[SRU] ngspice-36 crashes in various ways

Bug #2048906 reported by Denys Rtveliashvili
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ngspice (Ubuntu)
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned

Bug Description

[ Impact ]

ngspice will sometimes crash on some trivial circuits and will result in Segmentation fault.
Though upstream mentioned these types of circuits causing the segfault as "strange input".

[ Test Plan ]

* create a test file named "test.netlist" with the following content:
.title KiCad schematic
.save all
.probe alli
.end

* execute "ngspice" command
* run this command: "source test.netlist" on the ngspice prompt.

With the fixed package it will print:

Circuit: KiCad schematic

[ Where problems could occur ]

It is an upstream patch which only adds an check for a pointer before dereferencing it and there is a little chance of any regression because of this patch.

[racb] The modprobenames function will now do nothing under some circumstances. This seems OK and is the intention of this change, but if there's a regression then it is likely to be because of a consequence of this. It always needs to dereference a pointer, and a null pointer deference is always bad, so in the worst case it seems like it would be that the bug isn't really fixed, eg. some kind of silent failure or logic error.

[ Other Info ]

The patch in the debdiff looks quite big due to the indentation changes but the real change is only:

@@ -1130,6 +1130,7 @@ static char* get_terminal_number(char* e
    Called from inp.c*/
 void modprobenames(INPtables* tab) {
     GENinstance* GENinst;
+ if (tab->defVmod) {
     for (GENinst = tab->defVmod->GENinstances; GENinst; GENinst = GENinst->GENnextInstance) {
         char* name = GENinst->GENname;
         /* Do not inlude the x in the new name, XU1 -> U1 */
@@ -1159,4 +1160,5 @@ void modprobenames(INPtables* tab) {
             }
         }
     }
+ }
 }

[ Original Bug Description ]

$ lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04

ngspice version: 36+ds-1

The following happens:
=============================================

ngspice is used by KiCad to simulate circuits.
I have noticed that ngspice tends to crash or fail on relatively simple circuits.

Taking KiCad out of equation I can see that even trivialities lead to crashes.

For example, create a text file "test.netlist" with the following content:

--- CUT ---
.title KiCad schematic
.save all
.probe alli
.end
--- CUT ---

Then start ngspice command line tool and run this command: "source test.netlist".

The results would be this:

--- CUT ---
No compatibility mode selected!

Circuit: KiCad schematic

Segmentation fault (core dumped)
--- CUT ---

Other than segmentation faults, sometimes ngspice attempts to allocate a negative amount of memory (which also results in crashes).

The following is expected:
=============================================
I expect that ngspice would not crash and would instead either do what it is asked to do or report errors.

Suggested change:
=============================================
Update ngspice from version 3.6 to version 4.2: I have built v4.2 myself and checked - it appears to work or report genuine errors in all cases where the old ngspice simply crashes with no apparent reason.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ngspice 36+ds-1
ProcVersionSignature: Ubuntu 6.2.0-35.35~22.04.1-generic 6.2.16
Uname: Linux 6.2.0-35-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: GNOME
Date: Wed Jan 10 14:32:41 2024
InstallationDate: Installed on 2021-07-03 (921 days ago)
InstallationMedia: Ubuntu-MATE 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1)
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: ngspice
UpgradeStatus: Upgraded to jammy on 2023-09-12 (119 days ago)

Revision history for this message
Denys Rtveliashvili (rtvdenys) wrote :
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I have tested and can confirm that I can reproduce the segfault with the "test.netlist". I have also tested and confirmed Focal and Mantic are not affected.

Changed in ngspice (Ubuntu Jammy):
status: New → Confirmed
Changed in ngspice (Ubuntu):
status: New → Fix Released
Changed in ngspice (Ubuntu Jammy):
assignee: nobody → Sudip Mukherjee (sudipmuk)
Changed in ngspice (Ubuntu Jammy):
status: Confirmed → In Progress
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff attached.

summary: - ngspice-36 crashes in various ways
+ [SRU] ngspice-36 crashes in various ways
description: updated
description: updated
Changed in ngspice (Ubuntu Jammy):
status: In Progress → Confirmed
assignee: Sudip Mukherjee (sudipmuk) → nobody
Revision history for this message
Dave Jones (waveform) wrote :

Confirmed the issue on jammy, patch looks good, so I'll sponsor this for jammy. Thanks!

Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello Denys, or anyone else affected,

Accepted ngspice into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ngspice/36+ds-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

description: updated
Changed in ngspice (Ubuntu Jammy):
status: Confirmed → Fix Committed
tags: added: verification-needed verification-needed-jammy
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can confirm that ngspice from jammy-proposed has fixed the bug for me.

Test done:

Install ngspice on a jammy installation.
create the test.netlist file with the content from the testplan
execute ngspice
run "source test.netlist" on the ngspice prompt.
confirm that ngspice fails with coredump.

Add jammy-proposed to apt sources
update ngspice from jammy-proposed
run "source test.netlist" on the ngspice prompt.
confirm that ngspice does not fail and prints the title "Circuit: KiCad schematic".

Test result: the issue with ngspice has been fixed.

Package tested:

$ apt-cache policy ngspice
ngspice:
  Installed: 36+ds-1ubuntu0.1
  Candidate: 36+ds-1ubuntu0.1
  Version table:
 *** 36+ds-1ubuntu0.1 500
        500 http://gb.archive.ubuntu.com/ubuntu jammy-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     36+ds-1 500
        500 http://gb.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages

tags: added: verification-done verification-done-jammy
removed: verification-needed verification-needed-jammy
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ngspice - 36+ds-1ubuntu0.1

---------------
ngspice (36+ds-1ubuntu0.1) jammy; urgency=medium

  * d/p/fixes/segfault-fix-modprobe.patch: Fix ngspice crash with
    trivial input. (LP: #2048906)

 -- Sudip Mukherjee <email address hidden> Mon, 11 Mar 2024 21:44:53 +0000

Changed in ngspice (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Robie Basak (racb) wrote : Update Released

The verification of the Stable Release Update for ngspice has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.