Page MenuHome

Composite Crash- Multiview?
Closed, ResolvedPublic

Description

System Information
Windows 8.0
Intel HD 4600

Blender Version
Broken: 2.74.4
Worked: (optional)

Short description of error

Blender crashes I would like to keep the file privet so you can ask permission here Here I dont know what is causing the crash it is different each time. sometimes it is rendering, sometimes it is connecting and disconnecting node. CMD via blender -d says nothing and no crash log but I that wouldn't be helpful anyway. the video in the link is the one used in the compositor

Exact steps for others to reproduce the error
Try some of the above

Event Timeline

Aaron Carlisle (Blendify) set Type to Bug.
Aaron Carlisle (Blendify) created this task.
Aaron Carlisle (Blendify) raised the priority of this task from to Needs Triage by Developer.

I have not been able to render a frame past 15 before crash so hitting animation should crash at some point

Blender hash 12661de
Blender 2.74 master works fine

Aaron Carlisle (Blendify) renamed this task from Composite Crash to Composite Crash- Multiview?.Apr 12 2015, 7:11 PM
Aaron Carlisle (Blendify) claimed this task.
Aaron Carlisle (Blendify) removed Aaron Carlisle (Blendify) as the assignee of this task.

@Dalai Felinto (dfelinto), mind having a look at this one as well? At least trying to recreate, since this also might be ugly Intel drivers again. Can of course also test but if Aaron prefers to handle it's file private we should avoid as much eager eyes as possible (also dev ones) ;)

Julian Eisel (Severin) triaged this task as Normal priority.

node set up

Video file is a .avi not interlaced

and it is more of a soft crash the program stops responding and forces me to close

Am I right to assume that the 'privacy' requirement here is due to the nature of the footage, and not the .blend file itself? If so, can you reproduce the issue/crash with an open movie? (e.g., https://peach.blender.org/download/ )

Will do i will remove sharing in the mean time

I will have to test tomorrow

For the records, the issue is confirmed. It's related to thread locking

#0  0x00007fff908bd746 in __psynch_mutexwait ()
#1  0x00007fff8fb67779 in _pthread_mutex_lock ()
#2  0x0000000101332be6 in BLI_lock_thread (type=2) at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/threads.c:391
#3  0x0000000100e48455 in image_get_render_result (ima=0x1090ee808, iuser=0x1090ce638, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3554
#4  0x0000000100e45895 in image_acquire_ibuf (ima=0x1090ee808, iuser=0x1090ce638, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3870
#5  0x0000000100e3ce24 in BKE_image_acquire_ibuf (ima=0x1090ee808, iuser=0x1090ce638, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3917
#6  0x00000001000879ee in ED_space_image_acquire_buffer (sima=0x1090ce608, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_edit.c:117
#7  0x0000000100085d42 in draw_image_main (C=0x107d11d68, ar=0x1145abef8) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_draw.c:836
#8  0x0000000100095604 in image_main_area_draw (C=0x107d11d68, ar=0x1145abef8) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/space_image.c:711
#9  0x00000001005f5deb in ED_region_do_draw (C=0x107d11d68, ar=0x1145abef8) at /Users/dfelinto/blender/git/blender/source/blender/editors/screen/area.c:477
#10 0x0000000100012d4e in wm_method_draw_triple (C=0x107d11d68, win=0x1145a14c8) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:640
#11 0x0000000100011f08 in wm_draw_update (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:1047
#12 0x000000010000c4e0 in WM_main (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm.c:493
#13 0x0000000100007da1 in main (argc=1, argv=0x7fff5fbff720) at /Users/dfelinto/blender/git/blender/source/creator/creator.c:1864

@Aaron Carlisle (Blendify) until we fix this issue you can render your animation by closing your Image Editor (or set it to see something other than the Render Result)

2.74 works so I will continue with that thanks

Sometimes I'm getting this:

#0  0x00007fff908bd866 in __pthread_kill ()
#1  0x00007fff8fb6535c in pthread_kill ()
#2  0x00007fff8e247b1a in abort ()
#3  0x00007fff8f2f707f in free ()
#4  0x000000010138163a in MEM_CacheLimiter<MEM_CacheLimiterHandleCClass>::unmanage (this=0x1137559d8, handle=0x114482520) at MEM_CacheLimiter.h:166
#5  0x00000001013806d4 in MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage (this=0x114482520) at MEM_CacheLimiter.h:121
#6  0x000000010137ffbd in MEM_CacheLimiter_unmanage (handle=0x114482520) at /Users/dfelinto/blender/git/blender/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:184
#7  0x00000001012a0bae in moviecache_valfree (val=0x10a185810) at /Users/dfelinto/blender/git/blender/source/blender/imbuf/intern/moviecache.c:132
#8  0x00000001012c27b6 in ghash_insert_safe [inlined] () at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/BLI_ghash.c:501
#9  0x00000001012c27b6 in BLI_ghash_reinsert (gh=0x114477148, key=0x10a0e4810, val=0x10a185830, keyfreefp=0x1012a0b20 <moviecache_keyfree>, valfreefp=0x1012a0b70 <moviecache_valfree>) at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/BLI_ghash.c:693
#10 0x00000001012a0619 in do_moviecache_put (cache=0x11447e368, userkey=0x7fff5fbff2f0, ibuf=0x10a18d408, need_lock=true) at /Users/dfelinto/blender/git/blender/source/blender/imbuf/intern/moviecache.c:365
#11 0x00000001012a04ea in IMB_moviecache_put (cache=0x11447e368, userkey=0x7fff5fbff2f0, ibuf=0x10a18d408) at /Users/dfelinto/blender/git/blender/source/blender/imbuf/intern/moviecache.c:394
#12 0x0000000100e3e3fa in imagecache_put (image=0x10934cc08, index=2146430959, ibuf=0x10a18d408) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:162
#13 0x0000000100e3f17d in image_assign_ibuf (ima=0x10934cc08, ibuf=0x10a18d408, index=2146430959, frame=0) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:407
#14 0x0000000100e4592f in image_acquire_ibuf (ima=0x10934cc08, iuser=0x0, lock_r=0x7fff5fbff468) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3887
#15 0x0000000100e3ce24 in BKE_image_acquire_ibuf (ima=0x10934cc08, iuser=0x0, lock_r=0x7fff5fbff468) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3917
#16 0x00000001000bb984 in draw_nodespace_back_pix (C=0x107d11d68, ar=0x118b21c48, snode=0x118b21dd8, parent_key={value = 5381}) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_node/drawnode.c:3176
#17 0x00000001000cdf7d in drawnodespace (C=0x107d11d68, ar=0x118b21c48) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_node/node_draw.c:1347
#18 0x00000001000e6c5d in node_main_area_draw (C=0x107d11d68, ar=0x118b21c48) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_node/space_node.c:662
#19 0x00000001005f5deb in ED_region_do_draw (C=0x107d11d68, ar=0x118b21c48) at /Users/dfelinto/blender/git/blender/source/blender/editors/screen/area.c:477
#20 0x0000000100012d4e in wm_method_draw_triple (C=0x107d11d68, win=0x118b10e88) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:640
#21 0x0000000100011f08 in wm_draw_update (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:1047
#22 0x000000010000c4e0 in WM_main (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm.c:493
#23 0x0000000100007da1 in main (argc=1, argv=0x7fff5fbff720) at /Users/dfelinto/blender/git/blender/source/creator/creator.c:1864

@Sergey Sharybin (sergey) any ideas of what this may be?

Hard to tell without the file. Latest backtrace seems to be something related with double-free of cache-limited image buffer (could either wrong user counter happening somewhere or could be still some non-threadsafe issues in that area). I'm not sure why first backtrace goes to mutex lock, but could be a reason of some bigger memory corruption.

I don't know if it's related, but if you try the sample from T44343 (open the file, press ESC to show the compositor nodes, and render F12) I get a freeze right away here:

Program received signal SIGTSTP, Stopped (user).
0x00007fff908bd746 in __psynch_mutexwait ()
(gdb) bt
#0  0x00007fff908bd746 in __psynch_mutexwait ()
#1  0x00007fff8fb67779 in _pthread_mutex_lock ()
#2  0x0000000101332706 in BLI_lock_thread (type=2) at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/threads.c:391
#3  0x0000000100e47965 in image_get_render_result (ima=0x10bda6c08, iuser=0x10be91038, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3554
#4  0x0000000100e44da5 in image_acquire_ibuf (ima=0x10bda6c08, iuser=0x10be91038, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3870
#5  0x0000000100e3c334 in BKE_image_acquire_ibuf (ima=0x10bda6c08, iuser=0x10be91038, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3917
#6  0x00000001000877ee in ED_space_image_acquire_buffer (sima=0x10be91008, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_edit.c:117
#7  0x0000000100085b42 in draw_image_main (C=0x107d11d68, ar=0x119733448) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_draw.c:836
#8  0x0000000100095404 in image_main_area_draw (C=0x107d11d68, ar=0x119733448) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/space_image.c:711
#9  0x00000001005f5e2b in ED_region_do_draw (C=0x107d11d68, ar=0x119733448) at /Users/dfelinto/blender/git/blender/source/blender/editors/screen/area.c:477
#10 0x0000000100012cae in wm_method_draw_triple (C=0x107d11d68, win=0x11971a598) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:640
#11 0x0000000100011e68 in wm_draw_update (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:1047
#12 0x000000010000c440 in WM_main (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm.c:493
#13 0x0000000100007d01 in main (argc=1, argv=0x7fff5fbff720) at /Users/dfelinto/blender/git/blender/source/creator/creator.c:1864

@Aaron Carlisle (Blendify) poke, can you get a sample file that can be used by anyone?

weren’t you able to reproduce... any way i will try

I think this is the same thing but... With the default scene go to compositor. Hit use nodes. Hit render on the layer input node this should reproduce the crash.

With the default scene go to compositor. Hit use nodes. Hit render on the layer input node this should reproduce the crash.

I get no crashes here this way. Does any one do? @Julian Eisel (Severin) ?

File from T44644 makes it dead easy to reproduce (just add a blur node to the nodes - if no immediate crash, play a bit with its settings):

And here is the asan backtrace:

1=================================================================
2==9879==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030002206d0 at pc 0x500707f bp 0x7ffcbf84dab0 sp 0x7ffcbf84daa8
3READ of size 8 at 0x6030002206d0 thread T0
4 #0 0x500707e in MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage() /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:121
5 #1 0x5006322 in MEM_CacheLimiter_unmanage /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:184
6 #2 0x4aba351 in moviecache_valfree /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:132
7 #3 0x4b1f2eb in ghash_insert_safe /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:501
8 #4 0x4b1f2eb in BLI_ghash_reinsert /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:693
9 #5 0x4abb9a0 in do_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:365
10 #6 0x4abbcd1 in IMB_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:394
11 #7 0x40ce359 in imagecache_put /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:162
12 #8 0x40cfcbc in image_assign_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:407
13 #9 0x40e488e in image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3930
14 #10 0x40e4a26 in BKE_image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3960
15 #11 0x23f2a64 in draw_nodespace_back_pix /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/drawnode.c:3176
16 #12 0x240157b in drawnodespace /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_draw.c:1347
17 #13 0x242c30c in node_main_area_draw /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/space_node.c:660
18 #14 0x2f766c2 in ED_region_do_draw /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/area.c:517
19 #15 0x227f78a in wm_method_draw_triple /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:640
20 #16 0x2281e36 in wm_draw_update /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:1047
21 #17 0x2272fff in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:493
22 #18 0x2270d31 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1866
23 #19 0x7fb6e83b4b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
24 #20 0x226b5ae (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x226b5ae)
25
260x6030002206d0 is located 16 bytes inside of 24-byte region [0x6030002206c0,0x6030002206d8)
27freed by thread T102 here:
28 #0 0x7fb6f06ad477 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x55477)
29 #1 0x5008013 in MEM_CacheLimiter<MEM_CacheLimiterHandleCClass>::unmanage(MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>*) /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:166
30 #2 0x5007095 in MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage() /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:121
31 #3 0x5006322 in MEM_CacheLimiter_unmanage /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:184
32 #4 0x4aba351 in moviecache_valfree /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:132
33 #5 0x4b1e0d4 in ghash_free_cb /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:574
34 #6 0x4b20f5a in BLI_ghash_free /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:860
35 #7 0x4abc16a in IMB_moviecache_free /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:458
36 #8 0x40cf215 in image_free_cached_frames /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:261
37 #9 0x40db12d in BKE_image_verify_viewer_views /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:2430
38 #10 0x3dc4e0c in ViewerOperation::initImage() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:135
39 #11 0x3dc43ff in ViewerOperation::initExecution() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:74
40 #12 0x3d17399 in ExecutionSystem::execute() /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_ExecutionSystem.cpp:168
41 #13 0x3d15f6e in COM_execute /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_compositor.cpp:100
42 #14 0x44fb369 in ntreeCompositExecTree /home/i74700deb64/blender/__work__/src/source/blender/nodes/composite/node_composite_tree.c:233
43 #15 0x2402b46 in compo_startjob /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_edit.c:243
44 #16 0x22a2cd7 in do_job_thread /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:328
45 #17 0x4c2139e in tslot_thread_start /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:252
46 #18 0x7fb6eeb930a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
47
48previously allocated by thread T93 here:
49 #0 0x7fb6f06acfff in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54fff)
50 #1 0x5006a28 in MEM_CacheLimiter<MEM_CacheLimiterHandleCClass>::insert(MEM_CacheLimiterHandleCClass*) /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:156
51 #2 0x5005e85 in MEM_CacheLimiterCClass::insert(void*) /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:123
52 #3 0x50062d6 in MEM_CacheLimiter_insert /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:174
53 #4 0x4abbb55 in do_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:374
54 #5 0x4abbcd1 in IMB_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:394
55 #6 0x40ce359 in imagecache_put /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:162
56 #7 0x40cfcbc in image_assign_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:407
57 #8 0x40e488e in image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3930
58 #9 0x40e4a26 in BKE_image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3960
59 #10 0x3dc4ea9 in ViewerOperation::initImage() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:140
60 #11 0x3dc43ff in ViewerOperation::initExecution() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:74
61 #12 0x3d17399 in ExecutionSystem::execute() /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_ExecutionSystem.cpp:168
62 #13 0x3d15f6e in COM_execute /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_compositor.cpp:100
63 #14 0x44fb369 in ntreeCompositExecTree /home/i74700deb64/blender/__work__/src/source/blender/nodes/composite/node_composite_tree.c:233
64 #15 0x2402b46 in compo_startjob /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_edit.c:243
65 #16 0x22a2cd7 in do_job_thread /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:328
66 #17 0x4c2139e in tslot_thread_start /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:252
67 #18 0x7fb6eeb930a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
68
69Thread T102 created by T0 here:
70 #0 0x7fb6f067bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
71 #1 0x4c214aa in BLI_insert_thread /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:268
72 #2 0x22a3461 in WM_jobs_start /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:411
73 #3 0x2402f9f in ED_node_composite_job /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_edit.c:296
74 #4 0x242b9e4 in node_area_refresh /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/space_node.c:556
75 #5 0x2f72cfc in ED_area_do_refresh /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/area.c:149
76 #6 0x2284b3d in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:384
77 #7 0x2272ff3 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:490
78 #8 0x2270d31 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1866
79 #9 0x7fb6e83b4b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
80
81Thread T93 created by T0 here:
82 #0 0x7fb6f067bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
83 #1 0x4c214aa in BLI_insert_thread /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:268
84 #2 0x22a3461 in WM_jobs_start /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:411
85 #3 0x22a45f8 in wm_jobs_timer /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:602
86 #4 0x22d7794 in wm_window_timer /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_window.c:1136
87 #5 0x22d7a3b in wm_window_process_events /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_window.c:1169
88 #6 0x2272fdb in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:484
89 #7 0x2270d31 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1866
90 #8 0x7fb6e83b4b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
91
92SUMMARY: AddressSanitizer: heap-use-after-free /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:121 MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage()
93Shadow bytes around the buggy address:
94 0x0c068003c080: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
95 0x0c068003c090: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
96 0x0c068003c0a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fd fd
97 0x0c068003c0b0: fd fd fa fa fd fd fd fd fa fa fd fd fd fa fa fa
98 0x0c068003c0c0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
99=>0x0c068003c0d0: fa fa fd fd fd fd fa fa fd fd[fd]fa fa fa fd fd
100 0x0c068003c0e0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
101 0x0c068003c0f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
102 0x0c068003c100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
103 0x0c068003c110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
104 0x0c068003c120: fd fd fd fa fa fa fd fd fd fa fa fa fa fa fa fa
105Shadow byte legend (one shadow byte represents 8 application bytes):
106 Addressable: 00
107 Partially addressable: 01 02 03 04 05 06 07
108 Heap left redzone: fa
109 Heap right redzone: fb
110 Freed heap region: fd
111 Stack left redzone: f1
112 Stack mid redzone: f2
113 Stack right redzone: f3
114 Stack partial redzone: f4
115 Stack after return: f5
116 Stack use after scope: f8
117 Global redzone: f9
118 Global init order: f6
119 Poisoned by user: f7
120 Contiguous container OOB:fc
121 ASan internal: fe
122==9879==ABORTING

There are two things obvious from quick reading of the code:

  1. IMB_moviecache is absolutely not threadsafe, and yet it gets used in threaded context…
  2. Issue seems to arise within new multiview code.

Hard to say whether it was already present before… And how to fix it (where to put locks? at image ID level? BKE_image_verify_viewer_views() uses global LOCK_DRAW_IMAGE, but does not seem to be used by main thread… Or do we simply make movicache threadsafe?).

imbuf/moviecache requires an owner to worry about locks and so. This is because you don't really have have threading conflict between different types of IDs (and different circumstances within a single ID) and there's no reason for central lock there.

The issue is actually caused by BKE_image_verify_viewer_views doing modifications of the actual image datablock, while previously corresponding function was only ensuring image datablock with given name/type exists.

I'm not sure why LOCK_DRAW_IMAGE is needed, but the code is missing spinlock of image_spin, which is required in areas which does modifications of the image.

Thanks for the hint Sergey! :)

Reopening this one, since I cannot check other cases reported here (file from T44343 is no more available :( ), and hard to be sure all places are now correctly locked in code...

Dalai Felinto (dfelinto) closed this task as Resolved.May 11 2015, 8:15 PM

@Bastien Montagne (mont29) let's do the other way around, let's close it until the reporter states this is not fixed AND get a working sample file. Otherwise this may ling here forever.

(and thanks for looking into that)