Maniphest T56084

Material Preview icon in the material slots editor crashes out if you undo too fast
Closed, Duplicate
Actions

Assigned To
None
Authored By
Carlo Andreacchio (candreacchio)
Jul 23 2018, 3:42 AM
Tags
  • BF Blender
Subscribers
Bastien Montagne (mont29)
Carlo Andreacchio (candreacchio)

Description

System Information
Ubuntu 17.10, GTX 1080

Blender Version
Broken: rBb85be88655c

Short description of error
This one is a bit hard to reproduce... But pretty much over the past week of using this new version of blender, the undo crashes out when we have been working on a file for around 5-30 minutes. We have tried both global undo enabled and disabled.

This usually happens when we ctrl z a few times fast... but has happened on a single ctrl z before as well as ctrl alt z and jumping back around 15 steps. It happens both in Object Mode and Edit Mode.

I know there is no reproducible steps... but it is a useability issue.

EDIT:

I have found a way of reproducing this. Please find attached the step by step process

  1. Open attached blend file --
    bug.blend742 KBDownload
  2. Add a noise texture in the node editor
  3. Connect the Factor into the colour output
  4. duplicate the noise texture and drop it onto this link
  5. Continue doing this a bunch of times, similar to below:

  1. switch to material tab (with all the material slots)
  2. mash undo really fast.

What we think is happening, is that the material preview icon cant keep up with the undo's and is causing an error. I have also attached the crash log

bug.crash.txt812 BDownload

Related Objects

Mentioned In
T56491: Crash due to (preview) jobs running during undo step.
Mentioned Here
rBb85be88655cc: Fix (IRC-reported) wrong usercount handling of deprecated IPO datablocks.

Event Timeline

Carlo Andreacchio (candreacchio) created this task.Jul 23 2018, 3:42 AM
Carlo Andreacchio (candreacchio) updated the task description.
Carlo Andreacchio (candreacchio) updated the task description.
Bastien Montagne (mont29) lowered the priority of this task from 90 to 30.Jul 26 2018, 5:51 PM
Bastien Montagne (mont29) added a subscriber: Bastien Montagne (mont29).

Think we have at least one other crash report related to undo here… But such a vague one won’t help us am afraid, please provide precise, consistent steps to reproduce the issue, otherwise we cannot investigate.

Carlo Andreacchio (candreacchio) renamed this task from Undo crashes out blender after working on a file for a while to Material Preview icon in the material slots editor crashes out if you undo too fast.Jul 27 2018, 1:40 AM
Carlo Andreacchio (candreacchio) raised the priority of this task from 30 to 90.
Carlo Andreacchio (candreacchio) updated the task description.

I have found a way of reproducing this, see the main topic for the steps. Please let me know if they are not precise enough.

Bastien Montagne (mont29) lowered the priority of this task from 90 to 50.Jul 27 2018, 10:09 AM

Thanks, can confirm the crash, here is ASAN backtrace:

=================================================================
==6848==ERROR: AddressSanitizer: heap-use-after-free on address 0x61b0000f6ca8 at pc 0x557bc9b3fc4e bp 0x7f9de4c24970 sp 0x7f9de4c24968
READ of size 2 at 0x61b0000f6ca8 thread T33
    #0 0x557bc9b3fc4d in shader_preview_render /home/i74700deb64/blender/__work__/src/source/blender/editors/render/render_preview.c:805
    #1 0x557bc9b3feb0 in shader_preview_startjob /home/i74700deb64/blender/__work__/src/source/blender/editors/render/render_preview.c:829
    #2 0x557bc9b41874 in common_preview_startjob /home/i74700deb64/blender/__work__/src/source/blender/editors/render/render_preview.c:1068
    #3 0x557bc8d124ea in do_job_thread /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:337
    #4 0x557bcbdea929 in tslot_thread_start /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:253
    #5 0x7f9e29ef7f29 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7f29)
    #6 0x7f9e2239dede in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xf7ede)

0x61b0000f6ca8 is located 40 bytes inside of 1552-byte region [0x61b0000f6c80,0x61b0000f7290)
freed by thread T0 here:
    #0 0x7f9e2b9ba7a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xda7a8)
    #1 0x557bcc3b7f31 in MEM_lockfree_freeN /home/i74700deb64/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:164
    #2 0x557bcb272649 in BKE_libblock_free_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/library_remap.c:996
    #3 0x557bcb2458c0 in BKE_main_free /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/library.c:1389
    #4 0x557bcafacc2c in BKE_blender_globals_clear /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/blender.c:143
    #5 0x557bcafb037b in setup_app_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/blendfile.c:220
    #6 0x557bcafb151a in BKE_blendfile_read_from_memfile /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/blendfile.c:421
    #7 0x557bcafaf3ec in BKE_memfile_undo_decode /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/blender_undo.c:82
    #8 0x557bc8d5ef6f in memfile_undosys_step_decode /home/i74700deb64/blender/__work__/src/source/blender/editors/undo/memfile_undo.c:90
    #9 0x557bcb61f7f1 in undosys_step_decode /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/undo_system.c:174
    #10 0x557bcb62249e in BKE_undosys_step_undo_with_data_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/undo_system.c:555
    #11 0x557bcb62272e in BKE_undosys_step_undo_with_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/undo_system.c:570
    #12 0x557bcb622780 in BKE_undosys_step_undo /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/undo_system.c:575
    #13 0x557bcb623188 in BKE_undosys_step_undo_compat_only /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/undo_system.c:652
    #14 0x557bc8d5cc46 in ed_undo_step /home/i74700deb64/blender/__work__/src/source/blender/editors/undo/ed_undo.c:155
    #15 0x557bc8d5d227 in ed_undo_exec /home/i74700deb64/blender/__work__/src/source/blender/editors/undo/ed_undo.c:252
    #16 0x557bc8ce9c1a in wm_operator_invoke /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1174
    #17 0x557bc8cedb11 in wm_handler_operator_call /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1861
    #18 0x557bc8cef358 in wm_handlers_do_intern /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2141
    #19 0x557bc8cefffd in wm_handlers_do /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2248
    #20 0x557bc8cf306e in wm_event_do_handlers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2679
    #21 0x557bc8cd8c54 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:399
    #22 0x557bc8cce4f5 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:539
    #23 0x7f9e222c8b16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16)

previously allocated by thread T0 here:
    #0 0x7f9e2b9bab00 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdab00)
    #1 0x557bcc3b86c1 in MEM_lockfree_mallocN /home/i74700deb64/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:318
    #2 0x557bcacbe36f in read_struct /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/readfile.c:1925
    #3 0x557bcacf567c in read_libblock /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/readfile.c:8238
    #4 0x557bcacf8c2e in blo_read_file_internal /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/readfile.c:8748
    #5 0x557bcacb1d81 in BLO_read_from_file /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/readblenentry.c:331
    #6 0x557bcafb111d in BKE_blendfile_read /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/blendfile.c:364
    #7 0x557bc8cfde68 in WM_file_read /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_files.c:570
    #8 0x557bc8d03e4f in wm_file_read_opwrap /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_files.c:1710
    #9 0x557bc8d043c9 in wm_open_mainfile_exec /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_files.c:1770
    #10 0x557bc8cee0f7 in wm_handler_fileselect_do /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1963
    #11 0x557bc8ceeb3b in wm_handler_fileselect_call /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2050
    #12 0x557bc8cefaa8 in wm_handlers_do_intern /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2170
    #13 0x557bc8cefffd in wm_handlers_do /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2248
    #14 0x557bc8cf27ae in wm_event_do_handlers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2576
    #15 0x557bc8cd8c54 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:399
    #16 0x557bc8cce4f5 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:539
    #17 0x7f9e222c8b16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16)

Thread T33 created by T0 here:
    #0 0x7f9e2b918270 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x38270)
    #1 0x557bcbdeaa2d in BLI_threadpool_insert /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:269
    #2 0x557bc8d12c3f in WM_jobs_start /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:422
    #3 0x557bc8d13ebb in wm_jobs_timer /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_jobs.c:632
    #4 0x557bc8d521ee in wm_window_timer /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_window.c:1466
    #5 0x557bc8d5267b in wm_window_process_events /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_window.c:1501
    #6 0x557bc8cd8c48 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:396
    #7 0x557bc8cce4f5 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:539
    #8 0x7f9e222c8b16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16)

SUMMARY: AddressSanitizer: heap-use-after-free /home/i74700deb64/blender/__work__/src/source/blender/editors/render/render_preview.c:805 in shader_preview_render
Shadow bytes around the buggy address:
  0x0c3680016d40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3680016d50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3680016d60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3680016d70: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3680016d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c3680016d90: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd
  0x0c3680016da0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3680016db0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3680016dc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3680016dd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3680016de0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==6848==ABORTING
Carlo Andreacchio (candreacchio) added a comment.Aug 2 2018, 3:19 AM

Hi Bastien, Has there been any update on this bug? it has been a week and a half since i first reported it.

Thanks

Carlo

Carlo Andreacchio (candreacchio) added a comment.Aug 9 2018, 12:33 AM

Hi

Just checking in again, and wondering if there has been any progress on this bug?

Thanks

Carlo

Antonio Vazquez (antoniov) mentioned this in T56491: Crash due to (preview) jobs running during undo step..Aug 23 2018, 5:54 PM
Bastien Montagne (mont29) closed this task as a duplicate of T56491: Crash due to (preview) jobs running during undo step..Aug 23 2018, 10:06 PM