Page MenuHome

Crash on entering solid view after some specific steps in this specific file.
Closed, ResolvedPublic

Description

System Information
Operating system: Linux-5.0.0-21-generic-x86_64-with-debian-buster-sid 64 Bits
Graphics card: GeForce RTX 2080/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 430.34

Blender Version
Broken: version: 2.81 (sub 12), branch: master, commit date: 2019-09-27 08:04, hash: rB4b206d9a5135

Short description of error
The last thing I remember doing before this file got created, is separating the hands, renaming its UVs, and then joining it back into the body mesh. I tried simplifying the file, but even doing so much as going in and out of the UV editor would cause the crash to not happen anymore. But that said, following the instructions, at least from this exact state, this should crash 100% of the time.

Exact steps for others to reproduce the error

  • Open file
  • Leave full-screen mode with Ctrl+Space or Back to Previous button
  • Select all verts in the 3d viewport with A or Select->All
  • Enter solid view (I only tried with the pie menu)
  • Should crash.

Video:

Event Timeline

Jacques Lucke (JacquesLucke) lowered the priority of this task from Needs Triage by Developer to Confirmed, Medium.Fri, Sep 27, 5:26 PM
==8159==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160006ff3b8 at pc 0x555582b327d6 bp 0x7fffffffc430 sp 0x7fffffffc420
READ of size 4 at 0x6160006ff3b8 thread T0
    #0 0x555582b327d5 in create_bindings /home/jacques/blender-git/blender/source/blender/gpu/intern/gpu_batch.c:384
    #1 0x555582b3382c in batch_update_program_bindings /home/jacques/blender-git/blender/source/blender/gpu/intern/gpu_batch.c:455
    #2 0x555582b31dc5 in batch_vao_get /home/jacques/blender-git/blender/source/blender/gpu/intern/gpu_batch.c:327
    #3 0x555582b32009 in GPU_batch_program_set_no_use /home/jacques/blender-git/blender/source/blender/gpu/intern/gpu_batch.c:343
    #4 0x5555737016d3 in draw_geometry_bind /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager_exec.c:649
    #5 0x5555737016d3 in draw_indirect_call /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager_exec.c:692
    #6 0x5555737016d3 in draw_call_batching_flush /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager_exec.c:1079
    #7 0x5555737044e7 in draw_call_batching_do /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager_exec.c:1152
    #8 0x555573706eeb in draw_shgroup /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager_exec.c:1297
    #9 0x555573707b25 in drw_draw_pass_ex /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager_exec.c:1378
    #10 0x555573708448 in DRW_draw_pass /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager_exec.c:1429
    #11 0x55557381c7da in workbench_deferred_draw_scene /home/jacques/blender-git/blender/source/blender/draw/engines/workbench/workbench_deferred.c:1263
    #12 0x55557380bd63 in workbench_solid_draw_background /home/jacques/blender-git/blender/source/blender/draw/engines/workbench/solid_mode.c:68
    #13 0x5555736d9f4b in drw_engines_draw_background /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager.c:1184
    #14 0x5555736dd128 in DRW_draw_render_loop_ex /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager.c:1688
    #15 0x5555736dc1f3 in DRW_draw_view /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager.c:1565
    #16 0x555574935e7a in view3d_draw_view /home/jacques/blender-git/blender/source/blender/editors/space_view3d/view3d_draw.c:1533
    #17 0x555574935f95 in view3d_main_region_draw /home/jacques/blender-git/blender/source/blender/editors/space_view3d/view3d_draw.c:1557
    #18 0x555574c30f1e in ED_region_do_draw /home/jacques/blender-git/blender/source/blender/editors/screen/area.c:533
    #19 0x5555726982f8 in wm_draw_window_offscreen /home/jacques/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:629
    #20 0x555572699195 in wm_draw_window /home/jacques/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:765
    #21 0x55557269a120 in wm_draw_update /home/jacques/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:947
    #22 0x55557268af77 in WM_main /home/jacques/blender-git/blender/source/blender/windowmanager/intern/wm.c:423
    #23 0x555570f4c0cf in main /home/jacques/blender-git/blender/source/creator/creator.c:491
    #24 0x7ffff209eb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #25 0x555570f4b569 in _start (/home/jacques/blender-git/build_linux_debug/bin/blender+0x1b9f7569)

0x6160006ff3b8 is located 56 bytes inside of 608-byte region [0x6160006ff380,0x6160006ff5e0)
freed by thread T30 here:
    #0 0x7ffff6ef87b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
    #1 0x555571eacffe in rem_memblock /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1097
    #2 0x555571eac1e6 in MEM_guarded_freeN /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:983
    #3 0x555582bc7aa6 in GPU_vertbuf_discard /home/jacques/blender-git/blender/source/blender/gpu/intern/gpu_vertex_buffer.c:106
    #4 0x5555738d3616 in mesh_batch_cache_discard_uvedit /home/jacques/blender-git/blender/source/blender/draw/intern/draw_cache_impl_mesh.c:495
    #5 0x5555738d4d0c in DRW_mesh_batch_cache_dirty_tag /home/jacques/blender-git/blender/source/blender/draw/intern/draw_cache_impl_mesh.c:545
    #6 0x5555713fa77a in BKE_mesh_batch_cache_dirty_tag /home/jacques/blender-git/blender/source/blender/blenkernel/intern/mesh_runtime.c:253
    #7 0x5555714ecd89 in BKE_object_data_select_update /home/jacques/blender-git/blender/source/blender/blenkernel/intern/object_update.c:387
    #8 0x555571cf61f6 in void std::__invoke_impl<void, void (*&)(Depsgraph*, ID*), Depsgraph*, ID*&>(std::__invoke_other, void (*&)(Depsgraph*, ID*), Depsgraph*&&, ID*&) (/home/jacques/blender-git/build_linux_debug/bin/blender+0x1c7a21f6)
    #9 0x555571cf1aaf in std::__invoke_result<void (*&)(Depsgraph*, ID*), Depsgraph*, ID*&>::type std::__invoke<void (*&)(Depsgraph*, ID*), Depsgraph*, ID*&>(void (*&)(Depsgraph*, ID*), Depsgraph*&&, ID*&) (/home/jacques/blender-git/build_linux_debug/bin/blender+0x1c79daaf)
    #10 0x555571cec914 in void std::_Bind<void (*(std::_Placeholder<1>, ID*))(Depsgraph*, ID*)>::__call<void, Depsgraph*&&, 0ul, 1ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/7/functional:467
    #11 0x555571ce49e6 in void std::_Bind<void (*(std::_Placeholder<1>, ID*))(Depsgraph*, ID*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/7/functional:551
    #12 0x555571cd9a01 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, ID*))(Depsgraph*, ID*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) (/home/jacques/blender-git/build_linux_debug/bin/blender+0x1c785a01)
    #13 0x555571d64df6 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const (/home/jacques/blender-git/build_linux_debug/bin/blender+0x1c810df6)
    #14 0x555571d619a2 in deg_task_run_func /home/jacques/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:86
    #15 0x555571c38425 in task_scheduler_thread_run /home/jacques/blender-git/blender/source/blender/blenlib/intern/task.c:450
    #16 0x7ffff49696da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)

previously allocated by thread T0 here:
    #0 0x7ffff6ef8d38 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded38)
    #1 0x555571eaaab7 in MEM_guarded_callocN /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:613
    #2 0x5555738e9fc6 in DRW_vbo_request /home/jacques/blender-git/blender/source/blender/draw/intern/draw_cache_inline.h:89
    #3 0x5555738e9fc6 in DRW_mesh_batch_cache_create_requested /home/jacques/blender-git/blender/source/blender/draw/intern/draw_cache_impl_mesh.c:1216
    #4 0x5555738abf06 in drw_batch_cache_generate_requested /home/jacques/blender-git/blender/source/blender/draw/intern/draw_cache.c:4051
    #5 0x5555736d9c0b in drw_engines_cache_populate /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager.c:1152
    #6 0x5555736dcf4a in DRW_draw_render_loop_ex /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager.c:1663
    #7 0x5555736dc1f3 in DRW_draw_view /home/jacques/blender-git/blender/source/blender/draw/intern/draw_manager.c:1565
    #8 0x555574935e7a in view3d_draw_view /home/jacques/blender-git/blender/source/blender/editors/space_view3d/view3d_draw.c:1533
    #9 0x555574935f95 in view3d_main_region_draw /home/jacques/blender-git/blender/source/blender/editors/space_view3d/view3d_draw.c:1557
    #10 0x555574c30f1e in ED_region_do_draw /home/jacques/blender-git/blender/source/blender/editors/screen/area.c:533
    #11 0x5555726982f8 in wm_draw_window_offscreen /home/jacques/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:629
    #12 0x555572699195 in wm_draw_window /home/jacques/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:765
    #13 0x55557269a120 in wm_draw_update /home/jacques/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:947
    #14 0x55557268af77 in WM_main /home/jacques/blender-git/blender/source/blender/windowmanager/intern/wm.c:423
    #15 0x555570f4c0cf in main /home/jacques/blender-git/blender/source/creator/creator.c:491
    #16 0x7ffff209eb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Radeon HD 7600 on windows 10
seems no crash here, my gpu have workarounds

Brecht Van Lommel (brecht) raised the priority of this task from Confirmed, Medium to Confirmed, High.

Still happens in master, but different backtrace for me now:

/usr/lib/x86_64-linux-gnu/libnvidia-glcore.so.435.21(+0x10675b3) [0x7f99955ad5b3]
/usr/lib/x86_64-linux-gnu/libnvidia-glcore.so.435.21(+0xcdd26a) [0x7f999522326a]
/usr/lib/x86_64-linux-gnu/libnvidia-glcore.so.435.21(+0xb9745a) [0x7f99950dd45a]
/usr/lib/x86_64-linux-gnu/libnvidia-glcore.so.435.21(+0xbaea13) [0x7f99950f4a13]
/usr/lib/x86_64-linux-gnu/libnvidia-glcore.so.435.21(+0xbaf0c5) [0x7f99950f50c5]
/usr/lib/x86_64-linux-gnu/libnvidia-glcore.so.435.21(+0x1034944) [0x7f999557a944]
/usr/lib/x86_64-linux-gnu/libnvidia-glcore.so.435.21(+0xb9dfb0) [0x7f99950e3fb0]
/home/brecht/dev/build_linux/bin/blender(GPU_batch_draw_advanced+0x109) [0x560dff020199]
/home/brecht/dev/build_linux/bin/blender(GPU_draw_list_submit+0x88) [0x560dff020548]
/home/brecht/dev/build_linux/bin/blender(+0x33bb2f9) [0x560dfe06f2f9]
/home/brecht/dev/build_linux/bin/blender(+0x33bcbd8) [0x560dfe070bd8]
/home/brecht/dev/build_linux/bin/blender(workbench_deferred_draw_scene+0x80) [0x560dfe09ec90]

I could only reproduce on windows + GTX 960 which is not my personal rig so I cannot install MSVC and the like. I have a GTX 660M in my laptop but even using the latest nvidia driver is not producing any crash.

Ok managed to corrupt the rig's owner to install MSVC and debugging right now.