BLI_assert failed when deleting object in debug build (only) #75279

New Issue

Monique Dewanchand · 2020-04-01T15:48:43+02:00

2020-04-01 15:48:43 +02:00

System Information
Operating system: Darwin-19.3.0-x86_64-i386-64bit 64 Bits
Graphics card: Intel(R) Iris(TM) Graphics 6100 Intel Inc. 4.1 INTEL-14.4.23

Blender Version
Broken: version: 2.83 (sub 11) Debug build, branch: master, commit date: 01-04-2020, hash: rBUnknown
Worked: Release build works fine.

Short description of error

Info: Deleted 1 object(s)

0   Blender                             0x000000010c4869e4 BLI_system_backtrace + 52
1   Blender                             0x0000000102d5c074 _ZN12_GLOBAL__N_125deg_iterator_objects_stepEP12BLI_IteratorPN3DEG6IDNodeE + 292
2   Blender                             0x0000000102d5c2df DEG_iterator_objects_next + 287
3   Blender                             0x0000000109cd620e stats_update + 1102
4   Blender                             0x0000000109cd5d9a ED_info_stats_string + 122
5   Blender                             0x00000001024a1b95 rna_Scene_statistics_string_get + 37
6   Blender                             0x00000001024a1c12 Scene_statistics_call + 114
7   Blender                             0x00000001023036a5 RNA_function_call + 69
8   Blender                             0x00000001025640c0 pyrna_func_call + 2944
9   Blender                             0x000000010ae0c20f _PyObject_FastCallKeywords + 575
10  Blender                             0x000000010aee16e5 call_function + 773
11  Blender                             0x000000010aede14e _PyEval_EvalFrameDefault + 27262
12  Blender                             0x000000010ae0c8cd function_code_fastcall + 237
13  Blender                             0x00000001025666c4 bpy_class_call + 1892
14  Blender                             0x00000001024fa690 header_draw + 144
15  Blender                             0x00000001025927d4 ED_region_header_layout + 596
16  Blender                             0x000000010258c04a ED_region_do_layout + 218
17  Blender                             0x0000000101db03c3 wm_draw_window_offscreen + 339
18  Blender                             0x0000000101daf632 wm_draw_window + 66
19  Blender                             0x0000000101daf351 wm_draw_update + 177
20  Blender                             0x0000000101daca59 WM_main + 57
21  Blender                             0x0000000101a41838 main + 1048
22  libdyld.dylib                       0x00007fff723ea7fd start + 1
23  ???                                 0x0000000000000001 0x0 + 1
BLI_assert failed: /Users/mdewanchand/Documents/Projects/blender/blender-build/blender/source/blender/depsgraph/intern/depsgraph_query_iter.cc:212, deg_iterator_objects_step(), at 'DEG::deg_validate_copy_on_write_datablock(&object->id)'
Abort trap: 6

Exact steps for others to reproduce the error
See attached blend file.

Remove the circle.
test (1).blend

**System Information** Operating system: Darwin-19.3.0-x86_64-i386-64bit 64 Bits Graphics card: Intel(R) Iris(TM) Graphics 6100 Intel Inc. 4.1 INTEL-14.4.23 **Blender Version** Broken: version: 2.83 (sub 11) Debug build, branch: master, commit date: 01-04-2020, hash: `rBUnknown` Worked: Release build works fine. **Short description of error** ``` Info: Deleted 1 object(s) 0 Blender 0x000000010c4869e4 BLI_system_backtrace + 52 1 Blender 0x0000000102d5c074 _ZN12_GLOBAL__N_125deg_iterator_objects_stepEP12BLI_IteratorPN3DEG6IDNodeE + 292 2 Blender 0x0000000102d5c2df DEG_iterator_objects_next + 287 3 Blender 0x0000000109cd620e stats_update + 1102 4 Blender 0x0000000109cd5d9a ED_info_stats_string + 122 5 Blender 0x00000001024a1b95 rna_Scene_statistics_string_get + 37 6 Blender 0x00000001024a1c12 Scene_statistics_call + 114 7 Blender 0x00000001023036a5 RNA_function_call + 69 8 Blender 0x00000001025640c0 pyrna_func_call + 2944 9 Blender 0x000000010ae0c20f _PyObject_FastCallKeywords + 575 10 Blender 0x000000010aee16e5 call_function + 773 11 Blender 0x000000010aede14e _PyEval_EvalFrameDefault + 27262 12 Blender 0x000000010ae0c8cd function_code_fastcall + 237 13 Blender 0x00000001025666c4 bpy_class_call + 1892 14 Blender 0x00000001024fa690 header_draw + 144 15 Blender 0x00000001025927d4 ED_region_header_layout + 596 16 Blender 0x000000010258c04a ED_region_do_layout + 218 17 Blender 0x0000000101db03c3 wm_draw_window_offscreen + 339 18 Blender 0x0000000101daf632 wm_draw_window + 66 19 Blender 0x0000000101daf351 wm_draw_update + 177 20 Blender 0x0000000101daca59 WM_main + 57 21 Blender 0x0000000101a41838 main + 1048 22 libdyld.dylib 0x00007fff723ea7fd start + 1 23 ??? 0x0000000000000001 0x0 + 1 BLI_assert failed: /Users/mdewanchand/Documents/Projects/blender/blender-build/blender/source/blender/depsgraph/intern/depsgraph_query_iter.cc:212, deg_iterator_objects_step(), at 'DEG::deg_validate_copy_on_write_datablock(&object->id)' Abort trap: 6 ``` **Exact steps for others to reproduce the error** See attached blend file. - Remove the circle. [test (1).blend](https://archive.blender.org/developer/F8441416/test__1_.blend)

Monique Dewanchand commented

2020-04-01 15:48:43 +02:00

Added subscriber: @monique

Philipp Oeser commented

2020-04-01 17:06:27 +02:00

Added subscriber: @lichtwerk

Philipp Oeser commented

2020-04-01 17:06:27 +02:00

Changed status from 'Needs Triage' to: 'Confirmed'

Philipp Oeser commented

2020-04-01 17:06:27 +02:00

Can confirm.

Richard Antalik commented

2020-04-01 17:22:18 +02:00

Added subscriber: @iss

Richard Antalik commented

2020-04-01 17:22:18 +02:00

Changed status from 'Confirmed' to: 'Needs User Info'

Richard Antalik commented

2020-04-01 17:22:18 +02:00

can you clarify hash to test with? Can not reproduce with 25b2b6724d19

can you clarify hash to test with? Can not reproduce with `25b2b6724d19`

Philipp Oeser commented

2020-04-01 18:13:51 +02:00

Changed status from 'Needs User Info' to: 'Confirmed'

Philipp Oeser commented

2020-04-01 18:13:51 +02:00

I am getting this on 25b2b6724d.

System Information
Operating system: Linux-5.5.8-200.fc31.x86_64-x86_64-with-fedora-31-Thirty_One 64 Bits
Graphics card: GeForce GTX 970M/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 440.64
Broken: version: 2.83 (sub 11), branch: master, commit date: 2020-04-01 14:21, hash: 25b2b6724d

I am getting this on 25b2b6724d. **System Information** Operating system: Linux-5.5.8-200.fc31.x86_64-x86_64-with-fedora-31-Thirty_One 64 Bits Graphics card: GeForce GTX 970M/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 440.64 Broken: version: 2.83 (sub 11), branch: master, commit date: 2020-04-01 14:21, hash: `25b2b6724d`

Ankit Meel commented

2020-04-01 19:20:35 +02:00

Added subscriber: @ankitm

Ankit Meel commented

2020-04-01 19:20:35 +02:00

Release build works fine.

lite also works fine.

v2.82a has this issue too.

> Release build works fine. lite also works fine. v2.82a has this issue too.

Bastien Montagne commented

2020-04-23 15:51:46 +02:00

Added subscriber: @mont29

Bastien Montagne self-assigned this 2020-04-23 15:51:46 +02:00

Bastien Montagne commented

2020-04-23 15:51:46 +02:00

I think the problem is rather with ID management code (remapping ID pointers to NULL here) not properly tagging IDs for updates... Investigating.

Bastien Montagne commented

2020-04-23 16:49:30 +02:00

Added subscriber: @Sergey

Bastien Montagne commented

2020-04-23 16:49:30 +02:00

Hrmm, in fact ID deletion code itself seems to be fine, issue only happens with Object deletion operator (from 3DView), since deleted object is used by a custom property it is not actually deleted, just removed from any collection.

@Sergey I could use your expertise on depsgraph/CoW here (crash is actually a use-after-free memory on CoW object, see ASAN bactrace below).
Question is, could CoW system be somehow 'broken' in case where an object is not in any collection (hence not in any ViewLayer of any scene), but is still present in Main and referenced by some other data-blocks (through custom properties here)?

From that backtrace my (uneducated) guess would be that CoW frees the object copy not in any scene anymore, even though that object remain accessible through other CoWs IDProperties.

=================================================================
==203928==ERROR: AddressSanitizer: heap-use-after-free on address 0x61b0002e75a8 at pc 0x000008212567 bp 0x7fffffff91b0 sp 0x7fffffff91a8
READ of size 1 at 0x61b0002e75a8 thread T0
    - 0 0x8212566 in check_datablock_expanded /home/guest/blender/rc_src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:501
    - 1 0x8212566 in foreach_libblock_validate_callback /home/guest/blender/rc_src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:828
    - 2 0x2f1f5fa in library_foreach_idproperty_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:198
    - 3 0x2f1ee24 in library_foreach_idproperty_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:186
    - 4 0x2f1ef7e in library_foreach_idproperty_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:193
    - 5 0x2f1ee24 in library_foreach_idproperty_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:186
    - 6 0x2f1ee24 in library_foreach_idproperty_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:186
    - 7 0x2f40a5b in library_foreach_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:645
    - 8 0x2f718c0 in BKE_library_foreach_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:1324
    - 9 0x8214429 in DEG::deg_validate_copy_on_write_datablock(ID*) /home/guest/blender/rc_src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1097
    - 10 0x80e03e5 in deg_iterator_objects_step /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_query_iter.cc:212
    - 11 0x80e1885 in DEG_iterator_objects_next /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_query_iter.cc:299
    - 12 0x117b6635 in stats_update /home/guest/blender/rc_src/source/blender/editors/space_info/info_stats.c:387
    - 13 0x117b9057 in ED_info_stats_string /home/guest/blender/rc_src/source/blender/editors/space_info/info_stats.c:593
    - 14 0x5975fc7 in rna_Scene_statistics_string_get /home/guest/blender/rc_src/source/blender/makesrna/intern/rna_scene.c:931
    - 15 0x59d7c0f in Scene_statistics_call source/blender/makesrna/intern/rna_scene_gen.c:7966
    - 16 0x53ef332 in RNA_function_call /home/guest/blender/rc_src/source/blender/makesrna/intern/rna_access.c:7604
    - 17 0x5cc9e86 in pyrna_func_call /home/guest/blender/rc_src/source/blender/python/intern/bpy_rna.c:6326
    - 18 0x7ffff4882886 in _PyObject_FastCallKeywords (/lib/x86_64-linux-gnu/libpython3.7m.so.1.0+0x25e886)
    - 19 0x7ffff4691fc2  (/lib/x86_64-linux-gnu/libpython3.7m.so.1.0+0x6dfc2)
    - 20 0x7ffff4698c41 in _PyEval_EvalFrameDefault (/lib/x86_64-linux-gnu/libpython3.7m.so.1.0+0x74c41)
    - 21 0x7ffff469b94a  (/lib/x86_64-linux-gnu/libpython3.7m.so.1.0+0x7794a)
    - 22 0x7ffff4881f97 in _PyFunction_FastCallDict (/lib/x86_64-linux-gnu/libpython3.7m.so.1.0+0x25df97)
    - 23 0x5cd4e84 in bpy_class_call /home/guest/blender/rc_src/source/blender/python/intern/bpy_rna.c:8505
    - 24 0x5b0d951 in header_draw /home/guest/blender/rc_src/source/blender/makesrna/intern/rna_ui.c:702
    - 25 0x5dacf9f in ED_region_header_layout /home/guest/blender/rc_src/source/blender/editors/screen/area.c:2779
    - 26 0x5d878c1 in ED_region_do_layout /home/guest/blender/rc_src/source/blender/editors/screen/area.c:500
    - 27 0x40e87a1 in wm_draw_window_offscreen /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_draw.c:637
    - 28 0x40e9ed4 in wm_draw_window /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_draw.c:806
    - 29 0x40eb37c in wm_draw_update /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_draw.c:1014
    - 30 0x40dc8f2 in WM_main /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm.c:456
    - 31 0x2cfd139 in main /home/guest/blender/rc_src/source/creator/creator.c:524
    - 32 0x7ffff2492e0a in __libc_start_main ../csu/libc-start.c:308
    - 33 0x2cfc309 in _start (/home/guest/blender/build_rc_debug/bin/blender+0x2cfc309)

0x61b0002e75a8 is located 40 bytes inside of 1424-byte region [0x61b0002e7580,0x61b0002e7b10)
freed by thread T0 here:
    - 0 0x7ffff7684277 in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x107277)
    - 1 0x1452f5bd in MEM_lockfree_freeN /home/guest/blender/rc_src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:157
    - 2 0x8111a4f in free_copy_on_write_datablock /home/guest/blender/rc_src/source/blender/depsgraph/intern/builder/deg_builder_nodes.cc:129
    - 3 0x14234b9f in ghash_free_cb /home/guest/blender/rc_src/source/blender/blenlib/intern/BLI_ghash.c:650
    - 4 0x1423af28 in BLI_ghash_free /home/guest/blender/rc_src/source/blender/blenlib/intern/BLI_ghash.c:1023
    - 5 0x8112725 in DEG::DepsgraphNodeBuilder::~DepsgraphNodeBuilder() /home/guest/blender/rc_src/source/blender/depsgraph/intern/builder/deg_builder_nodes.cc:157
    - 6 0x80bc148 in DEG_graph_build_from_view_layer /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_build.cc:245
    - 7 0x80c0ac2 in DEG_graph_relations_update /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_build.cc:499
    - 8 0x3398cc4 in scene_graph_update_tagged /home/guest/blender/rc_src/source/blender/blenkernel/intern/scene.c:1311
    - 9 0x3398df6 in BKE_scene_graph_update_tagged /home/guest/blender/rc_src/source/blender/blenkernel/intern/scene.c:1358
    - 10 0x40ee6ba in wm_event_do_depsgraph /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:359
    - 11 0x40eea09 in wm_event_do_refresh_wm_and_depsgraph /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:385
    - 12 0x40f0964 in wm_event_do_notifiers /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:550
    - 13 0x40dc8e6 in WM_main /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm.c:453
    - 14 0x2cfd139 in main /home/guest/blender/rc_src/source/creator/creator.c:524
    - 15 0x7ffff2492e0a in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    - 0 0x7ffff768480e in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10780e)
    - 1 0x1452fd0c in MEM_lockfree_callocN /home/guest/blender/rc_src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267
    - 2 0x2f04b5e in BKE_libblock_alloc_notest /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_id.c:989
    - 3 0x80a80f4 in DEG::IDNode::init_copy_on_write(ID*) /home/guest/blender/rc_src/source/blender/depsgraph/intern/node/deg_node_id.cc:139
    - 4 0x80b1bb7 in DEG::Depsgraph::add_id_node(ID*, ID*) /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph.cc:130
    - 5 0x8113026 in DEG::DepsgraphNodeBuilder::add_id_node(ID*) /home/guest/blender/rc_src/source/blender/depsgraph/intern/builder/deg_builder_nodes.cc:177
    - 6 0x811dbb4 in DEG::DepsgraphNodeBuilder::build_object(int, Object*, DEG::eDepsNode_LinkedState_Type, bool) /home/guest/blender/rc_src/source/blender/depsgraph/intern/builder/deg_builder_nodes.cc:578
    - 7 0x8184fa7 in DEG::DepsgraphNodeBuilder::build_view_layer(Scene*, ViewLayer*, DEG::eDepsNode_LinkedState_Type) /home/guest/blender/rc_src/source/blender/depsgraph/intern/builder/deg_builder_nodes_view_layer.cc:118
    - 8 0x80bbb18 in DEG_graph_build_from_view_layer /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_build.cc:247
    - 9 0x80c0ac2 in DEG_graph_relations_update /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_build.cc:499
    - 10 0x40ee674 in wm_event_do_depsgraph /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:355
    - 11 0x4127ae5 in wm_file_read_post /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:561
    - 12 0x412882a in WM_file_read /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:683
    - 13 0x41338d0 in wm_file_read_opwrap /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2110
    - 14 0x4134b94 in wm_open_mainfile__open /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2252
    - 15 0x4133c2b in operator_state_dispatch /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2146
    - 16 0x4134df1 in wm_open_mainfile_dispatch /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2278
    - 17 0x4134197 in wm_open_mainfile__discard_changes /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2192
    - 18 0x4133c2b in operator_state_dispatch /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2146
    - 19 0x4134df1 in wm_open_mainfile_dispatch /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2278
    - 20 0x4134e1a in wm_open_mainfile_invoke /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2283
    - 21 0x40f7c71 in wm_operator_invoke /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:1271
    - 22 0x40f9dde in wm_operator_call_internal /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:1519
    - 23 0x40f9f52 in WM_operator_name_call_ptr /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:1533
    - 24 0x74e2810 in ui_apply_but_funcs_after /home/guest/blender/rc_src/source/blender/editors/interface/interface_handlers.c:892
    - 25 0x756a27e in ui_popup_handler /home/guest/blender/rc_src/source/blender/editors/interface/interface_handlers.c:10841
    - 26 0x40f1433 in wm_handler_ui_call /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:617
    - 27 0x41075f3 in wm_handlers_do_intern /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:2725
    - 28 0x4108693 in wm_handlers_do /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:2836
    - 29 0x410dca2 in wm_event_do_handlers /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:3231

SUMMARY: AddressSanitizer: heap-use-after-free /home/guest/blender/rc_src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:501 in check_datablock_expanded
Shadow bytes around the buggy address:
  0x0c3680054e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3680054e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3680054e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3680054e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3680054ea0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c3680054eb0: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd
  0x0c3680054ec0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3680054ed0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3680054ee0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3680054ef0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3680054f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==203928==ABORTING

Hrmm, in fact ID deletion code itself seems to be fine, issue only happens with Object deletion operator (from 3DView), since deleted object is used by a custom property it is not actually deleted, just removed from any collection. @Sergey I could use your expertise on depsgraph/CoW here (crash is actually a use-after-free memory on CoW object, see ASAN bactrace below). Question is, could CoW system be somehow 'broken' in case where an object is not in any collection (hence not in any ViewLayer of any scene), but is still present in Main and referenced by some other data-blocks (through custom properties here)? From that backtrace my (uneducated) guess would be that CoW frees the object copy not in any scene anymore, even though that object remain accessible through other CoWs IDProperties. ```lines=20 ================================================================= ==203928==ERROR: AddressSanitizer: heap-use-after-free on address 0x61b0002e75a8 at pc 0x000008212567 bp 0x7fffffff91b0 sp 0x7fffffff91a8 READ of size 1 at 0x61b0002e75a8 thread T0 - 0 0x8212566 in check_datablock_expanded /home/guest/blender/rc_src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:501 - 1 0x8212566 in foreach_libblock_validate_callback /home/guest/blender/rc_src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:828 - 2 0x2f1f5fa in library_foreach_idproperty_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:198 - 3 0x2f1ee24 in library_foreach_idproperty_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:186 - 4 0x2f1ef7e in library_foreach_idproperty_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:193 - 5 0x2f1ee24 in library_foreach_idproperty_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:186 - 6 0x2f1ee24 in library_foreach_idproperty_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:186 - 7 0x2f40a5b in library_foreach_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:645 - 8 0x2f718c0 in BKE_library_foreach_ID_link /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_query.c:1324 - 9 0x8214429 in DEG::deg_validate_copy_on_write_datablock(ID*) /home/guest/blender/rc_src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1097 - 10 0x80e03e5 in deg_iterator_objects_step /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_query_iter.cc:212 - 11 0x80e1885 in DEG_iterator_objects_next /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_query_iter.cc:299 - 12 0x117b6635 in stats_update /home/guest/blender/rc_src/source/blender/editors/space_info/info_stats.c:387 - 13 0x117b9057 in ED_info_stats_string /home/guest/blender/rc_src/source/blender/editors/space_info/info_stats.c:593 - 14 0x5975fc7 in rna_Scene_statistics_string_get /home/guest/blender/rc_src/source/blender/makesrna/intern/rna_scene.c:931 - 15 0x59d7c0f in Scene_statistics_call source/blender/makesrna/intern/rna_scene_gen.c:7966 - 16 0x53ef332 in RNA_function_call /home/guest/blender/rc_src/source/blender/makesrna/intern/rna_access.c:7604 - 17 0x5cc9e86 in pyrna_func_call /home/guest/blender/rc_src/source/blender/python/intern/bpy_rna.c:6326 - 18 0x7ffff4882886 in _PyObject_FastCallKeywords (/lib/x86_64-linux-gnu/libpython3.7m.so.1.0+0x25e886) - 19 0x7ffff4691fc2 (/lib/x86_64-linux-gnu/libpython3.7m.so.1.0+0x6dfc2) - 20 0x7ffff4698c41 in _PyEval_EvalFrameDefault (/lib/x86_64-linux-gnu/libpython3.7m.so.1.0+0x74c41) - 21 0x7ffff469b94a (/lib/x86_64-linux-gnu/libpython3.7m.so.1.0+0x7794a) - 22 0x7ffff4881f97 in _PyFunction_FastCallDict (/lib/x86_64-linux-gnu/libpython3.7m.so.1.0+0x25df97) - 23 0x5cd4e84 in bpy_class_call /home/guest/blender/rc_src/source/blender/python/intern/bpy_rna.c:8505 - 24 0x5b0d951 in header_draw /home/guest/blender/rc_src/source/blender/makesrna/intern/rna_ui.c:702 - 25 0x5dacf9f in ED_region_header_layout /home/guest/blender/rc_src/source/blender/editors/screen/area.c:2779 - 26 0x5d878c1 in ED_region_do_layout /home/guest/blender/rc_src/source/blender/editors/screen/area.c:500 - 27 0x40e87a1 in wm_draw_window_offscreen /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_draw.c:637 - 28 0x40e9ed4 in wm_draw_window /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_draw.c:806 - 29 0x40eb37c in wm_draw_update /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_draw.c:1014 - 30 0x40dc8f2 in WM_main /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm.c:456 - 31 0x2cfd139 in main /home/guest/blender/rc_src/source/creator/creator.c:524 - 32 0x7ffff2492e0a in __libc_start_main ../csu/libc-start.c:308 - 33 0x2cfc309 in _start (/home/guest/blender/build_rc_debug/bin/blender+0x2cfc309) 0x61b0002e75a8 is located 40 bytes inside of 1424-byte region [0x61b0002e7580,0x61b0002e7b10) freed by thread T0 here: - 0 0x7ffff7684277 in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x107277) - 1 0x1452f5bd in MEM_lockfree_freeN /home/guest/blender/rc_src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:157 - 2 0x8111a4f in free_copy_on_write_datablock /home/guest/blender/rc_src/source/blender/depsgraph/intern/builder/deg_builder_nodes.cc:129 - 3 0x14234b9f in ghash_free_cb /home/guest/blender/rc_src/source/blender/blenlib/intern/BLI_ghash.c:650 - 4 0x1423af28 in BLI_ghash_free /home/guest/blender/rc_src/source/blender/blenlib/intern/BLI_ghash.c:1023 - 5 0x8112725 in DEG::DepsgraphNodeBuilder::~DepsgraphNodeBuilder() /home/guest/blender/rc_src/source/blender/depsgraph/intern/builder/deg_builder_nodes.cc:157 - 6 0x80bc148 in DEG_graph_build_from_view_layer /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_build.cc:245 - 7 0x80c0ac2 in DEG_graph_relations_update /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_build.cc:499 - 8 0x3398cc4 in scene_graph_update_tagged /home/guest/blender/rc_src/source/blender/blenkernel/intern/scene.c:1311 - 9 0x3398df6 in BKE_scene_graph_update_tagged /home/guest/blender/rc_src/source/blender/blenkernel/intern/scene.c:1358 - 10 0x40ee6ba in wm_event_do_depsgraph /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:359 - 11 0x40eea09 in wm_event_do_refresh_wm_and_depsgraph /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:385 - 12 0x40f0964 in wm_event_do_notifiers /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:550 - 13 0x40dc8e6 in WM_main /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm.c:453 - 14 0x2cfd139 in main /home/guest/blender/rc_src/source/creator/creator.c:524 - 15 0x7ffff2492e0a in __libc_start_main ../csu/libc-start.c:308 previously allocated by thread T0 here: - 0 0x7ffff768480e in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10780e) - 1 0x1452fd0c in MEM_lockfree_callocN /home/guest/blender/rc_src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267 - 2 0x2f04b5e in BKE_libblock_alloc_notest /home/guest/blender/rc_src/source/blender/blenkernel/intern/lib_id.c:989 - 3 0x80a80f4 in DEG::IDNode::init_copy_on_write(ID*) /home/guest/blender/rc_src/source/blender/depsgraph/intern/node/deg_node_id.cc:139 - 4 0x80b1bb7 in DEG::Depsgraph::add_id_node(ID*, ID*) /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph.cc:130 - 5 0x8113026 in DEG::DepsgraphNodeBuilder::add_id_node(ID*) /home/guest/blender/rc_src/source/blender/depsgraph/intern/builder/deg_builder_nodes.cc:177 - 6 0x811dbb4 in DEG::DepsgraphNodeBuilder::build_object(int, Object*, DEG::eDepsNode_LinkedState_Type, bool) /home/guest/blender/rc_src/source/blender/depsgraph/intern/builder/deg_builder_nodes.cc:578 - 7 0x8184fa7 in DEG::DepsgraphNodeBuilder::build_view_layer(Scene*, ViewLayer*, DEG::eDepsNode_LinkedState_Type) /home/guest/blender/rc_src/source/blender/depsgraph/intern/builder/deg_builder_nodes_view_layer.cc:118 - 8 0x80bbb18 in DEG_graph_build_from_view_layer /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_build.cc:247 - 9 0x80c0ac2 in DEG_graph_relations_update /home/guest/blender/rc_src/source/blender/depsgraph/intern/depsgraph_build.cc:499 - 10 0x40ee674 in wm_event_do_depsgraph /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:355 - 11 0x4127ae5 in wm_file_read_post /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:561 - 12 0x412882a in WM_file_read /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:683 - 13 0x41338d0 in wm_file_read_opwrap /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2110 - 14 0x4134b94 in wm_open_mainfile__open /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2252 - 15 0x4133c2b in operator_state_dispatch /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2146 - 16 0x4134df1 in wm_open_mainfile_dispatch /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2278 - 17 0x4134197 in wm_open_mainfile__discard_changes /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2192 - 18 0x4133c2b in operator_state_dispatch /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2146 - 19 0x4134df1 in wm_open_mainfile_dispatch /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2278 - 20 0x4134e1a in wm_open_mainfile_invoke /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_files.c:2283 - 21 0x40f7c71 in wm_operator_invoke /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:1271 - 22 0x40f9dde in wm_operator_call_internal /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:1519 - 23 0x40f9f52 in WM_operator_name_call_ptr /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:1533 - 24 0x74e2810 in ui_apply_but_funcs_after /home/guest/blender/rc_src/source/blender/editors/interface/interface_handlers.c:892 - 25 0x756a27e in ui_popup_handler /home/guest/blender/rc_src/source/blender/editors/interface/interface_handlers.c:10841 - 26 0x40f1433 in wm_handler_ui_call /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:617 - 27 0x41075f3 in wm_handlers_do_intern /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:2725 - 28 0x4108693 in wm_handlers_do /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:2836 - 29 0x410dca2 in wm_event_do_handlers /home/guest/blender/rc_src/source/blender/windowmanager/intern/wm_event_system.c:3231 SUMMARY: AddressSanitizer: heap-use-after-free /home/guest/blender/rc_src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:501 in check_datablock_expanded Shadow bytes around the buggy address: 0x0c3680054e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3680054e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3680054e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3680054e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3680054ea0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c3680054eb0: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd 0x0c3680054ec0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3680054ed0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3680054ee0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3680054ef0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3680054f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==203928==ABORTING ```

Sergey Sharybin commented

2020-04-23 17:22:09 +02:00

All the referenced IDs are to be explicitly pulled into the dependency graph, otherwise you are ruining integrity of the scene.

As an example see usage of modifiers_foreachIDLink in deg_builder_nodes.cc and deg_builder_relations.cc. Quick fix would be to do similar thing for ID properties.

However, this is actually an open topic of what to do with IDs referenced from ID properties. It might be wasteful to just pull all the referenced IDs, but it could be fragile if we don't do it.

All the referenced IDs are to be explicitly pulled into the dependency graph, otherwise you are ruining integrity of the scene. As an example see usage of `modifiers_foreachIDLink` in `deg_builder_nodes.cc` and `deg_builder_relations.cc`. Quick fix would be to do similar thing for ID properties. However, this is actually an open topic of what to do with IDs referenced from ID properties. It might be wasteful to just pull all the referenced IDs, but it could be fragile if we don't do it.

Bastien Montagne commented

2020-04-24 11:54:58 +02:00

So the way to go would be to add something similar build_animdata() (build_idproperties() ?), to be called by all builders (nodes and relations) for all IDProps cases? Including those from bones/poses, nodes, and sequencer...

The other solution would be to completely ignore those IDProps ID pointers, and add a parameter to libquery to skip those, so that depsgraph can fully ignore them? But that would likely cause issues in any code dealing with CoW datablocks I guess...

So the way to go would be to add something similar `build_animdata()` (`build_idproperties()` ?), to be called by all builders (nodes and relations) for all IDProps cases? Including those from bones/poses, nodes, and sequencer... The other solution would be to completely ignore those IDProps ID pointers, and add a parameter to libquery to skip those, so that depsgraph can fully ignore them? But that would likely cause issues in any code dealing with CoW datablocks I guess...

Sergey Sharybin commented

2020-04-24 14:08:46 +02:00

So the way to go would be to add something similar build_animdata() (build_idproperties()) ?

Yep. Sounds about right. Baiscally somethinng like

Depsgraph{Node, relation}Builder::build_idproperties(IDProperties* id_properties) {
  foreach id from id_properties {
    build_id(id);
  }
}

The other solution would be to completely ignore those IDProps ID pointers, and add a parameter to libquery to skip those, so that depsgraph can fully ignore them? But that would likely cause issues in any code dealing with CoW datablocks I guess...

This is plausible solution as well. Isn't great from integrity point of view, but better from ease/performance/memory points of view.

What are the IDs in ID properties are used for? Is there any common usage?

> So the way to go would be to add something similar `build_animdata()` (`build_idproperties()`) ? Yep. Sounds about right. Baiscally somethinng like ``` Depsgraph{Node, relation}Builder::build_idproperties(IDProperties* id_properties) { foreach id from id_properties { build_id(id); } } ``` > The other solution would be to completely ignore those IDProps ID pointers, and add a parameter to libquery to skip those, so that depsgraph can fully ignore them? But that would likely cause issues in any code dealing with CoW datablocks I guess... This is plausible solution as well. Isn't great from integrity point of view, but better from ease/performance/memory points of view. What are the IDs in ID properties are used for? Is there any common usage?

Bastien Montagne commented

2020-04-24 15:12:43 +02:00

In #75279#916796, @Sergey wrote:

The other solution would be to completely ignore those IDProps ID pointers, and add a parameter to libquery to skip those, so that depsgraph can fully ignore them? But that would likely cause issues in any code dealing with CoW datablocks I guess...

This is plausible solution as well. Isn't great from integrity point of view, but better from ease/performance/memory points of view.

What are the IDs in ID properties are used for? Is there any common usage?

I have no typical usecase in mind, afaik those are mostly used by thirdparty tools/addons… They should never be used by core code itself, and they cannot be directly defined by users, so they should almost never be required within depsgraph context. But... they can be used by e.g. advanced python drivers or other fancy features, so I don’t think we can rule them out of evaluation completely? Though maybe that is not actually a valid argument, my knowledge of current driver evaluation process is rather rusty.

> In #75279#916796, @Sergey wrote: >> The other solution would be to completely ignore those IDProps ID pointers, and add a parameter to libquery to skip those, so that depsgraph can fully ignore them? But that would likely cause issues in any code dealing with CoW datablocks I guess... > > This is plausible solution as well. Isn't great from integrity point of view, but better from ease/performance/memory points of view. > > What are the IDs in ID properties are used for? Is there any common usage? I have no typical usecase in mind, afaik those are mostly used by thirdparty tools/addons… They should never be used by core code itself, and they cannot be directly defined by users, so they should *almost* never be required within depsgraph context. But... they can be used by e.g. advanced python drivers or other fancy features, so I don’t think we can rule them out of evaluation completely? Though maybe that is not actually a valid argument, my knowledge of current driver evaluation process is rather rusty.

Sergey Sharybin commented

2020-04-24 16:01:32 +02:00

Added subscriber: @dr.sybren

Sergey Sharybin commented

2020-04-24 16:01:32 +02:00

Then how about we take the consistency approach and pull IDs from custom properties into the graph?

If you can point or provide some function to iterate via IDs used by IDProperties them me or @dr.sybren can easily do depsgraph changes.

Then how about we take the consistency approach and pull IDs from custom properties into the graph? If you can point or provide some function to iterate via IDs used by IDProperties them me or @dr.sybren can easily do depsgraph changes.

blender-admin commented

2020-04-28 11:45:57 +02:00

This issue was referenced by 37e08e526c

This issue was referenced by 37e08e526c6fef7d0a4fc359bc4b7e665d012119

Bastien Montagne commented

2020-04-28 12:00:01 +02:00

Well, this is easy enough that I can at least propose a patch ;)

Bastien Montagne commented

2020-04-28 15:34:04 +02:00

Changed status from 'Confirmed' to: 'Resolved'

Bastien Montagne closed this issue

2020-04-28 15:34:04 +02:00

Thomas Dinges added this to the 2.83 LTS milestone 2023-02-08 16:38:06 +01:00

Sign in to join this conversation.

No Label

Download

What's New

Blender Studio

Manual

Developers Blog

Documentation

Benchmark

Blender Conference

Development Fund

One-time Donations

BLI_assert failed when deleting object in debug build (only) #75279