Python/BMesh: Crash on UV changes when handling depsgraph update - CDLayer re-allocation issue #67093

New Issue

Benjamin Sauder · 2019-07-17T00:53:59+02:00

Benjamin Sauder commented

2019-07-17 00:53:59 +02:00

System Information
Operating system: Windows 10
Graphics card: GTX970

Blender Version
Broken: Blender 2.8 RC1

Short description of error
On an addon I subscribe to the depsgraph update handler. The handler grabs some data via bmesh - its not changing anything.
Testing with the default cube - everything works fine, one can move uvs around without issues.
But on a cube with 6 subdivision (24k verts) - moving uvs results often in corruption and soon blender crashes.
Interesstingly doing regular vert transformation in the 3d view doens't create any issues as far as I can tell.

Exact steps for others to reproduce the error

depsgraph_update_corrupt_uvs.blend

load attached blend file
run script in text editor (review script - its really simple)
enter edit mode on the cube
make a uv selection
try moving uvs around

**System Information** Operating system: Windows 10 Graphics card: GTX970 **Blender Version** Broken: Blender 2.8 RC1 **Short description of error** On an addon I subscribe to the depsgraph update handler. The handler grabs some data via bmesh - its not changing anything. Testing with the default cube - everything works fine, one can move uvs around without issues. But on a cube with 6 subdivision (24k verts) - moving uvs results often in corruption and soon blender crashes. Interesstingly doing regular vert transformation in the 3d view doens't create any issues as far as I can tell. **Exact steps for others to reproduce the error** [depsgraph_update_corrupt_uvs.blend](https://archive.blender.org/developer/F7613796/depsgraph_update_corrupt_uvs.blend) 1. load attached blend file 2. run script in text editor (review script - its really simple) 3. enter edit mode on the cube 4. make a uv selection 5. try moving uvs around

Benjamin Sauder commented

2019-07-17 00:53:59 +02:00

Added subscriber: @kioku

blender-admin commented

2019-07-17 00:53:59 +02:00

#92620 was marked as duplicate of this issue

Dalai Felinto commented

2019-07-17 01:50:35 +02:00

Added subscribers: @Sergey, @ideasman42, @dfelinto

Dalai Felinto self-assigned this 2019-07-17 01:50:35 +02:00

Dalai Felinto commented

2019-07-17 01:50:35 +02:00

Changed status from 'Open' to: 'Archived'

Dalai Felinto closed this issue

2019-07-17 01:50:35 +02:00

Dalai Felinto commented

2019-07-17 01:50:35 +02:00

I get the crash even with a simple cube (and debug + ASAN build) and the following script (simplified from the reported one):

import bpy
import bmesh

def depsgraph_handler(dummy):
    
    depsgraph = bpy.context.evaluated_depsgraph_get()
    for update in depsgraph.updates:
        if not hasattr(update.id, "type") or update.id.type != 'MESH':
            continue
        
        mesh = update.id.data
        bm = bmesh.from_edit_mesh(mesh)        
        #bm.free()

bpy.app.handlers.depsgraph_update_post.append(depsgraph_handler)

SUMMARY: AddressSanitizer: heap-use-after-free //source/blender/editors/transform/transform_conversions.c:3669 in flushTransUVs
Fullbacktrace: P1039

That said you are not freeing bm in your script. If you do that the crash goes away.

Closing for now, but poking other devs in case I'm missing something here:
cc @Sergey @ideasman42

I get the crash even with a simple cube (and debug + ASAN build) and the following script (simplified from the reported one): ``` import bpy import bmesh def depsgraph_handler(dummy): depsgraph = bpy.context.evaluated_depsgraph_get() for update in depsgraph.updates: if not hasattr(update.id, "type") or update.id.type != 'MESH': continue mesh = update.id.data bm = bmesh.from_edit_mesh(mesh) #bm.free() bpy.app.handlers.depsgraph_update_post.append(depsgraph_handler) ``` `SUMMARY: AddressSanitizer: heap-use-after-free //source/blender/editors/transform/transform_conversions.c:3669 in flushTransUVs` Fullbacktrace: [P1039](https://archive.blender.org/developer/P1039.txt) That said you are not freeing `bm` in your script. If you do that the crash goes away. Closing for now, but poking other devs in case I'm missing something here: cc @Sergey @ideasman42

Benjamin Sauder commented

2019-07-17 08:39:14 +02:00

@dfelinto thank you for looking into this.

I forgot to try bm.free() in this case but I was under the impression that one should not call this for a bm bm.from_edit_mesh. I remember me having issues calling bm.free and finding this:

https://developer.blender.org/T39121

@dfelinto thank you for looking into this. I forgot to try bm.free() in this case but I was under the impression that one should not call this for a bm bm.from_edit_mesh. I remember me having issues calling bm.free and finding this: https://developer.blender.org/T39121

Sergey Sharybin commented

2019-07-17 09:53:28 +02:00

Changed status from 'Archived' to: 'Open'

Sergey Sharybin reopened this issue

2019-07-17 09:53:28 +02:00

Sergey Sharybin commented

2019-07-17 09:53:28 +02:00

Added subscriber: @mont29

Sergey Sharybin commented

2019-07-17 09:53:28 +02:00

@dfelinto, i don't think calling bm.free() is correct here. It doesn't make sense to free an internal data, and it only causes confusion in the script later on with AttributeError: 'bytes' object has no attribute 'faces'.

It seems that simply iterating over geometry confuses something with modal operator: possible re-allocations or tagging?

This isn't my area, leaving up to @ideasman42 and @mont29. I can reproduce the issue in 2.79, so doubt it's caused by the dependency graph or copy-on-write.

T67093_279.blend

@dfelinto, i don't think calling `bm.free()` is correct here. It doesn't make sense to free an internal data, and it only causes confusion in the script later on with `AttributeError: 'bytes' object has no attribute 'faces'`. It seems that simply iterating over geometry confuses something with modal operator: possible re-allocations or tagging? This isn't my area, leaving up to @ideasman42 and @mont29. I can reproduce the issue in 2.79, so doubt it's caused by the dependency graph or copy-on-write. [T67093_279.blend](https://archive.blender.org/developer/F7614410/T67093_279.blend)

Dalai Felinto was unassigned by Bastien Montagne

2019-07-22 15:18:35 +02:00

Campbell Barton was assigned by Bastien Montagne

2019-07-22 15:18:35 +02:00

Bastien Montagne commented

2019-07-22 15:18:35 +02:00

Yes, bpy BM access seems to re-allocate some customdata memory, and since transform operator for UVs keeps a direct pointer to that UV CDLayer… it can do nothing but crash!

@ideasman42 I would rather leave this to you, think you have a much more complete view/understanding of those areas of code? I really do not see how to handle this case, besides not storing any pointer reference to CDLayer data from BMesh, in the modal operators.

Or maybe we should always ensure edit bmesh does have the CD_BM_ELEM_PYPTR? But that would only fix that case, any code adding some new layer will generate the same problem…

Yes, bpy BM access seems to re-allocate some customdata memory, and since transform operator for UVs keeps a direct pointer to that UV CDLayer… it can do nothing but crash! @ideasman42 I would rather leave this to you, think you have a much more complete view/understanding of those areas of code? I really do not see how to handle this case, besides not storing *any* pointer reference to CDLayer data from BMesh, in the modal operators. Or maybe we should always ensure edit bmesh does have the `CD_BM_ELEM_PYPTR`? But that would only fix that case, any code adding some new layer will generate the same problem…

Bastien Montagne changed title from ~~Python: Crash on UV changes when handling depsgraph update~~ to Python/BMesh: Crash on UV changes when handling depsgraph update - CDLayer re-allocation issue

2019-07-22 15:19:15 +02:00

Philipp Oeser commented

2019-11-05 12:33:05 +01:00

Added subscriber: @lichtwerk

Philipp Oeser commented

2019-11-05 12:33:05 +01:00

#55954 (Python/BMesh: Add/removing textures between renders causes memory leak/ram crash) also seems to be related...

Campbell Barton was unassigned by Dalai Felinto

2019-12-23 16:33:42 +01:00

Campbell Barton commented

2021-11-02 12:17:45 +01:00

Added subscribers: @randum, @mano-wii

Philipp Oeser removed the

Download

What's New

Blender Studio

Manual

Developers Blog

Documentation

Benchmark

Blender Conference

Development Fund

One-time Donations

Python/BMesh: Crash on UV changes when handling depsgraph update - CDLayer re-allocation issue #67093