Page MenuHome

Crash when deleting hair collision collection
Closed, ResolvedPublicBUG

Description

System Information
Operating system: Linux OpenSUSE Tumbleweed/kernel 5.9.10-1-default
Graphics card: Radeon RX480 4GB

Blender Version
Broken: Blender 2.92 alpha 748f46

Short description of error
Blender crashes when attempting to delete with the X key in the outliner a collection referenced by the hair system relatively to collisions.

Exact steps for others to reproduce the error

  • Open attached file or:
    • Create a hair system in a mesh.
    • Add a collection under Hair Dynamics > Collisions. It may or may not be empty.
  • In the Outliner, select such collection ("Collisions") and press X to delete it
  • Crash

Event Timeline

If create duplicate collection of "Collisions" then both can to delete without issue.
Similar issue, but with object deletion instead collection - T83288

Germano Cavalcante (mano-wii) changed the task status from Needs Triage to Confirmed.Dec 4 2020, 6:47 PM
Germano Cavalcante (mano-wii) updated the task description. (Show Details)
Germano Cavalcante (mano-wii) changed the subtype of this task from "Report" to "Bug".

ERROR: AddressSanitizer: heap-use-after-free READ of size 2 at 0x6120001e44a0 thread T0

#0 0x4416a2c in BKE_collection_object_cache_get /blender/source/blender/blenkernel/intern/collection.c:784
#1 0x4416f43 in BKE_collection_or_layer_objects /blender/source/blender/blenkernel/intern/collection.c:817
#2 0x443f3f6 in BKE_collision_relations_create /blender/source/blender/blenkernel/intern/collision.c:1251
#3 0x158e452b in operator() /blender/source/blender/depsgraph/intern/depsgraph_physics.cc:214
#4 0x158e5fbc in lookup_or_add_cb__impl<const ID* const&, blender::deg::build_collision_relations(blender::deg::Depsgraph*, Collection*, unsigned int)::<lambda()> > /blender/source/blender/blenlib/BLI_map.hh:1040
#5 0x158e5749 in lookup_or_add_cb_as<const ID* const&, blender::deg::build_collision_relations(blender::deg::Depsgraph*, Collection*, unsigned int)::<lambda()> > /blender/source/blender/blenlib/BLI_map.hh:584
#6 0x158e5528 in lookup_or_add_cb<blender::deg::build_collision_relations(blender::deg::Depsgraph*, Collection*, unsigned int)::<lambda()> > /blender/source/blender/blenlib/BLI_map.hh:574
#7 0x158e4952 in blender::deg::build_collision_relations(blender::deg::Depsgraph*, Collection*, unsigned int) /blender/source/blender/depsgraph/intern/depsgraph_physics.cc:215
#8 0x15921ff7 in blender::deg::DepsgraphRelationBuilder::add_particle_collision_relations(blender::deg::OperationKey const&, Object*, Collection*, char const*) /blender/source/blender/depsgraph/intern/builder/deg_builder_relations.cc:394
#9 0x159452ae in blender::deg::DepsgraphRelationBuilder::build_particle_systems(Object*) /blender/source/blender/depsgraph/intern/builder/deg_builder_relations.cc:1829
#10 0x1592a614 in blender::deg::DepsgraphRelationBuilder::build_object(Object*) /blender/source/blender/depsgraph/intern/builder/deg_builder_relations.cc:712
#11 0x15995645 in blender::deg::DepsgraphRelationBuilder::build_view_layer(Scene*, ViewLayer*, blender::deg::eDepsNode_LinkedState_Type) /blender/source/blender/depsgraph/intern/builder/deg_builder_relations_view_layer.cc:99
#12 0x159b85d6 in blender::deg::ViewLayerBuilderPipeline::build_relations(blender::deg::DepsgraphRelationBuilder&) /blender/source/blender/depsgraph/intern/builder/pipeline_view_layer.cc:40

freed by thread T0 here:

#0 0x7fa5b5b410c7 in __interceptor_free (/lib64/libasan.so.6+0xab0c7)
#1 0x1755a676 in MEM_lockfree_freeN /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:129
#2 0x30398b6 in BKE_id_free_ex /blender/source/blender/blenkernel/intern/lib_id_delete.c:188
#3 0x303ae12 in id_delete /blender/source/blender/blenkernel/intern/lib_id_delete.c:357
#4 0x303b0a3 in BKE_id_delete /blender/source/blender/blenkernel/intern/lib_id_delete.c:373
#5 0x4414e8d in BKE_collection_delete /blender/source/blender/blenkernel/intern/collection.c:532
#6 0x8df8501 in outliner_collection_delete /blender/source/blender/editors/space_outliner/outliner_collections.c:375
#7 0x8e52145 in outliner_delete_exec /blender/source/blender/editors/space_outliner/outliner_tools.c:1633

previously allocated by thread T0 here:

#0 0x7fa5b5b41587 in __interceptor_calloc (/lib64/libasan.so.6+0xab587)
#1 0x1755ad54 in MEM_lockfree_callocN /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:235
#2 0xc2cf510 in DNA_struct_reconstruct /blender/source/blender/makesdna/intern/dna_genfile.c:1250
#3 0x49119da in read_struct /blender/source/blender/blenloader/intern/readfile.c:2105
#4 0x4920032 in read_libblock /blender/source/blender/blenloader/intern/readfile.c:3525
#5 0x4926ade in blo_read_file_internal /blender/source/blender/blenloader/intern/readfile.c:4028
#6 0x48fbd44 in BLO_read_from_file /blender/source/blender/blenloader/intern/readblenentry.c:319
#7 0x93dfe1d in BKE_blendfile_read_ex /blender/source/blender/blenkernel/intern/blendfile.c:445
#8 0x93dffc3 in BKE_blendfile_read /blender/source/blender/blenkernel/intern/blendfile.c:467
#9 0x47fe2bd in WM_file_read /blender/source/blender/windowmanager/intern/wm_files.c:717

SUMMARY: AddressSanitizer: heap-use-after-free /blender/source/blender/blenkernel/intern/collection.c:784 in BKE_collection_object_cache_get

Bastien Montagne (mont29) triaged this task as High priority.

Yet another case of missing ID pointer management in our foreach_id code... Fairly cirtical, fix should be ported back to 2.91.1 should we do it (and even 2.83 LTS if possible).