Page MenuHome

Moving keys in the Dopesheet crashes with Segfault 11
Closed, ResolvedPublic

Description

System Information
MacOS 10.14.1 and AMD Radeon R9 M395X 4096 MB

Blender Version
Broken: Blender 2.80 Alpha 3a64d7ca48c
Worked: Blender 2.79

Short description of error
When translating some keys in the Dopesheet, Blender crashes with Segfault 11

Exact steps for others to reproduce the error
Open this blend file and move the selected keys in the Dopesheet. Blender crashes with Segfault 11.

Crash log:

Event Timeline

@Sergey Sharybin (sergey): This looks like a depsgraph thing. From the log:

0 libsystem_kernel.dylib 0x00007fff5d5421b2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff5d5fb5cb _pthread_cond_wait + 724
2 org.blenderfoundation.blender 0x000000010d991255 BLI_task_pool_work_and_wait + 901
3 org.blenderfoundation.blender 0x000000010d9a9b44 DEG::deg_evaluate_on_refresh(DEG::Depsgraph*) + 788
4 org.blenderfoundation.blender 0x000000010d6f1688 BKE_scene_graph_update_tagged + 392
5 org.blenderfoundation.blender 0x000000010ced7e6c wm_event_do_depsgraph + 236
6 org.blenderfoundation.blender 0x000000010ced7efe wm_event_do_refresh_wm_and_depsgraph + 126
7 org.blenderfoundation.blender 0x000000010ced84f4 wm_event_do_notifiers + 1492
8 org.blenderfoundation.blender 0x000000010ced48e8 WM_main + 40
9 org.blenderfoundation.blender 0x000000010ced0846 main + 982
10 libdyld.dylib 0x00007fff5d40608d start + 1

There have been similar reports (see T57530, T57491, T57967 to an extend)
Seems hard to reproduce (e.g I cannot get the file from this report to crash)

Note: running blender with --threads 1 seems to solve all these cases...

The backtrace is a bit confusing (shows crash inside of pthreads library), but sometimes ASAN does indeed catch memory error. Here is backtrace which should give more clues:

1=================================================================
2==13533==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030000ee9c8 at pc 0x55e2337ff650 bp 0x7f9bf0343370 sp 0x7f9bf0343368
3READ of size 1 at 0x6030000ee9c8 thread T61
4 #0 0x55e2337ff64f in rna_path_parse /home/sergey/src/blender/blender/source/blender/makesrna/intern/rna_access.c:4711
5 #1 0x55e23380088b in RNA_path_resolve_property /home/sergey/src/blender/blender/source/blender/makesrna/intern/rna_access.c:4876
6 #2 0x55e233039a30 in animsys_store_rna_setting /home/sergey/src/blender/blender/source/blender/blenkernel/intern/anim_sys.c:1483
7 #3 0x55e23303adb5 in animsys_evaluate_fcurves /home/sergey/src/blender/blender/source/blender/blenkernel/intern/anim_sys.c:1711
8 #4 0x55e23303b92e in animsys_evaluate_action_ex /home/sergey/src/blender/blender/source/blender/blenkernel/intern/anim_sys.c:1835
9 #5 0x55e23304047c in BKE_animsys_evaluate_animdata /home/sergey/src/blender/blender/source/blender/blenkernel/intern/anim_sys.c:2691
10 #6 0x55e233042ac3 in BKE_animsys_eval_animdata /home/sergey/src/blender/blender/source/blender/blenkernel/intern/anim_sys.c:2874
11 #7 0x55e233f345af in void std::__invoke_impl<void, void (*&)(Depsgraph*, ID*), Depsgraph*, ID*&>(std::__invoke_other, void (*&)(Depsgraph*, ID*), Depsgraph*&&, ID*&) /usr/include/c++/8/bits/invoke.h:60
12 #8 0x55e233f32472 in std::__invoke_result<void (*&)(Depsgraph*, ID*), Depsgraph*, ID*&>::type std::__invoke<void (*&)(Depsgraph*, ID*), Depsgraph*, ID*&>(void (*&)(Depsgraph*, ID*), Depsgraph*&&, ID*&) /usr/include/c++/8/bits/invoke.h:95
13 #9 0x55e233f2fd3c in void std::_Bind<void (*(std::_Placeholder<1>, ID*))(Depsgraph*, ID*)>::__call<void, Depsgraph*&&, 0ul, 1ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/8/functional:400
14 #10 0x55e233f2be43 in void std::_Bind<void (*(std::_Placeholder<1>, ID*))(Depsgraph*, ID*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/8/functional:484
15 #11 0x55e233f26a25 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, ID*))(Depsgraph*, ID*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/8/bits/std_function.h:297
16 #12 0x55e233f5d40d in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/8/bits/std_function.h:687
17 #13 0x55e233f5ba06 in deg_task_run_func /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:94
18 #14 0x55e233ec4fdd in handle_local_queue /home/sergey/src/blender/blender/source/blender/blenlib/intern/task.c:419
19 #15 0x55e233ec4fdd in task_scheduler_thread_run /home/sergey/src/blender/blender/source/blender/blenlib/intern/task.c:448
20 #16 0x7f9c3922ef29 in start_thread /build/glibc-aYuVJl/glibc-2.27/nptl/pthread_create.c:463
21 #17 0x7f9c384c5ede in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xf7ede)
22
230x6030000ee9c8 is located 8 bytes inside of 20-byte region [0x6030000ee9c0,0x6030000ee9d4)
24freed by thread T67 here:
25 #0 0x7f9c39330b50 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8b50)
26 #1 0x55e2344c1260 in MEM_lockfree_freeN /home/sergey/src/blender/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:164
27 #2 0x55e233218a27 in free_fcurve /home/sergey/src/blender/blender/source/blender/blenkernel/intern/fcurve.c:98
28 #3 0x55e233218b28 in free_fcurves /home/sergey/src/blender/blender/source/blender/blenkernel/intern/fcurve.c:123
29 #4 0x55e233023d08 in BKE_action_free /home/sergey/src/blender/blender/source/blender/blenkernel/intern/action.c:113
30 #5 0x55e2332e96f6 in BKE_libblock_free_datablock /home/sergey/src/blender/blender/source/blender/blenkernel/intern/library_remap.c:767
31 #6 0x55e233f627bf in DEG::deg_free_copy_on_write_datablock(ID*) /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1076
32 #7 0x55e233f62020 in DEG::deg_update_copy_on_write_datablock(DEG::Depsgraph const*, DEG::IDDepsNode const*) /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:940
33 #8 0x55e233f62911 in DEG::deg_evaluate_copy_on_write(Depsgraph*, DEG::IDDepsNode const*) /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1093
34 #9 0x55e233f33b45 in void std::__invoke_impl<void, void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>(std::__invoke_other, void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*&&, DEG::IDDepsNode*&) /usr/include/c++/8/bits/invoke.h:60
35 #10 0x55e233f3177c in std::__invoke_result<void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>::type std::__invoke<void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>(void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*&&, DEG::IDDepsNode*&) /usr/include/c++/8/bits/invoke.h:95
36 #11 0x55e233f2eca6 in void std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)>::__call<void, Depsgraph*&&, 0ul, 1ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/8/functional:400
37 #12 0x55e233f2a55d in void std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/8/functional:484
38 #13 0x55e233f24789 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/8/bits/std_function.h:297
39 #14 0x55e233f5d40d in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/8/bits/std_function.h:687
40 #15 0x55e233f5ba06 in deg_task_run_func /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:94
41 #16 0x55e233ec4c49 in task_scheduler_thread_run /home/sergey/src/blender/blender/source/blender/blenlib/intern/task.c:441
42 #17 0x7f9c3922ef29 in start_thread /build/glibc-aYuVJl/glibc-2.27/nptl/pthread_create.c:463
43
44previously allocated by thread T78 here:
45 #0 0x7f9c39330ed0 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8ed0)
46 #1 0x55e2344c19f0 in MEM_lockfree_mallocN /home/sergey/src/blender/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:318
47 #2 0x55e2344c13a0 in MEM_lockfree_dupallocN /home/sergey/src/blender/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:186
48 #3 0x55e233218e0f in copy_fcurve /home/sergey/src/blender/blender/source/blender/blenkernel/intern/fcurve.c:152
49 #4 0x55e233023e3c in BKE_action_copy_data /home/sergey/src/blender/blender/source/blender/blenkernel/intern/action.c:146
50 #5 0x55e2332aee53 in BKE_id_copy_ex /home/sergey/src/blender/blender/source/blender/blenkernel/intern/library.c:624
51 #6 0x55e233f5f02c in id_copy_inplace_no_main /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:280
52 #7 0x55e233f60c7e in DEG::deg_expand_copy_on_write_datablock(DEG::Depsgraph const*, DEG::IDDepsNode const*, DEG::DepsgraphNodeBuilder*, bool) /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:729
53 #8 0x55e233f62040 in DEG::deg_update_copy_on_write_datablock(DEG::Depsgraph const*, DEG::IDDepsNode const*) /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:941
54 #9 0x55e233f62911 in DEG::deg_evaluate_copy_on_write(Depsgraph*, DEG::IDDepsNode const*) /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1093
55 #10 0x55e233f33b45 in void std::__invoke_impl<void, void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>(std::__invoke_other, void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*&&, DEG::IDDepsNode*&) /usr/include/c++/8/bits/invoke.h:60
56 #11 0x55e233f3177c in std::__invoke_result<void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>::type std::__invoke<void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>(void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*&&, DEG::IDDepsNode*&) /usr/include/c++/8/bits/invoke.h:95
57 #12 0x55e233f2eca6 in void std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)>::__call<void, Depsgraph*&&, 0ul, 1ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/8/functional:400
58 #13 0x55e233f2a55d in void std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/8/functional:484
59 #14 0x55e233f24789 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/8/bits/std_function.h:297
60 #15 0x55e233f5d40d in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/8/bits/std_function.h:687
61 #16 0x55e233f5ba06 in deg_task_run_func /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:94
62 #17 0x55e233ec4c49 in task_scheduler_thread_run /home/sergey/src/blender/blender/source/blender/blenlib/intern/task.c:441
63 #18 0x7f9c3922ef29 in start_thread /build/glibc-aYuVJl/glibc-2.27/nptl/pthread_create.c:463
64
65Thread T61 created by T0 here:
66 #0 0x7f9c39291ef0 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x49ef0)
67 #1 0x55e233ec55ca in BLI_task_scheduler_create /home/sergey/src/blender/blender/source/blender/blenlib/intern/task.c:504
68 #2 0x55e233eccbdb in BLI_task_scheduler_get /home/sergey/src/blender/blender/source/blender/blenlib/intern/threads.c:176
69 #3 0x55e233ecb4be in BLI_task_parallel_range /home/sergey/src/blender/blender/source/blender/blenlib/intern/task.c:1099
70 #4 0x55e233f64118 in flush_prepare /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:122
71 #5 0x55e233f64118 in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:380
72 #6 0x55e233f0f6e5 in DEG_graph_flush_update /home/sergey/src/blender/blender/source/blender/depsgraph/intern/depsgraph_tag.cc:670
73 #7 0x55e23355ab1e in BKE_scene_graph_update_tagged /home/sergey/src/blender/blender/source/blender/blenkernel/intern/scene.c:1425
74 #8 0x55e230c4dc20 in wm_event_do_depsgraph /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_event_system.c:334
75 #9 0x55e230c6e044 in wm_file_read_post /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_files.c:492
76 #10 0x55e230c6ff52 in wm_homefile_read /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_files.c:966
77 #11 0x55e230c81dc3 in WM_init /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_init_exit.c:257
78 #12 0x55e230c395d4 in main /home/sergey/src/blender/blender/source/creator/creator.c:438
79 #13 0x7f9c383f0b16 in __libc_start_main ../csu/libc-start.c:310
80
81Thread T67 created by T0 here:
82 #0 0x7f9c39291ef0 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x49ef0)
83 #1 0x55e233ec55ca in BLI_task_scheduler_create /home/sergey/src/blender/blender/source/blender/blenlib/intern/task.c:504
84 #2 0x55e233eccbdb in BLI_task_scheduler_get /home/sergey/src/blender/blender/source/blender/blenlib/intern/threads.c:176
85 #3 0x55e233ecb4be in BLI_task_parallel_range /home/sergey/src/blender/blender/source/blender/blenlib/intern/task.c:1099
86 #4 0x55e233f64118 in flush_prepare /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:122
87 #5 0x55e233f64118 in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:380
88 #6 0x55e233f0f6e5 in DEG_graph_flush_update /home/sergey/src/blender/blender/source/blender/depsgraph/intern/depsgraph_tag.cc:670
89 #7 0x55e23355ab1e in BKE_scene_graph_update_tagged /home/sergey/src/blender/blender/source/blender/blenkernel/intern/scene.c:1425
90 #8 0x55e230c4dc20 in wm_event_do_depsgraph /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_event_system.c:334
91 #9 0x55e230c6e044 in wm_file_read_post /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_files.c:492
92 #10 0x55e230c6ff52 in wm_homefile_read /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_files.c:966
93 #11 0x55e230c81dc3 in WM_init /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_init_exit.c:257
94 #12 0x55e230c395d4 in main /home/sergey/src/blender/blender/source/creator/creator.c:438
95 #13 0x7f9c383f0b16 in __libc_start_main ../csu/libc-start.c:310
96
97Thread T78 created by T0 here:
98 #0 0x7f9c39291ef0 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x49ef0)
99 #1 0x55e233ec55ca in BLI_task_scheduler_create /home/sergey/src/blender/blender/source/blender/blenlib/intern/task.c:504
100 #2 0x55e233eccbdb in BLI_task_scheduler_get /home/sergey/src/blender/blender/source/blender/blenlib/intern/threads.c:176
101 #3 0x55e233ecb4be in BLI_task_parallel_range /home/sergey/src/blender/blender/source/blender/blenlib/intern/task.c:1099
102 #4 0x55e233f64118 in flush_prepare /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:122
103 #5 0x55e233f64118 in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /home/sergey/src/blender/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:380
104 #6 0x55e233f0f6e5 in DEG_graph_flush_update /home/sergey/src/blender/blender/source/blender/depsgraph/intern/depsgraph_tag.cc:670
105 #7 0x55e23355ab1e in BKE_scene_graph_update_tagged /home/sergey/src/blender/blender/source/blender/blenkernel/intern/scene.c:1425
106 #8 0x55e230c4dc20 in wm_event_do_depsgraph /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_event_system.c:334
107 #9 0x55e230c6e044 in wm_file_read_post /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_files.c:492
108 #10 0x55e230c6ff52 in wm_homefile_read /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_files.c:966
109 #11 0x55e230c81dc3 in WM_init /home/sergey/src/blender/blender/source/blender/windowmanager/intern/wm_init_exit.c:257
110 #12 0x55e230c395d4 in main /home/sergey/src/blender/blender/source/creator/creator.c:438
111 #13 0x7f9c383f0b16 in __libc_start_main ../csu/libc-start.c:310

Philipp Oeser (lichtwerk) triaged this task as Confirmed, Medium priority.Nov 21 2018, 11:14 AM

@Sergey Sharybin (sergey): please also check on T57530 [a couple of other reports have been merged to that one], might just be the same root cause...

@Philipp Oeser (lichtwerk): Yes, those seem to be be similar. Sorry for posting a duplicate then.