Page MenuHome

New boolean causes 2.78 demo file to fail to load
Closed, ResolvedPublicBUG

Description

System Information
Operating system: Windows-10-10.0.19041-SP0 64 Bits
Graphics card: AMD FirePro W2100 ATI Technologies Inc. 4.5.13493 Core Profile Context FireGL 22.19.693.256

Blender Version
Broken: version: 2.91.0 Beta, branch: master, commit date: 2020-10-22 21:22, hash: rBbaa24f1c91d2
Worked: version: 2.90.1, branch: master, commit date: 2020-09-23 06:43, hash: rB3e85bb34d0d7

Short description of error
I brought this up before and I thought it was fixed before the new boolean was checked in, but it looks like the blenderman.blend demo file is broken again?

I want to say that older files were supposed to be versioned to keep the boolean modifiers in Fast mode, not Exact, but the stack trace in the crash file seems to indicate otherwise.

With 2.90:
<10 seconds to open with reasonable memory usage

With 2.91:
After ~500 seconds of loading, it will crash with some form of memory error (32gb machine here)

Exact steps for others to reproduce the error

Event Timeline

Hans Goudey (HooglyBoogly) changed the task status from Needs Triage to Confirmed.Oct 24 2020, 2:50 AM

I can reproduce this. On a debug build with ASAN I get a report that makes me question whether this is actually cause by boolean like you say:

Read blend: /home/hans/Downloads/Blender 2/Blenderman.blend
=================================================================
==1031052==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60f000621808 at pc 0x000004e24d04 bp 0x7fffffffbbd0 sp 0x7fffffffbbc0
READ of size 8 at 0x60f000621808 thread T0
    #0 0x4e24d03 in BLI_listbase_is_empty /home/hans/Documents/Blender-Git/blender/source/blender/blenlib/BLI_listbase.h:126
    #1 0x4e24d03 in BLO_read_list_cb /home/hans/Documents/Blender-Git/blender/source/blender/blenloader/intern/readfile.c:9065
    #2 0x4e250b2 in BLO_read_list /home/hans/Documents/Blender-Git/blender/source/blender/blenloader/intern/readfile.c:9089
    #3 0x349a37f in BKE_gpencil_blend_read_data /home/hans/Documents/Blender-Git/blender/source/blender/blenkernel/intern/gpencil.c:194
    #4 0x349ad92 in greasepencil_blend_read_data /home/hans/Documents/Blender-Git/blender/source/blender/blenkernel/intern/gpencil.c:238
    #5 0x4e08930 in direct_link_id /home/hans/Documents/Blender-Git/blender/source/blender/blenloader/intern/readfile.c:6374
    #6 0x4e0bf0b in read_libblock /home/hans/Documents/Blender-Git/blender/source/blender/blenloader/intern/readfile.c:6814
    #7 0x4e122dc in blo_read_file_internal /home/hans/Documents/Blender-Git/blender/source/blender/blenloader/intern/readfile.c:7312
    #8 0x4da7666 in BLO_read_from_file /home/hans/Documents/Blender-Git/blender/source/blender/blenloader/intern/readblenentry.c:319
    #9 0x9570821 in BKE_blendfile_read_ex /home/hans/Documents/Blender-Git/blender/source/blender/blenkernel/intern/blendfile.c:445
    #10 0x95709c7 in BKE_blendfile_read /home/hans/Documents/Blender-Git/blender/source/blender/blenkernel/intern/blendfile.c:467
    #11 0x4caa340 in WM_file_read /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_files.c:725
    #12 0x4cb5147 in wm_file_read_opwrap /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_files.c:2195
    #13 0x4cb639b in wm_open_mainfile__open /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_files.c:2335
    #14 0x4cb54a2 in operator_state_dispatch /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_files.c:2231
    #15 0x4cb65f8 in wm_open_mainfile_dispatch /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_files.c:2359
    #16 0x4cb599f in wm_open_mainfile__discard_changes /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_files.c:2276
    #17 0x4cb54a2 in operator_state_dispatch /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_files.c:2231
    #18 0x4cb65f8 in wm_open_mainfile_dispatch /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_files.c:2359
    #19 0x4cb6621 in wm_open_mainfile_invoke /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_files.c:2364
    #20 0x4c7a45f in wm_operator_invoke /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_event_system.c:1288
    #21 0x4c7c489 in wm_operator_call_internal /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_event_system.c:1534
    #22 0x4c7c57e in WM_operator_name_call_ptr /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_event_system.c:1548
    #23 0x899e9b8 in ui_apply_but_funcs_after /home/hans/Documents/Blender-Git/blender/source/blender/editors/interface/interface_handlers.c:931
    #24 0x8a26e94 in ui_popup_handler /home/hans/Documents/Blender-Git/blender/source/blender/editors/interface/interface_handlers.c:10862
    #25 0x4c73c7f in wm_handler_ui_call /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_event_system.c:631
    #26 0x4c8991d in wm_handlers_do_intern /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_event_system.c:2743
    #27 0x4c8a946 in wm_handlers_do /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_event_system.c:2851
    #28 0x4c8ffef in wm_event_do_handlers /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm_event_system.c:3273
    #29 0x4c5e882 in WM_main /home/hans/Documents/Blender-Git/blender/source/blender/windowmanager/intern/wm.c:476
    #30 0x338b83d in main /home/hans/Documents/Blender-Git/blender/source/creator/creator.c:519
    #31 0x7ffff7054041 in __libc_start_main ../csu/libc-start.c:308
    #32 0x338ac3d in _start (/home/hans/Documents/Blender-Git/build_linux_debug/bin/blender+0x338ac3d)

Address 0x60f000621808 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/hans/Documents/Blender-Git/blender/source/blender/blenlib/BLI_listbase.h:126 in BLI_listbase_is_empty
Shadow bytes around the buggy address:
  0x0c1e800bc2b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
  0x0c1e800bc2c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c1e800bc2d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
  0x0c1e800bc2e0: fa fa fa fa fa fa 00 00 00 00 00 00 00 00 00 00
  0x0c1e800bc2f0: 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
=>0x0c1e800bc300: fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1e800bc310: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1e800bc320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1e800bc330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1e800bc340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1e800bc350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==1031052==ABORTING
Hans Goudey (HooglyBoogly) triaged this task as High priority.Oct 24 2020, 6:24 AM
Hans Goudey (HooglyBoogly) changed the subtype of this task from "Report" to "Bug".

Either way though, this results in a crash when trying to open a file, and it's a recent regression so this should have high a priority. From the log it looks like it may be related to grease pencil, I'm not sure though.

I can reproduce with the last compilation, but my log is totally different in windows and it's not grease pencil related:

>	ucrtbased.dll!issue_debug_notification(const wchar_t * const message) Line 28	C++
 	ucrtbased.dll!__acrt_report_runtime_error(const wchar_t * message) Line 154	C++
 	ucrtbased.dll!abort() Line 61	C++
 	blender.exe!_BLI_assert_abort() Line 51	C
 	blender.exe!blender::meshintersect::init_face_merge_state(blender::meshintersect::FaceMergeState * fms, const blender::Vector<int,4,blender::GuardedAllocator> & tris, const blender::meshintersect::IMesh & tm, const blender::double3 & norm) Line 2812	C++
 	blender.exe!blender::meshintersect::merge_tris_for_face(blender::Vector<int,4,blender::GuardedAllocator> tris, const blender::meshintersect::IMesh & tm, const blender::meshintersect::IMesh & imesh_in, blender::meshintersect::IMeshArena * arena) Line 3041	C++
 	blender.exe!blender::meshintersect::polymesh_from_trimesh_with_dissolve(const blender::meshintersect::IMesh & tm_out, const blender::meshintersect::IMesh & imesh_in, blender::meshintersect::IMeshArena * arena) Line 3211	C++
 	blender.exe!blender::meshintersect::boolean_mesh(blender::meshintersect::IMesh & imesh, blender::meshintersect::BoolOpType op, int nshapes, std::function<int __cdecl(int)> shape_fn, bool use_self, blender::meshintersect::IMesh * imesh_triangulated, blender::meshintersect::IMeshArena * arena) Line 3374	C++
 	blender.exe!blender::meshintersect::bmesh_boolean(BMesh * bm, BMLoop *[3] * looptris, const int looptris_tot, int(*)(BMFace *, void *) test_fn, void * user_data, int nshapes, const bool use_self, const bool use_separate_all, const blender::meshintersect::BoolOpType boolean_mode) Line 365	C++
 	blender.exe!BM_mesh_boolean(BMesh * bm, BMLoop *[3] * looptris, const int looptris_tot, int(*)(BMFace *, void *) test_fn, void * user_data, const int nshapes, const bool use_self, const int boolean_mode) Line 417	C++
 	blender.exe!collection_boolean_exact(BooleanModifierData * bmd, const ModifierEvalContext * ctx, Mesh * mesh) Line 548	C
 	blender.exe!modifyMesh(ModifierData * md, const ModifierEvalContext * ctx, Mesh * mesh) Line 634	C
 	blender.exe!BKE_modifier_modify_mesh(ModifierData * md, const ModifierEvalContext * ctx, Mesh * me) Line 996	C
 	blender.exe!mesh_calc_modifiers(Depsgraph * depsgraph, Scene * scene, Object * ob, int useDeform, const bool need_mapping, const CustomData_MeshMasks * dataMask, const int index, const bool use_cache, const bool allow_shared_mesh, Mesh * * r_deform, Mesh * * r_final) Line 1183	C
 	blender.exe!mesh_build_data(Depsgraph * depsgraph, Scene * scene, Object * ob, const CustomData_MeshMasks * dataMask, const bool need_mapping) Line 1803	C
 	blender.exe!makeDerivedMesh(Depsgraph * depsgraph, Scene * scene, Object * ob, BMEditMesh * em, const CustomData_MeshMasks * dataMask) Line 1924	C
 	blender.exe!BKE_object_handle_data_update(Depsgraph * depsgraph, Scene * scene, Object * ob) Line 194	C
 	blender.exe!BKE_object_eval_uber_data(Depsgraph * depsgraph, Scene * scene, Object * ob) Line 385	C
 	[External Code]	
 	blender.exe!blender::deg::`anonymous namespace'::evaluate_node(const blender::deg::`anonymous-namespace'::DepsgraphEvalState * state, blender::deg::OperationNode * operation_node) Line 116	C++
 	blender.exe!blender::deg::`anonymous namespace'::deg_task_run_func(TaskPool * pool, void * taskdata) Line 128	C++
 	blender.exe!Task::()::__l2::<lambda>() Line 118	C++
 	blender.exe!tbb::interface7::internal::delegated_function<void <lambda>(void) const ,void>::operator()() Line 94	C++
 	[External Code]	
 	blender.exe!tbb::interface7::internal::isolate_impl<void,void <lambda>(void) const>(const Task::()::__l2::void <lambda>(void) & f) Line 161	C++
 	blender.exe!tbb::interface7::this_task_arena::isolate<void <lambda>(void)>(const Task::()::__l2::void <lambda>(void) & f) Line 396	C++
 	blender.exe!Task::operator()() Line 122	C++
 	blender.exe!tbb::internal::function_task<Task>::execute() Line 1049	C++

Also checked and the file has a grease pencil object, but without Layers, Frames or Strokes, so it's almost impossible to be the cause of the crash. Anyway, IIRC greasepencil_blend_read_data() was something changed by @Jacques Lucke (JacquesLucke) few weeks ago in the read/write refactor.

@Antonio Vazquez (antoniov) I'm confused. Why are the palettes linked in BKE_gpencil_blend_read_data instead of greasepencil_blend_read_lib? I have no experience with palettes, but it looks like they are ID datablocks and the colors list should only be linked in palette_blend_read_data (which it is).

Without ASAN, I get the same error as @Antonio Vazquez (antoniov). So this is probably something for @Howard Trickey (howardt) to look into.
After loading the file, it takes a while until the assert is hit for me.

@Jacques Lucke (JacquesLucke) The palette were linked in old versions to the GPD datablock, but this was deprecated in 2.77 (IIRC)... anyway, this file is not using any Palette, so I don't think is the reason. Also, the palettes were only used for very few times, so I don't think we are going to have a lot of old files using Palettes because at that time GPencil was not very much used.

The problem is that my versioning code was looking for the non-presence of a 'solver' field in the boolean modifier as indication that the file was old. But a long time ago there used to be a solver field, that we removed. So if I just skip that check, the file loads OK. I'll submit a change for this right away. It is so simple a fix that I don't think it needs a review.