pcbnew crashes on via drag (45 degree mode).

Bug #1837766 reported by Dino Ghilardi on 2019-07-24
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
KiCad
Critical
Tomasz Wlostowski

Bug Description

Dragging a via in 45 degree mode crashes pcbnew and kicad.

Note: Commit 8c77d31d4d444646f271b42eab2271641b9bde87 does not crash.

Commit 9e90cb95720b8bdb19701383216f4bcca5f8f533 shows the problem and crashes while dragging a via.

On a complex board before crashing the program becomes irresponsive for some seconds.

To reproduce the problem: Draw a minimal board or open a project that have more than one layer, (tested also on a "2 resistors and 4 tracks board", dragging one of the vias them some times crashes kicad.

On a more complex board (may be when dragging needs to move more vias and tracks) it is more deterministic and crashes every time.

Crashes when the interactive router settings are in

   -shove
   -walk-around mode
does not crash in "highlight collisions" mode.

Cheers, Dino.

-------------------------------------------------------------------------
Application: Pcbnew
Version: (5.1.0-1354-g9e90cb957), release build
Libraries:
    wxWidgets 3.0.2
    libcurl/7.52.1 OpenSSL/1.0.2s zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Platform: Linux 4.9.0-8-amd64 x86_64, 64 bit, Little endian, wxGTK
Build Info:
    wxWidgets: 3.0.2 (wchar_t,wx containers,compatible with 2.8) GTK+ 2.24
    Boost: 1.69.0
    OpenCASCADE Community Edition: 6.8.0
    Curl: 7.52.1
    Compiler: GCC 6.3.0 with C++ ABI 1010

Build settings:
    KICAD_SCRIPTING=ON
    KICAD_SCRIPTING_MODULES=ON
    KICAD_SCRIPTING_PYTHON3=OFF
    KICAD_SCRIPTING_WXPYTHON=ON
    KICAD_SCRIPTING_WXPYTHON_PHOENIX=OFF
    KICAD_SCRIPTING_ACTION_MENU=ON
    BUILD_GITHUB_PLUGIN=ON
    KICAD_USE_OCE=ON
    KICAD_USE_OCC=OFF
    KICAD_SPICE=ON

Dino Ghilardi (dino-ghilardi) wrote :

gdb output on segfault:

Thread 1 "kicad" received signal SIGSEGV, Segmentation fault.
0xffffffff00000000 in ?? ()
(gdb) backtrace
#0 0xffffffff00000000 in ?? ()
#1 0x00007fffd3364a75 in PNS::SHOVE::ShoveDraggingVia(PNS::VIA*, VECTOR2<int> const&, PNS::VIA**) ()
   from /home/dinoghi/SANDBOXKICAD5/usr/bin/_pcbnew.kiface
#2 0x00007fffd33216c9 in PNS::DRAGGER::dragShove(VECTOR2<int> const&) ()
   from /home/dinoghi/SANDBOXKICAD5/usr/bin/_pcbnew.kiface
#3 0x00007fffd32df6f2 in PNS::ROUTER::Move(VECTOR2<int> const&, PNS::ITEM*) ()
   from /home/dinoghi/SANDBOXKICAD5/usr/bin/_pcbnew.kiface
#4 0x00007fffd32ef4fc in ROUTER_TOOL::InlineDrag(TOOL_EVENT const&) ()
   from /home/dinoghi/SANDBOXKICAD5/usr/bin/_pcbnew.kiface
#5 0x00007fffd3544d90 in COROUTINE<int, TOOL_EVENT const&>::callerStub(long) ()
   from /home/dinoghi/SANDBOXKICAD5/usr/bin/_pcbnew.kiface
#6 0x00005555556c5131 in make_fcontext ()
#7 0x000055555dabcfa0 in ?? ()
#8 0x00007ffff37c233c in __GI___printf_fp_l (fp=0x0,
    loc=<error reading variable: Cannot access memory at address 0x34ffffff91>, info=0x0, args=<optimized out>)
    at printf_fp.c:629
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)

Changed in kicad:
assignee: nobody → Tomasz Wlostowski (twlostow)
Changed in kicad:
status: New → Confirmed
eelik (eelik) wrote :

I can confirm. I have stitching vias, I'm trying to drag one via to push another via. When the pushed via reaches a point when it doesn't have room to move because there's a track which doesn't have room to move, KiCad crashes. The backtrace looks similar than Dino gave above.

Dino Ghilardi (dino-ghilardi) wrote :

New test to have a narrower set of commits with the source of the problem:

Old commit 8c77d31d4d444646f271b42eab2271641b9bde87 does not crash.

commit a7c41f0c343b4437e39b86458022a0c23b59de4b crashes

Changed in kicad:
importance: Undecided → Critical
Dino Ghilardi (dino-ghilardi) wrote :

It seems that the first commit that crashes is:

commit c1fcb1d8959997a7409de506e98a28878308b6e8

Cheers.
Dino.

MightyPork (mighty-pork) wrote :

Here's another trace, I think it's the same bug. I didn't drag a via, but it was shoved when there wasn't enough space.

Thread 1 "kicad" received signal SIGSEGV, Segmentation fault.
0x000000690000006d in ?? ()
(gdb) bt
#0 0x000000690000006d in ()
#1 0x00007fffb05a60f2 in PNS::LINE::LINE(PNS::VIA const&) (aVia=..., this=0x55555b271780)
    at /home/ondra/packages/kicad-git/src/kicad-git/pcbnew/router/pns_shove.cpp:1367
#2 0x00007fffb05a60f2 in PNS::SHOVE::ShoveDraggingVia(PNS::VIA*, VECTOR2<int> const&, PNS::VIA**) (this=
    0x55556889ada0, aVia=<optimized out>, aWhere=..., aNewVia=aNewVia@entry=0x55555b271b40)
    at /home/ondra/packages/kicad-git/src/kicad-git/pcbnew/router/pns_shove.cpp:1338
#3 0x00007fffb0561896 in PNS::DRAGGER::dragShove(VECTOR2<int> const&) (this=0x555567bd4800, aP=...)
    at /home/ondra/packages/kicad-git/src/kicad-git/pcbnew/router/pns_dragger.cpp:295
#4 0x00007fffb051f977 in PNS::ROUTER::moveDragging(VECTOR2<int> const&, PNS::ITEM*) (this=0x555568b73cf0, aP=..., aEndItem=<optimized out>)
    at /usr/include/c++/9.1.0/bits/unique_ptr.h:357
#5 0x00007fffb052c8d0 in ROUTER_TOOL::performDragging(int) (this=<optimized out>, aMode=<optimized out>)
    at /home/ondra/packages/kicad-git/src/kicad-git/pcbnew/router/router_tool.cpp:1021
#6 0x00007fffb052fd37 in ROUTER_TOOL::MainLoop(TOOL_EVENT const&) (this=<optimized out>, aEvent=...)
    at /home/ondra/packages/kicad-git/src/kicad-git/pcbnew/router/router_tool.cpp:948
#7 0x00007fffb0743680 in std::function<int (TOOL_EVENT const&)>::operator()(TOOL_EVENT const&) const (__args#0=..., this=0x5555631f2f68)
    at /usr/include/c++/9.1.0/bits/std_function.h:685
#8 0x00007fffb0743680 in COROUTINE<int, TOOL_EVENT const&>::callerStub(long) (aData=<optimized out>)
    at /home/ondra/packages/kicad-git/src/kicad-git/include/tool/coroutine.h:335
#9 0x00005555556d2a41 in make_fcontext ()

KiCad Janitor (kicad-janitor) wrote :

Fixed in revision 726bceecfd9981c89d8dcac7ea328db4af5db78d
https://git.launchpad.net/kicad/patch/?id=726bceecfd9981c89d8dcac7ea328db4af5db78d

Changed in kicad:
status: Confirmed → Fix Committed
Changed in kicad:
milestone: none → 6.0.0-rc1

I reopen the bug report, because the crash is not fully fixed:
It happens now immediately in walk-around mode only (100% reproducible).

Application: KiCad
Version: (5.1.0-1460-g726bceecf), release build
Libraries:
    wxWidgets 3.1.1
    libcurl/7.65.1 OpenSSL/1.1.1c (Schannel) zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.1.1) nghttp2/1.39.1
Platform: Windows 7 (build 7601, Service Pack 1), 32 bit, Little endian, wxMSW
Build Info:
    wxWidgets: 3.1.1 (wchar_t,wx containers)
    Boost: 1.70.0
    OpenCASCADE Community Edition: 6.8.0
    Curl: 7.65.1
    Compiler: GCC 9.1.0 with C++ ABI 1013

Build settings:
    KICAD_SCRIPTING=ON
    KICAD_SCRIPTING_MODULES=ON
    KICAD_SCRIPTING_PYTHON3=OFF
    KICAD_SCRIPTING_WXPYTHON=OFF
    KICAD_SCRIPTING_WXPYTHON_PHOENIX=OFF
    KICAD_SCRIPTING_ACTION_MENU=ON
    BUILD_GITHUB_PLUGIN=ON
    KICAD_USE_OCE=ON
    KICAD_USE_OCC=OFF
    KICAD_SPICE=ON

Changed in kicad:
status: Fix Committed → New
Wayne Stambaugh (stambaughw) wrote :
Download full text (3.8 KiB)

I can confirm that this is still an issue. Here is the full back trace.

Thread 1 "kicad" received signal SIGSEGV, Segmentation fault.
PNS::SHOVE::ShoveLines (this=0x0, aCurrentHead=...)
    at /home/wayne/src/kicad-trunk/pcbnew/router/pns_shove.cpp:1157
1157 m_multiLineMode = false;
(gdb) bt
#0 0x00007fffe0f0891e in PNS::SHOVE::ShoveLines(PNS::LINE const&)
    (this=0x0, aCurrentHead=...)
    at /home/wayne/src/kicad-trunk/pcbnew/router/pns_shove.cpp:1157
#1 0x00007fffe0ec17c0 in PNS::DRAGGER::dragShove(VECTOR2<int> const&)
    (this=0x581b500, aP=...)
    at /home/wayne/src/kicad-trunk/pcbnew/router/pns_dragger.cpp:282
#2 0x00007fffe0ec1ca1 in PNS::DRAGGER::Drag(VECTOR2<int> const&)
    (this=0x581b500, aP=...)
    at /home/wayne/src/kicad-trunk/pcbnew/router/pns_dragger.cpp:362
#3 0x00007fffe0e762f4 in PNS::ROUTER::moveDragging(VECTOR2<int> const&, PNS::ITEM*) (this=0x57c0f10, aP=..., aEndItem=0x589e210)
    at /home/wayne/src/kicad-trunk/pcbnew/router/pns_router.cpp:253
#4 0x00007fffe0e75f57 in PNS::ROUTER::Move(VECTOR2<int> const&, PNS::ITEM*)
    (this=0x57c0f10, aP=..., endItem=0x589e210)
    at /home/wayne/src/kicad-trunk/pcbnew/router/pns_router.cpp:240
#5 0x00007fffe0e90150 in ROUTER_TOOL::InlineDrag(TOOL_EVENT const&) (this=
    0x20e9550, aEvent=...)
    at /home/wayne/src/kicad-trunk/pcbnew/router/router_tool.cpp:1184
#6 0x00007fffe0e955b9 in std::__invoke_impl<int, int (ROUTER_TOOL::*&)(TOOL_EVENT const&), ROUTER_TOOL*&, TOOL_EVENT const&>(std::__invoke_memfun_deref, int (ROUTER_TOOL::*&)(TOOL_EVENT const&), ROUTER_TOOL*&, TOOL_EVENT const&) (__f=
    @0x5496be0: (int (ROUTER_TOOL::*)(ROUTER_TOOL * const, const TOOL_EVENT &)) 0x7fffe0e8f8d0 <ROUTER_TOOL::InlineDrag(TOOL_EVENT const&)>, __t=@0x5496bf0: 0x20e9550, __args=...)
    at /usr/bin/../lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:73
#7 0x00007fffe0e954b7 in std::__invoke<int (ROUTER_TOOL::*&)(TOOL_EVENT const&), ROUTER_TOOL*&, TOOL_EVENT const&>(int (ROUTER_TOOL::*&)(TOOL_EVENT const&), ROUTER_TOOL*&, TOOL_EVENT const&) (__fn=
    @0x5496be0: (int (ROUTER_TOOL::*)(ROUTER_TOOL * const, const TOOL_EVENT &)) 0x7fffe0e8f8d0 <ROUTER_TOOL::InlineDrag(TOOL_EVENT const&)>, __args=@0x5496bf0: 0x20e9550, __args=...)
    at /usr/bin/../lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:95
#8 0x00007fffe0e95468 in std::_Bind<int (ROUTER_TOOL::*(ROUTER_TOOL*, std::_Placeholder<1>))(TOOL_EVENT const&)>::__call<int, TOOL_EVENT const&, 0ul, 1ul>(std::tuple<TOOL_EVENT const&>&&, std::_Index_tuple<0ul, 1ul>)
    (this=0x5496be0, __args=...)
    at /usr/bin/../lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/function--Type <RET> for more, q to quit, c to continue without paging--
al:400
#9 0x00007fffe0e953cd in std::_Bind<int (ROUTER_TOOL::*(ROUTER_TOOL*, std::_Placeholder<1>))(TOOL_EVENT const&)>::operator()<TOOL_EVENT const&, int>(TOOL_EVENT const&) (this=0x5496be0, __args=...)
    at /usr/bin/../lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/functional:482
#10 0x00007fffe0e95092 in std::_Function_handler<int (TOOL_EVENT const&), std::_Bind<int (ROUTER_TOOL::*(ROUTER_TOOL*, std::_Placeholder<1>))(TOOL_EVENT const&)> >::_M_inv...

Read more...

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers