Page MenuHome

Moving objects to another layer crashes Blender
Closed, ResolvedPublic

Description

How to reproduce:

  1. start Blender on Arch Linux 64-bit
  2. select the default cube
  3. press m and 3
  4. Blender crashes always

/tmp/blender.crash.txt:

Blender 2.70 (sub 0), Commit date: 2014-04-10 11:49, Hash f93bc76

bpy.ops.object.move_to_layer(layers=(False, False, True, False, False, False, False, False, False, False, False, False, False, False, False, False, False, False, False, False)) # Operator

backtrace

blender() [0x8c64c3]
/usr/lib/libc.so.6(+0x33df0) [0x7fc52ddb0df0]
blender(MEM_lockfree_freeN+0x28) [0x11c5958]
blender(RNA_path_full_property_py+0x72) [0x140c9d2]
blender(WM_prop_pystring_assign+0x9e) [0x8dbf0e]
blender() [0xa6041c]
blender() [0xa66224]
blender() [0xa6bf1f]
blender() [0xa6ca04]
blender() [0xa6cc27]
blender() [0xa6e220]
blender() [0x8cf062]
blender() [0x8cf378]
blender(wm_event_do_handlers+0x1cc) [0x8cf67c]
blender(WM_main+0x18) [0x8c83f8]
blender(main+0xd6f) [0x8afc6f]
/usr/lib/libc.so.6(__libc_start_main+0xf0) [0x7fc52dd9d000]
blender() [0x8c5d14]

My environment is Arch Linux 64-bit. Libraries used by Blender:

$ ldd which blender
linux-vdso.so.1 (0x00007fff5f1fe000)
libGL.so.1 => /usr/lib/libGL.so.1 (0x00007f3abc53f000)
libGLU.so.1 => /usr/lib/libGLU.so.1 (0x00007f3abc2c0000)
libpng16.so.16 => /usr/lib/libpng16.so.16 (0x00007f3abc08b000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007f3abbe75000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00007f3abbbcc000)
libpython3.4m.so.1.0 => /usr/lib/libpython3.4m.so.1.0 (0x00007f3abb742000)
libGLEW.so.1.10 => /usr/lib/libGLEW.so.1.10 (0x00007f3abb4b6000)
libopenal.so.1 => /usr/lib/libopenal.so.1 (0x00007f3abb25e000)
libfftw3.so.3 => /usr/lib/libfftw3.so.3 (0x00007f3abae5d000)
libjack.so.0 => /usr/lib/libjack.so.0 (0x00007f3abac3d000)
libsndfile.so.1 => /usr/lib/libsndfile.so.1 (0x00007f3aba9d5000)
libSDL-1.2.so.0 => /usr/lib/libSDL-1.2.so.0 (0x00007f3aba73d000)
libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007f3aba51f000)
libtiff.so.5 => /usr/lib/libtiff.so.5 (0x00007f3aba2ab000)
libOpenImageIO.so.1.4 => /usr/lib/libOpenImageIO.so.1.4 (0x00007f3ab99e0000)
libjpeg.so.8 => /usr/lib/libjpeg.so.8 (0x00007f3ab978b000)
libboost_filesystem.so.1.55.0 => /usr/lib/libboost_filesystem.so.1.55.0 (0x00007f3ab9574000)
libboost_system.so.1.55.0 => /usr/lib/libboost_system.so.1.55.0 (0x00007f3ab9370000)
libboost_thread.so.1.55.0 => /usr/lib/libboost_thread.so.1.55.0 (0x00007f3ab9158000)
libboost_locale.so.1.55.0 => /usr/lib/libboost_locale.so.1.55.0 (0x00007f3ab8e7e000)
libHalf.so.10 => /usr/lib/libHalf.so.10 (0x00007f3ab8c3b000)
libIex-2_0.so.10 => /usr/lib/libIex-2_0.so.10 (0x00007f3ab8a1a000)
libIlmImf-Imf_2_0.so.20 => /usr/lib/libIlmImf-Imf_2_0.so.20 (0x00007f3ab8708000)
libOpenColorIO.so.1 => /usr/lib/libOpenColorIO.so.1 (0x00007f3ab83b6000)
libopenjpeg.so.1 => /usr/lib/libopenjpeg.so.1 (0x00007f3ab818d000)
libavformat.so.55 => /usr/lib/libavformat.so.55 (0x00007f3ab7e04000)
libavcodec.so.55 => /usr/lib/libavcodec.so.55 (0x00007f3ab6d41000)
libavutil.so.52 => /usr/lib/libavutil.so.52 (0x00007f3ab6aee000)
libavdevice.so.55 => /usr/lib/libavdevice.so.55 (0x00007f3ab68d9000)
libswscale.so.2 => /usr/lib/libswscale.so.2 (0x00007f3ab666b000)
libOpenCOLLADAStreamWriter.so => /usr/lib64/opencollada/libOpenCOLLADAStreamWriter.so (0x00007f3ab6405000)
libOpenCOLLADASaxFrameworkLoader.so => /usr/lib64/opencollada/libOpenCOLLADASaxFrameworkLoader.so (0x00007f3ab57e8000)
libOpenCOLLADAFramework.so => /usr/lib64/opencollada/libOpenCOLLADAFramework.so (0x00007f3ab55a6000)
libOpenCOLLADABaseUtils.so => /usr/lib64/opencollada/libOpenCOLLADABaseUtils.so (0x00007f3ab5388000)
libGeneratedSaxParser.so => /usr/lib64/opencollada/libGeneratedSaxParser.so (0x00007f3ab5176000)
liboslcomp.so => /usr/lib/liboslcomp.so (0x00007f3ab4f16000)
liboslexec.so => /usr/lib/liboslexec.so (0x00007f3ab4b50000)
liboslquery.so => /usr/lib/liboslquery.so (0x00007f3ab492d000)
libX11.so.6 => /usr/lib/libX11.so.6 (0x00007f3ab45f2000)
libXi.so.6 => /usr/lib/libXi.so.6 (0x00007f3ab43e2000)
libXxf86vm.so.1 => /usr/lib/libXxf86vm.so.1 (0x00007f3ab41dc000)
libdl.so.2 => /usr/lib/libdl.so.2 (0x00007f3ab3fd8000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007f3ab3c2a000)
libm.so.6 => /usr/lib/libm.so.6 (0x00007f3ab3926000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f3ab361b000)
libgomp.so.1 => /usr/lib/libgomp.so.1 (0x00007f3ab3406000)
libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x00007f3ab31f0000)
libnvidia-tls.so.337.12 => /usr/lib/libnvidia-tls.so.337.12 (0x00007f3ab2fed000)
libnvidia-glcore.so.337.12 => /usr/lib/libnvidia-glcore.so.337.12 (0x00007f3ab042f000)
libXext.so.6 => /usr/lib/libXext.so.6 (0x00007f3ab021d000)
libbz2.so.1.0 => /usr/lib/libbz2.so.1.0 (0x00007f3ab000d000)
libharfbuzz.so.0 => /usr/lib/libharfbuzz.so.0 (0x00007f3aafdb7000)
libutil.so.1 => /usr/lib/libutil.so.1 (0x00007f3aafbb4000)
libXmu.so.6 => /usr/lib/libXmu.so.6 (0x00007f3aaf999000)
librt.so.1 => /usr/lib/librt.so.1 (0x00007f3aaf791000)
libdb-5.3.so => /usr/lib/libdb-5.3.so (0x00007f3aaf3dd000)
libFLAC.so.8 => /usr/lib/libFLAC.so.8 (0x00007f3aaf1ab000)
libvorbisenc.so.2 => /usr/lib/libvorbisenc.so.2 (0x00007f3aaef02000)
libvorbis.so.0 => /usr/lib/libvorbis.so.0 (0x00007f3aaecd5000)
libogg.so.0 => /usr/lib/libogg.so.0 (0x00007f3aaeace000)
/lib64/ld-linux-x86-64.so.2 (0x00007f3abc877000)
liblzma.so.5 => /usr/lib/liblzma.so.5 (0x00007f3aae8ab000)
libboost_regex.so.1.55.0 => /usr/lib/libboost_regex.so.1.55.0 (0x00007f3aae59c000)
libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x00007f3aae196000)
libboost_chrono.so.1.55.0 => /usr/lib/libboost_chrono.so.1.55.0 (0x00007f3aadf8e000)
libicuuc.so.53 => /usr/lib/libicuuc.so.53 (0x00007f3aadc13000)
libicui18n.so.53 => /usr/lib/libicui18n.so.53 (0x00007f3aad7e1000)
libicudata.so.53 => /usr/lib/libicudata.so.53 (0x00007f3aac159000)
libImath-2_0.so.10 => /usr/lib/libImath-2_0.so.10 (0x00007f3aabf47000)
libIexMath-2_0.so.10 => /usr/lib/libIexMath-2_0.so.10 (0x00007f3aabd42000)
libIlmThread-2_0.so.10 => /usr/lib/libIlmThread-2_0.so.10 (0x00007f3aabb3b000)
librtmp.so.1 => /usr/lib/librtmp.so.1 (0x00007f3aab91f000)
libmodplug.so.1 => /usr/lib/libmodplug.so.1 (0x00007f3aab593000)
libbluray.so.1 => /usr/lib/libbluray.so.1 (0x00007f3aab361000)
libgnutls.so.28 => /usr/lib/libgnutls.so.28 (0x00007f3aab04b000)
libva.so.1 => /usr/lib/libva.so.1 (0x00007f3aaae35000)
libxvidcore.so.4 => /usr/lib/libxvidcore.so.4 (0x00007f3aaab1f000)
libx265.so.16 => /usr/lib/libx265.so.16 (0x00007f3aaa6ac000)
libx264.so.142 => /usr/lib/libx264.so.142 (0x00007f3aaa33a000)
libvpx.so.1 => /usr/lib/libvpx.so.1 (0x00007f3aa9f56000)
libtheoraenc.so.1 => /usr/lib/libtheoraenc.so.1 (0x00007f3aa9d15000)
libtheoradec.so.1 => /usr/lib/libtheoradec.so.1 (0x00007f3aa9afc000)
libspeex.so.1 => /usr/lib/libspeex.so.1 (0x00007f3aa98e3000)
libschroedinger-1.0.so.0 => /usr/lib/libschroedinger-1.0.so.0 (0x00007f3aa961a000)
libopus.so.0 => /usr/lib/libopus.so.0 (0x00007f3aa93ce000)
libopencore-amrwb.so.0 => /usr/lib/libopencore-amrwb.so.0 (0x00007f3aa91ba000)
libopencore-amrnb.so.0 => /usr/lib/libopencore-amrnb.so.0 (0x00007f3aa8f90000)
libmp3lame.so.0 => /usr/lib/libmp3lame.so.0 (0x00007f3aa8d19000)
libgsm.so.1 => /usr/lib/libgsm.so.1 (0x00007f3aa8b0e000)
libavfilter.so.4 => /usr/lib/libavfilter.so.4 (0x00007f3aa8802000)
libXfixes.so.3 => /usr/lib/libXfixes.so.3 (0x00007f3aa85fc000)
libasound.so.2 => /usr/lib/libasound.so.2 (0x00007f3aa8305000)
libv4l2.so.0 => /usr/lib/libv4l2.so.0 (0x00007f3aa80f7000)
libpulse-simple.so.0 => /usr/lib/libpulse-simple.so.0 (0x00007f3aa7ef3000)
libpulse.so.0 => /usr/lib/libpulse.so.0 (0x00007f3aa7ca8000)
libbuffer.so => /usr/lib64/opencollada/libbuffer.so (0x00007f3aa7aa0000)
libMathMLSolver.so => /usr/lib64/opencollada/libMathMLSolver.so (0x00007f3aa7850000)
libpcre.so.1 => /usr/lib/libpcre.so.1 (0x00007f3aa75e6000)
libUTF.so => /usr/lib64/opencollada/libUTF.so (0x00007f3aa73e3000)
libxml2.so.2 => /usr/lib/libxml2.so.2 (0x00007f3aa707b000)
libLLVM-3.4.1.so => /usr/lib/libLLVM-3.4.1.so (0x00007f3aa5432000)
libxcb.so.1 => /usr/lib/libxcb.so.1 (0x00007f3aa5212000)
libglib-2.0.so.0 => /usr/lib/libglib-2.0.so.0 (0x00007f3aa4f0a000)
libgraphite2.so.3 => /usr/lib/libgraphite2.so.3 (0x00007f3aa4cec000)
libXt.so.6 => /usr/lib/libXt.so.6 (0x00007f3aa4a85000)
libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007f3aa4818000)
libp11-kit.so.0 => /usr/lib/libp11-kit.so.0 (0x00007f3aa45d6000)
libtasn1.so.6 => /usr/lib/libtasn1.so.6 (0x00007f3aa43c2000)
libnettle.so.4 => /usr/lib/libnettle.so.4 (0x00007f3aa4194000)
libhogweed.so.2 => /usr/lib/libhogweed.so.2 (0x00007f3aa3f65000)
libgmp.so.10 => /usr/lib/libgmp.so.10 (0x00007f3aa3cee000)
liborc-0.4.so.0 => /usr/lib/liborc-0.4.so.0 (0x00007f3aa3a68000)
libswresample.so.0 => /usr/lib/libswresample.so.0 (0x00007f3aa3850000)
libavresample.so.1 => /usr/lib/libavresample.so.1 (0x00007f3aa3632000)
libpostproc.so.52 => /usr/lib/libpostproc.so.52 (0x00007f3aa3414000)
libass.so.5 => /usr/lib/libass.so.5 (0x00007f3aa31f4000)
libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x00007f3aa2fb7000)
libv4lconvert.so.0 => /usr/lib/libv4lconvert.so.0 (0x00007f3aa2d3e000)
libpulsecommon-5.0.so => /usr/lib/pulseaudio/libpulsecommon-5.0.so (0x00007f3aa2aca000)
libjson-c.so.2 => /usr/lib/libjson-c.so.2 (0x00007f3aa28bf000)
libdbus-1.so.3 => /usr/lib/libdbus-1.so.3 (0x00007f3aa2678000)
libftoa.so => /usr/lib64/opencollada/libftoa.so (0x00007f3aa2474000)
libffi.so.6 => /usr/lib/libffi.so.6 (0x00007f3aa226c000)
libncursesw.so.5 => /usr/lib/libncursesw.so.5 (0x00007f3aa2007000)
libXau.so.6 => /usr/lib/libXau.so.6 (0x00007f3aa1e03000)
libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x00007f3aa1bfd000)
libSM.so.6 => /usr/lib/libSM.so.6 (0x00007f3aa19f5000)
libICE.so.6 => /usr/lib/libICE.so.6 (0x00007f3aa17d9000)
libfribidi.so.0 => /usr/lib/libfribidi.so.0 (0x00007f3aa15c1000)
libenca.so.0 => /usr/lib/libenca.so.0 (0x00007f3aa138e000)
libexpat.so.1 => /usr/lib/libexpat.so.1 (0x00007f3aa1164000)
libsystemd-journal.so.0 => /usr/lib/libsystemd-journal.so.0 (0x00007f3abca04000)
libasyncns.so.0 => /usr/lib/libasyncns.so.0 (0x00007f3aa0f5e000)
libuuid.so.1 => /usr/lib/libuuid.so.1 (0x00007f3aa0d59000)
libgcrypt.so.20 => /usr/lib/libgcrypt.so.20 (0x00007f3aa0a7b000)
libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x00007f3aa0876000)
libnsl.so.1 => /usr/lib/libnsl.so.1 (0x00007f3aa065e000)
libresolv.so.2 => /usr/lib/libresolv.so.2 (0x00007f3aa0447000)

Kernel:

$ uname -a
Linux visentti 3.14.4-1-ARCH #1 SMP PREEMPT Tue May 13 16:41:39 CEST 2014 x86_64 GNU/Linux

Related Objects

Event Timeline

Timo Saarinen (timosa75) set Type to Bug.
Timo Saarinen (timosa75) created this task.
Timo Saarinen (timosa75) raised the priority of this task from to Needs Triage by Developer.

Can’t reproduce on Debian wheezy 64… Campbell, think you are using Arch too?

I can reproduce this on Arch Linux every time, along with other semi-random crashes. Starting/restarting the game engine also occasionally crashes Blender for me. That happens a lot more on my desktop computer than my laptop. My desktop has an ATI/AMD graphics card, and my laptop has an Intel graphics card. They are both running Arch.

I can reproduce this on two independent Arch Linux 64 installations. The other has Intel graphics and the other nVidia. Some days ago all worked as expected. Here are some Blender-related dependencies (/var/log/pacman.log), that were updated recently, if they are helpful for you.

[2014-05-11 10:25] [PACMAN] upgraded sdl (1.2.15-5 -> 1.2.15-6)
[2014-05-12 18:20] [PACMAN] upgraded libxcb (1.10-1 -> 1.10-2)
[2014-05-12 18:20] [PACMAN] upgraded libva (1.3.0-1 -> 1.3.1-1)
[2014-05-14 08:30] [PACMAN] upgraded libdbus (1.8.0-1 -> 1.8.2-1)
[2014-05-15 21:37] [PACMAN] upgraded openimageio (1.3.13-1 -> 1.4.5.git-1)
[2014-05-15 21:38] [PACMAN] upgraded blender (14:2.70a-1 -> 14:2.70a-2)

And this one too...

[2014-05-15 21:37] [PACMAN] upgraded openshadinglanguage (1.5.4dev-1 -> 1.5.7dev-1)

No crash with the same version on Ubuntu 12.10 x86-64 and Ubuntu 14.04 x86-64.

Crashes on 32 bit Arch Linux as well. Here is the related bug in Arch Linux bug system. The packager suspects gcc 4.9 related problem.

https://bugs.archlinux.org/task/40396

Bastien Montagne (mont29) triaged this task as Normal priority.May 18 2014, 9:24 AM

I can also confirm this bug on Arch Linux 64.

Blender version (from pacman): 14:2.70a-2
Arch: x86_64

Looks like it segfaults on Group creation too (see T40250)…

Campbell, assigning to you, afaik you are our main Arch dev?

I'm also on Arch 64 and have this problem too for some time now, on my own compiled Blender-master. Crashes/segfaults consistently, not only when moving an object to another layer, but also when subdividing and then increasing the cuts. Downloading from builder.blender.org does not have these crashes.

Hi, I'm the Blender package maintainer in Arch. I fixed our package by forcing -O1 for now and it seems to work. This is obviously not preferable. I'm pretty sure this isn't anything Arch specific but rather a new property to gcc 4.9's optimizing options. I'm not sure which optimization causes this and I can't really investigate as well as you guys could.

This is a bug that eventually all other distros will run into once they finally upgrade to gcc 4.9 and should be fixed by Blender. Using -O1 is not a fix, only a workaround.

@Sven-Hendrik Haase (svenstaro), hi, I use arch for my main workstation, seems massing a NULL string (%s) to vsnprintf functions is cause of crash.

eg:

printf("%s\n", NULL);

Note. previous fix was wrong, committed a correct fix (bad use of nonnull attribute)

rBc28f2ed4898b582b3efc67aef7f4f01b9e9ac7bd

This is only a compile-time test for the most trivial cases. Some similar bugs could remain hidden. And maybe many other builtins are affected.

@Fazekas Laszlo (totoro), not sure what you mean. Incorrect use of nonnull attribute can cause crashes, but I checked for other similar cases to this and couldn't find any.

As https://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html says, the nonnull attribute is only a simple compile-time test. I'm sure it can find a NULL only if the argument is a constant (even through a variable etc. but its origin must be a static const). The side effect is at the optimization: the compiler gets a (maybe false) info that the argument is surely not null and uses this to simplify the code. Sometimes this means removing important null checkings. What if the function with the attribute actually can accept null as an argument (@Sven-Hendrik Haase (svenstaro) 's example is memmove() with zero length: obviously won't crash with a null) and the new optimization policy causes hardly detectable bugs.

Maybe this is okay and not a serious problem anyway. Also I hope gcc will find a better way to optimize in the next version (for example not removing explicit null checkings).

@Fazekas Laszlo (totoro)

As far as I can see, GCC is correct and blender was wrong.

  • GCC uses nonnull to tag a variable as never being NULL.
  • Blender incorrectly marked all args to BLI_sprintfN as nonnull.
  • GCC optimized out a NULL check later on (after that argument was passed to BLI_sprintfN)

I'm certain of this because I double checked this and found if (data_path != NULL) { printf("%p", data_path); } ignored the if check and printed 0x0.

Though it would be nice if GCC could optionally warn of redundant NULL checks.