Crash in subsurf_ccg.c ccgdm_getVertCos (possibly due to improper use of GET_INT_FROM_POINTER) #42748

Closed
opened 2014-11-28 08:18:23 +01:00 by Greg · 23 comments

I've been seeing this crash bug on my machine for a few months, repro steps are unstable and usually involve me picking up one bone on my an armature attached to my mesh then wildly moving the mouse for minutes. Given the un-usable repro steps, I decided to pull down tip blender source (as of yesterday) to get a full callstack. Hopefully the detailed callstack will prove more helpful than the repro steps.

As mentioned in the title, all the crashes I've seen occur in ccgdm_getVertCos, either in the last loop or second-to-last loop in the file. The crashes all seem to be related to vertMap2 containing invalid data; I thought I could get away with adding nullguards for the return value of ccgSubSurf_getEdgeData and the contents of vertMap2[index], but most recently I've gotten a crash due to vertMap2 containing a non-null invalid pointer. Here is some more details for the application state on that referenced crash (which occurred in the final loop in the referenced function):

totvert = 146
index = 2
vertMap2[index] = 0x0000000500000004 {next=??? vHDL=??? numEdges=??? ...}

and the first few entries in vertMap2:

  • vertMap2,146 0x000000001eb9aa58 {0x000000001cea91e0 {next=0x000000001ceaad48 {next=0x0000000000000000 vHDL=...} ...}, ...} CCGVert *[146]
  •   - [x]	0x000000001cea91e0 {next=0x000000001ceaad48 {next=0x0000000000000000 <NULL> vHDL=0x0000000000000043 ...} ...}	CCGVert *
    
  •   - [x]	0x000000001cea9240 {next=0x000000001ceaada8 {next=0x0000000000000000 <NULL> vHDL=0x0000000000000044 ...} ...}	CCGVert *
    
  •   - [x]	0x0000000500000004 {next=??? vHDL=??? numEdges=??? ...}	CCGVert *
    
  •   - [x]	0x0000000700000006 {next=??? vHDL=??? numEdges=??? ...}	CCGVert *
    
  •   - [x]	0x0000000900000008 {next=??? vHDL=??? numEdges=??? ...}	CCGVert *
    
  •   - [x]	0x0000000b0000000a {next=??? vHDL=??? numEdges=??? ...}	CCGVert *
    
  •   - [x]	0x0000000d0000000c {next=??? vHDL=??? numEdges=??? ...}	CCGVert *
    
  •   - [x]	0x0000000f0000000e {next=??? vHDL=??? numEdges=??? ...}	CCGVert *
    
  •   - [x]	0x0000001100000010 {next=??? vHDL=??? numEdges=??? ...}	CCGVert *
    
  •   - [x]	0x0000001300000012 {next=??? vHDL=??? numEdges=??? ...}	CCGVert *
    
  •   [10]	0x0000001500000014 {next=??? vHDL=??? numEdges=??? ...}	CCGVert *
    
  •   [11]	0x0000001700000016 {next=??? vHDL=??? numEdges=??? ...}	CCGVert *
    

I can't really make heads or tails of this code but in general casting an arbitrary pointer to an int seems like a very bad idea, which the comments next to the GET_INT_FROM_POINTER macro seem to agree with

I've been seeing this crash bug on my machine for a few months, repro steps are unstable and usually involve me picking up one bone on my an armature attached to my mesh then wildly moving the mouse for minutes. Given the un-usable repro steps, I decided to pull down tip blender source (as of yesterday) to get a full callstack. Hopefully the detailed callstack will prove more helpful than the repro steps. As mentioned in the title, all the crashes I've seen occur in ccgdm_getVertCos, either in the last loop or second-to-last loop in the file. The crashes all seem to be related to vertMap2 containing invalid data; I thought I could get away with adding nullguards for the return value of ccgSubSurf_getEdgeData and the contents of vertMap2[index], but most recently I've gotten a crash due to vertMap2 containing a non-null invalid pointer. Here is some more details for the application state on that referenced crash (which occurred in the final loop in the referenced function): totvert = 146 index = 2 vertMap2[index] = 0x0000000500000004 {next=??? vHDL=??? numEdges=??? ...} and the first few entries in vertMap2: - vertMap2,146 0x000000001eb9aa58 {0x000000001cea91e0 {next=0x000000001ceaad48 {next=0x0000000000000000 <NULL> vHDL=...} ...}, ...} CCGVert *[146] + - [x] 0x000000001cea91e0 {next=0x000000001ceaad48 {next=0x0000000000000000 <NULL> vHDL=0x0000000000000043 ...} ...} CCGVert * + - [x] 0x000000001cea9240 {next=0x000000001ceaada8 {next=0x0000000000000000 <NULL> vHDL=0x0000000000000044 ...} ...} CCGVert * + - [x] 0x0000000500000004 {next=??? vHDL=??? numEdges=??? ...} CCGVert * + - [x] 0x0000000700000006 {next=??? vHDL=??? numEdges=??? ...} CCGVert * + - [x] 0x0000000900000008 {next=??? vHDL=??? numEdges=??? ...} CCGVert * + - [x] 0x0000000b0000000a {next=??? vHDL=??? numEdges=??? ...} CCGVert * + - [x] 0x0000000d0000000c {next=??? vHDL=??? numEdges=??? ...} CCGVert * + - [x] 0x0000000f0000000e {next=??? vHDL=??? numEdges=??? ...} CCGVert * + - [x] 0x0000001100000010 {next=??? vHDL=??? numEdges=??? ...} CCGVert * + - [x] 0x0000001300000012 {next=??? vHDL=??? numEdges=??? ...} CCGVert * + [10] 0x0000001500000014 {next=??? vHDL=??? numEdges=??? ...} CCGVert * + [11] 0x0000001700000016 {next=??? vHDL=??? numEdges=??? ...} CCGVert * I can't really make heads or tails of this code but in general casting an arbitrary pointer to an int seems like a very bad idea, which the comments next to the GET_INT_FROM_POINTER macro seem to agree with
Author

Changed status to: 'Open'

Changed status to: 'Open'
Author

Added subscriber: @pyro789x

Added subscriber: @pyro789x
Author

I did not attach the callstack because I am dumb. Here it is:

blender-app.exe!ccgdm_getVertCos(DerivedMesh * dm, float- [x] * cos) Line 1498 C

blender-app.exe!meshdeformModifier_do(ModifierData * md, Object * ob, DerivedMesh * dm, float- [x] * vertexCos, int numVerts) Line 372	C
blender-app.exe!deformVerts(ModifierData * md, Object * ob, DerivedMesh * derivedData, float- [x] * vertexCos, int numVerts, ModifierApplyFlag UNUSED_flag) Line 424	C
blender-app.exe!mesh_calc_modifiers(Scene * scene, Object * ob, float- [x] * inputVertexCos, DerivedMesh * * deform_r, DerivedMesh * * final_r, int useRenderParams, int useDeform, int needMapping, unsigned __int64 dataMask, int index, int useCache, int build_shapekey_layers) Line 1577	C
blender-app.exe!mesh_build_data(Scene * scene, Object * ob, unsigned __int64 dataMask, int build_shapekey_layers) Line 2281	C
blender-app.exe!makeDerivedMesh(Scene * scene, Object * ob, BMEditMesh * em, unsigned __int64 dataMask, int build_shapekey_layers) Line 2352	C
blender-app.exe!BKE_object_handle_update_ex(EvaluationContext * eval_ctx, Scene * scene, Object * ob, RigidBodyWorld * rbw, const bool do_proxy_update) Line 3047	C
blender-app.exe!scene_update_object_func(TaskPool * pool, void * taskdata, int threadid) Line 1411	C
blender-app.exe!task_scheduler_thread_run(void * thread_p) Line 162	C
I did not attach the callstack because I am dumb. Here it is: > blender-app.exe!ccgdm_getVertCos(DerivedMesh * dm, float- [x] * cos) Line 1498 C blender-app.exe!meshdeformModifier_do(ModifierData * md, Object * ob, DerivedMesh * dm, float- [x] * vertexCos, int numVerts) Line 372 C blender-app.exe!deformVerts(ModifierData * md, Object * ob, DerivedMesh * derivedData, float- [x] * vertexCos, int numVerts, ModifierApplyFlag UNUSED_flag) Line 424 C blender-app.exe!mesh_calc_modifiers(Scene * scene, Object * ob, float- [x] * inputVertexCos, DerivedMesh * * deform_r, DerivedMesh * * final_r, int useRenderParams, int useDeform, int needMapping, unsigned __int64 dataMask, int index, int useCache, int build_shapekey_layers) Line 1577 C blender-app.exe!mesh_build_data(Scene * scene, Object * ob, unsigned __int64 dataMask, int build_shapekey_layers) Line 2281 C blender-app.exe!makeDerivedMesh(Scene * scene, Object * ob, BMEditMesh * em, unsigned __int64 dataMask, int build_shapekey_layers) Line 2352 C blender-app.exe!BKE_object_handle_update_ex(EvaluationContext * eval_ctx, Scene * scene, Object * ob, RigidBodyWorld * rbw, const bool do_proxy_update) Line 3047 C blender-app.exe!scene_update_object_func(TaskPool * pool, void * taskdata, int threadid) Line 1411 C blender-app.exe!task_scheduler_thread_run(void * thread_p) Line 162 C

Added subscriber: @mont29

Added subscriber: @mont29

Thanks for the report and investigation, but unfortunately I doubt we can do much with those data so far. The fact that it happens randomly (and after some long time, several minutes of moving mouse is very from a program pov).

Such random issue can be caused either by a threading issue, or some hardware problem, usually. Checking threading is easy: please start Blender with -t 1 commandline option, and see whether you can reproduce the bug.

Otherwise, we’ll need a .blend file with as precise as possible repro instructions.

Note that get/set int in pointer is widely used across our whole code base, it’s very unlikely to be the issue here.

Thanks for the report and investigation, but unfortunately I doubt we can do much with those data so far. The fact that it happens randomly (and after some long time, several minutes of moving mouse is **very** from a program pov). Such random issue can be caused either by a threading issue, or some hardware problem, usually. Checking threading is easy: please start Blender with `-t 1` commandline option, and see whether you can reproduce the bug. Otherwise, we’ll need a .blend file with as precise as possible repro instructions. Note that get/set int in pointer is widely used across our whole code base, it’s very unlikely to be the issue here.
Author

Your hunch appears to be correct, I cannot reproduce the crash when I start blender with the '-t 1' command line argument.

I would like to upload my .blend file, but the file size of 7,924KB compressed (42,664KB uncompressed) seems to be larger than the limit set by this site. What is the standard location for uploading .blend files?

Regarding the current file size, I think I've removed as much as I could from the .blend file without negatively affecting the repro rate. Removing certain textures, meshes or bones increases the amount of time required to reproduce the issue. WIth the 42MB file I can reproduce the issue by grabbing ('G') the 'torso' bone and moving the mouse around for 3 to 15 seconds.

Your hunch appears to be correct, I cannot reproduce the crash when I start blender with the '-t 1' command line argument. I would like to upload my .blend file, but the file size of 7,924KB compressed (42,664KB uncompressed) seems to be larger than the limit set by this site. What is the standard location for uploading .blend files? Regarding the current file size, I think I've removed as much as I could from the .blend file without negatively affecting the repro rate. Removing certain textures, meshes or bones increases the amount of time required to reproduce the issue. WIth the 42MB file I can reproduce the issue by grabbing ('G') the 'torso' bone and moving the mouse around for 3 to 15 seconds.

eeeeh, sorry for not answering sooner, you can just use another host for the file, like google doc, dropbox, and such.

eeeeh, sorry for not answering sooner, you can just use another host for the file, like google doc, dropbox, and such.
Author
Here it is: https://www.dropbox.com/s/27awfdcuy65m4s0/crash-2s.7z?dl=0 Thanks for the response

Thanks for the file, can easily confirm the crash here (thread using some mem already freed by another thread...).

Thanks for the file, can easily confirm the crash here (thread using some mem already freed by another thread...).
Bastien Montagne self-assigned this 2014-12-07 17:09:49 +01:00

Added subscriber: @Sergey

Added subscriber: @Sergey

So... As far as I can say, meshdeform modifier ends up using a derivedFinal DM from its target that gets freed in the mean time. At least, that what I guess from sanitize messages below:

P173: #42748

read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
ASAN:SIGSEGV
ASAN:SIGSEGV
=================================================================
==4268==AddressSanitizer: while reporting a bug found another one.Ignoring.
==4268==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000003c45695 sp 0x7fffb8d74400 bp 0x7fffb8d74410 T0)
    #0 0x3c45694 in ccgSubSurf_getFaceFaceHandle /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2981
    #1 0x41c4714 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1463
    #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
    #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
    #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
    #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
    #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
    #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
    #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
    #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
    #10 0x4980e27 in BLI_task_pool_work_and_wait /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:398
    #11 0x410fc78 in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1554
    #12 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
    #13 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
    #14 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
    #15 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
    #16 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
    #17 0x7f88ab5e7b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #18 0x2120eee (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x2120eee)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2981 ccgSubSurf_getFaceFaceHandle
==4268==ABORTING




read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
ASAN:SIGSEGV
ASAN:SIGSEGV
=================================================================
==4294==AddressSanitizer: while reporting a bug found another one.Ignoring.
==4294==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000041b92a8 sp 0x7fff38ba89f0 bp 0x7fff38ba8a00 T0)
    #0 0x41b92a7 in copy_v3_v3 /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
    #1 0x41c4b1c in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1500
    #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
    #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
    #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
    #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
    #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
    #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
    #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
    #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
    #10 0x4980e27 in BLI_task_pool_work_and_wait /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:398
    #11 0x410fc78 in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1554
    #12 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
    #13 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
    #14 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
    #15 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
    #16 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
    #17 0x7fbd484ebb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #18 0x2120eee (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x2120eee)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 copy_v3_v3
==4294==ABORTING



read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
ASAN:SIGSEGV
ASAN:SIGSEGV
=================================================================
==4321==AddressSanitizer: while reporting a bug found another one.Ignoring.
==4321==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000003c45b24 sp 0x7fecf0855120 bp 0x7fecf0855130 #14)
    #0 0x3c45b23 in ccgSubSurf_getFaceNumVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000
    #1 0x41c47d7 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1470
    #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
    #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
    #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
    #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
    #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
    #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
    #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
    #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
    #10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
    #11 0x7fed139f50a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
    #12 0x7fed0fa75ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000 ccgSubSurf_getFaceNumVerts
Thread #14 created by T0 here:
    #0 0x7fed159e4bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
    #1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208
    #2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173
    #3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520
    #4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
    #5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
    #6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
    #7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
    #8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
    #9 0x7fed0f9b1b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

==4321==ABORTING



read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
ASAN:SIGSEGV
=================================================================
==4593==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000003c44a2c sp 0x7f17e91b0120 bp 0x7f17e91b0130 #18)
    #0 0x3c44a2b in ccgSubSurf_getVertVertHandle /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2857
    #1 0x41c4539 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1445
    #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
    #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
    #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
    #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
    #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
    #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
    #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
    #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
    #10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
    #11 0x7f18213720a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
    #12 0x7f181d3f2ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2857 ccgSubSurf_getVertVertHandle
Thread #18 created by T0 here:
    #0 0x7f182330cbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
    #1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208
    #2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173
    #3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520
    #4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
    #5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
    #6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
    #7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
    #8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
    #9 0x7f181d32eb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

==4593==ABORTING



read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
ASAN:SIGSEGV
ASAN:SIGSEGV
==4639==AddressSanitizer: while reporting a bug found another one.Ignoring.
=================================================================
==4639==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000041b92a8 sp 0x7f1db0ae4120 bp 0x7f1db0ae4130 #15)
    #0 0x41b92a7 in copy_v3_v3 /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
    #1 0x41c4b1c in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1500
    #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
    #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
    #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
    #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
    #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
    #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
    #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
    #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
    #10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
    #11 0x7f1dca6e60a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
    #12 0x7f1dc6766ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 copy_v3_v3
Thread #15 created by T0 here:
    #0 0x7f1dcc680bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
    #1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208
    #2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173
    #3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520
    #4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
    #5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
    #6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
    #7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
    #8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
    #9 0x7f1dc66a2b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

==4639==ABORTING



read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
ASAN:SIGSEGV
=================================================================
ASAN:SIGSEGV
==5216==AddressSanitizer: while reporting a bug found another one.Ignoring.
==5216==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000003c45b24 sp 0x7fbc863fb120 bp 0x7fbc863fb130 #19)
    #0 0x3c45b23 in ccgSubSurf_getFaceNumVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000
    #1 0x41c47d7 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1470
    #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
    #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
    #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
    #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
    #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
    #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
    #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
    #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
    #10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
    #11 0x7fbcbf1040a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
    #12 0x7fbcbb184ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000 ccgSubSurf_getFaceNumVerts
Thread #19 created by T0 here:
    #0 0x7fbcc109ebba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
    #1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208
    #2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173
    #3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520
    #4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
    #5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
    #6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
    #7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
    #8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
    #9 0x7fbcbb0c0b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

==5216==ABORTING

Note I also got one much more interesting once (saying 'thread A using mem freed by thread B', but unfortunately I could never reproduce it.

Also, the bug itself is very evanescent, sometimes you can get it five times in a row, and then you have to try ten times or more before you can reproduce it again. :/

Sergey, I really need your help here, I would think that kind of thing is not supposed to happen ever?

So... As far as I can say, meshdeform modifier ends up using a derivedFinal DM from its target that gets freed in the mean time. At least, that what I guess from sanitize messages below: [P173: #42748](https://archive.blender.org/developer/P173.txt) ``` read blend: /home/i74700deb64/Téléchargements/crash-2s.blend ASAN:SIGSEGV ASAN:SIGSEGV ================================================================= ==4268==AddressSanitizer: while reporting a bug found another one.Ignoring. ==4268==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000003c45695 sp 0x7fffb8d74400 bp 0x7fffb8d74410 T0) #0 0x3c45694 in ccgSubSurf_getFaceFaceHandle /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2981 #1 0x41c4714 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1463 #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369 #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420 #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774 #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568 #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275 #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348 #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045 #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408 #10 0x4980e27 in BLI_task_pool_work_and_wait /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:398 #11 0x410fc78 in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1554 #12 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595 #13 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682 #14 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377 #15 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492 #16 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725 #17 0x7f88ab5e7b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) #18 0x2120eee (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x2120eee) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2981 ccgSubSurf_getFaceFaceHandle ==4268==ABORTING read blend: /home/i74700deb64/Téléchargements/crash-2s.blend ASAN:SIGSEGV ASAN:SIGSEGV ================================================================= ==4294==AddressSanitizer: while reporting a bug found another one.Ignoring. ==4294==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000041b92a8 sp 0x7fff38ba89f0 bp 0x7fff38ba8a00 T0) #0 0x41b92a7 in copy_v3_v3 /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 #1 0x41c4b1c in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1500 #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369 #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420 #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774 #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568 #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275 #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348 #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045 #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408 #10 0x4980e27 in BLI_task_pool_work_and_wait /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:398 #11 0x410fc78 in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1554 #12 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595 #13 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682 #14 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377 #15 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492 #16 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725 #17 0x7fbd484ebb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) #18 0x2120eee (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x2120eee) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 copy_v3_v3 ==4294==ABORTING read blend: /home/i74700deb64/Téléchargements/crash-2s.blend ASAN:SIGSEGV ASAN:SIGSEGV ================================================================= ==4321==AddressSanitizer: while reporting a bug found another one.Ignoring. ==4321==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000003c45b24 sp 0x7fecf0855120 bp 0x7fecf0855130 #14) #0 0x3c45b23 in ccgSubSurf_getFaceNumVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000 #1 0x41c47d7 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1470 #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369 #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420 #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774 #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568 #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275 #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348 #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045 #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408 #10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161 #11 0x7fed139f50a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3) #12 0x7fed0fa75ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000 ccgSubSurf_getFaceNumVerts Thread #14 created by T0 here: #0 0x7fed159e4bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208 #2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173 #3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520 #4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595 #5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682 #6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377 #7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492 #8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725 #9 0x7fed0f9b1b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) ==4321==ABORTING read blend: /home/i74700deb64/Téléchargements/crash-2s.blend ASAN:SIGSEGV ================================================================= ==4593==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000003c44a2c sp 0x7f17e91b0120 bp 0x7f17e91b0130 #18) #0 0x3c44a2b in ccgSubSurf_getVertVertHandle /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2857 #1 0x41c4539 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1445 #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369 #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420 #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774 #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568 #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275 #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348 #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045 #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408 #10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161 #11 0x7f18213720a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3) #12 0x7f181d3f2ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2857 ccgSubSurf_getVertVertHandle Thread #18 created by T0 here: #0 0x7f182330cbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208 #2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173 #3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520 #4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595 #5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682 #6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377 #7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492 #8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725 #9 0x7f181d32eb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) ==4593==ABORTING read blend: /home/i74700deb64/Téléchargements/crash-2s.blend ASAN:SIGSEGV ASAN:SIGSEGV ==4639==AddressSanitizer: while reporting a bug found another one.Ignoring. ================================================================= ==4639==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000041b92a8 sp 0x7f1db0ae4120 bp 0x7f1db0ae4130 #15) #0 0x41b92a7 in copy_v3_v3 /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 #1 0x41c4b1c in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1500 #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369 #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420 #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774 #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568 #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275 #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348 #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045 #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408 #10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161 #11 0x7f1dca6e60a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3) #12 0x7f1dc6766ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 copy_v3_v3 Thread #15 created by T0 here: #0 0x7f1dcc680bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208 #2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173 #3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520 #4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595 #5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682 #6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377 #7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492 #8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725 #9 0x7f1dc66a2b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) ==4639==ABORTING read blend: /home/i74700deb64/Téléchargements/crash-2s.blend ASAN:SIGSEGV ================================================================= ASAN:SIGSEGV ==5216==AddressSanitizer: while reporting a bug found another one.Ignoring. ==5216==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000003c45b24 sp 0x7fbc863fb120 bp 0x7fbc863fb130 #19) #0 0x3c45b23 in ccgSubSurf_getFaceNumVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000 #1 0x41c47d7 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1470 #2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369 #3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420 #4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774 #5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568 #6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275 #7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348 #8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045 #9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408 #10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161 #11 0x7fbcbf1040a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3) #12 0x7fbcbb184ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000 ccgSubSurf_getFaceNumVerts Thread #19 created by T0 here: #0 0x7fbcc109ebba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208 #2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173 #3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520 #4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595 #5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682 #6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377 #7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492 #8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725 #9 0x7fbcbb0c0b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) ==5216==ABORTING ``` Note I also got one much more interesting once (saying 'thread A using mem freed by thread B', but unfortunately I could never reproduce it. Also, the bug itself is very evanescent, sometimes you can get it five times in a row, and then you have to try ten times or more before you can reproduce it again. :/ Sergey, I really need your help here, I would think that kind of thing is not supposed to happen ever?

@mont29, i'm not sure how to reproduce the crash. I don't even see asan reports here.

Could see three possibilities:

  • ccgdm_getVertCos does something thread-unsafe and being called from multiple threads
  • dependencies are not correct, so two objects which has a dependency between them being scheduled at the same time
  • somebody calls mesh_get_derived_final which forces subsurf to re-evaluate.

You should be able to run blender in gdb and once it'll crash type thread apply all bt. That would give some extra info.

@mont29, i'm not sure how to reproduce the crash. I don't even see asan reports here. Could see three possibilities: - ccgdm_getVertCos does something thread-unsafe and being called from multiple threads - dependencies are not correct, so two objects which has a dependency between them being scheduled at the same time - somebody calls mesh_get_derived_final which forces subsurf to re-evaluate. You should be able to run blender in gdb and once it'll crash type `thread apply all bt`. That would give some extra info.

OK, thanks for the tips. So, following gdb session (very hard to get it crashing in debugger :( ) indeed seems to imply ccgdm_getVertCos is not threadsafe. More precisely, It seems CCG iterators are not.

P174: #42748

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffbac94700 (LWP 6231)]
0x00000000041b92a8 in copy_v3_v3 (r=0x6240003827e0, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
66		r- [x] = a[0];
(gdb) thread apply all bt

Thread 23 (Thread 0x7fffc6eb1700 (LWP 6233)):
#0  0x00007ffff0fe053d in nanosleep () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffff1008654 in usleep (useconds=<optimized out>) at ../sysdeps/unix/sysv/linux/usleep.c:32
#2  0x0000000005422389 in AUD_OpenALDevice::updateStreams (this=0x6100000efd40) at /home/i74700deb64/blender/__work__/src/intern/audaspace/OpenAL/AUD_OpenALDevice.cpp:1040
#3  0x0000000005420d02 in AUD_openalRunThread (device=0x6100000efd40) at /home/i74700deb64/blender/__work__/src/intern/audaspace/OpenAL/AUD_OpenALDevice.cpp:858
#4  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffc6eb1700) at pthread_create.c:309
#5  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 22 (Thread 0x7fffbac94700 (LWP 6231)):
#0  0x00000000041b92a8 in copy_v3_v3 (r=0x6240003827e0, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
#1  0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x624000382108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494
#2  0x000000000359db67 in meshdeformModifier_do (md=0x613000144888, ob=0x61b000212488, dm=0x61c000119888, vertexCos=0x6330008f8808, numVerts=8171)
    at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
#3  0x000000000359e116 in deformVerts (md=0x613000144888, ob=0x61b000212488, derivedData=0x0, vertexCos=0x6330008f8808, numVerts=8171, UNUSED_flag=MOD_APPLY_USECACHE)
    at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
#4  0x0000000003fa387f in modwrap_deformVerts (md=0x613000144888, ob=0x61b000212488, dm=0x0, vertexCos=0x6330008f8808, numVerts=8171, flag=MOD_APPLY_USECACHE)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
#5  0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000212488, inputVertexCos=0x0, deform_r=0x61b000212990, final_r=0x61b000212998, useRenderParams=0, useDeform=1, needMapping=0, 
    dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
#6  0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000212488, dataMask=637534233, build_shapekey_layers=0)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
#7  0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000212488, em=0x0, dataMask=637534233, build_shapekey_layers=0)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
#8  0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000212488, rbw=0x0, do_proxy_update=false)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
#9  0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217848, threadid=7) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
#10 0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167568) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
#11 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbac94700) at pthread_create.c:309
#12 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 21 (Thread 0x7fffbb79b700 (LWP 6230)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1
#2  0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606
#3  0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbb79ad30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116
#4  0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167558) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157
#5  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbb79b700) at pthread_create.c:309
#6  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 20 (Thread 0x7fffbc2a2700 (LWP 6229)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1
#2  0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606
#3  0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbc2a1d30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116
#4  0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167548) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157
#5  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbc2a2700) at pthread_create.c:309
#6  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 19 (Thread 0x7fffbcda9700 (LWP 6228)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1
#2  0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606
#3  0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbcda8d30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116
#4  0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167538) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157
#5  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbcda9700) at pthread_create.c:309
#6  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 18 (Thread 0x7fffbd5aa700 (LWP 6227)):
#0  0x0000000003cac56c in armature_deform_verts (armOb=0x61b000211688, target=0x61b000210f88, dm=0x0, vertexCos=0x6020001d5bd8, defMats=0x0, numVerts=0, deformflag=23, prevCos=0x0, 
    defgrp_name=0x6110008babd0 "Sub-s") at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/armature.c:1069
#1  0x00000000035b07f5 in deformVerts (md=0x6110008bab48, ob=0x61b000210f88, derivedData=0x0, vertexCos=0x6020001d5bd8, numVerts=0, UNUSED_flag=MOD_APPLY_USECACHE)
    at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_armature.c:127
#2  0x0000000003fa387f in modwrap_deformVerts (md=0x6110008bab48, ob=0x61b000210f88, dm=0x0, vertexCos=0x6020001d5bd8, numVerts=0, flag=MOD_APPLY_USECACHE)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
#3  0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000210f88, inputVertexCos=0x0, deform_r=0x61b000211490, final_r=0x61b000211498, useRenderParams=0, useDeform=1, needMapping=0, 
    dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
#4  0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000210f88, dataMask=637534233, build_shapekey_layers=0)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
#5  0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000210f88, em=0x0, dataMask=637534233, build_shapekey_layers=0)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
#6  0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000210f88, rbw=0x0, do_proxy_update=false)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
#7  0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217788, threadid=3) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
#8  0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167528) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
#9  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbd5aa700) at pthread_create.c:309
#10 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 17 (Thread 0x7fffbddab700 (LWP 6226)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1
#2  0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606
#3  0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbddaad30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116
#4  0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167518) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157
#5  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbddab700) at pthread_create.c:309
#6  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 16 (Thread 0x7fffdb1ac700 (LWP 6225)):
#0  0x00000000041b92a8 in copy_v3_v3 (r=0x6240003e87c8, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
#1  0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x6240003e8108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494
#2  0x000000000359db67 in meshdeformModifier_do (md=0x6130001446c8, ob=0x61b000211d88, dm=0x61c000146888, vertexCos=0x634000000808, numVerts=10625)
    at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
#3  0x000000000359e116 in deformVerts (md=0x6130001446c8, ob=0x61b000211d88, derivedData=0x0, vertexCos=0x634000000808, numVerts=10625, UNUSED_flag=MOD_APPLY_USECACHE)
    at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
#4  0x0000000003fa387f in modwrap_deformVerts (md=0x6130001446c8, ob=0x61b000211d88, dm=0x0, vertexCos=0x634000000808, numVerts=10625, flag=MOD_APPLY_USECACHE)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
#5  0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000211d88, inputVertexCos=0x0, deform_r=0x61b000212290, final_r=0x61b000212298, useRenderParams=0, useDeform=1, needMapping=0, 
    dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
#6  0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000211d88, dataMask=637534233, build_shapekey_layers=0)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
#7  0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000211d88, em=0x0, dataMask=637534233, build_shapekey_layers=0)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
#8  0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000211d88, rbw=0x0, do_proxy_update=false)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
#9  0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217908, threadid=1) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
#10 0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167508) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
#11 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffdb1ac700) at pthread_create.c:309
#12 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 15 (Thread 0x7fffc3f00700 (LWP 6224)):
#0  sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
#1  0x00007ffff6a79dda in ?? () from /usr/lib/x86_64-linux-gnu/primus/libGL.so.1
#2  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffc3f00700) at pthread_create.c:309
#3  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 14 (Thread 0x7fffd498e700 (LWP 6223)):
#0  sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
#1  0x00007ffff6a78e22 in ?? () from /usr/lib/x86_64-linux-gnu/primus/libGL.so.1
#2  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffd498e700) at pthread_create.c:309
#3  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 12 (Thread 0x7fffdb790700 (LWP 6221)):
#0  0x00007ffff4f9518d in nanosleep () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffff5866328 in ?? () from /usr/lib/x86_64-linux-gnu/libopenal.so.1
#2  0x00007ffff5871ce3 in ?? () from /usr/lib/x86_64-linux-gnu/libopenal.so.1

#3  0x00007ffff58659da in ?? () from /usr/lib/x86_64-linux-gnu/libopenal.so.1
#4  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffdb790700) at pthread_create.c:309
#5  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 11 (Thread 0x7fffdc29e700 (LWP 6220)):
#0  0x00007ffff100618d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffff6f2a54a in poll () from /usr/lib/x86_64-linux-gnu/libasan.so.1
#2  0x00007fffef579cc1 in ?? () from /usr/lib/x86_64-linux-gnu/libpulse.so.0
#3  0x00007fffef56b2a1 in pa_mainloop_poll () from /usr/lib/x86_64-linux-gnu/libpulse.so.0
#4  0x00007fffef56b93e in pa_mainloop_iterate () from /usr/lib/x86_64-linux-gnu/libpulse.so.0
#5  0x00007fffef56b9f0 in pa_mainloop_run () from /usr/lib/x86_64-linux-gnu/libpulse.so.0
#6  0x00007fffef579c56 in ?? () from /usr/lib/x86_64-linux-gnu/libpulse.so.0
#7  0x00007fffeb653a98 in ?? () from /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-5.0.so
#8  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffdc29e700) at pthread_create.c:309
#9  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 9 (Thread 0x7fffcb6b3700 (LWP 6218)):
#0  sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
#1  0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#2  0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#3  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcb6b3700) at pthread_create.c:309
#4  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 8 (Thread 0x7fffcc1ba700 (LWP 6217)):
#0  sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
#1  0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#2  0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#3  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcc1ba700) at pthread_create.c:309
#4  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 7 (Thread 0x7fffcccc1700 (LWP 6216)):
#0  sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
#1  0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#2  0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#3  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcccc1700) at pthread_create.c:309
#4  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 6 (Thread 0x7fffcd7c8700 (LWP 6215)):
#0  sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
#1  0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#2  0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#3  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcd7c8700) at pthread_create.c:309
#4  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 5 (Thread 0x7fffce2cf700 (LWP 6214)):
#0  sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
#1  0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#2  0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#3  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffce2cf700) at pthread_create.c:309
#4  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 4 (Thread 0x7fffcedd6700 (LWP 6213)):
#0  sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
#1  0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#2  0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#3  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcedd6700) at pthread_create.c:309
#4  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 3 (Thread 0x7fffcf8dd700 (LWP 6212)):
#0  sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
#1  0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#2  0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#3  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcf8dd700) at pthread_create.c:309
#4  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 2 (Thread 0x7fffd03e4700 (LWP 6211)):
#0  sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
#1  0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#2  0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
#3  0x00007ffff4f8e0a4 in start_thread (arg=0x7fffd03e4700) at pthread_create.c:309
#4  0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 1 (Thread 0x7ffff7fa68c0 (LWP 6207)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1
#2  0x0000000004982ee9 in BLI_condition_wait (cond=0x610000128198, mutex=0x610000128170) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606
#3  0x0000000004980f7e in BLI_task_pool_work_and_wait (pool=0x610000128148) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:414
#4  0x000000000410fc79 in scene_update_objects (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, scene=0x6220000b2908, scene_parent=0x6220000b2908)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1554
#5  0x000000000410fe8b in scene_update_tagged_recursive (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, scene=0x6220000b2908, scene_parent=0x6220000b2908)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
#6  0x0000000004110b35 in BKE_scene_update_for_newframe_ex (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, sce=0x6220000b2908, lay=1, do_invisible_flush=false)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1806
#7  0x00000000041108f3 in BKE_scene_update_for_newframe (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, sce=0x6220000b2908, lay=1)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1738
#8  0x0000000002e17fd1 in ED_update_for_newframe (bmain=0x61c0000ad088, scene=0x6220000b2908, UNUSED_mute=1) at /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/screen_edit.c:2078
#9  0x0000000002e2d795 in screen_animation_step (C=0x60b000053b88, UNUSED_op=0x60f00000dd88, event=0x60c000171288) at /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/screen_ops.c:3473
#10 0x000000000213cdc3 in wm_operator_invoke (C=0x60b000053b88, ot=0x610000088848, event=0x60c000171288, properties=0x603000296bf8, reports=0x0, poll_only=false)
    at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1036
#11 0x000000000214021d in wm_handler_operator_call (C=0x60b000053b88, handlers=0x6120002b5710, handler=0x60d000371a18, event=0x60c000171288, properties=0x603000296bf8)
    at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1637
#12 0x0000000002141891 in wm_handlers_do_intern (C=0x60b000053b88, event=0x60c000171288, handlers=0x6120002b5710)
    at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1904
#13 0x00000000021420da in wm_handlers_do (C=0x60b000053b88, event=0x60c000171288, handlers=0x6120002b5710) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2013
#14 0x0000000002144080 in wm_event_do_handlers (C=0x60b000053b88) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2377
#15 0x000000000212841b in WM_main (C=0x60b000053b88) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:489
#16 0x000000000212632b in main (argc=1, argv=0x7fffffffe208) at /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
(gdb) 
(gdb) 
(gdb) bt
#0  0x00000000041b92a8 in copy_v3_v3 (r=0x6240003827e0, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
#1  0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x624000382108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494
#2  0x000000000359db67 in meshdeformModifier_do (md=0x613000144888, ob=0x61b000212488, dm=0x61c000119888, vertexCos=0x6330008f8808, numVerts=8171)
    at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
#3  0x000000000359e116 in deformVerts (md=0x613000144888, ob=0x61b000212488, derivedData=0x0, vertexCos=0x6330008f8808, numVerts=8171, UNUSED_flag=MOD_APPLY_USECACHE)
    at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
#4  0x0000000003fa387f in modwrap_deformVerts (md=0x613000144888, ob=0x61b000212488, dm=0x0, vertexCos=0x6330008f8808, numVerts=8171, flag=MOD_APPLY_USECACHE)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
#5  0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000212488, inputVertexCos=0x0, deform_r=0x61b000212990, final_r=0x61b000212998, useRenderParams=0, useDeform=1, needMapping=0, 
    dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
#6  0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000212488, dataMask=637534233, build_shapekey_layers=0)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
#7  0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000212488, em=0x0, dataMask=637534233, build_shapekey_layers=0)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
#8  0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000212488, rbw=0x0, do_proxy_update=false)
    at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
#9  0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217848, threadid=7) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
#10 0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167568) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
#11 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbac94700) at pthread_create.c:309
#12 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb) up
#1  0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x624000382108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494
1494				copy_v3_v3(cos[i++], ccgSubSurf_getEdgeData(ss, e, x));
(gdb) print e
$1 = (CCGEdge *) 0xbebebebebebebebe
(gdb) print index
$2 = 2
(gdb) print edgeMap2
$3 = (CCGEdge **) 0x61d000804888
(gdb) print edgeMap2[0]
$4 = (CCGEdge *) 0x631000e8c5e0
(gdb) print edgeMap2[1]
$5 = (CCGEdge *) 0x631000e8c6a0
(gdb) print edgeMap2[2]
$6 = (CCGEdge *) 0xbebebebebebebebe
(gdb) print edgeMap2[3]
$7 = (CCGEdge *) 0xbebebebebebebebe
(gdb) print edgeMap2[4]
$8 = (CCGEdge *) 0x631000e8c8f8
(gdb) print edgeMap2[5]
$9 = (CCGEdge *) 0x631000e8c9b8
(gdb) print edgeMap2[6]
$10 = (CCGEdge *) 0x631000e8ca78
(gdb) print edgeMap2[7]
$11 = (CCGEdge *) 0xbebebebebebebebe
(gdb) print edgeMap2[9]
$12 = (CCGEdge *) 0xbebebebebebebebe
(gdb) print edgeMap2[10]
$13 = (CCGEdge *) 0x631000e8cdb0
(gdb) 

And after 'protecting' the iterator crap behind a mutex lock (see patch below), I'm unable to reproduce the crash anymore.

P175: #42748

diff --git a/source/blender/blenkernel/intern/subsurf_ccg.c b/source/blender/blenkernel/intern/subsurf_ccg.c
index 12d7409..5607170 100644
--- a/source/blender/blenkernel/intern/subsurf_ccg.c
+++ b/source/blender/blenkernel/intern/subsurf_ccg.c
@@ -1436,7 +1436,8 @@ static void ccgdm_getVertCos(DerivedMesh *dm, float (*cos)[3])
 	CCGEdge **edgeMap2;
 	CCGVert **vertMap2;
 	int index, totvert, totedge, totface;
-	
+
+	BLI_lock_thread(LOCK_CUSTOM1);
 	totvert = ccgSubSurf_getNumVerts(ss);
 	vertMap2 = MEM_mallocN(totvert * sizeof(*vertMap2), "vertmap");
 	for (vi = ccgSubSurf_getVertIterator(ss); !ccgVertIterator_isStopped(vi); ccgVertIterator_next(vi)) {
@@ -1464,6 +1465,8 @@ static void ccgdm_getVertCos(DerivedMesh *dm, float (*cos)[3])
 	}
 	ccgFaceIterator_free(fi);
 
+	BLI_unlock_thread(LOCK_CUSTOM1);
+
 	i = 0;
 	for (index = 0; index < totface; index++) {
 		CCGFace *f = faceMap2[index];

Now, I do not understand from a first look why CCG iterators would not be thread safe, they seem to use their own counters and everything, and only read common 'shared' data from SS struct?

Because if we have to explicitly thread-protect all uses of those iterators...

OK, thanks for the tips. So, following gdb session (very hard to get it crashing in debugger :( ) indeed seems to imply `ccgdm_getVertCos` is not threadsafe. More precisely, It seems CCG iterators are not. [P174: #42748](https://archive.blender.org/developer/P174.txt) ``` Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffbac94700 (LWP 6231)] 0x00000000041b92a8 in copy_v3_v3 (r=0x6240003827e0, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 66 r- [x] = a[0]; (gdb) thread apply all bt Thread 23 (Thread 0x7fffc6eb1700 (LWP 6233)): #0 0x00007ffff0fe053d in nanosleep () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007ffff1008654 in usleep (useconds=<optimized out>) at ../sysdeps/unix/sysv/linux/usleep.c:32 #2 0x0000000005422389 in AUD_OpenALDevice::updateStreams (this=0x6100000efd40) at /home/i74700deb64/blender/__work__/src/intern/audaspace/OpenAL/AUD_OpenALDevice.cpp:1040 #3 0x0000000005420d02 in AUD_openalRunThread (device=0x6100000efd40) at /home/i74700deb64/blender/__work__/src/intern/audaspace/OpenAL/AUD_OpenALDevice.cpp:858 #4 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffc6eb1700) at pthread_create.c:309 #5 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 22 (Thread 0x7fffbac94700 (LWP 6231)): #0 0x00000000041b92a8 in copy_v3_v3 (r=0x6240003827e0, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 #1 0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x624000382108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494 #2 0x000000000359db67 in meshdeformModifier_do (md=0x613000144888, ob=0x61b000212488, dm=0x61c000119888, vertexCos=0x6330008f8808, numVerts=8171) at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369 #3 0x000000000359e116 in deformVerts (md=0x613000144888, ob=0x61b000212488, derivedData=0x0, vertexCos=0x6330008f8808, numVerts=8171, UNUSED_flag=MOD_APPLY_USECACHE) at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420 #4 0x0000000003fa387f in modwrap_deformVerts (md=0x613000144888, ob=0x61b000212488, dm=0x0, vertexCos=0x6330008f8808, numVerts=8171, flag=MOD_APPLY_USECACHE) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774 #5 0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000212488, inputVertexCos=0x0, deform_r=0x61b000212990, final_r=0x61b000212998, useRenderParams=0, useDeform=1, needMapping=0, dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568 #6 0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000212488, dataMask=637534233, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275 #7 0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000212488, em=0x0, dataMask=637534233, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348 #8 0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000212488, rbw=0x0, do_proxy_update=false) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045 #9 0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217848, threadid=7) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408 #10 0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167568) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161 #11 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbac94700) at pthread_create.c:309 #12 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 21 (Thread 0x7fffbb79b700 (LWP 6230)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1 #2 0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606 #3 0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbb79ad30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116 #4 0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167558) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157 #5 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbb79b700) at pthread_create.c:309 #6 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 20 (Thread 0x7fffbc2a2700 (LWP 6229)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1 #2 0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606 #3 0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbc2a1d30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116 #4 0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167548) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157 #5 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbc2a2700) at pthread_create.c:309 #6 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 19 (Thread 0x7fffbcda9700 (LWP 6228)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1 #2 0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606 #3 0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbcda8d30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116 #4 0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167538) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157 #5 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbcda9700) at pthread_create.c:309 #6 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 18 (Thread 0x7fffbd5aa700 (LWP 6227)): #0 0x0000000003cac56c in armature_deform_verts (armOb=0x61b000211688, target=0x61b000210f88, dm=0x0, vertexCos=0x6020001d5bd8, defMats=0x0, numVerts=0, deformflag=23, prevCos=0x0, defgrp_name=0x6110008babd0 "Sub-s") at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/armature.c:1069 #1 0x00000000035b07f5 in deformVerts (md=0x6110008bab48, ob=0x61b000210f88, derivedData=0x0, vertexCos=0x6020001d5bd8, numVerts=0, UNUSED_flag=MOD_APPLY_USECACHE) at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_armature.c:127 #2 0x0000000003fa387f in modwrap_deformVerts (md=0x6110008bab48, ob=0x61b000210f88, dm=0x0, vertexCos=0x6020001d5bd8, numVerts=0, flag=MOD_APPLY_USECACHE) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774 #3 0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000210f88, inputVertexCos=0x0, deform_r=0x61b000211490, final_r=0x61b000211498, useRenderParams=0, useDeform=1, needMapping=0, dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568 #4 0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000210f88, dataMask=637534233, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275 #5 0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000210f88, em=0x0, dataMask=637534233, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348 #6 0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000210f88, rbw=0x0, do_proxy_update=false) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045 #7 0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217788, threadid=3) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408 #8 0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167528) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161 #9 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbd5aa700) at pthread_create.c:309 #10 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 17 (Thread 0x7fffbddab700 (LWP 6226)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1 #2 0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606 #3 0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbddaad30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116 #4 0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167518) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157 #5 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbddab700) at pthread_create.c:309 #6 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 16 (Thread 0x7fffdb1ac700 (LWP 6225)): #0 0x00000000041b92a8 in copy_v3_v3 (r=0x6240003e87c8, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 #1 0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x6240003e8108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494 #2 0x000000000359db67 in meshdeformModifier_do (md=0x6130001446c8, ob=0x61b000211d88, dm=0x61c000146888, vertexCos=0x634000000808, numVerts=10625) at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369 #3 0x000000000359e116 in deformVerts (md=0x6130001446c8, ob=0x61b000211d88, derivedData=0x0, vertexCos=0x634000000808, numVerts=10625, UNUSED_flag=MOD_APPLY_USECACHE) at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420 #4 0x0000000003fa387f in modwrap_deformVerts (md=0x6130001446c8, ob=0x61b000211d88, dm=0x0, vertexCos=0x634000000808, numVerts=10625, flag=MOD_APPLY_USECACHE) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774 #5 0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000211d88, inputVertexCos=0x0, deform_r=0x61b000212290, final_r=0x61b000212298, useRenderParams=0, useDeform=1, needMapping=0, dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568 #6 0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000211d88, dataMask=637534233, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275 #7 0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000211d88, em=0x0, dataMask=637534233, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348 #8 0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000211d88, rbw=0x0, do_proxy_update=false) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045 #9 0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217908, threadid=1) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408 #10 0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167508) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161 #11 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffdb1ac700) at pthread_create.c:309 #12 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 15 (Thread 0x7fffc3f00700 (LWP 6224)): #0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85 #1 0x00007ffff6a79dda in ?? () from /usr/lib/x86_64-linux-gnu/primus/libGL.so.1 #2 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffc3f00700) at pthread_create.c:309 #3 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 14 (Thread 0x7fffd498e700 (LWP 6223)): #0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85 #1 0x00007ffff6a78e22 in ?? () from /usr/lib/x86_64-linux-gnu/primus/libGL.so.1 #2 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffd498e700) at pthread_create.c:309 #3 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 12 (Thread 0x7fffdb790700 (LWP 6221)): #0 0x00007ffff4f9518d in nanosleep () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007ffff5866328 in ?? () from /usr/lib/x86_64-linux-gnu/libopenal.so.1 #2 0x00007ffff5871ce3 in ?? () from /usr/lib/x86_64-linux-gnu/libopenal.so.1 #3 0x00007ffff58659da in ?? () from /usr/lib/x86_64-linux-gnu/libopenal.so.1 #4 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffdb790700) at pthread_create.c:309 #5 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 11 (Thread 0x7fffdc29e700 (LWP 6220)): #0 0x00007ffff100618d in poll () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007ffff6f2a54a in poll () from /usr/lib/x86_64-linux-gnu/libasan.so.1 #2 0x00007fffef579cc1 in ?? () from /usr/lib/x86_64-linux-gnu/libpulse.so.0 #3 0x00007fffef56b2a1 in pa_mainloop_poll () from /usr/lib/x86_64-linux-gnu/libpulse.so.0 #4 0x00007fffef56b93e in pa_mainloop_iterate () from /usr/lib/x86_64-linux-gnu/libpulse.so.0 #5 0x00007fffef56b9f0 in pa_mainloop_run () from /usr/lib/x86_64-linux-gnu/libpulse.so.0 #6 0x00007fffef579c56 in ?? () from /usr/lib/x86_64-linux-gnu/libpulse.so.0 #7 0x00007fffeb653a98 in ?? () from /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-5.0.so #8 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffdc29e700) at pthread_create.c:309 #9 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 9 (Thread 0x7fffcb6b3700 (LWP 6218)): #0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85 #1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcb6b3700) at pthread_create.c:309 #4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 8 (Thread 0x7fffcc1ba700 (LWP 6217)): #0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85 #1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcc1ba700) at pthread_create.c:309 #4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 7 (Thread 0x7fffcccc1700 (LWP 6216)): #0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85 #1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcccc1700) at pthread_create.c:309 #4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 6 (Thread 0x7fffcd7c8700 (LWP 6215)): #0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85 #1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcd7c8700) at pthread_create.c:309 #4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 5 (Thread 0x7fffce2cf700 (LWP 6214)): #0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85 #1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffce2cf700) at pthread_create.c:309 #4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 4 (Thread 0x7fffcedd6700 (LWP 6213)): #0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85 #1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcedd6700) at pthread_create.c:309 #4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 3 (Thread 0x7fffcf8dd700 (LWP 6212)): #0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85 #1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcf8dd700) at pthread_create.c:309 #4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 2 (Thread 0x7fffd03e4700 (LWP 6211)): #0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85 #1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11 #3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffd03e4700) at pthread_create.c:309 #4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 1 (Thread 0x7ffff7fa68c0 (LWP 6207)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1 #2 0x0000000004982ee9 in BLI_condition_wait (cond=0x610000128198, mutex=0x610000128170) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606 #3 0x0000000004980f7e in BLI_task_pool_work_and_wait (pool=0x610000128148) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:414 #4 0x000000000410fc79 in scene_update_objects (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, scene=0x6220000b2908, scene_parent=0x6220000b2908) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1554 #5 0x000000000410fe8b in scene_update_tagged_recursive (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, scene=0x6220000b2908, scene_parent=0x6220000b2908) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595 #6 0x0000000004110b35 in BKE_scene_update_for_newframe_ex (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, sce=0x6220000b2908, lay=1, do_invisible_flush=false) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1806 #7 0x00000000041108f3 in BKE_scene_update_for_newframe (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, sce=0x6220000b2908, lay=1) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1738 #8 0x0000000002e17fd1 in ED_update_for_newframe (bmain=0x61c0000ad088, scene=0x6220000b2908, UNUSED_mute=1) at /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/screen_edit.c:2078 #9 0x0000000002e2d795 in screen_animation_step (C=0x60b000053b88, UNUSED_op=0x60f00000dd88, event=0x60c000171288) at /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/screen_ops.c:3473 #10 0x000000000213cdc3 in wm_operator_invoke (C=0x60b000053b88, ot=0x610000088848, event=0x60c000171288, properties=0x603000296bf8, reports=0x0, poll_only=false) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1036 #11 0x000000000214021d in wm_handler_operator_call (C=0x60b000053b88, handlers=0x6120002b5710, handler=0x60d000371a18, event=0x60c000171288, properties=0x603000296bf8) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1637 #12 0x0000000002141891 in wm_handlers_do_intern (C=0x60b000053b88, event=0x60c000171288, handlers=0x6120002b5710) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1904 #13 0x00000000021420da in wm_handlers_do (C=0x60b000053b88, event=0x60c000171288, handlers=0x6120002b5710) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2013 #14 0x0000000002144080 in wm_event_do_handlers (C=0x60b000053b88) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2377 #15 0x000000000212841b in WM_main (C=0x60b000053b88) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:489 #16 0x000000000212632b in main (argc=1, argv=0x7fffffffe208) at /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725 (gdb) (gdb) (gdb) bt #0 0x00000000041b92a8 in copy_v3_v3 (r=0x6240003827e0, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 #1 0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x624000382108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494 #2 0x000000000359db67 in meshdeformModifier_do (md=0x613000144888, ob=0x61b000212488, dm=0x61c000119888, vertexCos=0x6330008f8808, numVerts=8171) at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369 #3 0x000000000359e116 in deformVerts (md=0x613000144888, ob=0x61b000212488, derivedData=0x0, vertexCos=0x6330008f8808, numVerts=8171, UNUSED_flag=MOD_APPLY_USECACHE) at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420 #4 0x0000000003fa387f in modwrap_deformVerts (md=0x613000144888, ob=0x61b000212488, dm=0x0, vertexCos=0x6330008f8808, numVerts=8171, flag=MOD_APPLY_USECACHE) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774 #5 0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000212488, inputVertexCos=0x0, deform_r=0x61b000212990, final_r=0x61b000212998, useRenderParams=0, useDeform=1, needMapping=0, dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568 #6 0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000212488, dataMask=637534233, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275 #7 0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000212488, em=0x0, dataMask=637534233, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348 #8 0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000212488, rbw=0x0, do_proxy_update=false) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045 #9 0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217848, threadid=7) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408 #10 0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167568) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161 #11 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbac94700) at pthread_create.c:309 #12 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 (gdb) up #1 0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x624000382108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494 1494 copy_v3_v3(cos[i++], ccgSubSurf_getEdgeData(ss, e, x)); (gdb) print e $1 = (CCGEdge *) 0xbebebebebebebebe (gdb) print index $2 = 2 (gdb) print edgeMap2 $3 = (CCGEdge **) 0x61d000804888 (gdb) print edgeMap2[0] $4 = (CCGEdge *) 0x631000e8c5e0 (gdb) print edgeMap2[1] $5 = (CCGEdge *) 0x631000e8c6a0 (gdb) print edgeMap2[2] $6 = (CCGEdge *) 0xbebebebebebebebe (gdb) print edgeMap2[3] $7 = (CCGEdge *) 0xbebebebebebebebe (gdb) print edgeMap2[4] $8 = (CCGEdge *) 0x631000e8c8f8 (gdb) print edgeMap2[5] $9 = (CCGEdge *) 0x631000e8c9b8 (gdb) print edgeMap2[6] $10 = (CCGEdge *) 0x631000e8ca78 (gdb) print edgeMap2[7] $11 = (CCGEdge *) 0xbebebebebebebebe (gdb) print edgeMap2[9] $12 = (CCGEdge *) 0xbebebebebebebebe (gdb) print edgeMap2[10] $13 = (CCGEdge *) 0x631000e8cdb0 (gdb) ``` And after 'protecting' the iterator crap behind a mutex lock (see patch below), I'm unable to reproduce the crash anymore. [P175: #42748](https://archive.blender.org/developer/P175.txt) ``` diff --git a/source/blender/blenkernel/intern/subsurf_ccg.c b/source/blender/blenkernel/intern/subsurf_ccg.c index 12d7409..5607170 100644 --- a/source/blender/blenkernel/intern/subsurf_ccg.c +++ b/source/blender/blenkernel/intern/subsurf_ccg.c @@ -1436,7 +1436,8 @@ static void ccgdm_getVertCos(DerivedMesh *dm, float (*cos)[3]) CCGEdge **edgeMap2; CCGVert **vertMap2; int index, totvert, totedge, totface; - + + BLI_lock_thread(LOCK_CUSTOM1); totvert = ccgSubSurf_getNumVerts(ss); vertMap2 = MEM_mallocN(totvert * sizeof(*vertMap2), "vertmap"); for (vi = ccgSubSurf_getVertIterator(ss); !ccgVertIterator_isStopped(vi); ccgVertIterator_next(vi)) { @@ -1464,6 +1465,8 @@ static void ccgdm_getVertCos(DerivedMesh *dm, float (*cos)[3]) } ccgFaceIterator_free(fi); + BLI_unlock_thread(LOCK_CUSTOM1); + i = 0; for (index = 0; index < totface; index++) { CCGFace *f = faceMap2[index]; ``` Now, I do not understand from a first look why CCG iterators would not be thread safe, they seem to use their own counters and everything, and only read common 'shared' data from SS struct? Because if we have to explicitly thread-protect all uses of those iterators...

I'd say it's allocation is not thread safe. Couple of ideas:

  • Use spin locks in around the allocation in the CCGSubSurf.c
  • Make memarena safe for threading (maybe as a config flag when creating new arena)
I'd say it's allocation is not thread safe. Couple of ideas: - Use spin locks in around the allocation in the CCGSubSurf.c - Make memarena safe for threading (maybe as a config flag when creating new arena)

Added subscriber: @ideasman42

Added subscriber: @ideasman42

Ok, so here is a patch to make memarena threadsafe.

Notes:

  • Only makes (c)alloc threadsafe, other functions I would consider 'maintenance' ones, they should only be called by 'owner' thread anyway.
  • Kept it optional, because using spinlock here still makes allocations about twice slower, in the end... :/ Don't think we can avoid a lock here, though.
  • Code in MOD_meshdeform.c is of course for tests only, to be trashed before commit!

P176: #42748

diff --git a/source/blender/blenkernel/intern/subsurf_ccg.c b/source/blender/blenkernel/intern/subsurf_ccg.c
index 12d7409..18e0ec8 100644
--- a/source/blender/blenkernel/intern/subsurf_ccg.c
+++ b/source/blender/blenkernel/intern/subsurf_ccg.c
@@ -169,6 +169,8 @@ static CCGSubSurf *_getSubSurf(CCGSubSurf *prevSS, int subdivLevels,
 		CCGAllocatorIFC allocatorIFC;
 		CCGAllocatorHDL allocator = BLI_memarena_new(MEM_SIZE_OPTIMAL(1 << 16), "subsurf arena");
 
+		BLI_memarena_set_threadsafe((MemArena *)allocator);
+
 		allocatorIFC.alloc = arena_alloc;
 		allocatorIFC.realloc = arena_realloc;
 		allocatorIFC.free = arena_free;
diff --git a/source/blender/blenlib/BLI_memarena.h b/source/blender/blenlib/BLI_memarena.h
index 8d5a765..a063445 100644
--- a/source/blender/blenlib/BLI_memarena.h
+++ b/source/blender/blenlib/BLI_memarena.h
@@ -57,6 +57,8 @@ void                BLI_memarena_free(struct MemArena *ma) ATTR_NONNULL(1);
 void                BLI_memarena_use_malloc(struct MemArena *ma) ATTR_NONNULL(1);
 void                BLI_memarena_use_calloc(struct MemArena *ma) ATTR_NONNULL(1);
 void                BLI_memarena_use_align(struct MemArena *ma, const size_t align) ATTR_NONNULL(1);
+void                BLI_memarena_set_threadsafe(struct MemArena *ma);
+void                BLI_memarena_clear_threadsafe(struct MemArena *ma);
 void               *BLI_memarena_alloc(struct MemArena *ma, size_t size) ATTR_WARN_UNUSED_RESULT ATTR_NONNULL(1) ATTR_MALLOC ATTR_ALLOC_SIZE(2);
 void               *BLI_memarena_calloc(struct MemArena *ma, size_t size) ATTR_WARN_UNUSED_RESULT ATTR_NONNULL(1) ATTR_MALLOC ATTR_ALLOC_SIZE(2);
 
diff --git a/source/blender/blenlib/intern/BLI_memarena.c b/source/blender/blenlib/intern/BLI_memarena.c
index dd0997c..08dd545 100644
--- a/source/blender/blenlib/intern/BLI_memarena.c
+++ b/source/blender/blenlib/intern/BLI_memarena.c
@@ -38,6 +38,7 @@
 #include "BLI_utildefines.h"
 #include "BLI_memarena.h"
 #include "BLI_linklist.h"
+#include "BLI_threads.h"
 #include "BLI_strict_flags.h"
 
 #ifdef WITH_MEM_VALGRIND
@@ -53,6 +54,8 @@ struct MemArena {
 	size_t align;
 
 	bool use_calloc;
+
+	SpinLock *spin_lock, spin_lock_;
 };
 
 MemArena *BLI_memarena_new(const size_t bufsize, const char *name)
@@ -66,6 +69,8 @@ MemArena *BLI_memarena_new(const size_t bufsize, const char *name)
 	VALGRIND_CREATE_MEMPOOL(ma, 0, false);
 #endif
 
+	ma->spin_lock = NULL;
+
 	return ma;
 }
 
@@ -85,6 +90,22 @@ void BLI_memarena_use_align(struct MemArena *ma, const size_t align)
 	ma->align = align;
 }
 
+void BLI_memarena_set_threadsafe(MemArena *ma)
+{
+	if (!ma->spin_lock) {
+		BLI_spin_init(&ma->spin_lock_);
+		ma->spin_lock = &ma->spin_lock_;
+	}
+}
+
+void BLI_memarena_clear_threadsafe(MemArena *ma)
+{
+	if (ma->spin_lock) {
+		ma->spin_lock = NULL;
+		BLI_spin_end(&ma->spin_lock_);
+	}
+}
+
 void BLI_memarena_free(MemArena *ma)
 {
 	BLI_linklist_freeN(ma->bufs);
@@ -93,6 +114,8 @@ void BLI_memarena_free(MemArena *ma)
 	VALGRIND_DESTROY_MEMPOOL(ma);
 #endif
 
+	BLI_memarena_clear_threadsafe(ma);
+
 	MEM_freeN(ma);
 }
 
@@ -117,6 +140,10 @@ void *BLI_memarena_alloc(MemArena *ma, size_t size)
 	 * size up to multiple of 8 */
 	size = PADUP(size, ma->align);
 
+	if (ma->spin_lock) {
+		BLI_spin_lock(ma->spin_lock);
+	}
+
 	if (UNLIKELY(size > ma->cursize)) {
 		if (size > ma->bufsize - (ma->align - 1)) {
 			ma->cursize = PADUP(size + 1, ma->align);
@@ -138,6 +165,10 @@ void *BLI_memarena_alloc(MemArena *ma, size_t size)
 	VALGRIND_MEMPOOL_ALLOC(ma, ptr, size);
 #endif
 
+	if (ma->spin_lock) {
+		BLI_spin_unlock(ma->spin_lock);
+	}
+
 	return ptr;
 }
 
diff --git a/source/blender/modifiers/intern/MOD_meshdeform.c b/source/blender/modifiers/intern/MOD_meshdeform.c
index 584b5b5..364146f 100644
--- a/source/blender/modifiers/intern/MOD_meshdeform.c
+++ b/source/blender/modifiers/intern/MOD_meshdeform.c
@@ -415,6 +415,24 @@ static void deformVerts(ModifierData *md, Object *ob,
 {
 	DerivedMesh *dm = get_dm(ob, NULL, derivedData, NULL, false, false);
 
+
+	if (0) {
+		#include "BLI_memarena.h"
+		#include "PIL_time_utildefines.h"
+		MemArena *ma = BLI_memarena_new(BLI_MEMARENA_STD_BUFSIZE, __func__);
+		int i = 1000000;
+
+		BLI_memarena_set_threadsafe(ma);
+
+		TIMEIT_START(foo);
+		while (i--) {
+			BLI_memarena_alloc(ma, sizeof(int));
+		}
+		TIMEIT_END(foo);
+
+		BLI_memarena_free(ma);
+	}
+
 	modifier_vgroup_cache(md, vertexCos); /* if next modifier needs original vertices */
 
 	meshdeformModifier_do(md, ob, dm, vertexCos, numVerts);

Campbell, your advice would be most welcomed here as well! :)

Ok, so here is a patch to make memarena threadsafe. Notes: * Only makes (c)alloc threadsafe, other functions I would consider 'maintenance' ones, they should only be called by 'owner' thread anyway. * Kept it optional, because using spinlock here still makes allocations about twice slower, in the end... :/ Don't think we can avoid a lock here, though. * Code in MOD_meshdeform.c is of course for tests only, to be trashed before commit! [P176: #42748](https://archive.blender.org/developer/P176.txt) ``` diff --git a/source/blender/blenkernel/intern/subsurf_ccg.c b/source/blender/blenkernel/intern/subsurf_ccg.c index 12d7409..18e0ec8 100644 --- a/source/blender/blenkernel/intern/subsurf_ccg.c +++ b/source/blender/blenkernel/intern/subsurf_ccg.c @@ -169,6 +169,8 @@ static CCGSubSurf *_getSubSurf(CCGSubSurf *prevSS, int subdivLevels, CCGAllocatorIFC allocatorIFC; CCGAllocatorHDL allocator = BLI_memarena_new(MEM_SIZE_OPTIMAL(1 << 16), "subsurf arena"); + BLI_memarena_set_threadsafe((MemArena *)allocator); + allocatorIFC.alloc = arena_alloc; allocatorIFC.realloc = arena_realloc; allocatorIFC.free = arena_free; diff --git a/source/blender/blenlib/BLI_memarena.h b/source/blender/blenlib/BLI_memarena.h index 8d5a765..a063445 100644 --- a/source/blender/blenlib/BLI_memarena.h +++ b/source/blender/blenlib/BLI_memarena.h @@ -57,6 +57,8 @@ void BLI_memarena_free(struct MemArena *ma) ATTR_NONNULL(1); void BLI_memarena_use_malloc(struct MemArena *ma) ATTR_NONNULL(1); void BLI_memarena_use_calloc(struct MemArena *ma) ATTR_NONNULL(1); void BLI_memarena_use_align(struct MemArena *ma, const size_t align) ATTR_NONNULL(1); +void BLI_memarena_set_threadsafe(struct MemArena *ma); +void BLI_memarena_clear_threadsafe(struct MemArena *ma); void *BLI_memarena_alloc(struct MemArena *ma, size_t size) ATTR_WARN_UNUSED_RESULT ATTR_NONNULL(1) ATTR_MALLOC ATTR_ALLOC_SIZE(2); void *BLI_memarena_calloc(struct MemArena *ma, size_t size) ATTR_WARN_UNUSED_RESULT ATTR_NONNULL(1) ATTR_MALLOC ATTR_ALLOC_SIZE(2); diff --git a/source/blender/blenlib/intern/BLI_memarena.c b/source/blender/blenlib/intern/BLI_memarena.c index dd0997c..08dd545 100644 --- a/source/blender/blenlib/intern/BLI_memarena.c +++ b/source/blender/blenlib/intern/BLI_memarena.c @@ -38,6 +38,7 @@ #include "BLI_utildefines.h" #include "BLI_memarena.h" #include "BLI_linklist.h" +#include "BLI_threads.h" #include "BLI_strict_flags.h" #ifdef WITH_MEM_VALGRIND @@ -53,6 +54,8 @@ struct MemArena { size_t align; bool use_calloc; + + SpinLock *spin_lock, spin_lock_; }; MemArena *BLI_memarena_new(const size_t bufsize, const char *name) @@ -66,6 +69,8 @@ MemArena *BLI_memarena_new(const size_t bufsize, const char *name) VALGRIND_CREATE_MEMPOOL(ma, 0, false); #endif + ma->spin_lock = NULL; + return ma; } @@ -85,6 +90,22 @@ void BLI_memarena_use_align(struct MemArena *ma, const size_t align) ma->align = align; } +void BLI_memarena_set_threadsafe(MemArena *ma) +{ + if (!ma->spin_lock) { + BLI_spin_init(&ma->spin_lock_); + ma->spin_lock = &ma->spin_lock_; + } +} + +void BLI_memarena_clear_threadsafe(MemArena *ma) +{ + if (ma->spin_lock) { + ma->spin_lock = NULL; + BLI_spin_end(&ma->spin_lock_); + } +} + void BLI_memarena_free(MemArena *ma) { BLI_linklist_freeN(ma->bufs); @@ -93,6 +114,8 @@ void BLI_memarena_free(MemArena *ma) VALGRIND_DESTROY_MEMPOOL(ma); #endif + BLI_memarena_clear_threadsafe(ma); + MEM_freeN(ma); } @@ -117,6 +140,10 @@ void *BLI_memarena_alloc(MemArena *ma, size_t size) * size up to multiple of 8 */ size = PADUP(size, ma->align); + if (ma->spin_lock) { + BLI_spin_lock(ma->spin_lock); + } + if (UNLIKELY(size > ma->cursize)) { if (size > ma->bufsize - (ma->align - 1)) { ma->cursize = PADUP(size + 1, ma->align); @@ -138,6 +165,10 @@ void *BLI_memarena_alloc(MemArena *ma, size_t size) VALGRIND_MEMPOOL_ALLOC(ma, ptr, size); #endif + if (ma->spin_lock) { + BLI_spin_unlock(ma->spin_lock); + } + return ptr; } diff --git a/source/blender/modifiers/intern/MOD_meshdeform.c b/source/blender/modifiers/intern/MOD_meshdeform.c index 584b5b5..364146f 100644 --- a/source/blender/modifiers/intern/MOD_meshdeform.c +++ b/source/blender/modifiers/intern/MOD_meshdeform.c @@ -415,6 +415,24 @@ static void deformVerts(ModifierData *md, Object *ob, { DerivedMesh *dm = get_dm(ob, NULL, derivedData, NULL, false, false); + + if (0) { + #include "BLI_memarena.h" + #include "PIL_time_utildefines.h" + MemArena *ma = BLI_memarena_new(BLI_MEMARENA_STD_BUFSIZE, __func__); + int i = 1000000; + + BLI_memarena_set_threadsafe(ma); + + TIMEIT_START(foo); + while (i--) { + BLI_memarena_alloc(ma, sizeof(int)); + } + TIMEIT_END(foo); + + BLI_memarena_free(ma); + } + modifier_vgroup_cache(md, vertexCos); /* if next modifier needs original vertices */ meshdeformModifier_do(md, ob, dm, vertexCos, numVerts); ``` Campbell, your advice would be most welcomed here as well! :)

Argh, there's a reason we've got differencial nowadays! :P Would be easier to give feedback on the patch :) Do you mind re-uploading it to the code review?

Argh, there's a reason we've got differencial nowadays! :P Would be easier to give feedback on the patch :) Do you mind re-uploading it to the code review?

sure sec :)

sure sec :)

Using arena for iterators here is really bad, since these iterators are used while drawing (looks like its probably leaking memory even).

Using stack memory for iterators fixes. will commit shortly


Edit, I couldn't get it to leak memory, so in practice it seems ok (but still error prone for leaks).

Using arena for iterators here is really bad, since these iterators are used while drawing (looks like its probably leaking memory even). Using stack memory for iterators fixes. will commit shortly ---- Edit, I couldn't get it to leak memory, so in practice it seems ok (but still error prone for leaks).

This issue was referenced by 602250d9fe

This issue was referenced by 602250d9fe796ff5e762a4880a0be97ef3f4b139

Changed status from 'Open' to: 'Resolved'

Changed status from 'Open' to: 'Resolved'

Closed by commit 602250d9fe.

Closed by commit 602250d9fe.

For the records, here is a light file that should crash pretty much instantaneously on any machine (using build previous to above commit).

crash-2s_b.blend

For the records, here is a light file that should crash pretty much instantaneously on any machine (using build previous to above commit). [crash-2s_b.blend](https://archive.blender.org/developer/F130571/crash-2s_b.blend)
Sign in to join this conversation.
No Label
Interest
Alembic
Interest
Animation & Rigging
Interest
Asset Browser
Interest
Asset Browser Project Overview
Interest
Audio
Interest
Automated Testing
Interest
Blender Asset Bundle
Interest
BlendFile
Interest
Collada
Interest
Compatibility
Interest
Compositing
Interest
Core
Interest
Cycles
Interest
Dependency Graph
Interest
Development Management
Interest
EEVEE
Interest
EEVEE & Viewport
Interest
Freestyle
Interest
Geometry Nodes
Interest
Grease Pencil
Interest
ID Management
Interest
Images & Movies
Interest
Import Export
Interest
Line Art
Interest
Masking
Interest
Metal
Interest
Modeling
Interest
Modifiers
Interest
Motion Tracking
Interest
Nodes & Physics
Interest
OpenGL
Interest
Overlay
Interest
Overrides
Interest
Performance
Interest
Physics
Interest
Pipeline, Assets & IO
Interest
Platforms, Builds & Tests
Interest
Python API
Interest
Render & Cycles
Interest
Render Pipeline
Interest
Sculpt, Paint & Texture
Interest
Text Editor
Interest
Translations
Interest
Triaging
Interest
Undo
Interest
USD
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Interest
Video Sequencer
Interest
Virtual Reality
Interest
Vulkan
Interest
Wayland
Interest
Workbench
Interest: X11
Legacy
Blender 2.8 Project
Legacy
Milestone 1: Basic, Local Asset Browser
Legacy
OpenGL Error
Meta
Good First Issue
Meta
Papercut
Meta
Retrospective
Meta
Security
Module
Animation & Rigging
Module
Core
Module
Development Management
Module
EEVEE & Viewport
Module
Grease Pencil
Module
Modeling
Module
Nodes & Physics
Module
Pipeline, Assets & IO
Module
Platforms, Builds & Tests
Module
Python API
Module
Render & Cycles
Module
Sculpt, Paint & Texture
Module
Triaging
Module
User Interface
Module
VFX & Video
Platform
FreeBSD
Platform
Linux
Platform
macOS
Platform
Windows
Priority
High
Priority
Low
Priority
Normal
Priority
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
No Milestone
No project
No Assignees
5 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: blender/blender#42748
No description provided.