Page MenuHome

Fix(unreported): Crash on prefetching while transforming strip.
ClosedPublic

Authored by Richard Antalik (ISS) on Fri, May 22, 2:37 PM.

Details

Summary

While investigating T76274, I found crash scenario when playhead is near end frame and moving a strip.
It is not as easy to reproduce, about 5% success rate, and it will be even harder after rB4066c921fbe5.

In any case there is chance, that this may happen even when these conditions are not met. I wasn't able to find out exact cause of this problem. I have been able to reproduce crash only when moving strip, other editors don't cause crash.
It seems that when prefetch thread is restarted during modal operation invalid scene state is loaded and used for prefetching. This will happen in main thread, so I am not sure how this invalid state could be caused.
Perhaps it is some weird logic in transform operator itself. Other modal operators doesn't seem to cause this crash.

Here is stack trace:
Prefetch (crashed):

>	blender.exe!DEG::`anonymous namespace'::update_sequence_orig_pointers(const ListBase * sequences_orig, ListBase * sequences_cow) Line 480	C++
 	blender.exe!DEG::`anonymous namespace'::update_sequence_orig_pointers(const ListBase * sequences_orig, ListBase * sequences_cow) Line 483	C++
 	blender.exe!DEG::`anonymous namespace'::update_scene_orig_pointers(const Scene * scene_orig, Scene * scene_cow) Line 494	C++
 	blender.exe!DEG::`anonymous namespace'::update_id_after_copy(const DEG::Depsgraph * depsgraph, const DEG::IDNode * id_node, const ID * id_orig, ID * id_cow) Line 814	C++
 	blender.exe!DEG::deg_expand_copy_on_write_datablock(const DEG::Depsgraph * depsgraph, const DEG::IDNode * id_node, DEG::DepsgraphNodeBuilder * node_builder, bool create_placeholders) Line 924	C++
 	blender.exe!DEG::deg_update_copy_on_write_datablock(const DEG::Depsgraph * depsgraph, const DEG::IDNode * id_node) Line 951	C++
 	blender.exe!DEG::`anonymous namespace'::depsgraph_ensure_view_layer(DEG::Depsgraph * graph) Line 346	C++
 	blender.exe!DEG::deg_evaluate_on_refresh(DEG::Depsgraph * graph) Line 380	C++
 	blender.exe!DEG_evaluate_on_framechange(Main * bmain, Depsgraph * graph, float ctime) Line 81	C++
 	blender.exe!seq_prefetch_update_depsgraph(PrefetchJob * pfjob) Line 203	C
 	blender.exe!seq_prefetch_frames(void * job) Line 414	C
 	blender.exe!tslot_thread_start(void * tslot_p) Line 222	C
 	[External Code]

Main(stack may be different here):

>	blender.exe!MEM_lockfree_freeN(void * vmemh) Line 128	C
 	blender.exe!BLO_memfile_free(MemFile * memfile) Line 65	C
 	blender.exe!BLO_memfile_merge(MemFile * first, MemFile * second) Line 93	C
 	blender.exe!memfile_undosys_step_free(UndoStep * us_p) Line 268	C
 	blender.exe!undosys_step_free_and_unlink(UndoStack * ustack, UndoStep * us) Line 225	C
 	blender.exe!undosys_stack_clear_all_first(UndoStack * ustack, UndoStep * us, UndoStep * us_exclude) Line 333	C
 	blender.exe!BKE_undosys_stack_limit_steps_and_memory(UndoStack * ustack, int steps, unsigned __int64 memory_limit) Line 449	C
 	blender.exe!ED_undo_push(bContext * C, const unsigned char * str) Line 107	C
 	blender.exe!ED_undo_push_op(bContext * C, wmOperator * op) Line 302	C
 	blender.exe!wm_operator_finished(bContext * C, wmOperator * op, const bool repeat, const bool store) Line 920	C
 	blender.exe!wm_handler_operator_call(bContext * C, ListBase * handlers, wmEventHandler * handler_base, wmEvent * event, PointerRNA * properties, const unsigned char * kmi_idname) Line 2044	C
 	blender.exe!wm_handlers_do_intern(bContext * C, wmEvent * event, ListBase * handlers) Line 2800	C
 	blender.exe!wm_handlers_do(bContext * C, wmEvent * event, ListBase * handlers) Line 2848	C
 	blender.exe!wm_event_do_handlers(bContext * C) Line 3277	C
 	blender.exe!WM_main(bContext * C) Line 478	C
 	blender.exe!main(int argc, const unsigned char * * UNUSED_argv_c) Line 530	C
 	[External Code]

I wanted to disable prefetching during modal operator execution in VSE, but currently I don't have any signalling method in place.
Checking for G.moving seems to resolve this problem.

Diff Detail

Repository
rB Blender

Event Timeline

Richard Antalik (ISS) requested review of this revision.Fri, May 22, 2:37 PM

I think not prefetching while a transform is in progress makes sense, it'll just slow things down unnecessarily.

But that crash is something to be fixed also, the root cause is not addressed.

I thought that after rB50ef801a79b5: Fix T76320: Thread race condition on undo with prefetching enabled undo would stop prefetching. But this backtrace shows it's doing undo while prefetching?

This revision is now accepted and ready to land.Fri, May 22, 3:03 PM

I think not prefetching while a transform is in progress makes sense, it'll just slow things down unnecessarily.

But that crash is something to be fixed also, the root cause is not addressed.

Yes I think some deeper investigation needs to be deone.

I thought that after rB50ef801a79b5: Fix T76320: Thread race condition on undo with prefetching enabled undo would stop prefetching. But this backtrace shows it's doing undo while prefetching?

It is doing ED_undo_push(), but I can force it to to crash while main is elsewhere. I am not 100% convinced this is connected to undo system, but it may be.