Page MenuHome

Crash in drawcode in a BI character file.
Closed, ResolvedPublic

Description

Current master.

Open Max character file (from https://cloud.blender.org/p/characters) and try to leave Pose mode, Blender crashes immediately.

Lots of those asserts:

/lib/x86_64-linux-gnu/libasan.so.5(+0x69c51) [0x7f3435dafc51]
./bin/blender(BLI_system_backtrace+0x9b) [0x55aae197c839]
./bin/blender(+0x30d87daf) [0x55aae3ddddaf]
./bin/blender(+0x30de75c7) [0x55aae3e3d5c7]
./bin/blender(BLI_task_pool_work_and_wait+0x1fcc) [0x55aae19879d8]
./bin/blender(mesh_buffer_cache_create_requested+0xce0d) [0x55aae3e4b751]
./bin/blender(DRW_mesh_batch_cache_create_requested+0x21a5f) [0x55aae3d2c1a8]
./bin/blender(drw_batch_cache_generate_requested+0x4cd) [0x55aae3ccb499]
./bin/blender(+0x30a21923) [0x55aae3a77923]
./bin/blender(DRW_draw_render_loop_ex+0x1185) [0x55aae3a7c1b3]
./bin/blender(DRW_draw_view+0x456) [0x55aae3a7b026]
./bin/blender(+0x320fdac4) [0x55aae5153ac4]
./bin/blender(view3d_main_region_draw+0x44) [0x55aae5153c43]
./bin/blender(ED_region_do_draw+0x6f6) [0x55aae5510688]
./bin/blender(+0x2f60d3ea) [0x55aae26633ea]
./bin/blender(+0x2f60e6a7) [0x55aae26646a7]
./bin/blender(wm_draw_update+0x13d) [0x55aae2665a5d]
./bin/blender(WM_main+0x48) [0x55aae26524bb]
./bin/blender(+0x2d858cca) [0x55aae08aecca]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7f342b8e209b]
./bin/blender(_start+0x2a) [0x55aae08ade5a]
BLI_assert failed: /home/guest/blender/__work__/src/source/blender/draw/intern/draw_cache_extract_mesh.c:525, extract_tris_finish(), at 'mr->cache->surface_per_mat[0]->elem == ibo'

... and then ASAN crash:

=================================================================
==13671==ERROR: AddressSanitizer: heap-use-after-free on address 0x6040003ca960 at pc 0x55aaf6eb35a0 bp 0x7ffc1c4cb490 sp 0x7ffc1c4cb488
READ of size 1 at 0x6040003ca960 thread T0
    #0 0x55aaf6eb359f in GPU_indexbuf_use /home/guest/blender/__work__/src/source/blender/gpu/intern/gpu_element.c:375
    #1 0x55aaf6eb3630 in GPU_indexbuf_use /home/guest/blender/__work__/src/source/blender/gpu/intern/gpu_element.c:376
    #2 0x55aaf6e5e679 in batch_update_program_bindings /home/guest/blender/__work__/src/source/blender/gpu/intern/gpu_batch.c:461
    #3 0x55aaf6e5c1d2 in batch_vao_get /home/guest/blender/__work__/src/source/blender/gpu/intern/gpu_batch.c:326
    #4 0x55aaf6e5c458 in GPU_batch_program_set_no_use /home/guest/blender/__work__/src/source/blender/gpu/intern/gpu_batch.c:342
    #5 0x55aae3aaa838 in draw_geometry_execute /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager_exec.c:623
    #6 0x55aae3aaa838 in draw_shgroup /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager_exec.c:972
    #7 0x55aae3aab50a in drw_draw_pass_ex /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager_exec.c:1024
    #8 0x55aae3aabfdd in DRW_draw_pass /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager_exec.c:1064
    #9 0x55aae3b5421c in eevee_draw_background /home/guest/blender/__work__/src/source/blender/draw/engines/eevee/eevee_engine.c:255
    #10 0x55aae3a77e68 in drw_engines_draw_background /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager.c:1167
    #11 0x55aae3a7c3fa in DRW_draw_render_loop_ex /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager.c:1657
    #12 0x55aae3a7b025 in DRW_draw_view /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager.c:1548
    #13 0x55aae5153ac3 in view3d_draw_view /home/guest/blender/__work__/src/source/blender/editors/space_view3d/view3d_draw.c:1532
    #14 0x55aae5153c42 in view3d_main_region_draw /home/guest/blender/__work__/src/source/blender/editors/space_view3d/view3d_draw.c:1556
    #15 0x55aae5510687 in ED_region_do_draw /home/guest/blender/__work__/src/source/blender/editors/screen/area.c:535
    #16 0x55aae26633e9 in wm_draw_window_offscreen /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:621
    #17 0x55aae26646a6 in wm_draw_window /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:757
    #18 0x55aae2665a5c in wm_draw_update /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:939
    #19 0x55aae26524ba in WM_main /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm.c:423
    #20 0x55aae08aecc9 in main /home/guest/blender/__work__/src/source/creator/creator.c:491
    #21 0x7f342b8e209a in __libc_start_main ../csu/libc-start.c:308
    #22 0x55aae08ade59 in _start (/home/guest/blender/__work__/build_master_debug/bin/blender+0x2d857e59)

0x6040003ca960 is located 16 bytes inside of 48-byte region [0x6040003ca950,0x6040003ca980)
freed by thread T0 here:
    #0 0x7f3435e4d1d7 in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x1071d7)
    #1 0x55aae1c3d855 in MEM_lockfree_freeN /home/guest/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:157
    #2 0x55aaf6eb3aad in GPU_indexbuf_discard /home/guest/blender/__work__/src/source/blender/gpu/intern/gpu_element.c:396
    #3 0x55aae3d0f0a9 in DRW_mesh_batch_cache_create_requested /home/guest/blender/__work__/src/source/blender/draw/intern/draw_cache_impl_mesh.c:1096
    #4 0x55aae3ccb498 in drw_batch_cache_generate_requested /home/guest/blender/__work__/src/source/blender/draw/intern/draw_cache.c:4050
    #5 0x55aae3a77922 in drw_engines_cache_populate /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager.c:1135
    #6 0x55aae3a7c1b2 in DRW_draw_render_loop_ex /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager.c:1632
    #7 0x55aae3a7b025 in DRW_draw_view /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager.c:1548
    #8 0x55aae5153ac3 in view3d_draw_view /home/guest/blender/__work__/src/source/blender/editors/space_view3d/view3d_draw.c:1532
    #9 0x55aae5153c42 in view3d_main_region_draw /home/guest/blender/__work__/src/source/blender/editors/space_view3d/view3d_draw.c:1556
    #10 0x55aae5510687 in ED_region_do_draw /home/guest/blender/__work__/src/source/blender/editors/screen/area.c:535
    #11 0x55aae26633e9 in wm_draw_window_offscreen /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:621
    #12 0x55aae26646a6 in wm_draw_window /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:757
    #13 0x55aae2665a5c in wm_draw_update /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:939
    #14 0x55aae26524ba in WM_main /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm.c:423
    #15 0x55aae08aecc9 in main /home/guest/blender/__work__/src/source/creator/creator.c:491
    #16 0x7f342b8e209a in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    #0 0x7f3435e4d76e in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10776e)
    #1 0x55aae1c3dfa1 in MEM_lockfree_callocN /home/guest/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267
    #2 0x55aae3d18d1c in DRW_ibo_request /home/guest/blender/__work__/src/source/blender/draw/intern/draw_cache_inline.h:73
    #3 0x55aae3d18d1c in DRW_mesh_batch_cache_create_requested /home/guest/blender/__work__/src/source/blender/draw/intern/draw_cache_impl_mesh.c:1190
    #4 0x55aae3ccb498 in drw_batch_cache_generate_requested /home/guest/blender/__work__/src/source/blender/draw/intern/draw_cache.c:4050
    #5 0x55aae3a77922 in drw_engines_cache_populate /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager.c:1135
    #6 0x55aae3a7c1b2 in DRW_draw_render_loop_ex /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager.c:1632
    #7 0x55aae3a7b025 in DRW_draw_view /home/guest/blender/__work__/src/source/blender/draw/intern/draw_manager.c:1548
    #8 0x55aae5153ac3 in view3d_draw_view /home/guest/blender/__work__/src/source/blender/editors/space_view3d/view3d_draw.c:1532
    #9 0x55aae5153c42 in view3d_main_region_draw /home/guest/blender/__work__/src/source/blender/editors/space_view3d/view3d_draw.c:1556
    #10 0x55aae5510687 in ED_region_do_draw /home/guest/blender/__work__/src/source/blender/editors/screen/area.c:535
    #11 0x55aae26633e9 in wm_draw_window_offscreen /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:621
    #12 0x55aae26646a6 in wm_draw_window /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:757
    #13 0x55aae2665a5c in wm_draw_update /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm_draw.c:939
    #14 0x55aae26524ba in WM_main /home/guest/blender/__work__/src/source/blender/windowmanager/intern/wm.c:423
    #15 0x55aae08aecc9 in main /home/guest/blender/__work__/src/source/creator/creator.c:491
    #16 0x7f342b8e209a in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-use-after-free /home/guest/blender/__work__/src/source/blender/gpu/intern/gpu_element.c:375 in GPU_indexbuf_use