Page MenuHome
Create Task
Maniphest T78054

Crash with Material preview
Closed, ResolvedPublicBUG
Actions

Description

System Information
Operating system: Linux-5.4.0-7634-generic-x86_64-with-debian-bullseye-sid 64 Bits
Graphics card: GeForce GTX 1080 Ti/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 440.82

Blender Version
Broken: version: 2.90.0 Alpha, branch: master, commit date: 2020-06-26 17:24, hash: rBb7b57e7155ee

Short description of error
Crash when editing instancing objects that have normal map texture (Tangent Space) in Material Preview

Exact steps for others to reproduce the error

https://developer.blender.org/T78054#967181

Revisions and Commits

rB Blender
D8161rB46ae115b88c4 Fix T78054: Crash Editing Instanced Objects with Tangent Normals

Related Objects

Event Timeline

SABRI Salim (salim3d) created this task.Jun 20 2020, 2:43 AM
ronsn added a subscriber: ronsn.Jun 21 2020, 12:18 AM

@SABRI Salim (salim3d) Can you provide such "a heavy scene (or less)"? It sounds like you computer ran out of memory (RAM), but that's just guessing. Can you also monitor your memory usage while provoking the crash?

SABRI Salim (salim3d) renamed this task from Crash when editing with Eevee to Crash with Material preview.Jun 21 2020, 3:38 PM
SABRI Salim (salim3d) changed the task status from Needs Triage to Needs Developer to Reproduce.
SABRI Salim (salim3d) updated the task description. (Show Details)
SABRI Salim (salim3d) updated the task description. (Show Details)Jun 21 2020, 6:52 PM
ronsn added a subscriber: Jeroen Bakker (jbakker).EditedJun 21 2020, 9:30 PM

I can confirm that there is a Segmentation fault when using Tangent Space in the Normal Map node.

bf34b0c8f4b8c64bcc4ec0f3371d343e9c2fe029 is the first bad commit

I prepared a .blend file for faster checking

normal_map.tangent_space_bug_r0.blend771 KBDownload

@Jeroen Bakker (jbakker) can you look into this issue?

SABRI Salim (salim3d) changed the task status from Needs Developer to Reproduce to Confirmed.Jun 21 2020, 11:06 PM
ronsn claimed this task.Jun 21 2020, 11:33 PM
ronsn mentioned this in T78100: Crash when link-duplicating an object with assigned material.
ronsn merged a task: T78100: Crash when link-duplicating an object with assigned material.Jun 21 2020, 11:36 PM
ronsn added a subscriber: Leonardo Marini (Bamarin).
ronsn removed ronsn as the assignee of this task.Jun 21 2020, 11:40 PM
ronsn changed the task status from Confirmed to Needs Triage.EditedJun 21 2020, 11:46 PM

@SABRI Salim (salim3d) Confirmed reports should always be tagged to a module, otherwise they don't show up in the queries and workboards. We don't know the module yet, so I'll set it back to Needs Triage

Alaska (Alaska) changed the task status from Needs Triage to Confirmed.Jun 24 2020, 5:59 AM
Alaska (Alaska) edited projects, added EEVEE & Viewport, BF Blender (2.90); removed BF Blender.
SABRI Salim (salim3d) changed the task status from Confirmed to Needs Triage.Jun 26 2020, 4:29 PM

I think the problem is solved in this branch :
version: 2.90.0 Alpha, branch: master, commit date: 2020-06-25 21:53, hash: rB62aa103d485f

ronsn added a comment.EditedJun 26 2020, 11:18 PM

@SABRI Salim (salim3d): It seems that 8f97a64dec356d48a51948658efed7d7a9074c6e resolved the issue, but it is still crashing. Can you check if that is also the case at your system?

Steps to reproduce:
If you open e.g. my new attached .blend file and as soon as possible press TAB⁽¹⁾ 50 to 70 times very fast.

(1) to switch between Object Mode and Edit Mode

normal_map.tangent_space_bug_r1.blend915 KBDownload

––––––––––––––––––––––––

@Jeroen Bakker (jbakker) GDB says:

Thread 30 "blender" received signal SIGSEGV, Segmentation fault.
[Change to Thread 0x7fffc72a9700 (LWP 24458)]
0x00000000016a3b34 in emdm_ts_SetTSpace ()

So it seems to be still a tangent issue.

System Information
Operating system: Linux-5.3.0-59-generic-x86_64-with-debian-buster-sid 64 Bits
Graphics card: GeForce GTX 1660 Ti/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 435.21

Blender Version
Broken: version: 2.90.0 Alpha, branch: master, commit date: 2020-06-26 17:24, hash: rBb7b57e7155ee

SABRI Salim (salim3d) added a comment.Jun 26 2020, 11:56 PM

Yes it is still crashing . by pressing TAB ~ 10 times with your testing file.

ronsn changed the task status from Needs Triage to Confirmed.Jun 27 2020, 12:21 AM

@SABRI Salim (salim3d): Okay, can you then update your task description with a note and the link https://developer.blender.org/T78054#967181 somewhere in the "Exact steps for others to reproduce the error" section? That link points directly to my comment above from today so other developer don't have to read all the other stuff before? 🙂

SABRI Salim (salim3d) updated the task description. (Show Details)Jun 27 2020, 2:52 PM
Vincent Blankfield (vvv) mentioned this in T78334: Shift-D in edit mode, with normal map node connected to material causes exception.Jun 29 2020, 1:03 PM
Vincent Blankfield (vvv) mentioned this in T78361: Blender crashes on many modeling operations (loopcut, extrude, duplication, ...) on mesh with normal map node connected to material.
Philipp Oeser (lichtwerk) triaged this task as High priority.Jun 29 2020, 1:46 PM
Philipp Oeser (lichtwerk) added a subscriber: Philipp Oeser (lichtwerk).

@Jeroen Bakker (jbakker) : cannot reproduce in a Debug build, but indeed, I can still get the buildbot build (rBb21ba5e57974) to crash.
Hope you can check on this again?

Jeroen Bakker (jbakker) claimed this task.Jun 30 2020, 10:17 AM
Jeroen Bakker (jbakker) added a comment.EditedJun 30 2020, 10:23 AM

I did a small change yesterday, what isn't in the builds from sunday. It could have been fixed by that fix as it was related to bmesh tangents. I am able to reproduce the issue in release builds.

Jeroen Bakker (jbakker) added a comment.EditedJun 30 2020, 11:58 AM
==3259==ERROR: AddressSanitizer: heap-use-after-free on address 0x61b0004dfc88 at pc 0x000004069ab4 bp 0x7f000f3faa30 sp 0x7f000f3faa20
WRITE of size 4 at 0x61b0004dfc88 thread T16
    #0 0x4069ab3 in copy_v3_v3 /home/jeroen/blender-git/blender/source/blender/blenlib/intern/math_vector_inline.c:63
    #1 0x4069ab3 in emdm_ts_SetTSpace /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/editmesh_tangent.c:250
    #2 0x6e824a5 in genTangSpace /home/jeroen/blender-git/blender/intern/mikktspace/mikktspace.c:461
    #3 0x4068239 in emDM_calc_loop_tangents_thread /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/editmesh_tangent.c:270
    #4 0x1eea192 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1eea192)
    #5 0x12ad9d1f in void tbb::interface7::internal::isolate_impl<void, Task::operator()() const::{lambda()#1} const>(Task::operator()() const::{lambda()#1} const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:160
    #6 0x12ada09c in tbb::interface7::internal::return_type_or_void<Task::operator()() const::{lambda()#1}>::type tbb::interface7::this_task_arena::isolate<Task::operator()() const::{lambda()#1}>(tbb::interface7::internal::return_type_or_void const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:395
    #7 0x12ada09c in Task::operator()() const /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:118
    #8 0x12ada09c in tbb::internal::function_task<Task>::execute() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task.h:1048
    #9 0x1ee7054 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee7054)
    #10 0x1ee8724 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee8724)
    #11 0x12ad90b6 in tbb::task::wait_for_all() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task.h:809
    #12 0x12ad90b6 in tbb::internal::task_group_base::wait() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_group.h:168
    #13 0x12ad90b6 in tbb_task_pool_work_and_wait /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:250
    #14 0x12ad90b6 in BLI_task_pool_work_and_wait /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:499
    #15 0x406b1d7 in BKE_editmesh_loop_tangent_calc /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/editmesh_tangent.c:421
    #16 0x24a5483 in extract_tan_ex /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:1965
    #17 0x24a7f7a in extract_tan_init /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:2068
    #18 0x248a009 in extract_init /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:4584
    #19 0x248a009 in extract_init_and_run /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:4612
    #20 0x248a0d7 in extract_single_threaded_task_node_exec /home/jeroen/blender-git/blender/source/blender/draw/intern/draw_cache_extract_mesh.c:4688
    #21 0x1eea192 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1eea192)
    #22 0x12abb2ef in void tbb::interface7::internal::isolate_impl<void, TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1} const>(TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1} const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:160
    #23 0x12abb2ef in tbb::interface7::internal::return_type_or_void<TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1}>::type tbb::interface7::this_task_arena::isolate<TaskNode::run(tbb::flow::interface11::continue_msg)::{lambda()#1}>(tbb::interface7::internal::return_type_or_void const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:395
    #24 0x12abb2ef in TaskNode::run(tbb::flow::interface11::continue_msg) /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_graph.cc:97
    #25 0x12acbf15 in tbb::flow::interface11::continue_msg std::__invoke_impl<tbb::flow::interface11::continue_msg, tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&>(std::__invoke_memfun_deref, tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&) /usr/include/c++/7/bits/invoke.h:73
    #26 0x12acbf15 in std::__invoke_result<tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&>::type std::__invoke<tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&>(tbb::flow::interface11::continue_msg (TaskNode::*&)(tbb::flow::interface11::continue_msg), TaskNode*&, tbb::flow::interface11::continue_msg const&) /usr/include/c++/7/bits/invoke.h:95
    #27 0x12acbf15 in tbb::flow::interface11::continue_msg std::_Bind<tbb::flow::interface11::continue_msg (TaskNode::*(TaskNode*, std::_Placeholder<1>))(tbb::flow::interface11::continue_msg)>::__call<tbb::flow::interface11::continue_msg, tbb::flow::interface11::continue_msg const&, 0ul, 1ul>(std::tuple<tbb::flow::interface11::continue_msg const&>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/7/functional:467
    #28 0x12acbf15 in tbb::flow::interface11::continue_msg std::_Bind<tbb::flow::interface11::continue_msg (TaskNode::*(TaskNode*, std::_Placeholder<1>))(tbb::flow::interface11::continue_msg)>::operator()<tbb::flow::interface11::continue_msg const&, tbb::flow::interface11::continue_msg>(tbb::flow::interface11::continue_msg const&) /usr/include/c++/7/functional:551
    #29 0x12acbf15 in tbb::flow::interface11::internal::function_body_leaf<tbb::flow::interface11::continue_msg, tbb::flow::interface11::continue_msg, std::_Bind<tbb::flow::interface11::continue_msg (TaskNode::*(TaskNode*, std::_Placeholder<1>))(tbb::flow::interface11::continue_msg)> >::operator()(tbb::flow::interface11::continue_msg const&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/internal/_flow_graph_body_impl.h:146
    #30 0x12acbf15 in tbb::flow::interface11::internal::continue_input<tbb::flow::interface11::continue_msg, tbb::flow::interface11::internal::Policy<void> >::apply_body_bypass(tbb::flow::interface11::continue_msg) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/internal/_flow_graph_node_impl.h:821
    #31 0x12acbf15 in tbb::flow::interface11::internal::apply_body_task_bypass<tbb::flow::interface11::internal::continue_input<tbb::flow::interface11::continue_msg, tbb::flow::interface11::internal::Policy<void> >, tbb::flow::interface11::continue_msg>::execute() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/internal/_flow_graph_body_impl.h:312
    #32 0x1ee7054 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee7054)
    #33 0x1ee8724 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee8724)
    #34 0x1ee9e87 in tbb::internal::arena::process(tbb::internal::generic_scheduler&) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee9e87)
    #35 0x1ee2a62 in tbb::internal::market::process(rml::job&) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee2a62)
    #36 0x1ee4085 in tbb::internal::rml::private_worker::run() (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee4085)
    #37 0x1ee42c8 in tbb::internal::rml::private_worker::thread_routine(void*) (/home/jeroen/blender-git/build_linux/bin/blender+0x1ee42c8)
    #38 0x7f003ec926da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
    #39 0x7f003d59388e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)

0x61b0004dfc88 is located 8 bytes inside of 1544-byte region [0x61b0004dfc80,0x61b0004e0288)
freed by thread T18 here:
    #0 0x7f003f18b7a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
    #1 0x1d08bc2 in customData_free_layer__internal /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2668
    #2 0x1d08bc2 in CustomData_free_layer /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2635

previously allocated by thread T18 here:
    #0 0x7f003f18bd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x12b13aae in MEM_lockfree_callocN /home/jeroen/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:232

Some things to test:

Jeroen Bakker (jbakker) added a revision: D8161: Fix T78054: Crash Editing Instanced Objects with Tangent Normals.Jun 30 2020, 12:20 PM
Vincent Blankfield (vvv) mentioned this in T78448: BLI_assert fails in extract_tris_finish on Duplicate Linked .Jun 30 2020, 7:30 PM
Vincent Blankfield (vvv) added a subscriber: Vincent Blankfield (vvv).Jun 30 2020, 7:46 PM
Vincent Blankfield (vvv) added a comment.Jun 30 2020, 10:45 PM

With D8161 applied I don't get NULL layer_data crashes any more, but it still crashes for different reasons while holding Tab in "normal_map.tangent_space_bug_r1.blend" test file. Attaching some crash descriptions with stack traces. All crashes are different, except 1 and 2 are similar.

T78054 crash 1.txt6 KBDownload

T78054 crash 3.txt4 KBDownload

T78054 crash 2.txt6 KBDownload

T78054 crash 4.txt1 KBDownload

T78054 crash 5.txt1 KBDownload

Clément Foucault (fclem) changed the subtype of this task from "Report" to "Bug".Jul 1 2020, 2:24 AM
Clément Foucault (fclem) moved this task from Backlog to Blender 2.90 on the EEVEE & Viewport board.
Jeroen Bakker (jbakker) closed this task as Resolved by committing rB46ae115b88c4: Fix T78054: Crash Editing Instanced Objects with Tangent Normals.Jul 2 2020, 11:35 AM
Jeroen Bakker (jbakker) added a commit: rB46ae115b88c4: Fix T78054: Crash Editing Instanced Objects with Tangent Normals.