Crash when setting asset preview image from python (ASAN heap-use-after-free in render_preview.c) #91197

New Issue

Johnny Matthews · 2021-09-05T16:31:28+02:00

Johnny Matthews commented

2021-09-05 16:31:28 +02:00

System Information
Operating system: Windows-10-10.0.19041-SP0 64 Bits
Graphics card: NVIDIA GeForce RTX 2070 SUPER/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 466.47

Blender Version
Broken: version: 3.0.0 Alpha, branch: master (modified), commit date: 2021-09-02 14:26, hash: 6fc92b296f

Short description of error
This is an intermittent crash when running the script in the text editor. Happens after a programmatic render, setting object as asset and assigning an image file to that asset.

This only seems to occur if the object is set as a new asset and assigned an image in the same script run. Re-running the script on an object that had been successful has yet to cause a crash for me.

Exact steps for others to reproduce the error

Open the blend file,
select one of the cubes in the pile that is not already an asset
run the open script.

It may work and mark the cube as an asset and assign it a preview, OR it may crash Blender.
Sometimes it happens on the first run, other times, it takes several runs (5-10) on different cubes that have not yet been marked as assets.
Other times, I've had to duplicate the pile of cubes and select a new one and re-run the script.

[Simplified ASAN repro]
#91197-simplified.blend

[Previous Crashing File and ASAN report]
#91197-crash.blend

#91197-asan.txt

[Original Data below]
crash.blend

**Stack Track From Crash


Stack trace:
blender.exe         :0x00007FF6CD8034C0  GPU_texture_free C:\blender-git\blender\source\blender\gpu\intern\gpu_texture.cc:523
blender.exe         :0x00007FF6C86B0EF0  BKE_previewimg_deferred_release C:\blender-git\blender\source\blender\blenkernel\intern\icons.cc:451
blender.exe         :0x00007FF6C9632100  icon_preview_endjob C:\blender-git\blender\source\blender\editors\render\render_preview.c:1753
blender.exe         :0x00007FF6C888F050  wm_jobs_timer C:\blender-git\blender\source\blender\windowmanager\intern\wm_jobs.c:654
blender.exe         :0x00007FF6C8870620  wm_window_timer C:\blender-git\blender\source\blender\windowmanager\intern\wm_window.c:1523
blender.exe         :0x00007FF6C88704F0  wm_window_process_events C:\blender-git\blender\source\blender\windowmanager\intern\wm_window.c:1563
blender.exe         :0x00007FF6C8865EC0  WM_main C:\blender-git\blender\source\blender\windowmanager\intern\wm.c:648
blender.exe         :0x00007FF6C84FFC00  main C:\blender-git\blender\source\creator\creator.c:563
blender.exe         :0x00007FF6CDA4C664  __scrt_common_main_seh d:\agent\_work\4\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
KERNEL32.DLL        :0x00007FFA8AD67020  BaseThreadInitThunk
ntdll.dll           :0x00007FFA8CD42630  RtlUserThreadStart

**System Information** Operating system: Windows-10-10.0.19041-SP0 64 Bits Graphics card: NVIDIA GeForce RTX 2070 SUPER/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 466.47 **Blender Version** Broken: version: 3.0.0 Alpha, branch: master (modified), commit date: 2021-09-02 14:26, hash: `6fc92b296f` **Short description of error** This is an intermittent crash when running the script in the text editor. Happens after a programmatic render, setting object as asset and assigning an image file to that asset. - This only seems to occur if the object is set as a new asset and assigned an image in the same script run. Re-running the script on an object that had been successful has yet to cause a crash for me. **Exact steps for others to reproduce the error** - Open the blend file, - select one of the cubes in the pile that is not already an asset - run the open script. It may work and mark the cube as an asset and assign it a preview, OR it may crash Blender. Sometimes it happens on the first run, other times, it takes several runs (5-10) on different cubes that have not yet been marked as assets. Other times, I've had to duplicate the pile of cubes and select a new one and re-run the script. [Simplified ASAN repro] [#91197-simplified.blend](https://archive.blender.org/developer/F11015089/T91197-simplified.blend) [Previous Crashing File and ASAN report] [#91197-crash.blend](https://archive.blender.org/developer/F10379984/T91197-crash.blend) [#91197-asan.txt](https://archive.blender.org/developer/F10379985/T91197-asan.txt) [Original Data below] [crash.blend](https://archive.blender.org/developer/F10379502/crash.blend) **Stack Track From Crash ``` Stack trace: blender.exe :0x00007FF6CD8034C0 GPU_texture_free C:\blender-git\blender\source\blender\gpu\intern\gpu_texture.cc:523 blender.exe :0x00007FF6C86B0EF0 BKE_previewimg_deferred_release C:\blender-git\blender\source\blender\blenkernel\intern\icons.cc:451 blender.exe :0x00007FF6C9632100 icon_preview_endjob C:\blender-git\blender\source\blender\editors\render\render_preview.c:1753 blender.exe :0x00007FF6C888F050 wm_jobs_timer C:\blender-git\blender\source\blender\windowmanager\intern\wm_jobs.c:654 blender.exe :0x00007FF6C8870620 wm_window_timer C:\blender-git\blender\source\blender\windowmanager\intern\wm_window.c:1523 blender.exe :0x00007FF6C88704F0 wm_window_process_events C:\blender-git\blender\source\blender\windowmanager\intern\wm_window.c:1563 blender.exe :0x00007FF6C8865EC0 WM_main C:\blender-git\blender\source\blender\windowmanager\intern\wm.c:648 blender.exe :0x00007FF6C84FFC00 main C:\blender-git\blender\source\creator\creator.c:563 blender.exe :0x00007FF6CDA4C664 __scrt_common_main_seh d:\agent\_work\4\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288 KERNEL32.DLL :0x00007FFA8AD67020 BaseThreadInitThunk ntdll.dll :0x00007FFA8CD42630 RtlUserThreadStart ```

Johnny Matthews commented

2021-09-05 16:31:28 +02:00

Added subscriber: @guitargeek

Jesse Yurkovich changed title from ~~Python Script Crashes Blender - May be related to Setting Asset Preview Image~~ to Crash when setting asset preview image from python (ASAN heap-use-after-free in render_preview.c)

2021-09-06 00:19:06 +02:00

Jesse Yurkovich commented

2021-09-06 00:19:06 +02:00

Changed status from 'Needs Triage' to: 'Confirmed'

Jesse Yurkovich commented

2021-09-06 00:19:19 +02:00

Added subscriber: @deadpin

Jesse Yurkovich commented

2021-09-06 00:19:19 +02:00

I updated the crash.blend file above since it wouldn't run by itself. It was still trying to access your scene.asset_snapshot variable.

In any case, I can reproduce the crash the first time with ASAN. It almost looks like the default preview image job (triggered asynchronously by asset_mark) is overlapping with the custom preview image operation.

I attached the full ASAN report above.

I updated the crash.blend file above since it wouldn't run by itself. It was still trying to access your `scene.asset_snapshot` variable. In any case, I can reproduce the crash the first time with ASAN. It almost looks like the default preview image job (triggered asynchronously by `asset_mark`) is overlapping with the custom preview image operation. I attached the full ASAN report above.

Johnny Matthews commented

2021-10-08 17:16:53 +02:00

The current version of the script does not crash because I removed the need to switch editor types:

https://github.com/johnnygizmo/asset_snapshot

The current version of the script does not crash because I removed the need to switch editor types: https://github.com/johnnygizmo/asset_snapshot

Sybren A. Stüvel commented

2021-10-12 12:07:57 +02:00

Added subscriber: @dr.sybren

Sybren A. Stüvel commented

2021-10-12 12:07:57 +02:00

Changed status from 'Confirmed' to: 'Needs User Info'

Sybren A. Stüvel commented

2021-10-12 12:07:57 +02:00

Please take some time to minimize the script, so that every line that is there is actually required to reproduce the crash. That'll help a lot in figuring out what's going wrong.

Jesse Yurkovich commented

2021-10-12 20:04:38 +02:00

Changed status from 'Needs User Info' to: 'Confirmed'

Jesse Yurkovich commented

2021-10-12 20:04:38 +02:00

Modified the description to include a further simplified repro (#91197-simplified.blend) as I'm still getting ASAN failures here. The issue is primarily because of the interaction between asset_mark and lib_id_load_custom_preview trampling over each other.

The asset_mark api is very precarious. It starts an async icon preview job for which the python caller has no way of waiting or knowing when it finishes.
But even if you try to somehow "wait", (by sleeping) in the python script, this still fails due to how the single-thread python execution happens. The "end" of the icon_preview job is not permitted to run while the python script is executing it looks like.

This will probably be a common pattern to do in general. Script authors will want to automate the marking and setting of custom preview image for their users.

Modified the description to include a further simplified repro (`#91197-simplified.blend`) as I'm still getting ASAN failures here. The issue is primarily because of the interaction between `asset_mark` and `lib_id_load_custom_preview` trampling over each other. The `asset_mark` api is very precarious. It starts an async icon preview job for which the python caller has no way of waiting or knowing when it finishes. But even if you try to somehow "wait", (by sleeping) in the python script, this still fails due to how the single-thread python execution happens. The "end" of the icon_preview job is not permitted to run while the python script is executing it looks like. This will probably be a common pattern to do in general. Script authors will want to automate the marking and setting of custom preview image for their users.

Sybren A. Stüvel commented

2021-10-15 13:59:18 +02:00

This is good feedback, thanks.

Jeroen Bakker self-assigned this 2021-10-19 10:47:57 +02:00

Jeroen Bakker commented

2021-10-19 10:51:54 +02:00

Idea to fix this issue is to add a render_preview:bool = True parameter to the ID.asset_mark function.
When set to False the preview render will not be performed.

Idea to fix this issue is to add a `render_preview:bool = True` parameter to the `ID.asset_mark` function. When set to False the preview render will not be performed.

blender-admin commented

2021-10-19 16:17:04 +02:00

This issue was referenced by 1c5722ba07

This issue was referenced by 1c5722ba071ac08042f2e3150495b865a0ffa95a

Sybren A. Stüvel commented

2021-10-19 16:17:34 +02:00

Changed status from 'Confirmed' to: 'Resolved'

Sybren A. Stüvel closed this issue

2021-10-19 16:17:34 +02:00

Sybren A. Stüvel commented

2021-10-19 16:18:35 +02:00

Since Jeroen's comment the ideas changed a bit. Instead of passing a boolean, the two operations performed by that ID.asset_mark() function have been separated. ID.asset_mark() now only marks a datablock as asset, and ``ID.asset_generate_preview()` should be called to actually generate the previews.

Since Jeroen's comment the ideas changed a bit. Instead of passing a boolean, the two operations performed by that `ID.asset_mark()` function have been separated. `ID.asset_mark()` now only marks a datablock as asset, and ``ID.asset_generate_preview()` should be called to actually generate the previews.

Sign in to join this conversation.

No Label

Download

What's New

Blender Studio

Manual

Developers Blog

Documentation

Benchmark

Blender Conference

Development Fund

One-time Donations

Crash when setting asset preview image from python (ASAN heap-use-after-free in render_preview.c) #91197