out this org-ellipsis line, everything's fine and it is not
> crashing.
> 
> Here's the full report from the macOS:
> 
> https://gist.github.com/zrzka/373a8a860848efc9aa440dc1e8682a8b

I cannot reproduce this, but I'm not on macOS.  Maybe it's
darwin-specific?

Just to clarify: if you start "emacs -Q", then evaluate

  M-: (setq org-ellipsis (if (char-displayable-p ?⏷) "\t⏷" nil)) RET

then visit some Org file and try toggling visibility (so that
org-ellipsis is used), does it crash?  If not, something else in your
customizations "helps" the bug to happen, perhaps some font-related
settings?  The crash backtrace seems to suggest the problem in
face_for_font, and that usually means you have some problematic font
in your setup.

Thanks.

bug#68940: 29.2; Random crashes in face for char / font

[Robert Vojta via Bug reports for GNU Emacs, the Swiss army knife of text editors]

> Just to clarify: if you start "emacs -Q", then evaluate
>
>   M-: (setq org-ellipsis (if (char-displayable-p ?⏷) "\t⏷" nil)) RET
>
> then visit some Org file and try toggling visibility (so that
> org-ellipsis is used), does it crash?

No, this one does not crash Emacs. If I get after the launch Emacs
phase, it works as expected, never crashed. An interesting fact - Emacs
launched with "--debug-init" & this ellipsis never crashed too.

 - "emacs -Q" = no crash, expected
 - "(setq org-ellipsis ...)" in my init.el
   - "emacs --debug-init" = no crash too, never crashed
   - "emacs" - crash in 80%, once running, never crashed

> If not, something else in your customizations "helps" the bug to
> happen, perhaps some font-related settings?

I'm using PragmataPro Mono font. I've tried another fonts, e.g. Menlo,
... and it is crashing w/ them too. It seems that it is not font
related.

I know that it does not crash with "emacs -Q", crashes w/ my config, and
I also know which line is causing it. Right now I'm trying to come up w/
a minimal init.el that can reproduce this issue.

Thanks.

bug#68940: 29.2; Random crashes in face for char / font

[Eli Zaretskii]

> From: Robert Vojta <rvojta@me.com>
> Cc: 68940@debbugs.gnu.org
> Date: Tue, 06 Feb 2024 13:29:00 +0100
> 
> I know that it does not crash with "emacs -Q", crashes w/ my config, and
> I also know which line is causing it. Right now I'm trying to come up w/
> a minimal init.el that can reproduce this issue.

Thanks, that will help, I hope.

bug#68940: 29.2; Random crashes in face for char / font

[Robert Vojta via Bug reports for GNU Emacs, the Swiss army knife of text editors]

Small progress ... Compiled same version from source. Running
"src/emacs" makes it really hard to manually reproduce it. The crash
rate is very very low. I've added ...

  (run-with-timer (random 5) 0 'kill-emacs)

... at the end of my init.el file, and then ...

  while true ; do lldb --batch -o run -f src/emacs ; sleep 1; done

... not counting the number of attempts, but it took me +1 hour to
reproduce it. Here's the better backtrace:

  https://gist.github.com/zrzka/b01a3c8c013c5efcafd9fde6ac8b78a9

Now, I have two things to do:

 - Still figuring out the minimal init.el to reproduce
 
 - Build Emacs again, with all optimizations disabled, to be able to
   step through frames and see what's going on
 

bug#68940: 29.2; Random crashes in face for char / font

[Eli Zaretskii]

> From: Robert Vojta <rvojta@me.com>
> Cc: 68940@debbugs.gnu.org
> Date: Tue, 06 Feb 2024 16:55:02 +0100
> 
> ... not counting the number of attempts, but it took me +1 hour to
> reproduce it. Here's the better backtrace:
> 
>   https://gist.github.com/zrzka/b01a3c8c013c5efcafd9fde6ac8b78a9
> 
> Now, I have two things to do:
> 
>  - Still figuring out the minimal init.el to reproduce
>  
>  - Build Emacs again, with all optimizations disabled, to be able to
>    step through frames and see what's going on

Yes, what's important is to see what is value of base_face at entry to
face_for_font -- it sounds like that's an invalid face doer some
reason.  Do you have any customizations of the fontsets?

bug#68940: 29.2; Random crashes in face for char / font

[Robert Vojta via Bug reports for GNU Emacs, the Swiss army knife of text editors]

> Yes, what's important is to see what is value of base_face at entry to
> face_for_font -- it sounds like that's an invalid face doer some
> reason.  Do you have any customizations of the fontsets?

No, no fontsets customizations.

This whole thing is getting weirder. I've recompiled Emacs w/ "-O0 -g3"
and two new things appeared:

1) Invalid read syntax: #

Warning (initialization): An error occurred while loading
‘/Users/zrzka/.emacs.d/init.el’

This is random as well, and it happens frequently (30% of Emacs
launches).

2) A new crash happened

It is hard to reproduce it in my "while true; lldb ...; done" loop with
this error (a lot of manual interventios required), but managed to
capture another backtrace:

https://gist.github.com/zrzka/7855634a46adeacb2fa7e8f861e39106

All this, purely random, undefined behavior?

Recompiled again, this time I've added "-fsanitize=address" (full flags
"-O0 -g3 -fsanitize=address"), and the first thing (Invalid read syntax
#) is gone. Leaving it running for the whole night, to see what's gonna
happen now.

If it won't reveal anything, I will switch back to "-O0 -g3", and will
start bisecting 29.1 -> 29.2 changes.

bug#68940: 29.2; Random crashes in face for char / font

[Robert Vojta via Bug reports for GNU Emacs, the Swiss army knife of text editors]

Address sanitizer gave me ...

  https://gist.github.com/zrzka/3506322a8e4e63fc6b323a48faad8f64

... heap user after free in "Automatic GC". When this happened, Emacs
was showing the mentioned init file load error, and weird character.

Don't know if it's related to my initial issue, if the problem is the
timer & kill, ...

bug#68940: 29.2; Random crashes in face for char / font

[Eli Zaretskii]

> From: Robert Vojta <rvojta@me.com>
> Cc: Eli Zaretskii <eliz@gnu.org>
> Date: Wed, 07 Feb 2024 08:41:34 +0100
> 
> Address sanitizer gave me ...
> 
>   https://gist.github.com/zrzka/3506322a8e4e63fc6b323a48faad8f64
> 
> ... heap user after free in "Automatic GC". When this happened, Emacs
> was showing the mentioned init file load error, and weird character.
> 
> Don't know if it's related to my initial issue, if the problem is the
> timer & kill, ...

Sorry, I have no idea.

bug#68940: 29.2; Random crashes in face for char / font

[Gerd Möllmann]

Robert Vojta <rvojta@me.com> writes:

> Address sanitizer gave me ...
>
>   https://gist.github.com/zrzka/3506322a8e4e63fc6b323a48faad8f64
>
> ... heap user after free in "Automatic GC". When this happened, Emacs
> was showing the mentioned init file load error, and weird character.
>
> Don't know if it's related to my initial issue, if the problem is the
> timer & kill, ...

I can't make sense of what is happening here: A marker M is created from
Lisp (point-marker), and later GC'd. So far so good, and nrmal, but some
later GC then finds M in a member of struct buffer. No idea how that's
possible.

bug#68940: 29.2; Random crashes in face for char / font

[Eli Zaretskii]

> From: Gerd Möllmann <gerd.moellmann@gmail.com>
> Cc: 68940@debbugs.gnu.org,  Eli Zaretskii <eliz@gnu.org>
> Date: Thu, 08 Feb 2024 06:42:14 +0100
> 
> Robert Vojta <rvojta@me.com> writes:
> 
> > Address sanitizer gave me ...
> >
> >   https://gist.github.com/zrzka/3506322a8e4e63fc6b323a48faad8f64
> >
> > ... heap user after free in "Automatic GC". When this happened, Emacs
> > was showing the mentioned init file load error, and weird character.
> >
> > Don't know if it's related to my initial issue, if the problem is the
> > timer & kill, ...
> 
> I can't make sense of what is happening here: A marker M is created from
> Lisp (point-marker), and later GC'd. So far so good, and nrmal, but some
> later GC then finds M in a member of struct buffer. No idea how that's
> possible.

Exactly my thoughts.  I suspect that it could be a bug in the address
sanitizer, perhaps triggered by our quite unique memory management.

bug#68940: 29.2; Random crashes in face for char / font

[Gerd Möllmann]

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Gerd Möllmann <gerd.moellmann@gmail.com>
>> Cc: 68940@debbugs.gnu.org,  Eli Zaretskii <eliz@gnu.org>
>> Date: Thu, 08 Feb 2024 06:42:14 +0100
>> 
>> Robert Vojta <rvojta@me.com> writes:
>> 
>> > Address sanitizer gave me ...
>> >
>> >   https://gist.github.com/zrzka/3506322a8e4e63fc6b323a48faad8f64
>> >
>> > ... heap user after free in "Automatic GC". When this happened, Emacs
>> > was showing the mentioned init file load error, and weird character.
>> >
>> > Don't know if it's related to my initial issue, if the problem is the
>> > timer & kill, ...
>> 
>> I can't make sense of what is happening here: A marker M is created from
>> Lisp (point-marker), and later GC'd. So far so good, and nrmal, but some
>> later GC then finds M in a member of struct buffer. No idea how that's
>> possible.
>
> Exactly my thoughts.  I suspect that it could be a bug in the address
> sanitizer, perhaps triggered by our quite unique memory management.

Maybe it would be worth upgrading to current LLVM? I think Robert
mentioned he is using LLVM 15 from Apple, and LLVM from Homebrew is now
at 17.0.6.

bug#68940: 29.2; Random crashes in face for char / font

[Eli Zaretskii]

> From: Robert Vojta <rvojta@me.com>
> Cc: 68940@debbugs.gnu.org
> Date: Tue, 06 Feb 2024 22:59:23 +0100
> 
> > Yes, what's important is to see what is value of base_face at entry to
> > face_for_font -- it sounds like that's an invalid face doer some
> > reason.  Do you have any customizations of the fontsets?
> 
> No, no fontsets customizations.
> 
> This whole thing is getting weirder. I've recompiled Emacs w/ "-O0 -g3"
> and two new things appeared:
> 
> 1) Invalid read syntax: #

Did you clean up the source tree before rebuilding?  At least
"make distclean" is needed.

> Warning (initialization): An error occurred while loading
> ‘/Users/zrzka/.emacs.d/init.el’
> 
> This is random as well, and it happens frequently (30% of Emacs
> launches).

Did you try --debug-init?

> 
> 2) A new crash happened
> 
> It is hard to reproduce it in my "while true; lldb ...; done" loop with
> this error (a lot of manual interventios required), but managed to
> capture another backtrace:
> 
> https://gist.github.com/zrzka/7855634a46adeacb2fa7e8f861e39106
> 
> All this, purely random, undefined behavior?

I don't see why it could be undefined.  It seems to indicate that
c_strcasecmp crashes comparing an empty string, which is something it
is supposed to be able to handle.

I'm beginning to suspect some problem with your compiler or maybe even
with hardware (like some memory chip?).

bug#68940: 29.2; Random crashes in face for char / font

[Robert Vojta via Bug reports for GNU Emacs, the Swiss army knife of text editors]

> Did you clean up the source tree before rebuilding?  At least
> "make distclean" is needed.

Yes. When rebuilding, it's always - distclean, configure, make, ...

> Did you try --debug-init?

Yes, many times, even with the loop & llvm --batch.

With --debug-init, the crash, or the invalid character, ... all the
issues from this thread / bug never happened, not even once.

> I don't see why it could be undefined.

Just a wild guess after seeing all this randomness.

> I'm beginning to suspect some problem with your compiler or maybe even
> with hardware (like some memory chip?).

Using Apple clang version 15.0.0 (clang-1500.1.0.2.5). All the issues
are happening with the binary I downloaded from
https://emacsformacosx.com/ too. Went to the source only to be able to
turn off optimizations, include debug info, ...

Might be a HW problem, will run a full HW test too.

Sorry for the noise so far, this randomness drives me crazy, and the
only thing exhibiting it is Emacs, rest is doing fine.

bug#68940: 29.2; Random crashes in face for char / font

[Gerd Möllmann]

Robert Vojta <rvojta@me.com> writes:

> Sorry for the noise so far, this randomness drives me crazy, and the
> only thing exhibiting it is Emacs, rest is doing fine.

I feel with you :-). There have been, and still are, strange things
happening with GUI Emacs on macOS. Although, I think it has improved
a lot over the last year or two.

Whatever. Some other ideas:

- Maybe configuring with --enable-checking can find something? That
  enables a number of asserts in the code, among them things that ASAN
  can't find.

- If it's a font thing, Font Book could be used to validate the font in
  question. Select the font in Font Book and use File > Validate
  Selection.

- One of my pet peeves: nsterm.m contains calls to C function
  redisplay(), which is known to be problematic, although I didn't have
  seens downright crashes from this yet. The problem is that such
  redisplays can clear the face cache in settings where this isn't
  expected. Maybe it's worth commenting out the calls and see if that
  makes a difference, phenomenologically. That's only a shot in the
  dark, though, only based on the crashes being in some face-related
  stuff.

bug#68940: 29.2; Random crashes in face for char / font

[Robert Vojta via Bug reports for GNU Emacs, the Swiss army knife of text editors]

> I feel with you :-). There have been, and still are, strange things
> happening with GUI Emacs on macOS. Although, I think it has improved a
> lot over the last year or two.

Thanks, I really thought that I'm mad while seeing all these random
crashes & backtraces ;)

> - Maybe configuring with --enable-checking can find something? That
>   enables a number of asserts in the code, among them things that ASAN
>   can't find.

Crashing with:

../../emacs/src/lisp.h:1314: Emacs fatal error: assertion failed:
FIXNUMP (a)

It always crashes. Sometimes with ^ & SIGABRT, sometimes w/o ^ &
SIGSEGV. 

> - If it's a font thing, Font Book could be used to validate the font in
>   question. Select the font in Font Book and use File > Validate
>   Selection.

I've tried:

  - Delete all my custom fonts -> crashing
  - Add back PragmataPro Mono, validate it, no issues -> crashing

>   expected. Maybe it's worth commenting out the calls and see if that
>   makes a difference, phenomenologically. That's only a shot in the

I've checked out d6c7092ff0713087f38b9492d53be0177af67514, configured
it with:

  CFLAGS="-DFD_SETSIZE=10000 -DDARWIN_UNLIMITED_SELECT -O0 -g3"
  configure --with-ns --with-modules --with-x-toolkit=no
    --enable-checking

Playing w/ "redisplay ();" in the "layoutSublayersOfLayer:", line 8732.

  - Kept - instant crash, 10/10 launches
  - Commented out - no crash, 10/10 launches

Shot in the dark, but it seems that it's somehow related to all this.

--- 

- I run the full HW diagnostics over night. Everything seems to be okay.

- Will try the new LLVM, yes, I'm using the one (15) from Apple now.

- Still figuring out the minimal reproducible init.el. Feeling like Don
Quixote now, comment out, no crash, aha, comment another line out,
crash, huh, revert, another combination, ...

bug#68940: 29.2; Random crashes in face for char / font

[Robert Vojta via Bug reports for GNU Emacs, the Swiss army knife of text editors]

> ../../emacs/src/lisp.h:1314: Emacs fatal error: assertion failed:
> FIXNUMP (a)
Message-ID: <m27cjfs2d0.fsf@me.com>
MIME-Version: 1.0
Content-Type: text/plain

Sorry, forgot to include the bt:

    frame #8: 0x000000010027c1f8 emacs`die(msg="FIXNUMP (a)", file="../../emacs/src/lisp.h", line=1314) at alloc.c:8062:3
    frame #9: 0x00000001003076b4 emacs`XFIXNUM(a=0x000000015b17036d) at lisp.h:1314:3
    frame #10: 0x0000000100307198 emacs`font_style_to_value(prop=FONT_WEIGHT_INDEX, val=0x000000015b17036d, noerror=true) at font.c:428:27
    frame #11: 0x0000000100310980 emacs`font_select_entity(f=0x000000015b172040, entities=0x0000000150ffef43, attrs=0x000000015ae06d60, pixel_size=12, c=9207) at font.c:3160:5
    frame #12: 0x00000001003104d0 emacs`font_find_for_lface(f=0x000000015b172040, attrs=0x000000015ae06d60, spec=0x000000015b085a15, c=9207) at font.c:3321:15
  * frame #13: 0x00000001003eba14 emacs`fontset_find_font(fontset=0x000000014b61c99d, c=9207, face=0x000000015ae06d60, charset_id=-1, fallback=false) at fontset.c:732:21
    frame #14: 0x00000001003e3490 emacs`fontset_font(fontset=0x000000012c209205, c=9207, face=0x000000015ae06d60, id=-1) at fontset.c:809:4
    frame #15: 0x00000001003e29a8 emacs`face_for_char(f=0x000000015b172040, face=0x000000015ae06d60, c=9207, pos=-1, object=0x0000000000000000) at fontset.c:1031:15
    frame #16: 0x000000010031995c emacs`FACE_FOR_CHAR(f=0x000000015b172040, face=0x000000015ae06d60, character=9207, pos=-1, object=0x0000000000000000) at dispextern.h:1950:10
    frame #17: 0x0000000100319658 emacs`Finternal_char_font(position=0x0000000000000000, ch=0x0000000000008fde) at font.c:4766:13

I will inspect the fontset, face, ... values in these frames later.

bug#68940: 29.2; Random crashes in face for char / font

[Gerd Möllmann]

Robert Vojta <rvojta@me.com> writes:

>> ../../emacs/src/lisp.h:1314: Emacs fatal error: assertion failed:
>> FIXNUMP (a)
> Message-ID: <m27cjfs2d0.fsf@me.com>
> MIME-Version: 1.0
> Content-Type: text/plain
>
> Sorry, forgot to include the bt:
>
>     frame #8: 0x000000010027c1f8 emacs`die(msg="FIXNUMP (a)", file="../../emacs/src/lisp.h", line=1314) at alloc.c:8062:3
>     frame #9: 0x00000001003076b4 emacs`XFIXNUM(a=0x000000015b17036d) at lisp.h:1314:3
>     frame #10: 0x0000000100307198
>     emacs`font_style_to_value(prop=FONT_WEIGHT_INDEX,
>     val=0x000000015b17036d, noerror=true) at font.c:428:27

Above, the parameter val seems to be neither a symbol nor a fixnum, and
that meads to an assertion in XFIXNUM.

>     frame #11: 0x0000000100310980
>     emacs`font_select_entity(f=0x000000015b172040,
>     entities=0x0000000150ffef43, attrs=0x000000015ae06d60,
>     pixel_size=12, c=9207) at font.c:3160:5

And here, we see that val comes from a Lisp face

    FONT_SET_STYLE (prefer, FONT_WEIGHT_INDEX, attrs[LFACE_WEIGHT_INDEX]);

which could mean the parameter attrs is bogus.

>     frame #12: 0x00000001003104d0
>     emacs`font_find_for_lface(f=0x000000015b172040,
>     attrs=0x000000015ae06d60, spec=0x000000015b085a15, c=9207) at
>     font.c:3321:15

Which would mean paramter attrs above is bogus.

>   * frame #13: 0x00000001003eba14
>   emacs`fontset_find_font(fontset=0x000000014b61c99d, c=9207,
>   face=0x000000015ae06d60, charset_id=-1, fallback=false) at
>   fontset.c:732:21

Which could mean the parameter face is bogus in the above.


>     frame #14: 0x00000001003e3490
>     emacs`fontset_font(fontset=0x000000012c209205, c=9207,
>     face=0x000000015ae06d60, id=-1) at fontset.c:809:4

Same here...

>     frame #15: 0x00000001003e29a8 emacs`face_for_char(f=0x000000015b172040, face=0x000000015ae06d60, c=9207, pos=-1, object=0x0000000000000000) at fontset.c:1031:15
>     frame #16: 0x000000010031995c emacs`FACE_FOR_CHAR(f=0x000000015b172040, face=0x000000015ae06d60, character=9207, pos=-1, object=0x0000000000000000) at dispextern.h:1950:10
>     frame #17: 0x0000000100319658 emacs`Finternal_char_font(position=0x0000000000000000, ch=0x0000000000008fde) at font.c:4766:13
>
> I will inspect the fontset, face, ... values in these frames later.

Hm. I'm quite out of my comfort zone here, regarding fontsets and fonts,
but it looks to me as if we're acting on a, for some reason, invalid
face, which would come from

  face_id = FACE_FOR_CHAR (f, FACE_FROM_ID (f, face_id), c, pos, Qnil);

in Finternal_char_font. Maybe one could take a look at *f->face_cache here?

bug#68940: 29.2; Random crashes in face for char / font

[Robert Vojta via Bug reports for GNU Emacs, the Swiss army knife of text editors]

> Hm. I'm quite out of my comfort zone here, regarding fontsets and fonts,
> but it looks to me as if we're acting on a, for some reason, invalid
> face, which would come from
>
>   face_id = FACE_FOR_CHAR (f, FACE_FROM_ID (f, face_id), c, pos, Qnil);
>
> in Finternal_char_font. Maybe one could take a look at *f->face_cache here?

Thanks for these pointers! This is an unknown territory for me, but I'll take
some time to read the code, ask our font experts, and try to figure out what's
going on here.

bug#68940: 29.2; Random crashes in face for char / font

[Gerd Möllmann]

Robert Vojta <rvojta@me.com> writes:

>> - Maybe configuring with --enable-checking can find something? That
>>   enables a number of asserts in the code, among them things that ASAN
>>   can't find.
>
> Crashing with:
>
> ../../emacs/src/lisp.h:1314: Emacs fatal error: assertion failed:
> FIXNUMP (a)
>
> It always crashes. Sometimes with ^ & SIGABRT, sometimes w/o ^ &
> SIGSEGV.

I'll write something when answering your other mail.

>> - If it's a font thing, Font Book could be used to validate the font in
>>   question. Select the font in Font Book and use File > Validate
>>   Selection.
>
> I've tried:
>
>   - Delete all my custom fonts -> crashing
>   - Add back PragmataPro Mono, validate it, no issues -> crashing

I'd say we can exclude that, then.

>
>>   expected. Maybe it's worth commenting out the calls and see if that
>>   makes a difference, phenomenologically. That's only a shot in the
>
> I've checked out d6c7092ff0713087f38b9492d53be0177af67514, configured
> it with:

That's master, BTW, for other readers.

>
>   CFLAGS="-DFD_SETSIZE=10000 -DDARWIN_UNLIMITED_SELECT -O0 -g3"
>   configure --with-ns --with-modules --with-x-toolkit=no
>     --enable-checking
>
> Playing w/ "redisplay ();" in the "layoutSublayersOfLayer:", line 8732.
>
>   - Kept - instant crash, 10/10 launches
>   - Commented out - no crash, 10/10 launches
>
> Shot in the dark, but it seems that it's somehow related to all this.

Yeah ;-).