Composite Crash- Multiview? #44345

New Issue

Aaron Carlisle · 2015-04-10T21:54:59+02:00

Aaron Carlisle commented

2015-04-10 21:54:59 +02:00

System Information
Windows 8.0
Intel HD 4600

Blender Version
Broken: 2.74.4
Worked: (optional)

Short description of error

Blender crashes I would like to keep the file privet so you can ask permission here Here I dont know what is causing the crash it is different each time. sometimes it is rendering, sometimes it is connecting and disconnecting node. CMD via blender -d says nothing and no crash log but I that wouldn't be helpful anyway. the video in the link is the one used in the compositor

Exact steps for others to reproduce the error
Try some of the above

**System Information** Windows 8.0 Intel HD 4600 **Blender Version** Broken: 2.74.4 Worked: (optional) **Short description of error** Blender crashes I would like to keep the file privet so you can ask permission here [Here ](https://drive.google.com/a/ftcteam4081.com/folderview?id=0B4CLCL8cP5lSfjdXMFNkd3hvMDFWanA2ZVUxWVlPeVNmV3R3LUxyRHJaVl93SnpEdlZKM2c&usp=sharing) I dont know what is causing the crash it is different each time. sometimes it is rendering, sometimes it is connecting and disconnecting node. CMD via `blender -d` says nothing and no crash log but I that wouldn't be helpful anyway. the video in the link is the one used in the compositor **Exact steps for others to reproduce the error** Try some of the above

Aaron Carlisle commented

2015-04-10 21:54:59 +02:00

Changed status to: 'Open'

Aaron Carlisle commented

2015-04-10 21:54:59 +02:00

Added subscriber: @Blendify

blender-admin commented

2015-04-10 21:54:59 +02:00

#44644 was marked as duplicate of this issue

Aaron Carlisle commented

2015-04-10 21:59:13 +02:00

I have not been able to render a frame past 15 before crash so hitting animation should crash at some point

Aaron Carlisle commented

2015-04-10 22:17:50 +02:00

Blender hash 12661de
Blender 2.74 master works fine

Blender hash 12661de Blender 2.74 master works fine

Aaron Carlisle self-assigned this 2015-04-12 19:11:37 +02:00

Aaron Carlisle changed title from ~~Composite Crash~~ to Composite Crash- Multiview?

2015-04-12 19:12:07 +02:00

Aaron Carlisle removed their assignment 2015-04-12 19:12:32 +02:00

Aaron Carlisle commented

2015-04-13 19:20:52 +02:00

Added subscriber: @ideasman42

Aaron Carlisle commented

2015-04-13 19:20:52 +02:00

shared with you @ideasman42

Julian Eisel commented

2015-04-13 19:22:29 +02:00

Added subscribers: @dfelinto, @JulianEisel

Julian Eisel commented

2015-04-13 19:22:29 +02:00

@dfelinto, mind having a look at this one as well? At least trying to recreate, since this also might be ugly Intel drivers again. Can of course also test but if Aaron prefers to handle it's file private we should avoid as much eager eyes as possible (also dev ones) ;)

Dalai Felinto was assigned by Julian Eisel

2015-04-13 19:22:46 +02:00

Aaron Carlisle commented

2015-04-13 19:29:37 +02:00

node set up

Video file is a .avi not interlaced

node set up ![Capture.JPG](https://archive.blender.org/developer/F161602/Capture.JPG) Video file is a .avi not interlaced

Aaron Carlisle commented

2015-04-13 19:31:59 +02:00

and it is more of a soft crash the program stops responding and forces me to close

Aaron Carlisle commented

2015-04-13 19:49:07 +02:00

ok shared with @dfelinto

Dalai Felinto commented

2015-04-14 01:08:01 +02:00

Am I right to assume that the 'privacy' requirement here is due to the nature of the footage, and not the .blend file itself? If so, can you reproduce the issue/crash with an open movie? (e.g., https://peach.blender.org/download/ )

Aaron Carlisle commented

2015-04-14 01:27:55 +02:00

Will do i will remove sharing in the mean time

Aaron Carlisle commented

2015-04-14 01:31:13 +02:00

I will have to test tomorrow

Dalai Felinto commented

2015-04-14 02:02:24 +02:00

For the records, the issue is confirmed. It's related to thread locking


- 0  0x00007fff908bd746 in __psynch_mutexwait ()
- 1  0x00007fff8fb67779 in _pthread_mutex_lock ()
- 2  0x0000000101332be6 in BLI_lock_thread (type=2) at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/threads.c:391
- 3  0x0000000100e48455 in image_get_render_result (ima=0x1090ee808, iuser=0x1090ce638, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3554
- 4  0x0000000100e45895 in image_acquire_ibuf (ima=0x1090ee808, iuser=0x1090ce638, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3870
- 5  0x0000000100e3ce24 in BKE_image_acquire_ibuf (ima=0x1090ee808, iuser=0x1090ce638, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3917
- 6  0x00000001000879ee in ED_space_image_acquire_buffer (sima=0x1090ce608, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_edit.c:117
- 7  0x0000000100085d42 in draw_image_main (C=0x107d11d68, ar=0x1145abef8) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_draw.c:836
- 8  0x0000000100095604 in image_main_area_draw (C=0x107d11d68, ar=0x1145abef8) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/space_image.c:711
- 9  0x00000001005f5deb in ED_region_do_draw (C=0x107d11d68, ar=0x1145abef8) at /Users/dfelinto/blender/git/blender/source/blender/editors/screen/area.c:477
- 10 0x0000000100012d4e in wm_method_draw_triple (C=0x107d11d68, win=0x1145a14c8) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:640
- 11 0x0000000100011f08 in wm_draw_update (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:1047
- 12 0x000000010000c4e0 in WM_main (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm.c:493
- 13 0x0000000100007da1 in main (argc=1, argv=0x7fff5fbff720) at /Users/dfelinto/blender/git/blender/source/creator/creator.c:1864

@Blendify until we fix this issue you can render your animation by closing your Image Editor (or set it to see something other than the Render Result)

For the records, the issue is confirmed. It's related to thread locking ``` - 0 0x00007fff908bd746 in __psynch_mutexwait () - 1 0x00007fff8fb67779 in _pthread_mutex_lock () - 2 0x0000000101332be6 in BLI_lock_thread (type=2) at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/threads.c:391 - 3 0x0000000100e48455 in image_get_render_result (ima=0x1090ee808, iuser=0x1090ce638, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3554 - 4 0x0000000100e45895 in image_acquire_ibuf (ima=0x1090ee808, iuser=0x1090ce638, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3870 - 5 0x0000000100e3ce24 in BKE_image_acquire_ibuf (ima=0x1090ee808, iuser=0x1090ce638, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3917 - 6 0x00000001000879ee in ED_space_image_acquire_buffer (sima=0x1090ce608, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_edit.c:117 - 7 0x0000000100085d42 in draw_image_main (C=0x107d11d68, ar=0x1145abef8) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_draw.c:836 - 8 0x0000000100095604 in image_main_area_draw (C=0x107d11d68, ar=0x1145abef8) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/space_image.c:711 - 9 0x00000001005f5deb in ED_region_do_draw (C=0x107d11d68, ar=0x1145abef8) at /Users/dfelinto/blender/git/blender/source/blender/editors/screen/area.c:477 - 10 0x0000000100012d4e in wm_method_draw_triple (C=0x107d11d68, win=0x1145a14c8) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:640 - 11 0x0000000100011f08 in wm_draw_update (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:1047 - 12 0x000000010000c4e0 in WM_main (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm.c:493 - 13 0x0000000100007da1 in main (argc=1, argv=0x7fff5fbff720) at /Users/dfelinto/blender/git/blender/source/creator/creator.c:1864 ``` @Blendify until we fix this issue you can render your animation by closing your Image Editor (or set it to see something other than the Render Result)

Aaron Carlisle commented

2015-04-14 02:53:09 +02:00

2.74 works so I will continue with that thanks

Dalai Felinto commented

2015-04-14 05:14:29 +02:00

Added subscriber: @Sergey

Dalai Felinto commented

2015-04-14 05:14:29 +02:00

Sometimes I'm getting this:

- 0  0x00007fff908bd866 in __pthread_kill ()
- 1  0x00007fff8fb6535c in pthread_kill ()
- 2  0x00007fff8e247b1a in abort ()
- 3  0x00007fff8f2f707f in free ()
- 4  0x000000010138163a in MEM_CacheLimiter<MEM_CacheLimiterHandleCClass>::unmanage (this=0x1137559d8, handle=0x114482520) at MEM_CacheLimiter.h:166
- 5  0x00000001013806d4 in MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage (this=0x114482520) at MEM_CacheLimiter.h:121
- 6  0x000000010137ffbd in MEM_CacheLimiter_unmanage (handle=0x114482520) at /Users/dfelinto/blender/git/blender/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:184
- 7  0x00000001012a0bae in moviecache_valfree (val=0x10a185810) at /Users/dfelinto/blender/git/blender/source/blender/imbuf/intern/moviecache.c:132
- 8  0x00000001012c27b6 in ghash_insert_safe [inlined] () at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/BLI_ghash.c:501
- 9  0x00000001012c27b6 in BLI_ghash_reinsert (gh=0x114477148, key=0x10a0e4810, val=0x10a185830, keyfreefp=0x1012a0b20 <moviecache_keyfree>, valfreefp=0x1012a0b70 <moviecache_valfree>) at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/BLI_ghash.c:693
- 10 0x00000001012a0619 in do_moviecache_put (cache=0x11447e368, userkey=0x7fff5fbff2f0, ibuf=0x10a18d408, need_lock=true) at /Users/dfelinto/blender/git/blender/source/blender/imbuf/intern/moviecache.c:365
- 11 0x00000001012a04ea in IMB_moviecache_put (cache=0x11447e368, userkey=0x7fff5fbff2f0, ibuf=0x10a18d408) at /Users/dfelinto/blender/git/blender/source/blender/imbuf/intern/moviecache.c:394
- 12 0x0000000100e3e3fa in imagecache_put (image=0x10934cc08, index=2146430959, ibuf=0x10a18d408) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:162
- 13 0x0000000100e3f17d in image_assign_ibuf (ima=0x10934cc08, ibuf=0x10a18d408, index=2146430959, frame=0) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:407
- 14 0x0000000100e4592f in image_acquire_ibuf (ima=0x10934cc08, iuser=0x0, lock_r=0x7fff5fbff468) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3887
- 15 0x0000000100e3ce24 in BKE_image_acquire_ibuf (ima=0x10934cc08, iuser=0x0, lock_r=0x7fff5fbff468) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3917
- 16 0x00000001000bb984 in draw_nodespace_back_pix (C=0x107d11d68, ar=0x118b21c48, snode=0x118b21dd8, parent_key={value = 5381}) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_node/drawnode.c:3176
- 17 0x00000001000cdf7d in drawnodespace (C=0x107d11d68, ar=0x118b21c48) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_node/node_draw.c:1347
- 18 0x00000001000e6c5d in node_main_area_draw (C=0x107d11d68, ar=0x118b21c48) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_node/space_node.c:662
- 19 0x00000001005f5deb in ED_region_do_draw (C=0x107d11d68, ar=0x118b21c48) at /Users/dfelinto/blender/git/blender/source/blender/editors/screen/area.c:477
- 20 0x0000000100012d4e in wm_method_draw_triple (C=0x107d11d68, win=0x118b10e88) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:640
- 21 0x0000000100011f08 in wm_draw_update (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:1047
- 22 0x000000010000c4e0 in WM_main (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm.c:493
- 23 0x0000000100007da1 in main (argc=1, argv=0x7fff5fbff720) at /Users/dfelinto/blender/git/blender/source/creator/creator.c:1864

@Sergey any ideas of what this may be?

Sometimes I'm getting this: ``` - 0 0x00007fff908bd866 in __pthread_kill () - 1 0x00007fff8fb6535c in pthread_kill () - 2 0x00007fff8e247b1a in abort () - 3 0x00007fff8f2f707f in free () - 4 0x000000010138163a in MEM_CacheLimiter<MEM_CacheLimiterHandleCClass>::unmanage (this=0x1137559d8, handle=0x114482520) at MEM_CacheLimiter.h:166 - 5 0x00000001013806d4 in MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage (this=0x114482520) at MEM_CacheLimiter.h:121 - 6 0x000000010137ffbd in MEM_CacheLimiter_unmanage (handle=0x114482520) at /Users/dfelinto/blender/git/blender/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:184 - 7 0x00000001012a0bae in moviecache_valfree (val=0x10a185810) at /Users/dfelinto/blender/git/blender/source/blender/imbuf/intern/moviecache.c:132 - 8 0x00000001012c27b6 in ghash_insert_safe [inlined] () at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/BLI_ghash.c:501 - 9 0x00000001012c27b6 in BLI_ghash_reinsert (gh=0x114477148, key=0x10a0e4810, val=0x10a185830, keyfreefp=0x1012a0b20 <moviecache_keyfree>, valfreefp=0x1012a0b70 <moviecache_valfree>) at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/BLI_ghash.c:693 - 10 0x00000001012a0619 in do_moviecache_put (cache=0x11447e368, userkey=0x7fff5fbff2f0, ibuf=0x10a18d408, need_lock=true) at /Users/dfelinto/blender/git/blender/source/blender/imbuf/intern/moviecache.c:365 - 11 0x00000001012a04ea in IMB_moviecache_put (cache=0x11447e368, userkey=0x7fff5fbff2f0, ibuf=0x10a18d408) at /Users/dfelinto/blender/git/blender/source/blender/imbuf/intern/moviecache.c:394 - 12 0x0000000100e3e3fa in imagecache_put (image=0x10934cc08, index=2146430959, ibuf=0x10a18d408) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:162 - 13 0x0000000100e3f17d in image_assign_ibuf (ima=0x10934cc08, ibuf=0x10a18d408, index=2146430959, frame=0) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:407 - 14 0x0000000100e4592f in image_acquire_ibuf (ima=0x10934cc08, iuser=0x0, lock_r=0x7fff5fbff468) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3887 - 15 0x0000000100e3ce24 in BKE_image_acquire_ibuf (ima=0x10934cc08, iuser=0x0, lock_r=0x7fff5fbff468) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3917 - 16 0x00000001000bb984 in draw_nodespace_back_pix (C=0x107d11d68, ar=0x118b21c48, snode=0x118b21dd8, parent_key={value = 5381}) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_node/drawnode.c:3176 - 17 0x00000001000cdf7d in drawnodespace (C=0x107d11d68, ar=0x118b21c48) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_node/node_draw.c:1347 - 18 0x00000001000e6c5d in node_main_area_draw (C=0x107d11d68, ar=0x118b21c48) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_node/space_node.c:662 - 19 0x00000001005f5deb in ED_region_do_draw (C=0x107d11d68, ar=0x118b21c48) at /Users/dfelinto/blender/git/blender/source/blender/editors/screen/area.c:477 - 20 0x0000000100012d4e in wm_method_draw_triple (C=0x107d11d68, win=0x118b10e88) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:640 - 21 0x0000000100011f08 in wm_draw_update (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:1047 - 22 0x000000010000c4e0 in WM_main (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm.c:493 - 23 0x0000000100007da1 in main (argc=1, argv=0x7fff5fbff720) at /Users/dfelinto/blender/git/blender/source/creator/creator.c:1864 ``` @Sergey any ideas of what this may be?

Sergey Sharybin commented

2015-04-14 09:49:54 +02:00

Hard to tell without the file. Latest backtrace seems to be something related with double-free of cache-limited image buffer (could either wrong user counter happening somewhere or could be still some non-threadsafe issues in that area). I'm not sure why first backtrace goes to mutex lock, but could be a reason of some bigger memory corruption.

Dalai Felinto commented

2015-04-14 17:36:19 +02:00

I don't know if it's related, but if you try the sample from #44343 (open the file, press ESC to show the compositor nodes, and render F12) I get a freeze right away here:

Program received signal SIGTSTP, Stopped (user).
0x00007fff908bd746 in __psynch_mutexwait ()
(gdb) bt
- 0  0x00007fff908bd746 in __psynch_mutexwait ()
- 1  0x00007fff8fb67779 in _pthread_mutex_lock ()
- 2  0x0000000101332706 in BLI_lock_thread (type=2) at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/threads.c:391
- 3  0x0000000100e47965 in image_get_render_result (ima=0x10bda6c08, iuser=0x10be91038, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3554
- 4  0x0000000100e44da5 in image_acquire_ibuf (ima=0x10bda6c08, iuser=0x10be91038, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3870
- 5  0x0000000100e3c334 in BKE_image_acquire_ibuf (ima=0x10bda6c08, iuser=0x10be91038, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3917
- 6  0x00000001000877ee in ED_space_image_acquire_buffer (sima=0x10be91008, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_edit.c:117
- 7  0x0000000100085b42 in draw_image_main (C=0x107d11d68, ar=0x119733448) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_draw.c:836
- 8  0x0000000100095404 in image_main_area_draw (C=0x107d11d68, ar=0x119733448) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/space_image.c:711
- 9  0x00000001005f5e2b in ED_region_do_draw (C=0x107d11d68, ar=0x119733448) at /Users/dfelinto/blender/git/blender/source/blender/editors/screen/area.c:477
- 10 0x0000000100012cae in wm_method_draw_triple (C=0x107d11d68, win=0x11971a598) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:640
- 11 0x0000000100011e68 in wm_draw_update (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:1047
- 12 0x000000010000c440 in WM_main (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm.c:493
- 13 0x0000000100007d01 in main (argc=1, argv=0x7fff5fbff720) at /Users/dfelinto/blender/git/blender/source/creator/creator.c:1864

I don't know if it's related, but if you try the sample from #44343 (open the file, press ESC to show the compositor nodes, and render F12) I get a freeze right away here: ``` Program received signal SIGTSTP, Stopped (user). 0x00007fff908bd746 in __psynch_mutexwait () (gdb) bt - 0 0x00007fff908bd746 in __psynch_mutexwait () - 1 0x00007fff8fb67779 in _pthread_mutex_lock () - 2 0x0000000101332706 in BLI_lock_thread (type=2) at /Users/dfelinto/blender/git/blender/source/blender/blenlib/intern/threads.c:391 - 3 0x0000000100e47965 in image_get_render_result (ima=0x10bda6c08, iuser=0x10be91038, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3554 - 4 0x0000000100e44da5 in image_acquire_ibuf (ima=0x10bda6c08, iuser=0x10be91038, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3870 - 5 0x0000000100e3c334 in BKE_image_acquire_ibuf (ima=0x10bda6c08, iuser=0x10be91038, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/blenkernel/intern/image.c:3917 - 6 0x00000001000877ee in ED_space_image_acquire_buffer (sima=0x10be91008, lock_r=0x7fff5fbff428) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_edit.c:117 - 7 0x0000000100085b42 in draw_image_main (C=0x107d11d68, ar=0x119733448) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/image_draw.c:836 - 8 0x0000000100095404 in image_main_area_draw (C=0x107d11d68, ar=0x119733448) at /Users/dfelinto/blender/git/blender/source/blender/editors/space_image/space_image.c:711 - 9 0x00000001005f5e2b in ED_region_do_draw (C=0x107d11d68, ar=0x119733448) at /Users/dfelinto/blender/git/blender/source/blender/editors/screen/area.c:477 - 10 0x0000000100012cae in wm_method_draw_triple (C=0x107d11d68, win=0x11971a598) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:640 - 11 0x0000000100011e68 in wm_draw_update (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm_draw.c:1047 - 12 0x000000010000c440 in WM_main (C=0x107d11d68) at /Users/dfelinto/blender/git/blender/source/blender/windowmanager/intern/wm.c:493 - 13 0x0000000100007d01 in main (argc=1, argv=0x7fff5fbff720) at /Users/dfelinto/blender/git/blender/source/creator/creator.c:1864 ```

Dalai Felinto commented

2015-04-22 23:57:00 +02:00

@Blendify poke, can you get a sample file that can be used by anyone?

Aaron Carlisle commented

2015-04-23 20:40:41 +02:00

weren’t you able to reproduce... any way i will try

Aaron Carlisle commented

2015-05-02 00:53:43 +02:00

I think this is the same thing but... With the default scene go to compositor. Hit use nodes. Hit render on the layer input node this should reproduce the crash.

Dalai Felinto commented

2015-05-04 14:30:43 +02:00

With the default scene go to compositor. Hit use nodes. Hit render on the layer input node this should reproduce the crash.

I get no crashes here this way. Does any one do? @JulianEisel ?

> With the default scene go to compositor. Hit use nodes. Hit render on the layer input node this should reproduce the crash. I get no crashes here this way. Does any one do? @JulianEisel ?

Bastien Montagne commented

2015-05-09 22:57:12 +02:00

Added subscribers: @MikhailRachinskiy, @mont29

Bastien Montagne commented

2015-05-09 23:05:59 +02:00

File from #44644 makes it dead easy to reproduce (just add a blur node to the nodes - if no immediate crash, play a bit with its settings): crash.zip

And here is the asan backtrace:

P224: #44345

=================================================================
==9879==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030002206d0 at pc 0x500707f bp 0x7ffcbf84dab0 sp 0x7ffcbf84daa8
READ of size 8 at 0x6030002206d0 thread T0
    #0 0x500707e in MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage() /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:121
    #1 0x5006322 in MEM_CacheLimiter_unmanage /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:184
    #2 0x4aba351 in moviecache_valfree /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:132
    #3 0x4b1f2eb in ghash_insert_safe /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:501
    #4 0x4b1f2eb in BLI_ghash_reinsert /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:693
    #5 0x4abb9a0 in do_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:365
    #6 0x4abbcd1 in IMB_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:394
    #7 0x40ce359 in imagecache_put /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:162
    #8 0x40cfcbc in image_assign_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:407
    #9 0x40e488e in image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3930
    #10 0x40e4a26 in BKE_image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3960
    #11 0x23f2a64 in draw_nodespace_back_pix /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/drawnode.c:3176
    #12 0x240157b in drawnodespace /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_draw.c:1347
    #13 0x242c30c in node_main_area_draw /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/space_node.c:660
    #14 0x2f766c2 in ED_region_do_draw /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/area.c:517
    #15 0x227f78a in wm_method_draw_triple /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:640
    #16 0x2281e36 in wm_draw_update /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:1047
    #17 0x2272fff in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:493
    #18 0x2270d31 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1866
    #19 0x7fb6e83b4b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #20 0x226b5ae (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x226b5ae)

0x6030002206d0 is located 16 bytes inside of 24-byte region [0x6030002206c0,0x6030002206d8)
freed by thread #102 here:
    #0 0x7fb6f06ad477 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x55477)
    #1 0x5008013 in MEM_CacheLimiter<MEM_CacheLimiterHandleCClass>::unmanage(MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>*) /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:166
    #2 0x5007095 in MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage() /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:121
    #3 0x5006322 in MEM_CacheLimiter_unmanage /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:184
    #4 0x4aba351 in moviecache_valfree /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:132
    #5 0x4b1e0d4 in ghash_free_cb /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:574
    #6 0x4b20f5a in BLI_ghash_free /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:860
    #7 0x4abc16a in IMB_moviecache_free /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:458
    #8 0x40cf215 in image_free_cached_frames /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:261
    #9 0x40db12d in BKE_image_verify_viewer_views /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:2430
    #10 0x3dc4e0c in ViewerOperation::initImage() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:135
    #11 0x3dc43ff in ViewerOperation::initExecution() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:74
    #12 0x3d17399 in ExecutionSystem::execute() /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_ExecutionSystem.cpp:168
    #13 0x3d15f6e in COM_execute /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_compositor.cpp:100
    #14 0x44fb369 in ntreeCompositExecTree /home/i74700deb64/blender/__work__/src/source/blender/nodes/composite/node_composite_tree.c:233
    #15 0x2402b46 in compo_startjob /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_edit.c:243
    #16 0x22a2cd7 in do_job_thread /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:328
    #17 0x4c2139e in tslot_thread_start /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:252
    #18 0x7fb6eeb930a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)

previously allocated by thread T93 here:
    #0 0x7fb6f06acfff in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54fff)
    #1 0x5006a28 in MEM_CacheLimiter<MEM_CacheLimiterHandleCClass>::insert(MEM_CacheLimiterHandleCClass*) /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:156
    #2 0x5005e85 in MEM_CacheLimiterCClass::insert(void*) /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:123
    #3 0x50062d6 in MEM_CacheLimiter_insert /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:174
    #4 0x4abbb55 in do_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:374
    #5 0x4abbcd1 in IMB_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:394
    #6 0x40ce359 in imagecache_put /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:162
    #7 0x40cfcbc in image_assign_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:407
    #8 0x40e488e in image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3930
    #9 0x40e4a26 in BKE_image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3960
    #10 0x3dc4ea9 in ViewerOperation::initImage() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:140
    #11 0x3dc43ff in ViewerOperation::initExecution() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:74
    #12 0x3d17399 in ExecutionSystem::execute() /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_ExecutionSystem.cpp:168
    #13 0x3d15f6e in COM_execute /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_compositor.cpp:100
    #14 0x44fb369 in ntreeCompositExecTree /home/i74700deb64/blender/__work__/src/source/blender/nodes/composite/node_composite_tree.c:233
    #15 0x2402b46 in compo_startjob /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_edit.c:243
    #16 0x22a2cd7 in do_job_thread /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:328
    #17 0x4c2139e in tslot_thread_start /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:252
    #18 0x7fb6eeb930a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)

Thread #102 created by T0 here:
    #0 0x7fb6f067bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
    #1 0x4c214aa in BLI_insert_thread /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:268
    #2 0x22a3461 in WM_jobs_start /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:411
    #3 0x2402f9f in ED_node_composite_job /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_edit.c:296
    #4 0x242b9e4 in node_area_refresh /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/space_node.c:556
    #5 0x2f72cfc in ED_area_do_refresh /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/area.c:149
    #6 0x2284b3d in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:384
    #7 0x2272ff3 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:490
    #8 0x2270d31 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1866
    #9 0x7fb6e83b4b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

Thread T93 created by T0 here:
    #0 0x7fb6f067bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
    #1 0x4c214aa in BLI_insert_thread /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:268
    #2 0x22a3461 in WM_jobs_start /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:411
    #3 0x22a45f8 in wm_jobs_timer /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:602
    #4 0x22d7794 in wm_window_timer /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_window.c:1136
    #5 0x22d7a3b in wm_window_process_events /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_window.c:1169
    #6 0x2272fdb in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:484
    #7 0x2270d31 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1866
    #8 0x7fb6e83b4b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

SUMMARY: AddressSanitizer: heap-use-after-free /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:121 MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage()
Shadow bytes around the buggy address:
  0x0c068003c080: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x0c068003c090: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
  0x0c068003c0a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fd fd
  0x0c068003c0b0: fd fd fa fa fd fd fd fd fa fa fd fd fd fa fa fa
  0x0c068003c0c0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
=>0x0c068003c0d0: fa fa fd fd fd fd fa fa fd fd[fd]fa fa fa fd fd
  0x0c068003c0e0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c068003c0f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c068003c100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c068003c110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c068003c120: fd fd fd fa fa fa fd fd fd fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==9879==ABORTING

There are two things obvious from quick reading of the code:

IMB_moviecache is absolutely not threadsafe, and yet it gets used in threaded context…
Issue seems to arise within new multiview code.

Hard to say whether it was already present before… And how to fix it (where to put locks? at image ID level? BKE_image_verify_viewer_views() uses global LOCK_DRAW_IMAGE, but does not seem to be used by main thread… Or do we simply make movicache threadsafe?).

File from #44644 makes it dead easy to reproduce (just add a blur node to the nodes - if no immediate crash, play a bit with its settings): [crash.zip](https://archive.blender.org/developer/F171877/crash.zip) And here is the asan backtrace: [P224: #44345](https://archive.blender.org/developer/P224.txt) ``` ================================================================= ==9879==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030002206d0 at pc 0x500707f bp 0x7ffcbf84dab0 sp 0x7ffcbf84daa8 READ of size 8 at 0x6030002206d0 thread T0 #0 0x500707e in MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage() /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:121 #1 0x5006322 in MEM_CacheLimiter_unmanage /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:184 #2 0x4aba351 in moviecache_valfree /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:132 #3 0x4b1f2eb in ghash_insert_safe /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:501 #4 0x4b1f2eb in BLI_ghash_reinsert /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:693 #5 0x4abb9a0 in do_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:365 #6 0x4abbcd1 in IMB_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:394 #7 0x40ce359 in imagecache_put /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:162 #8 0x40cfcbc in image_assign_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:407 #9 0x40e488e in image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3930 #10 0x40e4a26 in BKE_image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3960 #11 0x23f2a64 in draw_nodespace_back_pix /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/drawnode.c:3176 #12 0x240157b in drawnodespace /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_draw.c:1347 #13 0x242c30c in node_main_area_draw /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/space_node.c:660 #14 0x2f766c2 in ED_region_do_draw /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/area.c:517 #15 0x227f78a in wm_method_draw_triple /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:640 #16 0x2281e36 in wm_draw_update /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:1047 #17 0x2272fff in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:493 #18 0x2270d31 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1866 #19 0x7fb6e83b4b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) #20 0x226b5ae (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x226b5ae) 0x6030002206d0 is located 16 bytes inside of 24-byte region [0x6030002206c0,0x6030002206d8) freed by thread #102 here: #0 0x7fb6f06ad477 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x55477) #1 0x5008013 in MEM_CacheLimiter<MEM_CacheLimiterHandleCClass>::unmanage(MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>*) /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:166 #2 0x5007095 in MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage() /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:121 #3 0x5006322 in MEM_CacheLimiter_unmanage /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:184 #4 0x4aba351 in moviecache_valfree /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:132 #5 0x4b1e0d4 in ghash_free_cb /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:574 #6 0x4b20f5a in BLI_ghash_free /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/BLI_ghash.c:860 #7 0x4abc16a in IMB_moviecache_free /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:458 #8 0x40cf215 in image_free_cached_frames /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:261 #9 0x40db12d in BKE_image_verify_viewer_views /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:2430 #10 0x3dc4e0c in ViewerOperation::initImage() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:135 #11 0x3dc43ff in ViewerOperation::initExecution() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:74 #12 0x3d17399 in ExecutionSystem::execute() /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_ExecutionSystem.cpp:168 #13 0x3d15f6e in COM_execute /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_compositor.cpp:100 #14 0x44fb369 in ntreeCompositExecTree /home/i74700deb64/blender/__work__/src/source/blender/nodes/composite/node_composite_tree.c:233 #15 0x2402b46 in compo_startjob /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_edit.c:243 #16 0x22a2cd7 in do_job_thread /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:328 #17 0x4c2139e in tslot_thread_start /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:252 #18 0x7fb6eeb930a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3) previously allocated by thread T93 here: #0 0x7fb6f06acfff in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54fff) #1 0x5006a28 in MEM_CacheLimiter<MEM_CacheLimiterHandleCClass>::insert(MEM_CacheLimiterHandleCClass*) /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:156 #2 0x5005e85 in MEM_CacheLimiterCClass::insert(void*) /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:123 #3 0x50062d6 in MEM_CacheLimiter_insert /home/i74700deb64/blender/__work__/src/intern/memutil/intern/MEM_CacheLimiterC-Api.cpp:174 #4 0x4abbb55 in do_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:374 #5 0x4abbcd1 in IMB_moviecache_put /home/i74700deb64/blender/__work__/src/source/blender/imbuf/intern/moviecache.c:394 #6 0x40ce359 in imagecache_put /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:162 #7 0x40cfcbc in image_assign_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:407 #8 0x40e488e in image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3930 #9 0x40e4a26 in BKE_image_acquire_ibuf /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/image.c:3960 #10 0x3dc4ea9 in ViewerOperation::initImage() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:140 #11 0x3dc43ff in ViewerOperation::initExecution() /home/i74700deb64/blender/__work__/src/source/blender/compositor/operations/COM_ViewerOperation.cpp:74 #12 0x3d17399 in ExecutionSystem::execute() /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_ExecutionSystem.cpp:168 #13 0x3d15f6e in COM_execute /home/i74700deb64/blender/__work__/src/source/blender/compositor/intern/COM_compositor.cpp:100 #14 0x44fb369 in ntreeCompositExecTree /home/i74700deb64/blender/__work__/src/source/blender/nodes/composite/node_composite_tree.c:233 #15 0x2402b46 in compo_startjob /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_edit.c:243 #16 0x22a2cd7 in do_job_thread /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:328 #17 0x4c2139e in tslot_thread_start /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:252 #18 0x7fb6eeb930a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3) Thread #102 created by T0 here: #0 0x7fb6f067bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x4c214aa in BLI_insert_thread /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:268 #2 0x22a3461 in WM_jobs_start /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:411 #3 0x2402f9f in ED_node_composite_job /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/node_edit.c:296 #4 0x242b9e4 in node_area_refresh /home/i74700deb64/blender/__work__/src/source/blender/editors/space_node/space_node.c:556 #5 0x2f72cfc in ED_area_do_refresh /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/area.c:149 #6 0x2284b3d in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:384 #7 0x2272ff3 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:490 #8 0x2270d31 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1866 #9 0x7fb6e83b4b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) Thread T93 created by T0 here: #0 0x7fb6f067bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x4c214aa in BLI_insert_thread /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:268 #2 0x22a3461 in WM_jobs_start /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:411 #3 0x22a45f8 in wm_jobs_timer /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:602 #4 0x22d7794 in wm_window_timer /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_window.c:1136 #5 0x22d7a3b in wm_window_process_events /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_window.c:1169 #6 0x2272fdb in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:484 #7 0x2270d31 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1866 #8 0x7fb6e83b4b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) SUMMARY: AddressSanitizer: heap-use-after-free /home/i74700deb64/blender/__work__/src/intern/memutil/MEM_CacheLimiter.h:121 MEM_CacheLimiterHandle<MEM_CacheLimiterHandleCClass>::unmanage() Shadow bytes around the buggy address: 0x0c068003c080: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa 0x0c068003c090: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd 0x0c068003c0a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fd fd 0x0c068003c0b0: fd fd fa fa fd fd fd fd fa fa fd fd fd fa fa fa 0x0c068003c0c0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd =>0x0c068003c0d0: fa fa fd fd fd fd fa fa fd fd[fd]fa fa fa fd fd 0x0c068003c0e0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c068003c0f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c068003c100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c068003c110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c068003c120: fd fd fd fa fa fa fd fd fd fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==9879==ABORTING ``` There are two things obvious from quick reading of the code: - IMB_moviecache is **absolutely not** threadsafe, and yet it gets used in threaded context… - Issue seems to arise within new multiview code. Hard to say whether it was already present before… And how to fix it (where to put locks? at image ID level? `BKE_image_verify_viewer_views()` uses global `LOCK_DRAW_IMAGE`, but does not seem to be used by main thread… Or do we simply make movicache threadsafe?).

Sergey Sharybin commented

2015-05-10 00:13:11 +02:00

imbuf/moviecache requires an owner to worry about locks and so. This is because you don't really have have threading conflict between different types of IDs (and different circumstances within a single ID) and there's no reason for central lock there.

The issue is actually caused by BKE_image_verify_viewer_views doing modifications of the actual image datablock, while previously corresponding function was only ensuring image datablock with given name/type exists.

I'm not sure why LOCK_DRAW_IMAGE is needed, but the code is missing spinlock of image_spin, which is required in areas which does modifications of the image.

imbuf/moviecache requires an owner to worry about locks and so. This is because you don't really have have threading conflict between different types of IDs (and different circumstances within a single ID) and there's no reason for central lock there. The issue is actually caused by `BKE_image_verify_viewer_views` doing modifications of the actual image datablock, while previously corresponding function was only ensuring image datablock with given name/type exists. I'm not sure why LOCK_DRAW_IMAGE is needed, but the code is missing spinlock of `image_spin`, which is required in areas which does modifications of the image.

blender-admin commented

2015-05-10 09:18:52 +02:00

This issue was referenced by 1fb97ffeed

This issue was referenced by 1fb97ffeedc9aefa4351b34bdc51764817dd2140

Bastien Montagne commented

2015-05-10 09:20:00 +02:00

Changed status from 'Open' to: 'Resolved'

Bastien Montagne closed this issue

2015-05-10 09:20:00 +02:00

Bastien Montagne commented

2015-05-10 09:20:00 +02:00

Closed by commit 1fb97ffeed.

Closed by commit 1fb97ffeed.

Bastien Montagne commented

2015-05-10 09:22:55 +02:00

Changed status from 'Resolved' to: 'Open'

Bastien Montagne reopened this issue

2015-05-10 09:22:55 +02:00

Bastien Montagne commented

2015-05-10 09:22:55 +02:00

Thanks for the hint Sergey! :)

Reopening this one, since I cannot check other cases reported here (file from #44343 is no more available :( ), and hard to be sure all places are now correctly locked in code...

Thanks for the hint Sergey! :) Reopening this one, since I cannot check other cases reported here (file from #44343 is no more available :( ), and hard to be sure all places are now correctly locked in code...

Dalai Felinto commented

2015-05-11 20:15:09 +02:00

Changed status from 'Open' to: 'Resolved'

Dalai Felinto closed this issue

2015-05-11 20:15:09 +02:00

Dalai Felinto commented

2015-05-11 20:15:09 +02:00

@mont29 let's do the other way around, let's close it until the reporter states this is not fixed AND get a working sample file. Otherwise this may ling here forever.

(and thanks for looking into that)

@mont29 let's do the other way around, let's close it until the reporter states this is not fixed AND get a working sample file. Otherwise this may ling here forever. (and thanks for looking into that)

Sign in to join this conversation.

No Label

Download

What's New

Blender Studio

Manual

Developers Blog

Documentation

Benchmark

Blender Conference

Development Fund

One-time Donations

Composite Crash- Multiview? #44345