bug#43973: 28.0.50; [NS] Two crashes on macOS

unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed

From: Robert Pluim <rpluim@gmail.com>
To: Andrii Kolomoiets <andreyk.mad@gmail.com>
Cc: 43973@debbugs.gnu.org
Subject: bug#43973: 28.0.50; [NS] Two crashes on macOS
Date: Tue, 13 Oct 2020 15:00:31 +0200	[thread overview]
Message-ID: <m2imbel1qo.fsf@gmail.com> (raw)
In-Reply-To: <m2o8l6h933.fsf@gmail.com> (Andrii Kolomoiets's message of "Tue,  13 Oct 2020 10:35:28 +0300")

>>>>> On Tue, 13 Oct 2020 10:35:28 +0300, Andrii Kolomoiets <andreyk.mad@gmail.com> said:

    Andrii> Update to recent trunk brought me everyone's favorite random crashes.
    Andrii> In an attempt to find the recipe for reproduce the bug somehow, I spot
    Andrii> two crashes that I actually can reproduce in 'emacs -Q'.

    Andrii> The first one is more "stable":

    Andrii> With this code in scratch and point at '|':

    Andrii>     (make-frame `((parent-frame . ,(selected-frame))
    Andrii>                   (width . 0.5)
    Andrii>                   (height . 0.5)
    Andrii>                   (top . 0.5)
    Andrii>                   (left . 0.5)))|

    Andrii> 1. C-x C-e
    Andrii> 2. s-w

    Andrii> Repeating these two steps 3-5 times leads to crash.  Most of the time
    Andrii> the only meaningfull record in the 'bt' is:

    Andrii> Thread 3 received signal SIGSEGV, Segmentation fault.
    Andrii> 0x00007fff6fa97678 in ?? ()
    Andrii> (gdb) bt full
    Andrii> #0  0x00007fff6fa97678 in ?? ()
    Andrii> No symbol table info available.
    Andrii> #1  0x0000000100476338 in -[EmacsImage dealloc] (self=0x1014c77f0, _cmd=0x7fff7afcdc58) at nsimage.m:286
    Andrii> No locals.

    Andrii> It may be tool bar related, because Emacs is not crashing with
    Andrii> tool-bar-mode turned of.

I think you may be right:

(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x20)
  * frame #0: 0x00007fff6be26678 libobjc.A.dylib`objc_release + 24
    frame #1: 0x00000001001f5d1f emacs`-[EmacsImage dealloc](self=0x0000000102ac8ff0, _cmd=<unavailable>) at nsimage.m:286:3 [opt]
    frame #2: 0x00007fff6be2beb3 libobjc.A.dylib`objc_object::sidetable_release(bool) + 229
    frame #3: 0x00007fff301e46e1 AppKit`-[NSMenuItem dealloc] + 108
    frame #4: 0x00007fff304523f8 AppKit`-[NSToolbarItem dealloc] + 110
    frame #5: 0x00007fff32f072a5 CoreFoundation`__RELEASE_OBJECTS_IN_THE_ARRAY__ + 118
    frame #6: 0x00007fff32f071e8 CoreFoundation`-[__NSArrayM dealloc] + 279
    frame #7: 0x00007fff305b1a99 AppKit`-[NSToolbarClippedItemsIndicator dealloc] + 84
    frame #8: 0x00007fff6be42054 libobjc.A.dylib`AutoreleasePoolPage::releaseUntil(objc_object**) + 134
    frame #9: 0x00007fff6be26dba libobjc.A.dylib`objc_autoreleasePoolPop + 175
    frame #10: 0x00007fff32f69335 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23
    frame #11: 0x00007fff32f69267 CoreFoundation`__CFRunLoopDoObservers + 457
    frame #12: 0x00007fff32f68805 CoreFoundation`__CFRunLoopRun + 874
    frame #13: 0x00007fff32f67e3e CoreFoundation`CFRunLoopRunSpecific + 462
    frame #14: 0x00007fff31b94abd HIToolbox`RunCurrentEventLoopInMode + 292
    frame #15: 0x00007fff31b946f4 HIToolbox`ReceiveNextEventCommon + 359
    frame #16: 0x00007fff31b94579 HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 64
    frame #17: 0x00007fff301da039 AppKit`_DPSNextEvent + 883
    frame #18: 0x00007fff301d8880 AppKit`-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1352
    frame #19: 0x00007fff301ca58e AppKit`-[NSApplication run] + 658
    frame #20: 0x00000001001d708d emacs`-[EmacsApp run](self=0x0000000102a10a70, _cmd=<unavailable>) at nsterm.m:5765:9 [opt]
    frame #21: 0x00000001001e3a1e emacs`ns_read_socket(terminal=<unavailable>, hold_quit=<unavailable>) at nsterm.m:4741:11 [opt]
    frame #22: 0x00000001000d11cd emacs`gobble_input at keyboard.c:6889:17 [opt]

which is nsimage.m:

- (void)dealloc
{
  [stippleMask release];
  [bmRep release];
  [transform release];  <====
  [super dealloc];
}

Alan?

    Andrii> The second one is not reproducible every time:

    Andrii> 1. M-x tool-bar-mode
    Andrii> 2. Evaluate
    Andrii>     (let ((params `((parent-frame . ,(selected-frame))
    Andrii>                     (undecorated . t))))
    Andrii>       (dotimes (_z 100)
    Andrii>         (set-face-background 'internal-border "black"
    Andrii>                              (make-frame params))))
    Andrii> 3. Move the frame

And this I see as well, however lldb does warn us:

2020-10-13 14:54:46.765446+0200 emacs[65592:8296279] [Window] WARNING: NSWindow has detected an excessive live window count of 101. Window 0x2e668 of class 'EmacsWindow' created after passing the threshold of 100. This window is not necessarily the cause, and this warning will only be shown once per window class.

    Andrii> Thread 3 received signal SIGSEGV, Segmentation fault.
    Andrii> 0x0000000100456e88 in ns_clear_under_internal_border (f=0x13cedafe8) at nsterm.m:3052
    Andrii> 3052	      [ns_lookup_indexed_color (NS_FACE_BACKGROUND (face), f) set];
    Andrii> (gdb) bt full

I suspect some initialization has been skipped somewhere:

    frame #0: 0x00000001001e81bc emacs`ns_clear_under_internal_border(f=0x0000000132288150) at nsterm.m:3052:33 [opt]
   3049         face = FRAME_DEFAULT_FACE (f);
   3050
   3051       ns_focus (f, &frame_rect, 1);
-> 3052       [ns_lookup_indexed_color (NS_FACE_BACKGROUND (face), f) set];
   3053       for (int i = 0; i < 4 ; i++)
   3054         {
   3055           NSDivideRect (frame_rect, &edge_rect, &frame_rect, border_width, edge[i]);
Target 0: (emacs) stopped.
(lldb) p face
(face *) $0 = 0x0000000000000000

Robert
--

next prev parent reply	other threads:[~2020-10-13 13:00 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-13  7:35 bug#43973: 28.0.50; [NS] Two crashes on macOS Andrii Kolomoiets
2020-10-13 13:00 ` Robert Pluim [this message]
2020-10-13 20:33   ` Alan Third
2020-10-14 10:46     ` Robert Pluim
2020-10-13 19:09 ` Alan Third
2020-10-14  8:07   ` Andrii Kolomoiets
2020-10-14  8:50   ` Andrii Kolomoiets
2020-10-24 10:35   ` Eli Zaretskii
2020-10-14 20:41 ` Alan Third
2020-10-14 21:01   ` Andrii Kolomoiets
2020-10-14 21:15     ` Alan Third
2020-10-14 21:33       ` Andrii Kolomoiets
2021-01-02 18:25         ` Alan Third
2021-01-02 22:03           ` Andrii Kolomoiets
2021-01-02 22:34             ` Alan Third
2020-10-24  1:37 ` Win Treese
2020-10-24 16:59   ` Alan Third

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m2imbel1qo.fsf@gmail.com \
    --to=rpluim@gmail.com \
    --cc=43973@debbugs.gnu.org \
    --cc=andreyk.mad@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).