eeschema crash - segfault on block select

Bug #1841919 reported by Dino Ghilardi on 2019-08-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
KiCad
Critical
Seth Hillbrand

Bug Description

On eeschema, master branch, I get a weird crash: selecting some particular blocks crashes kicad.

Attached a kicad project with a box marked "SELECT THIS BOX". On my machine selecting it crashes eeschema and kicad in a deterministic way.

It is still a strange behaviour since block-selecting other combinations of items does not crash, so may be it is my machine/os/library version specific.

Cheers,
Dino.

------------------------------------------------------------------------------
Application: Eeschema
Version: (5.99.0-29-gc3274e15f), release build
Libraries:
    wxWidgets 3.0.2
    libcurl/7.52.1 OpenSSL/1.0.2s zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Platform: Linux 4.9.0-8-amd64 x86_64, 64 bit, Little endian, wxGTK
Build Info:
    wxWidgets: 3.0.2 (wchar_t,wx containers,compatible with 2.8) GTK+ 2.24
    Boost: 1.69.0
    OpenCASCADE Community Edition: 6.8.0
    Curl: 7.52.1
    Compiler: GCC 6.3.0 with C++ ABI 1010

Build settings:
    KICAD_SCRIPTING=ON
    KICAD_SCRIPTING_MODULES=ON
    KICAD_SCRIPTING_PYTHON3=OFF
    KICAD_SCRIPTING_WXPYTHON=ON
    KICAD_SCRIPTING_WXPYTHON_PHOENIX=OFF
    KICAD_SCRIPTING_ACTION_MENU=ON
    BUILD_GITHUB_PLUGIN=ON
    KICAD_USE_OCE=ON
    KICAD_USE_OCC=OFF
    KICAD_SPICE=ON

Dino Ghilardi (dino-ghilardi) wrote :
Dino Ghilardi (dino-ghilardi) wrote :

A little bit more testing: Selecting all the items inside the box one-by-one using shift-click does not cause the crash.

Dino Ghilardi (dino-ghilardi) wrote :

Here it is a backtrace from gdb on that segfault:

Thread 1 "kicad" received signal SIGSEGV, Segmentation fault.
0x00007fffe0cc6733 in EE_SELECTION_TOOL::selectMultiple() ()
   from /home/dinoghi/SANDBOXKICAD5/usr/bin/_eeschema.kiface
(gdb) backtrace
#0 0x00007fffe0cc6733 in EE_SELECTION_TOOL::selectMultiple() () from /home/dinoghi/SANDBOXKICAD5/usr/bin/_eeschema.kiface
#1 0x00007fffe0cc78dc in EE_SELECTION_TOOL::Main(TOOL_EVENT const&) () from /home/dinoghi/SANDBOXKICAD5/usr/bin/_eeschema.kiface
#2 0x00007fffe0f04be0 in COROUTINE<int, TOOL_EVENT const&>::callerStub(long) ()
   from /home/dinoghi/SANDBOXKICAD5/usr/bin/_eeschema.kiface
#3 0x00005555556d4ff1 in make_fcontext ()
#4 0x0000000000000000 in ?? ()

Seth Hillbrand (sethh) wrote :

Does it crash for you in both canvases?
DOes it crash when selecting left-to-right as well as right-to-left?

I do not see the crash here. But I also don't know what commit -29 is.

Application: Eeschema
Version: (5.99.0-28-gc3e07a588-dirty), debug build
Libraries:
    wxWidgets 3.0.4
    libcurl/7.64.0 OpenSSL/1.1.1c zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Platform: Linux 4.19.0-5-amd64 x86_64, 64 bit, Little endian, wxGTK
Build Info:
    wxWidgets: 3.0.4 (wchar_t,wx containers,compatible with 2.8) GTK+ 3.24
    Boost: 1.67.0
    OpenCASCADE Community Edition: 6.9.1
    Curl: 7.64.0
    Compiler: GCC 8.3.0 with C++ ABI 1013

Build settings:
    KICAD_SCRIPTING=ON
    KICAD_SCRIPTING_MODULES=ON
    KICAD_SCRIPTING_PYTHON3=ON
    KICAD_SCRIPTING_WXPYTHON=ON
    KICAD_SCRIPTING_WXPYTHON_PHOENIX=ON
    KICAD_SCRIPTING_ACTION_MENU=ON
    BUILD_GITHUB_PLUGIN=ON
    KICAD_USE_OCE=ON
    KICAD_USE_OCC=OFF
    KICAD_SPICE=ON
    KICAD_STDLIB_DEBUG=OFF
    KICAD_STDLIB_LIGHT_DEBUG=OFF
    KICAD_SANITIZE=OFF

Changed in kicad:
status: New → Incomplete
Seth Hillbrand (sethh) wrote :

Hmm... My build info was out of date. Still no crash though.

Application: Eeschema
Version: (5.99.0-29-gc3274e15f), debug build
Libraries:
    wxWidgets 3.0.4
    libcurl/7.64.0 OpenSSL/1.1.1c zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Platform: Linux 4.19.0-5-amd64 x86_64, 64 bit, Little endian, wxGTK
Build Info:
    wxWidgets: 3.0.4 (wchar_t,wx containers,compatible with 2.8) GTK+ 3.24
    Boost: 1.67.0
    OpenCASCADE Community Edition: 6.9.1
    Curl: 7.64.0
    Compiler: GCC 8.3.0 with C++ ABI 1013

Build settings:
    KICAD_SCRIPTING=ON
    KICAD_SCRIPTING_MODULES=ON
    KICAD_SCRIPTING_PYTHON3=ON
    KICAD_SCRIPTING_WXPYTHON=ON
    KICAD_SCRIPTING_WXPYTHON_PHOENIX=ON
    KICAD_SCRIPTING_ACTION_MENU=ON
    BUILD_GITHUB_PLUGIN=ON
    KICAD_USE_OCE=ON
    KICAD_USE_OCC=OFF
    KICAD_SPICE=ON
    KICAD_STDLIB_DEBUG=OFF
    KICAD_STDLIB_LIGHT_DEBUG=OFF
    KICAD_SANITIZE=OFF

Seth Hillbrand (sethh) wrote :

I tried again with a release build just to be certain but I cannot trigger this.

Application: Eeschema
Version: (5.99.0-29-gc3274e15f), release build
Libraries:
    wxWidgets 3.0.4
    libcurl/7.64.0 OpenSSL/1.1.1c zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Platform: Linux 4.19.0-5-amd64 x86_64, 64 bit, Little endian, wxGTK
Build Info:
    wxWidgets: 3.0.4 (wchar_t,wx containers,compatible with 2.8) GTK+ 3.24
    Boost: 1.67.0
    OpenCASCADE Community Edition: 6.9.1
    Curl: 7.64.0
    Compiler: GCC 8.3.0 with C++ ABI 1013

Build settings:
    KICAD_SCRIPTING=ON
    KICAD_SCRIPTING_MODULES=ON
    KICAD_SCRIPTING_PYTHON3=ON
    KICAD_SCRIPTING_WXPYTHON=ON
    KICAD_SCRIPTING_WXPYTHON_PHOENIX=ON
    KICAD_SCRIPTING_ACTION_MENU=ON
    BUILD_GITHUB_PLUGIN=ON
    KICAD_USE_OCE=ON
    KICAD_USE_OCC=OFF
    KICAD_SPICE=ON

Yes, I have the crash both left-to-right and right-to-left.

I tried also to a "git clean -fx, make clean, make" to see if it was a
"dirty" build but still crashes.

(also on a smaller box than the one in the bug report)

Also it is quite weird the fact that not every "box" I can select gives
the crash, but selecting a bigger box is more likely to crash.

No crash selecting the items one-by-one.

On 29/08/19 15:17, Seth Hillbrand wrote:
> Does it crash for you in both canvases?
> DOes it crash when selecting left-to-right as well as right-to-left?
>
> I do not see the crash here. But I also don't know what commit -29 is.
>
> Application: Eeschema
> Version: (5.99.0-28-gc3e07a588-dirty), debug build
> Libraries:
> wxWidgets 3.0.4
> libcurl/7.64.0 OpenSSL/1.1.1c zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
> Platform: Linux 4.19.0-5-amd64 x86_64, 64 bit, Little endian, wxGTK
> Build Info:
> wxWidgets: 3.0.4 (wchar_t,wx containers,compatible with 2.8) GTK+ 3.24
> Boost: 1.67.0
> OpenCASCADE Community Edition: 6.9.1
> Curl: 7.64.0
> Compiler: GCC 8.3.0 with C++ ABI 1013
>
> Build settings:
> KICAD_SCRIPTING=ON
> KICAD_SCRIPTING_MODULES=ON
> KICAD_SCRIPTING_PYTHON3=ON
> KICAD_SCRIPTING_WXPYTHON=ON
> KICAD_SCRIPTING_WXPYTHON_PHOENIX=ON
> KICAD_SCRIPTING_ACTION_MENU=ON
> BUILD_GITHUB_PLUGIN=ON
> KICAD_USE_OCE=ON
> KICAD_USE_OCC=OFF
> KICAD_SPICE=ON
> KICAD_STDLIB_DEBUG=OFF
> KICAD_STDLIB_LIGHT_DEBUG=OFF
> KICAD_SANITIZE=OFF
>
>
> ** Changed in: kicad
> Status: New => Incomplete
>

Dino Ghilardi (dino-ghilardi) wrote :

It seems a kind of "memory leak ghost" that depends on library/compiler/linker version, but this is only an hypotesis, since it seems not to be reproducible on other platforms... Is there some one else that can try it on a debian oldstable (9.9)?

P.S: I have the same segfault both in "standard graphics" and in "accelerated graphics" mode.

Cheers, Dino.

Seth Hillbrand (sethh) wrote :

I can try on old stable tonight.

Can you run KiCad behind valgrind and post the results? Just default options are fine

Seth Hillbrand (sethh) wrote :

OK, I see the error in oldstable

(gdb) bt
#0 0x00007fffd0f242c6 in EDA_ITEM::Type (this=0x0) at ../../include/base_struct.h:212
#1 0x00007fffd11c969c in EE_SELECTION_TOOL::selectMultiple (this=0x5555585656e0)
    at /home/seth/code/kicad/kicad-launchpad/eeschema/tools/ee_selection_tool.cpp:701
#2 0x00007fffd11c7e7e in EE_SELECTION_TOOL::Main (this=0x5555585656e0, aEvent=...)
    at /home/seth/code/kicad/kicad-launchpad/eeschema/tools/ee_selection_tool.cpp:347
#3 0x00007fffd11d2bb0 in std::__invoke_impl<int, int (EE_SELECTION_TOOL::* const&)(TOOL_EVENT const&), EE_SELECTION_TOOL*&, TOOL_EVENT const&> (__f=
    @0x5555586675b0: (int (EE_SELECTION_TOOL::*)(EE_SELECTION_TOOL * const, const TOOL_EVENT &)) 0x7fffd11c785c <EE_SELECTION_TOOL::Main(TOOL_EVENT const&)>, __t=@0x5555586675c0: 0x5555585656e0, __args#0=...) at /usr/include/c++/6/functional:227
#4 0x00007fffd11d2971 in std::__invoke<int (EE_SELECTION_TOOL::* const&)(TOOL_EVENT const&), EE_SELECTION_TOOL*&, TOOL_EVENT const&> (
    __fn=
    @0x5555586675b0: (int (EE_SELECTION_TOOL::*)(EE_SELECTION_TOOL * const, const TOOL_EVENT &)) 0x7fffd11c785c <EE_SELECTION_TOOL::Main(TOOL_EVENT const&)>, __args#0=@0x5555586675c0: 0x5555585656e0, __args#1=...) at /usr/include/c++/6/functional:251
#5 0x00007fffd11d264b in std::_Mem_fn_base<int (EE_SELECTION_TOOL::*)(TOOL_EVENT const&), true>::operator()<EE_SELECTION_TOOL*&, TOOL_EVENT const&> (this=0x5555586675b0, __args#0=@0x5555586675c0: 0x5555585656e0, __args#1=...) at /usr/include/c++/6/functional:604
#6 0x00007fffd11d1dd7 in std::_Bind<std::_Mem_fn<int (EE_SELECTION_TOOL::*)(TOOL_EVENT const&)> (EE_SELECTION_TOOL*, std::_Placeholder<1>)>::__call<int, TOOL_EVENT const&, 0ul, 1ul>(std::tuple<TOOL_EVENT const&>&&, std::_Index_tuple<0ul, 1ul>) (this=0x5555586675b0,
    __args=<unknown type in /usr/local/bin/_eeschema.kiface, CU 0x2ba37b4, DIE 0x2bf928c>) at /usr/include/c++/6/functional:934
#7 0x00007fffd11d1131 in std::_Bind<std::_Mem_fn<int (EE_SELECTION_TOOL::*)(TOOL_EVENT const&)> (EE_SELECTION_TOOL*, std::_Placeholder<1>)>::operator()<TOOL_EVENT const&, int>(TOOL_EVENT const&) (this=0x5555586675b0, __args#0=...) at /usr/include/c++/6/functional:993
#8 0x00007fffd11d08ea in std::_Function_handler<int (TOOL_EVENT const&), std::_Bind<std::_Mem_fn<int (EE_SELECTION_TOOL::*)(TOOL_EVENT const&)> (EE_SELECTION_TOOL*, std::_Placeholder<1>)> >::_M_invoke(std::_Any_data const&, TOOL_EVENT const&) (__functor=...,
    __args#0=...) at /usr/include/c++/6/functional:1717
#9 0x00007fffd13da66b in std::function<int (TOOL_EVENT const&)>::operator()(TOOL_EVENT const&) const (this=0x5555572f1e40,
    __args#0=...) at /usr/include/c++/6/functional:2127
#10 0x00007fffd13d784b in COROUTINE<int, TOOL_EVENT const&>::callerStub (aData=93825007244256) at ../../include/tool/coroutine.h:350
#11 0x0000555555706dc1 in make_fcontext () at /usr/include/wx-3.0/wx/wxcrtbase.h:675
#12 0x0000000000000000 in ?? ()

Changed in kicad:
importance: Undecided → Critical
milestone: none → 6.0.0-rc1
status: Incomplete → Triaged
Seth Hillbrand (sethh) wrote :
Download full text (4.4 KiB)

And selectedItems doesn't contain the relevant item

(gdb) print selectedItems
$2 = std::vector of length 104, capacity 128 = {{first = 0x5555588c6780, second = 146}, {first = 0x5555588be6c0, second = 141}, {
    first = 0x5555588c4af0, second = 141}, {first = 0x5555588c53b0, second = 141}, {first = 0x5555588c5890, second = 141}, {
    first = 0x5555588c59b0, second = 141}, {first = 0x5555588c5ad0, second = 141}, {first = 0x5555588c5bf0, second = 141}, {
    first = 0x5555588c6420, second = 141}, {first = 0x5555588c6540, second = 141}, {first = 0x5555588c6660, second = 142}, {
    first = 0x5555588c4910, second = 152}, {first = 0x5555588c4f30, second = 152}, {first = 0x5555588c50b0, second = 152}, {
    first = 0x5555588c5230, second = 152}, {first = 0x5555588c54d0, second = 152}, {first = 0x5555588c5650, second = 152}, {
    first = 0x5555588ccb70, second = 153}, {first = 0x5555588ccdb0, second = 153}, {first = 0x5555588cced0, second = 153}, {
    first = 0x5555588c6780, second = 156}, {first = 0x5555588c4f30, second = 170}, {first = 0x5555588c5230, second = 170}, {
    first = 0x5555588c6660, second = 170}, {first = 0x5555588c4af0, second = 170}, {first = 0x5555588c50b0, second = 170}, {
    first = 0x5555588c53b0, second = 170}, {first = 0x5555588c54d0, second = 170}, {first = 0x5555588c6780, second = 170}, {
    first = 0x5555588c5650, second = 170}, {first = 0x5555588c5890, second = 170}, {first = 0x5555588c59b0, second = 170}, {
    first = 0x5555588c5ad0, second = 170}, {first = 0x5555588c5bf0, second = 170}, {first = 0x5555588c6420, second = 170}, {
    first = 0x5555588c6540, second = 170}, {first = 0x5555588c4910, second = 170}, {first = 0x5555588be6c0, second = 170}, {
    first = 0x5555588ccb70, second = 170}, {first = 0x5555588ccdb0, second = 170}, {first = 0x5555588cced0, second = 170}, {
    first = 0x5555588c5650, second = 163}, {first = 0x5555588c6780, second = 164}, {first = 0x5555588c6900, second = 146}, {
    first = 0x5555588c6a90, second = 146}, {first = 0x5555588c6c20, second = 146}, {first = 0x5555588c6db0, second = 146}, {
    first = 0x5555588c6f40, second = 146}, {first = 0x5555588c70d0, second = 146}, {first = 0x5555588c7260, second = 146}, {
    first = 0x5555588c73f0, second = 146}, {first = 0x5555588c7580, second = 146}, {first = 0x5555588c7710, second = 146}, {
    first = 0x5555588c78a0, second = 146}, {first = 0x5555588c7a30, second = 146}, {first = 0x5555588c7bc0, second = 146}, {
    first = 0x5555588c7d50, second = 146}, {first = 0x5555588c7ee0, second = 146}, {first = 0x5555588c8070, second = 146}, {
    first = 0x5555588c8200, second = 146}, {first = 0x5555588c84a0, second = 146}, {first = 0x5555588c8630, second = 146}, {
    first = 0x5555588c87c0, second = 146}, {first = 0x5555588c8950, second = 146}, {first = 0x5555588c8ae0, second = 146}, {
    first = 0x5555588c8c70, second = 146}, {first = 0x5555588c8e00, second = 146}, {first = 0x5555588c8f90, second = 146}, {
    first = 0x5555588c9120, second = 146}, {first = 0x5555588c92b0, second = 146}, {first = 0x5555588c9440, second = 146}, {
    first = 0x5555588c95d0, second = 146}, {first = 0x5555588c9760, second = 146}, {first = 0x5555588c98f0, second ...

Read more...

Dino Ghilardi (dino-ghilardi) wrote :

I'v never used Valgrind before... I'm going to install it...

KiCad Janitor (kicad-janitor) wrote :

Fixed in revision 83b2332f1f00dca6cfc14358379d51c917c0ef36
https://git.launchpad.net/kicad/patch/?id=83b2332f1f00dca6cfc14358379d51c917c0ef36

Changed in kicad:
status: Triaged → Fix Committed
assignee: nobody → Seth Hillbrand (sethh)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers