GNU bug report logs - #43973
28.0.50; [NS] Two crashes on macOS

Previous Next

Package: emacs;

Reported by: Andrii Kolomoiets <andreyk.mad <at> gmail.com>

Date: Tue, 13 Oct 2020 07:36:01 UTC

Severity: normal

Found in version 28.0.50

Done: Alan Third <alan <at> idiocy.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Robert Pluim <rpluim <at> gmail.com>
To: Andrii Kolomoiets <andreyk.mad <at> gmail.com>
Cc: 43973 <at> debbugs.gnu.org
Subject: bug#43973: 28.0.50; [NS] Two crashes on macOS
Date: Tue, 13 Oct 2020 15:00:31 +0200

>>>>> On Tue, 13 Oct 2020 10:35:28 +0300, Andrii Kolomoiets <andreyk.mad <at> gmail.com> said:

    Andrii> Update to recent trunk brought me everyone's favorite random crashes.
    Andrii> In an attempt to find the recipe for reproduce the bug somehow, I spot
    Andrii> two crashes that I actually can reproduce in 'emacs -Q'.

    Andrii> The first one is more "stable":

    Andrii> With this code in scratch and point at '|':

    Andrii>     (make-frame `((parent-frame . ,(selected-frame))
    Andrii>                   (width . 0.5)
    Andrii>                   (height . 0.5)
    Andrii>                   (top . 0.5)
    Andrii>                   (left . 0.5)))|

    Andrii> 1. C-x C-e
    Andrii> 2. s-w

    Andrii> Repeating these two steps 3-5 times leads to crash.  Most of the time
    Andrii> the only meaningfull record in the 'bt' is:

    Andrii> Thread 3 received signal SIGSEGV, Segmentation fault.
    Andrii> 0x00007fff6fa97678 in ?? ()
    Andrii> (gdb) bt full
    Andrii> #0  0x00007fff6fa97678 in ?? ()
    Andrii> No symbol table info available.
    Andrii> #1  0x0000000100476338 in -[EmacsImage dealloc] (self=0x1014c77f0, _cmd=0x7fff7afcdc58) at nsimage.m:286
    Andrii> No locals.

    Andrii> It may be tool bar related, because Emacs is not crashing with
    Andrii> tool-bar-mode turned of.

I think you may be right:

(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x20)
  * frame #0: 0x00007fff6be26678 libobjc.A.dylib`objc_release + 24
    frame #1: 0x00000001001f5d1f emacs`-[EmacsImage dealloc](self=0x0000000102ac8ff0, _cmd=<unavailable>) at nsimage.m:286:3 [opt]
    frame #2: 0x00007fff6be2beb3 libobjc.A.dylib`objc_object::sidetable_release(bool) + 229
    frame #3: 0x00007fff301e46e1 AppKit`-[NSMenuItem dealloc] + 108
    frame #4: 0x00007fff304523f8 AppKit`-[NSToolbarItem dealloc] + 110
    frame #5: 0x00007fff32f072a5 CoreFoundation`__RELEASE_OBJECTS_IN_THE_ARRAY__ + 118
    frame #6: 0x00007fff32f071e8 CoreFoundation`-[__NSArrayM dealloc] + 279
    frame #7: 0x00007fff305b1a99 AppKit`-[NSToolbarClippedItemsIndicator dealloc] + 84
    frame #8: 0x00007fff6be42054 libobjc.A.dylib`AutoreleasePoolPage::releaseUntil(objc_object**) + 134
    frame #9: 0x00007fff6be26dba libobjc.A.dylib`objc_autoreleasePoolPop + 175
    frame #10: 0x00007fff32f69335 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23
    frame #11: 0x00007fff32f69267 CoreFoundation`__CFRunLoopDoObservers + 457
    frame #12: 0x00007fff32f68805 CoreFoundation`__CFRunLoopRun + 874
    frame #13: 0x00007fff32f67e3e CoreFoundation`CFRunLoopRunSpecific + 462
    frame #14: 0x00007fff31b94abd HIToolbox`RunCurrentEventLoopInMode + 292
    frame #15: 0x00007fff31b946f4 HIToolbox`ReceiveNextEventCommon + 359
    frame #16: 0x00007fff31b94579 HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 64
    frame #17: 0x00007fff301da039 AppKit`_DPSNextEvent + 883
    frame #18: 0x00007fff301d8880 AppKit`-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1352
    frame #19: 0x00007fff301ca58e AppKit`-[NSApplication run] + 658
    frame #20: 0x00000001001d708d emacs`-[EmacsApp run](self=0x0000000102a10a70, _cmd=<unavailable>) at nsterm.m:5765:9 [opt]
    frame #21: 0x00000001001e3a1e emacs`ns_read_socket(terminal=<unavailable>, hold_quit=<unavailable>) at nsterm.m:4741:11 [opt]
    frame #22: 0x00000001000d11cd emacs`gobble_input at keyboard.c:6889:17 [opt]

which is nsimage.m:

- (void)dealloc
{
  [stippleMask release];
  [bmRep release];
  [transform release];  <====
  [super dealloc];
}

Alan?

    Andrii> The second one is not reproducible every time:

    Andrii> 1. M-x tool-bar-mode
    Andrii> 2. Evaluate
    Andrii>     (let ((params `((parent-frame . ,(selected-frame))
    Andrii>                     (undecorated . t))))
    Andrii>       (dotimes (_z 100)
    Andrii>         (set-face-background 'internal-border "black"
    Andrii>                              (make-frame params))))
    Andrii> 3. Move the frame

And this I see as well, however lldb does warn us:

2020-10-13 14:54:46.765446+0200 emacs[65592:8296279] [Window] WARNING: NSWindow has detected an excessive live window count of 101. Window 0x2e668 of class 'EmacsWindow' created after passing the threshold of 100. This window is not necessarily the cause, and this warning will only be shown once per window class.

    Andrii> Thread 3 received signal SIGSEGV, Segmentation fault.
    Andrii> 0x0000000100456e88 in ns_clear_under_internal_border (f=0x13cedafe8) at nsterm.m:3052
    Andrii> 3052	      [ns_lookup_indexed_color (NS_FACE_BACKGROUND (face), f) set];
    Andrii> (gdb) bt full

I suspect some initialization has been skipped somewhere:

    frame #0: 0x00000001001e81bc emacs`ns_clear_under_internal_border(f=0x0000000132288150) at nsterm.m:3052:33 [opt]
   3049         face = FRAME_DEFAULT_FACE (f);
   3050
   3051       ns_focus (f, &frame_rect, 1);
-> 3052       [ns_lookup_indexed_color (NS_FACE_BACKGROUND (face), f) set];
   3053       for (int i = 0; i < 4 ; i++)
   3054         {
   3055           NSDivideRect (frame_rect, &edge_rect, &frame_rect, border_width, edge[i]);
Target 0: (emacs) stopped.
(lldb) p face
(face *) $0 = 0x0000000000000000

Robert
--
This bug report was last modified 4 years and 144 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.