Crash with Material preview #78054

New Issue

SABRI Salim · 2020-06-20T02:43:41+02:00

SABRI Salim commented

2020-06-20 02:43:41 +02:00

System Information
Operating system: Linux-5.4.0-7634-generic-x86_64-with-debian-bullseye-sid 64 Bits
Graphics card: GeForce GTX 1080 Ti/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 440.82

Blender Version
Broken: version: 2.90.0 Alpha, branch: master, commit date: 2020-06-26 17:24, hash: b7b57e7155

Short description of error
Crash when editing instancing objects that have normal map texture (Tangent Space) in Material Preview

Exact steps for others to reproduce the error

https://developer.blender.org/T78054#967181

**System Information** Operating system: Linux-5.4.0-7634-generic-x86_64-with-debian-bullseye-sid 64 Bits Graphics card: GeForce GTX 1080 Ti/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 440.82 **Blender Version** Broken: version: 2.90.0 Alpha, branch: master, commit date: 2020-06-26 17:24, hash: `b7b57e7155` **Short description of error** Crash when editing instancing objects that have normal map texture (Tangent Space) in Material Preview **Exact steps for others to reproduce the error** https://developer.blender.org/T78054#967181

SABRI Salim commented

2020-06-20 02:43:41 +02:00

Added subscriber: @Dalkoom

blender-admin commented

2020-06-20 02:43:41 +02:00

#78100 was marked as duplicate of this issue

ronsn commented

2020-06-21 00:18:11 +02:00

Added subscriber: @ronsn

ronsn commented

2020-06-21 00:18:11 +02:00

@Dalkoom Can you provide such "a heavy scene (or less)"? It sounds like you computer ran out of memory (RAM), but that's just guessing. Can you also monitor your memory usage while provoking the crash?

SABRI Salim changed title from ~~Crash when editing with Eevee~~ to Crash with Material preview

2020-06-21 15:38:17 +02:00

SABRI Salim commented

2020-06-21 15:38:17 +02:00

Changed status from 'Needs Triage' to: 'Needs Developer To Reproduce'

ronsn commented

2020-06-21 21:30:35 +02:00

Added subscriber: @Jeroen-Bakker

ronsn commented

2020-06-21 21:30:35 +02:00

I can confirm that there is a Segmentation fault when using Tangent Space in the Normal Map node.

bf34b0c8f4 is the first bad commit

I prepared a .blend file for faster checking
normal_map.tangent_space_bug_r0.blend

@Jeroen-Bakker can you look into this issue?

I can confirm that there is a Segmentation fault when using *Tangent Space* in the *Normal Map* node. bf34b0c8f4b8c64bcc4ec0f3371d343e9c2fe029 is the first bad commit I prepared a .blend file for faster checking [normal_map.tangent_space_bug_r0.blend](https://archive.blender.org/developer/F8635527/normal_map.tangent_space_bug_r0.blend) @Jeroen-Bakker can you look into this issue?

SABRI Salim commented

2020-06-21 23:06:01 +02:00

Changed status from 'Needs Developer To Reproduce' to: 'Confirmed'

ronsn self-assigned this 2020-06-21 23:34:38 +02:00

ronsn commented

2020-06-21 23:36:49 +02:00

Added subscriber: @Bamarin

ronsn removed their assignment 2020-06-21 23:40:14 +02:00

ronsn commented

2020-06-21 23:46:00 +02:00

Changed status from 'Confirmed' to: 'Needs Triage'

ronsn commented

2020-06-21 23:46:00 +02:00

@Dalkoom Confirmed reports should always be tagged to a module, otherwise they don't show up in the queries and workboards. We don't know the module yet, so I'll set it back to Needs Triage

@Dalkoom Confirmed reports should always be tagged to a module, otherwise they don't show up in the queries and workboards. We don't know the module yet, so I'll set it back to *Needs Triage*

Alaska commented

2020-06-24 05:59:27 +02:00

Changed status from 'Needs Triage' to: 'Confirmed'

SABRI Salim commented

2020-06-26 16:29:34 +02:00

Changed status from 'Confirmed' to: 'Needs Triage'

SABRI Salim commented

2020-06-26 16:29:34 +02:00

I think the problem is solved in this branch :
version: 2.90.0 Alpha, branch: master, commit date: 2020-06-25 21:53, hash: 62aa103d48

I think the problem is solved in this branch : version: 2.90.0 Alpha, branch: master, commit date: 2020-06-25 21:53, hash: `62aa103d48`

ronsn commented

2020-06-26 23:18:21 +02:00

@Dalkoom: It seems that 8f97a64dec resolved the issue, but it is still crashing. Can you check if that is also the case at your system?

Steps to reproduce:
If you open e.g. my new attached .blend file and as soon as possible press TAB⁽¹⁾ 50 to 70 times very fast.

(1) to switch between Object Mode and Edit Mode

normal_map.tangent_space_bug_r1.blend

––––––––––––––––––––––––

@Jeroen-Bakker GDB says:

Thread 30 "blender" received signal SIGSEGV, Segmentation fault.
[Change to Thread 0x7fffc72a9700 (LWP 24458)]
0x00000000016a3b34 in emdm_ts_SetTSpace ()

So it seems to be still a tangent issue.

System Information
Operating system: Linux-5.3.0-59-generic-x86_64-with-debian-buster-sid 64 Bits
Graphics card: GeForce GTX 1660 Ti/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 435.21

Blender Version
Broken: version: 2.90.0 Alpha, branch: master, commit date: 2020-06-26 17:24, hash: b7b57e7155

@Dalkoom: It seems that 8f97a64dec356d48a51948658efed7d7a9074c6e resolved the issue, but it is still crashing. Can you check if that is also the case at your system? **Steps to reproduce:** If you open e.g. my new attached .blend file and as soon as possible press `TAB`⁽¹⁾ 50 to 70 times very fast. (1) to switch between *Object Mode* and *Edit Mode* [normal_map.tangent_space_bug_r1.blend](https://archive.blender.org/developer/F8645957/normal_map.tangent_space_bug_r1.blend) –––––––––––––––––––––––– @Jeroen-Bakker GDB says: ``` Thread 30 "blender" received signal SIGSEGV, Segmentation fault. [Change to Thread 0x7fffc72a9700 (LWP 24458)] 0x00000000016a3b34 in emdm_ts_SetTSpace () ``` So it seems to be still a tangent issue. **System Information** Operating system: Linux-5.3.0-59-generic-x86_64-with-debian-buster-sid 64 Bits Graphics card: GeForce GTX 1660 Ti/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 435.21 **Blender Version** Broken: version: 2.90.0 Alpha, branch: master, commit date: 2020-06-26 17:24, hash: `b7b57e7155`

SABRI Salim commented

2020-06-26 23:56:03 +02:00

Yes it is still crashing . by pressing TAB ~ 10 times with your testing file.

ronsn commented

2020-06-27 00:21:25 +02:00

Changed status from 'Needs Triage' to: 'Confirmed'

ronsn commented

2020-06-27 00:21:25 +02:00

@Dalkoom: Okay, can you then update your task description with a note and the link https:*developer.blender.org/T78054#967181 somewhere in the "*Exact steps for others to reproduce the error//" section? That link points directly to my comment above from today so other developer don't have to read all the other stuff before? 🙂

Philipp Oeser commented

2020-06-29 13:46:13 +02:00

Added subscriber: @lichtwerk

Philipp Oeser commented

2020-06-29 13:46:13 +02:00

@Jeroen-Bakker : cannot reproduce in a Debug build, but indeed, I can still get the buildbot build (b21ba5e579) to crash.
Hope you can check on this again?

@Jeroen-Bakker : cannot reproduce in a Debug build, but indeed, I can still get the buildbot build (b21ba5e579) to crash. Hope you can check on this again?

Jeroen Bakker self-assigned this 2020-06-30 10:17:16 +02:00

Jeroen Bakker commented

2020-06-30 10:23:04 +02:00

I did a small change yesterday, what isn't in the builds from sunday. It could have been fixed by that fix as it was related to bmesh tangents. I am able to reproduce the issue in release builds.

Jeroen Bakker commented

2020-06-30 11:58:35 +02:00

==3259==ERROR: AddressSanitizer: heap-use-after-free on address 0x61b0004dfc88 at pc 0x000004069ab4 bp 0x7f000f3faa30 sp 0x7f000f3faa20
WRITE of size 4 at 0x61b0004dfc88 thread T16
    - 0 0x4069ab3 in copy_v3_v3 /home/jeroen/blender-git/blender/source/blender/blenlib/intern/math_vector_inline.c:63
    - 1 0x4069ab3 in emdm_ts_SetTSpace /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/editmesh_tangent.c:250
    - 2 0x6e824a5 in genTangSpace /home/jeroen/blender-git/blender/intern/mikktspace/mikktspace.c:461
    - 3 0x4068239 in emDM_calc_loop_tangents_thread /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/editmesh_tangent.c:270
    - 4 0x1eea192 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1eea192)
    - 5 0x12ad9d1f in void tbb::interface7::internal::isolate_impl<void, Task::operator()() const::{lambda()#1} const>(Task::operator()() const::{lambda()#1} const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:160
    - 6 0x12ada09c in tbb::interface7::internal::return_type_or_void<Task::operator()() const::{lambda()#1}>::type tbb::interface7::this_task_arena::isolate<Task::operator()() const::{lambda()#1}>(tbb::interface7::internal::return_type_or_void const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:395
    - 7 0x12ada09c in Task::operator()() const /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:118
    - 8 0x12ada09c in tbb::internal::function_task<Task>::execute() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task.h:1048
    - 9 0x1ee7054 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee7054)
    - 10 0x1ee8724 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee8724)
    - 11 0x12ad90b6 in tbb::task::wait_for_all() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task.h:809
    - 12 0x12ad90b6 in tbb::internal::task_group_base::wait() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_group.h:168
    - 13 0x12ad90b6 in tbb_task_pool_work_and_wait /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:250
    - 14 0x12ad90b6 in BLI_task_pool_work_and_wait /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:499
    - 15 0x406b1d7 in BKE_editmesh_loop_tangent_calc /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/editmesh_tangent.c:421
    - 16 0x24a5483 in extract_tan_ex /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:1965
    - 17 0x24a7f7a in extract_tan_init /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:2068
    - 18 0x248a009 in extract_init /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:4584
    - 19 0x248a009 in extract_init_and_run /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:4612
    - 20 0x248a0d7 in extract_single_threaded_task_node_exec /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:4688
    - 21 0x1eea192 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1eea192)
    - 22 0x12abb2ef in void tbb::interface7::internal::isolate_impl<void, TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1} const>(TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1} const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:160
    - 23 0x12abb2ef in tbb::interface7::internal::return_type_or_void<TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1}>::type tbb::interface7::this_task_arena::isolate<TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1}>(tbb::interface7::internal::return_type_or_void const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:395
    - 24 0x12abb2ef in TaskNode::run(tbb::flow::interface11::continue_msg) /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_graph.cc:97
    - 25 0x12acbf15 in tbb::flow::interface11::continue_msg std::__invoke_impl<tbb::flow::interface11::continue_msg, tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&>(std::__invoke_memfun_deref, tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&) /usr/include/c++/7/bits/invoke.h:73
    - 26 0x12acbf15 in std::__invoke_result<tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&>::type std::__invoke<tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&>(tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&) /usr/include/c++/7/bits/invoke.h:95
    - 27 0x12acbf15 in tbb::flow::interface11::continue_msg std::_Bind<tbb::flow::interface11::continue_msg (TaskNode::*(TaskNode*, std::_Placeholder<1>))(tbb::flow::interface11::continue_msg)>::__call<tbb::flow::interface11::continue_msg, tbb::flow::interface11::continue_msg const&, 0ul, 1ul>(std::tuple<tbb::flow::interface11::continue_msg const&>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/7/functional:467
    - 28 0x12acbf15 in tbb::flow::interface11::continue_msg std::_Bind<tbb::flow::interface11::continue_msg (TaskNode::*(TaskNode*, std::_Placeholder<1>))(tbb::flow::interface11::continue_msg)>::operator()<tbb::flow::interface11::continue_msg const&, tbb::flow::interface11::continue_msg>(tbb::flow::interface11::continue_msg const&) /usr/include/c++/7/functional:551
    - 29 0x12acbf15 in tbb::flow::interface11::internal::function_body_leaf<tbb::flow::interface11::continue_msg, tbb::flow::interface11::continue_msg, std::_Bind<tbb::flow::interface11::continue_msg (TaskNode::*(TaskNode*, std::_Placeholder<1>))(tbb::flow::interface11::continue_msg)> >::operator()(tbb::flow::interface11::continue_msg const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/internal/_flow_graph_body_impl.h:146
    - 30 0x12acbf15 in tbb::flow::interface11::internal::continue_input<tbb::flow::interface11::continue_msg, tbb::flow::interface11::internal::Policy<void> >::apply_body_bypass(tbb::flow::interface11::continue_msg) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/internal/_flow_graph_node_impl.h:821
    - 31 0x12acbf15 in tbb::flow::interface11::internal::apply_body_task_bypass<tbb::flow::interface11::internal::continue_input<tbb::flow::interface11::continue_msg, tbb::flow::interface11::internal::Policy<void> >, tbb::flow::interface11::continue_msg>::execute() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/internal/_flow_graph_body_impl.h:312
    - 32 0x1ee7054 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee7054)
    - 33 0x1ee8724 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee8724)
    - 34 0x1ee9e87 in tbb::internal::arena::process(tbb::internal::generic_scheduler&) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee9e87)
    - 35 0x1ee2a62 in tbb::internal::market::process(rml::job&) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee2a62)
    - 36 0x1ee4085 in tbb::internal::rml::private_worker::run() (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee4085)
    - 37 0x1ee42c8 in tbb::internal::rml::private_worker::thread_routine(void*) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee42c8)
    - 38 0x7f003ec926da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
    - 39 0x7f003d59388e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)

0x61b0004dfc88 is located 8 bytes inside of 1544-byte region [0x61b0004dfc80,0x61b0004e0288)
freed by thread T18 here:
    - 0 0x7f003f18b7a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
    - 1 0x1d08bc2 in customData_free_layer__internal /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2668
    #2 0x1d08bc2 in CustomData_free_layer /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2635

previously allocated by thread T18 here:
    - 0 0x7f003f18bd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    - 1 0x12b13aae in MEM_lockfree_callocN /home/jeroen/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:232

Some things to test:

- use isolation to make sure it happens on a different thread. (this was already the case.)
- don't store the tangent normals in the input data structure D8161: Fix #78054: Crash Editing Instanced Objects with Tangent Normals

``` ==3259==ERROR: AddressSanitizer: heap-use-after-free on address 0x61b0004dfc88 at pc 0x000004069ab4 bp 0x7f000f3faa30 sp 0x7f000f3faa20 WRITE of size 4 at 0x61b0004dfc88 thread T16 - 0 0x4069ab3 in copy_v3_v3 /home/jeroen/blender-git/blender/source/blender/blenlib/intern/math_vector_inline.c:63 - 1 0x4069ab3 in emdm_ts_SetTSpace /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/editmesh_tangent.c:250 - 2 0x6e824a5 in genTangSpace /home/jeroen/blender-git/blender/intern/mikktspace/mikktspace.c:461 - 3 0x4068239 in emDM_calc_loop_tangents_thread /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/editmesh_tangent.c:270 - 4 0x1eea192 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1eea192) - 5 0x12ad9d1f in void tbb::interface7::internal::isolate_impl<void, Task::operator()() const::{lambda()#1} const>(Task::operator()() const::{lambda()#1} const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:160 - 6 0x12ada09c in tbb::interface7::internal::return_type_or_void<Task::operator()() const::{lambda()#1}>::type tbb::interface7::this_task_arena::isolate<Task::operator()() const::{lambda()#1}>(tbb::interface7::internal::return_type_or_void const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:395 - 7 0x12ada09c in Task::operator()() const /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:118 - 8 0x12ada09c in tbb::internal::function_task<Task>::execute() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task.h:1048 - 9 0x1ee7054 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee7054) - 10 0x1ee8724 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee8724) - 11 0x12ad90b6 in tbb::task::wait_for_all() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task.h:809 - 12 0x12ad90b6 in tbb::internal::task_group_base::wait() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_group.h:168 - 13 0x12ad90b6 in tbb_task_pool_work_and_wait /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:250 - 14 0x12ad90b6 in BLI_task_pool_work_and_wait /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:499 - 15 0x406b1d7 in BKE_editmesh_loop_tangent_calc /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/editmesh_tangent.c:421 - 16 0x24a5483 in extract_tan_ex /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:1965 - 17 0x24a7f7a in extract_tan_init /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:2068 - 18 0x248a009 in extract_init /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:4584 - 19 0x248a009 in extract_init_and_run /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:4612 - 20 0x248a0d7 in extract_single_threaded_task_node_exec /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:4688 - 21 0x1eea192 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1eea192) - 22 0x12abb2ef in void tbb::interface7::internal::isolate_impl<void, TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1} const>(TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1} const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:160 - 23 0x12abb2ef in tbb::interface7::internal::return_type_or_void<TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1}>::type tbb::interface7::this_task_arena::isolate<TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1}>(tbb::interface7::internal::return_type_or_void const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:395 - 24 0x12abb2ef in TaskNode::run(tbb::flow::interface11::continue_msg) /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_graph.cc:97 - 25 0x12acbf15 in tbb::flow::interface11::continue_msg std::__invoke_impl<tbb::flow::interface11::continue_msg, tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&>(std::__invoke_memfun_deref, tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&) /usr/include/c++/7/bits/invoke.h:73 - 26 0x12acbf15 in std::__invoke_result<tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&>::type std::__invoke<tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&>(tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&) /usr/include/c++/7/bits/invoke.h:95 - 27 0x12acbf15 in tbb::flow::interface11::continue_msg std::_Bind<tbb::flow::interface11::continue_msg (TaskNode::*(TaskNode*, std::_Placeholder<1>))(tbb::flow::interface11::continue_msg)>::__call<tbb::flow::interface11::continue_msg, tbb::flow::interface11::continue_msg const&, 0ul, 1ul>(std::tuple<tbb::flow::interface11::continue_msg const&>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/7/functional:467 - 28 0x12acbf15 in tbb::flow::interface11::continue_msg std::_Bind<tbb::flow::interface11::continue_msg (TaskNode::*(TaskNode*, std::_Placeholder<1>))(tbb::flow::interface11::continue_msg)>::operator()<tbb::flow::interface11::continue_msg const&, tbb::flow::interface11::continue_msg>(tbb::flow::interface11::continue_msg const&) /usr/include/c++/7/functional:551 - 29 0x12acbf15 in tbb::flow::interface11::internal::function_body_leaf<tbb::flow::interface11::continue_msg, tbb::flow::interface11::continue_msg, std::_Bind<tbb::flow::interface11::continue_msg (TaskNode::*(TaskNode*, std::_Placeholder<1>))(tbb::flow::interface11::continue_msg)> >::operator()(tbb::flow::interface11::continue_msg const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/internal/_flow_graph_body_impl.h:146 - 30 0x12acbf15 in tbb::flow::interface11::internal::continue_input<tbb::flow::interface11::continue_msg, tbb::flow::interface11::internal::Policy<void> >::apply_body_bypass(tbb::flow::interface11::continue_msg) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/internal/_flow_graph_node_impl.h:821 - 31 0x12acbf15 in tbb::flow::interface11::internal::apply_body_task_bypass<tbb::flow::interface11::internal::continue_input<tbb::flow::interface11::continue_msg, tbb::flow::interface11::internal::Policy<void> >, tbb::flow::interface11::continue_msg>::execute() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/internal/_flow_graph_body_impl.h:312 - 32 0x1ee7054 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee7054) - 33 0x1ee8724 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee8724) - 34 0x1ee9e87 in tbb::internal::arena::process(tbb::internal::generic_scheduler&) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee9e87) - 35 0x1ee2a62 in tbb::internal::market::process(rml::job&) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee2a62) - 36 0x1ee4085 in tbb::internal::rml::private_worker::run() (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee4085) - 37 0x1ee42c8 in tbb::internal::rml::private_worker::thread_routine(void*) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee42c8) - 38 0x7f003ec926da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da) - 39 0x7f003d59388e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e) 0x61b0004dfc88 is located 8 bytes inside of 1544-byte region [0x61b0004dfc80,0x61b0004e0288) freed by thread T18 here: - 0 0x7f003f18b7a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) - 1 0x1d08bc2 in customData_free_layer__internal /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2668 #2 0x1d08bc2 in CustomData_free_layer /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2635 previously allocated by thread T18 here: - 0 0x7f003f18bd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) - 1 0x12b13aae in MEM_lockfree_callocN /home/jeroen/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:232 ``` Some things to test: * - [x] use isolation to make sure it happens on a different thread. (this was already the case.) * - [x] don't store the tangent normals in the input data structure [D8161: Fix #78054: Crash Editing Instanced Objects with Tangent Normals](https://archive.blender.org/developer/D8161)

Vincent Blankfield commented

2020-06-30 19:46:03 +02:00

Added subscriber: @VincentBlankfield

Vincent Blankfield commented

2020-06-30 22:45:17 +02:00

With D8161 applied I don't get NULL layer_data crashes any more, but it still crashes for different reasons while holding Tab in "normal_map.tangent_space_bug_r1.blend" test file. Attaching some crash descriptions with stack traces. All crashes are different, except 1 and 2 are similar.
#78054 crash 1.txt
#78054 crash 3.txt
#78054 crash 2.txt
#78054 crash 4.txt
#78054 crash 5.txt

With [D8161](https://archive.blender.org/developer/D8161) applied I don't get NULL layer_data crashes any more, but it still crashes for different reasons while holding `Tab` in "normal_map.tangent_space_bug_r1.blend" test file. Attaching some crash descriptions with stack traces. All crashes are different, except 1 and 2 are similar. [#78054 crash 1.txt](https://archive.blender.org/developer/F8655800/T78054_crash_1.txt) [#78054 crash 3.txt](https://archive.blender.org/developer/F8655799/T78054_crash_3.txt) [#78054 crash 2.txt](https://archive.blender.org/developer/F8655798/T78054_crash_2.txt) [#78054 crash 4.txt](https://archive.blender.org/developer/F8655797/T78054_crash_4.txt) [#78054 crash 5.txt](https://archive.blender.org/developer/F8655796/T78054_crash_5.txt)

blender-admin commented

2020-07-02 11:28:25 +02:00

This issue was referenced by 46ae115b88

This issue was referenced by 46ae115b88c458067d48afb5ca5e512a0387e5bf

Jeroen Bakker commented

2020-07-02 11:35:17 +02:00

Changed status from 'Confirmed' to: 'Resolved'

Jeroen Bakker closed this issue

2020-07-02 11:35:17 +02:00

Thomas Dinges added this to the 2.90 milestone 2023-02-08 16:27:13 +01:00

Sign in to join this conversation.

No Label

Download

What's New

Blender Studio

Manual

Developers Blog

Documentation

Benchmark

Blender Conference

Development Fund

One-time Donations

Crash with Material preview #78054