Crash in subsurf_ccg.c ccgdm_getVertCos (possibly due to improper use of GET_INT_FROM_POINTER)
Closed, ResolvedPublic
Actions

Description

I've been seeing this crash bug on my machine for a few months, repro steps are unstable and usually involve me picking up one bone on my an armature attached to my mesh then wildly moving the mouse for minutes. Given the un-usable repro steps, I decided to pull down tip blender source (as of yesterday) to get a full callstack. Hopefully the detailed callstack will prove more helpful than the repro steps.

As mentioned in the title, all the crashes I've seen occur in ccgdm_getVertCos, either in the last loop or second-to-last loop in the file. The crashes all seem to be related to vertMap2 containing invalid data; I thought I could get away with adding nullguards for the return value of ccgSubSurf_getEdgeData and the contents of vertMap2[index], but most recently I've gotten a crash due to vertMap2 containing a non-null invalid pointer. Here is some more details for the application state on that referenced crash (which occurred in the final loop in the referenced function):

totvert = 146
index = 2
vertMap2[index] = 0x0000000500000004 {next=??? vHDL=??? numEdges=??? ...}

and the first few entries in vertMap2:

vertMap2,146 0x000000001eb9aa58 {0x000000001cea91e0 {next=0x000000001ceaad48 {next=0x0000000000000000 <NULL> vHDL=...} ...}, ...} CCGVert *[146]

+ [0] 0x000000001cea91e0 {next=0x000000001ceaad48 {next=0x0000000000000000 <NULL> vHDL=0x0000000000000043 ...} ...} CCGVert *
+ [1] 0x000000001cea9240 {next=0x000000001ceaada8 {next=0x0000000000000000 <NULL> vHDL=0x0000000000000044 ...} ...} CCGVert *
+ [2] 0x0000000500000004 {next=??? vHDL=??? numEdges=??? ...} CCGVert *
+ [3] 0x0000000700000006 {next=??? vHDL=??? numEdges=??? ...} CCGVert *
+ [4] 0x0000000900000008 {next=??? vHDL=??? numEdges=??? ...} CCGVert *
+ [5] 0x0000000b0000000a {next=??? vHDL=??? numEdges=??? ...} CCGVert *
+ [6] 0x0000000d0000000c {next=??? vHDL=??? numEdges=??? ...} CCGVert *
+ [7] 0x0000000f0000000e {next=??? vHDL=??? numEdges=??? ...} CCGVert *
+ [8] 0x0000001100000010 {next=??? vHDL=??? numEdges=??? ...} CCGVert *
+ [9] 0x0000001300000012 {next=??? vHDL=??? numEdges=??? ...} CCGVert *
+ [10] 0x0000001500000014 {next=??? vHDL=??? numEdges=??? ...} CCGVert *
+ [11] 0x0000001700000016 {next=??? vHDL=??? numEdges=??? ...} CCGVert *

I can't really make heads or tails of this code but in general casting an arbitrary pointer to an int seems like a very bad idea, which the comments next to the GET_INT_FROM_POINTER macro seem to agree with

Revisions and Commits

rB Blender
	Abandoned	D930 Make memarena's alloc threadsafe.
		rB602250d9fe79 Fix T42748: Crash in subsurf, threaded access

Related Objects

Mentioned Here: P176 T42748
P174 T42748
P175 T42748
P173 T42748

Event Timeline

Greg (pyro789x) created this task.Nov 28 2014, 8:18 AM

Greg (pyro789x) raised the priority of this task from to 90.

Greg (pyro789x) updated the task description. (Show Details)

Greg (pyro789x) added a project: BF Blender.

Greg (pyro789x) edited a custom field.

Greg (pyro789x) added a subscriber: Greg (pyro789x).

I did not attach the callstack because I am dumb. Here it is:

blender-app.exe!ccgdm_getVertCos(DerivedMesh * dm, float[3] * cos) Line 1498 C

	blender-app.exe!meshdeformModifier_do(ModifierData * md, Object * ob, DerivedMesh * dm, float[3] * vertexCos, int numVerts) Line 372	C
	blender-app.exe!deformVerts(ModifierData * md, Object * ob, DerivedMesh * derivedData, float[3] * vertexCos, int numVerts, ModifierApplyFlag UNUSED_flag) Line 424	C
	blender-app.exe!mesh_calc_modifiers(Scene * scene, Object * ob, float[3] * inputVertexCos, DerivedMesh * * deform_r, DerivedMesh * * final_r, int useRenderParams, int useDeform, int needMapping, unsigned __int64 dataMask, int index, int useCache, int build_shapekey_layers) Line 1577	C
	blender-app.exe!mesh_build_data(Scene * scene, Object * ob, unsigned __int64 dataMask, int build_shapekey_layers) Line 2281	C
	blender-app.exe!makeDerivedMesh(Scene * scene, Object * ob, BMEditMesh * em, unsigned __int64 dataMask, int build_shapekey_layers) Line 2352	C
	blender-app.exe!BKE_object_handle_update_ex(EvaluationContext * eval_ctx, Scene * scene, Object * ob, RigidBodyWorld * rbw, const bool do_proxy_update) Line 3047	C
	blender-app.exe!scene_update_object_func(TaskPool * pool, void * taskdata, int threadid) Line 1411	C
	blender-app.exe!task_scheduler_thread_run(void * thread_p) Line 162	C

Thanks for the report and investigation, but unfortunately I doubt we can do much with those data so far. The fact that it happens randomly (and after some long time, several minutes of moving mouse is very from a program pov).

Such random issue can be caused either by a threading issue, or some hardware problem, usually. Checking threading is easy: please start Blender with -t 1 commandline option, and see whether you can reproduce the bug.

Otherwise, we’ll need a .blend file with as precise as possible repro instructions.

Note that get/set int in pointer is widely used across our whole code base, it’s very unlikely to be the issue here.

Your hunch appears to be correct, I cannot reproduce the crash when I start blender with the '-t 1' command line argument.

I would like to upload my .blend file, but the file size of 7,924KB compressed (42,664KB uncompressed) seems to be larger than the limit set by this site. What is the standard location for uploading .blend files?

Regarding the current file size, I think I've removed as much as I could from the .blend file without negatively affecting the repro rate. Removing certain textures, meshes or bones increases the amount of time required to reproduce the issue. WIth the 42MB file I can reproduce the issue by grabbing ('G') the 'torso' bone and moving the mouse around for 3 to 15 seconds.

eeeeh, sorry for not answering sooner, you can just use another host for the file, like google doc, dropbox, and such.

Here it is: https://www.dropbox.com/s/27awfdcuy65m4s0/crash-2s.7z?dl=0

Thanks for the response

Greg (pyro789x) raised the priority of this task from 30 to 90.Dec 6 2014, 7:23 PM

Thanks for the file, can easily confirm the crash here (thread using some mem already freed by another thread...).

Bastien Montagne (mont29) claimed this task.Dec 7 2014, 5:09 PM

So... As far as I can say, meshdeform modifier ends up using a derivedFinal DM from its target that gets freed in the mean time. At least, that what I guess from sanitize messages below:

P173 T42748

1	read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
2	ASAN:SIGSEGV
3	ASAN:SIGSEGV
4	=================================================================
5	==4268==AddressSanitizer: while reporting a bug found another one.Ignoring.
6	==4268==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000003c45695 sp 0x7fffb8d74400 bp 0x7fffb8d74410 T0)
7	#0 0x3c45694 in ccgSubSurf_getFaceFaceHandle /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2981
8	#1 0x41c4714 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1463
9	#2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
10	#3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
11	#4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
12	#5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
13	#6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
14	#7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
15	#8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
16	#9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
17	#10 0x4980e27 in BLI_task_pool_work_and_wait /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:398
18	#11 0x410fc78 in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1554
19	#12 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
20	#13 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
21	#14 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
22	#15 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
23	#16 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
24	#17 0x7f88ab5e7b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
25	#18 0x2120eee (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x2120eee)
26
27	AddressSanitizer can not provide additional info.
28	SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2981 ccgSubSurf_getFaceFaceHandle
29	==4268==ABORTING
30
31
32
33
34	read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
35	ASAN:SIGSEGV
36	ASAN:SIGSEGV
37	=================================================================
38	==4294==AddressSanitizer: while reporting a bug found another one.Ignoring.
39	==4294==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000041b92a8 sp 0x7fff38ba89f0 bp 0x7fff38ba8a00 T0)
40	#0 0x41b92a7 in copy_v3_v3 /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
41	#1 0x41c4b1c in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1500
42	#2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
43	#3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
44	#4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
45	#5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
46	#6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
47	#7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
48	#8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
49	#9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
50	#10 0x4980e27 in BLI_task_pool_work_and_wait /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:398
51	#11 0x410fc78 in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1554
52	#12 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
53	#13 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
54	#14 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
55	#15 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
56	#16 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
57	#17 0x7fbd484ebb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
58	#18 0x2120eee (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x2120eee)
59
60	AddressSanitizer can not provide additional info.
61	SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 copy_v3_v3
62	==4294==ABORTING
63
64
65
66	read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
67	ASAN:SIGSEGV
68	ASAN:SIGSEGV
69	=================================================================
70	==4321==AddressSanitizer: while reporting a bug found another one.Ignoring.
71	==4321==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000003c45b24 sp 0x7fecf0855120 bp 0x7fecf0855130 T14)
72	#0 0x3c45b23 in ccgSubSurf_getFaceNumVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000
73	#1 0x41c47d7 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1470
74	#2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
75	#3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
76	#4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
77	#5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
78	#6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
79	#7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
80	#8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
81	#9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
82	#10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
83	#11 0x7fed139f50a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
84	#12 0x7fed0fa75ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc)
85
86	AddressSanitizer can not provide additional info.
87	SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000 ccgSubSurf_getFaceNumVerts
88	Thread T14 created by T0 here:
89	#0 0x7fed159e4bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
90	#1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208
91	#2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173
92	#3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520
93	#4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
94	#5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
95	#6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
96	#7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
97	#8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
98	#9 0x7fed0f9b1b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
99
100	==4321==ABORTING
101
102
103
104	read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
105	ASAN:SIGSEGV
106	=================================================================
107	==4593==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000003c44a2c sp 0x7f17e91b0120 bp 0x7f17e91b0130 T18)
108	#0 0x3c44a2b in ccgSubSurf_getVertVertHandle /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2857
109	#1 0x41c4539 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1445
110	#2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
111	#3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
112	#4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
113	#5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
114	#6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
115	#7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
116	#8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
117	#9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
118	#10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
119	#11 0x7f18213720a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
120	#12 0x7f181d3f2ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc)
121
122	AddressSanitizer can not provide additional info.
123	SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:2857 ccgSubSurf_getVertVertHandle
124	Thread T18 created by T0 here:
125	#0 0x7f182330cbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
126	#1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208
127	#2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173
128	#3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520
129	#4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
130	#5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
131	#6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
132	#7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
133	#8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
134	#9 0x7f181d32eb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
135
136	==4593==ABORTING
137
138
139
140	read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
141	ASAN:SIGSEGV
142	ASAN:SIGSEGV
143	==4639==AddressSanitizer: while reporting a bug found another one.Ignoring.
144	=================================================================
145	==4639==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000041b92a8 sp 0x7f1db0ae4120 bp 0x7f1db0ae4130 T15)
146	#0 0x41b92a7 in copy_v3_v3 /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
147	#1 0x41c4b1c in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1500
148	#2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
149	#3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
150	#4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
151	#5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
152	#6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
153	#7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
154	#8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
155	#9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
156	#10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
157	#11 0x7f1dca6e60a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
158	#12 0x7f1dc6766ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc)
159
160	AddressSanitizer can not provide additional info.
161	SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66 copy_v3_v3
162	Thread T15 created by T0 here:
163	#0 0x7f1dcc680bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
164	#1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208
165	#2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173
166	#3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520
167	#4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
168	#5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
169	#6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
170	#7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
171	#8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
172	#9 0x7f1dc66a2b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
173
174	==4639==ABORTING
175
176
177
178	read blend: /home/i74700deb64/Téléchargements/crash-2s.blend
179	ASAN:SIGSEGV
180	=================================================================
181	ASAN:SIGSEGV
182	==5216==AddressSanitizer: while reporting a bug found another one.Ignoring.
183	==5216==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000003c45b24 sp 0x7fbc863fb120 bp 0x7fbc863fb130 T19)
184	#0 0x3c45b23 in ccgSubSurf_getFaceNumVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000
185	#1 0x41c47d7 in ccgdm_getVertCos /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1470
186	#2 0x359db66 in meshdeformModifier_do /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
187	#3 0x359e115 in deformVerts /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
188	#4 0x3fa387e in modwrap_deformVerts /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
189	#5 0x3c7684f in mesh_calc_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
190	#6 0x3c7bfd8 in mesh_build_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
191	#7 0x3c7c88b in makeDerivedMesh /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
192	#8 0x4010341 in BKE_object_handle_update_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
193	#9 0x410f4d1 in scene_update_object_func /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
194	#10 0x497fb7d in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
195	#11 0x7fbcbf1040a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
196	#12 0x7fbcbb184ccc in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe5ccc)
197
198	AddressSanitizer can not provide additional info.
199	SUMMARY: AddressSanitizer: SEGV /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/CCGSubSurf.c:3000 ccgSubSurf_getFaceNumVerts
200	Thread T19 created by T0 here:
201	#0 0x7fbcc109ebba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
202	#1 0x4980049 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:208
203	#2 0x4981c2b in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:173
204	#3 0x410fadd in scene_update_objects /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1520
205	#4 0x410fe8a in scene_update_tagged_recursive /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
206	#5 0x4110471 in BKE_scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1682
207	#6 0x2138a01 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:377
208	#7 0x2128426 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:492
209	#8 0x212632a in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
210	#9 0x7fbcbb0c0b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
211
212	==5216==ABORTING

Note I also got one much more interesting once (saying 'thread A using mem freed by thread B', but unfortunately I could never reproduce it.

Also, the bug itself is very evanescent, sometimes you can get it five times in a row, and then you have to try ten times or more before you can reproduce it again. :/

Sergey, I really need your help here, I would think that kind of thing is not supposed to happen ever?

@Bastien Montagne (mont29), i'm not sure how to reproduce the crash. I don't even see asan reports here.

Could see three possibilities:

ccgdm_getVertCos does something thread-unsafe and being called from multiple threads
dependencies are not correct, so two objects which has a dependency between them being scheduled at the same time
somebody calls mesh_get_derived_final which forces subsurf to re-evaluate.

You should be able to run blender in gdb and once it'll crash type thread apply all bt. That would give some extra info.

OK, thanks for the tips. So, following gdb session (very hard to get it crashing in debugger :( ) indeed seems to imply ccgdm_getVertCos is not threadsafe. More precisely, It seems CCG iterators are not.

P174 T42748

1	Program received signal SIGSEGV, Segmentation fault.
2	[Switching to Thread 0x7fffbac94700 (LWP 6231)]
3	0x00000000041b92a8 in copy_v3_v3 (r=0x6240003827e0, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
4	66 r[0] = a[0];
5	(gdb) thread apply all bt
6
7	Thread 23 (Thread 0x7fffc6eb1700 (LWP 6233)):
8	#0 0x00007ffff0fe053d in nanosleep () at ../sysdeps/unix/syscall-template.S:81
9	#1 0x00007ffff1008654 in usleep (useconds=<optimized out>) at ../sysdeps/unix/sysv/linux/usleep.c:32
10	#2 0x0000000005422389 in AUD_OpenALDevice::updateStreams (this=0x6100000efd40) at /home/i74700deb64/blender/__work__/src/intern/audaspace/OpenAL/AUD_OpenALDevice.cpp:1040
11	#3 0x0000000005420d02 in AUD_openalRunThread (device=0x6100000efd40) at /home/i74700deb64/blender/__work__/src/intern/audaspace/OpenAL/AUD_OpenALDevice.cpp:858
12	#4 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffc6eb1700) at pthread_create.c:309
13	#5 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
14
15	Thread 22 (Thread 0x7fffbac94700 (LWP 6231)):
16	#0 0x00000000041b92a8 in copy_v3_v3 (r=0x6240003827e0, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
17	#1 0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x624000382108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494
18	#2 0x000000000359db67 in meshdeformModifier_do (md=0x613000144888, ob=0x61b000212488, dm=0x61c000119888, vertexCos=0x6330008f8808, numVerts=8171)
19	at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
20	#3 0x000000000359e116 in deformVerts (md=0x613000144888, ob=0x61b000212488, derivedData=0x0, vertexCos=0x6330008f8808, numVerts=8171, UNUSED_flag=MOD_APPLY_USECACHE)
21	at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
22	#4 0x0000000003fa387f in modwrap_deformVerts (md=0x613000144888, ob=0x61b000212488, dm=0x0, vertexCos=0x6330008f8808, numVerts=8171, flag=MOD_APPLY_USECACHE)
23	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
24	#5 0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000212488, inputVertexCos=0x0, deform_r=0x61b000212990, final_r=0x61b000212998, useRenderParams=0, useDeform=1, needMapping=0,
25	dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
26	#6 0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000212488, dataMask=637534233, build_shapekey_layers=0)
27	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
28	#7 0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000212488, em=0x0, dataMask=637534233, build_shapekey_layers=0)
29	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
30	#8 0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000212488, rbw=0x0, do_proxy_update=false)
31	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
32	#9 0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217848, threadid=7) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
33	#10 0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167568) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
34	#11 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbac94700) at pthread_create.c:309
35	#12 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
36
37	Thread 21 (Thread 0x7fffbb79b700 (LWP 6230)):
38	#0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
39	#1 0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1
40	#2 0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606
41	#3 0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbb79ad30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116
42	#4 0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167558) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157
43	#5 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbb79b700) at pthread_create.c:309
44	#6 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
45
46	Thread 20 (Thread 0x7fffbc2a2700 (LWP 6229)):
47	#0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
48	#1 0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1
49	#2 0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606
50	#3 0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbc2a1d30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116
51	#4 0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167548) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157
52	#5 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbc2a2700) at pthread_create.c:309
53	#6 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
54
55	Thread 19 (Thread 0x7fffbcda9700 (LWP 6228)):
56	#0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
57	#1 0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1
58	#2 0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606
59	#3 0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbcda8d30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116
60	#4 0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167538) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157
61	#5 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbcda9700) at pthread_create.c:309
62	#6 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
63
64	Thread 18 (Thread 0x7fffbd5aa700 (LWP 6227)):
65	#0 0x0000000003cac56c in armature_deform_verts (armOb=0x61b000211688, target=0x61b000210f88, dm=0x0, vertexCos=0x6020001d5bd8, defMats=0x0, numVerts=0, deformflag=23, prevCos=0x0,
66	defgrp_name=0x6110008babd0 "Sub-s") at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/armature.c:1069
67	#1 0x00000000035b07f5 in deformVerts (md=0x6110008bab48, ob=0x61b000210f88, derivedData=0x0, vertexCos=0x6020001d5bd8, numVerts=0, UNUSED_flag=MOD_APPLY_USECACHE)
68	at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_armature.c:127
69	#2 0x0000000003fa387f in modwrap_deformVerts (md=0x6110008bab48, ob=0x61b000210f88, dm=0x0, vertexCos=0x6020001d5bd8, numVerts=0, flag=MOD_APPLY_USECACHE)
70	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
71	#3 0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000210f88, inputVertexCos=0x0, deform_r=0x61b000211490, final_r=0x61b000211498, useRenderParams=0, useDeform=1, needMapping=0,
72	dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
73	#4 0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000210f88, dataMask=637534233, build_shapekey_layers=0)
74	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
75	#5 0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000210f88, em=0x0, dataMask=637534233, build_shapekey_layers=0)
76	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
77	#6 0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000210f88, rbw=0x0, do_proxy_update=false)
78	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
79	#7 0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217788, threadid=3) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
80	#8 0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167528) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
81	#9 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbd5aa700) at pthread_create.c:309
82	#10 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
83
84	Thread 17 (Thread 0x7fffbddab700 (LWP 6226)):
85	#0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
86	#1 0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1
87	#2 0x0000000004982ee9 in BLI_condition_wait (cond=0x60d00024e1d8, mutex=0x60d00024e1b0) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606
88	#3 0x000000000497f616 in task_scheduler_thread_wait_pop (scheduler=0x60d00024e188, task=0x7fffbddaad30) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:116
89	#4 0x000000000497fc7d in task_scheduler_thread_run (thread_p=0x60c000167518) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:157
90	#5 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbddab700) at pthread_create.c:309
91	#6 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
92
93	Thread 16 (Thread 0x7fffdb1ac700 (LWP 6225)):
94	#0 0x00000000041b92a8 in copy_v3_v3 (r=0x6240003e87c8, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
95	#1 0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x6240003e8108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494
96	#2 0x000000000359db67 in meshdeformModifier_do (md=0x6130001446c8, ob=0x61b000211d88, dm=0x61c000146888, vertexCos=0x634000000808, numVerts=10625)
97	at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
98	#3 0x000000000359e116 in deformVerts (md=0x6130001446c8, ob=0x61b000211d88, derivedData=0x0, vertexCos=0x634000000808, numVerts=10625, UNUSED_flag=MOD_APPLY_USECACHE)
99	at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
100	#4 0x0000000003fa387f in modwrap_deformVerts (md=0x6130001446c8, ob=0x61b000211d88, dm=0x0, vertexCos=0x634000000808, numVerts=10625, flag=MOD_APPLY_USECACHE)
101	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
102	#5 0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000211d88, inputVertexCos=0x0, deform_r=0x61b000212290, final_r=0x61b000212298, useRenderParams=0, useDeform=1, needMapping=0,
103	dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
104	#6 0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000211d88, dataMask=637534233, build_shapekey_layers=0)
105	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
106	#7 0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000211d88, em=0x0, dataMask=637534233, build_shapekey_layers=0)
107	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
108	#8 0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000211d88, rbw=0x0, do_proxy_update=false)
109	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
110	#9 0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217908, threadid=1) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
111	#10 0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167508) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
112	#11 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffdb1ac700) at pthread_create.c:309
113	#12 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
114
115	Thread 15 (Thread 0x7fffc3f00700 (LWP 6224)):
116	#0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
117	#1 0x00007ffff6a79dda in ?? () from /usr/lib/x86_64-linux-gnu/primus/libGL.so.1
118	#2 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffc3f00700) at pthread_create.c:309
119	#3 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
120
121	Thread 14 (Thread 0x7fffd498e700 (LWP 6223)):
122	#0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
123	#1 0x00007ffff6a78e22 in ?? () from /usr/lib/x86_64-linux-gnu/primus/libGL.so.1
124	#2 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffd498e700) at pthread_create.c:309
125	#3 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
126
127	Thread 12 (Thread 0x7fffdb790700 (LWP 6221)):
128	#0 0x00007ffff4f9518d in nanosleep () at ../sysdeps/unix/syscall-template.S:81
129	#1 0x00007ffff5866328 in ?? () from /usr/lib/x86_64-linux-gnu/libopenal.so.1
130	#2 0x00007ffff5871ce3 in ?? () from /usr/lib/x86_64-linux-gnu/libopenal.so.1
131
132	#3 0x00007ffff58659da in ?? () from /usr/lib/x86_64-linux-gnu/libopenal.so.1
133	#4 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffdb790700) at pthread_create.c:309
134	#5 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
135
136	Thread 11 (Thread 0x7fffdc29e700 (LWP 6220)):
137	#0 0x00007ffff100618d in poll () at ../sysdeps/unix/syscall-template.S:81
138	#1 0x00007ffff6f2a54a in poll () from /usr/lib/x86_64-linux-gnu/libasan.so.1
139	#2 0x00007fffef579cc1 in ?? () from /usr/lib/x86_64-linux-gnu/libpulse.so.0
140	#3 0x00007fffef56b2a1 in pa_mainloop_poll () from /usr/lib/x86_64-linux-gnu/libpulse.so.0
141	#4 0x00007fffef56b93e in pa_mainloop_iterate () from /usr/lib/x86_64-linux-gnu/libpulse.so.0
142	#5 0x00007fffef56b9f0 in pa_mainloop_run () from /usr/lib/x86_64-linux-gnu/libpulse.so.0
143	#6 0x00007fffef579c56 in ?? () from /usr/lib/x86_64-linux-gnu/libpulse.so.0
144	#7 0x00007fffeb653a98 in ?? () from /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-5.0.so
145	#8 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffdc29e700) at pthread_create.c:309
146	#9 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
147
148	Thread 9 (Thread 0x7fffcb6b3700 (LWP 6218)):
149	#0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
150	#1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
151	#2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
152	#3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcb6b3700) at pthread_create.c:309
153	#4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
154
155	Thread 8 (Thread 0x7fffcc1ba700 (LWP 6217)):
156	#0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
157	#1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
158	#2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
159	#3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcc1ba700) at pthread_create.c:309
160	#4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
161
162	Thread 7 (Thread 0x7fffcccc1700 (LWP 6216)):
163	#0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
164	#1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
165	#2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
166	#3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcccc1700) at pthread_create.c:309
167	#4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
168
169	Thread 6 (Thread 0x7fffcd7c8700 (LWP 6215)):
170	#0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
171	#1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
172	#2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
173	#3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcd7c8700) at pthread_create.c:309
174	#4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
175
176	Thread 5 (Thread 0x7fffce2cf700 (LWP 6214)):
177	#0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
178	#1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
179	#2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
180	#3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffce2cf700) at pthread_create.c:309
181	#4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
182
183	Thread 4 (Thread 0x7fffcedd6700 (LWP 6213)):
184	#0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
185	#1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
186	#2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
187	#3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcedd6700) at pthread_create.c:309
188	#4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
189
190	Thread 3 (Thread 0x7fffcf8dd700 (LWP 6212)):
191	#0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
192	#1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
193	#2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
194	#3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffcf8dd700) at pthread_create.c:309
195	#4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
196
197	Thread 2 (Thread 0x7fffd03e4700 (LWP 6211)):
198	#0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
199	#1 0x00007ffff2a451ed in IlmThread_2_1::Semaphore::wait() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
200	#2 0x00007ffff2a446a1 in IlmThread_2_1::(anonymous namespace)::WorkerThread::run() () from /opt/lib/openexr/lib/libIlmThread-2_1.so.11
201	#3 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffd03e4700) at pthread_create.c:309
202	#4 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
203
204	Thread 1 (Thread 0x7ffff7fa68c0 (LWP 6207)):
205	#0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
206	#1 0x00007ffff6f401ad in pthread_cond_wait () from /usr/lib/x86_64-linux-gnu/libasan.so.1
207	#2 0x0000000004982ee9 in BLI_condition_wait (cond=0x610000128198, mutex=0x610000128170) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:606
208	#3 0x0000000004980f7e in BLI_task_pool_work_and_wait (pool=0x610000128148) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:414
209	#4 0x000000000410fc79 in scene_update_objects (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, scene=0x6220000b2908, scene_parent=0x6220000b2908)
210	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1554
211	#5 0x000000000410fe8b in scene_update_tagged_recursive (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, scene=0x6220000b2908, scene_parent=0x6220000b2908)
212	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1595
213	#6 0x0000000004110b35 in BKE_scene_update_for_newframe_ex (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, sce=0x6220000b2908, lay=1, do_invisible_flush=false)
214	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1806
215	#7 0x00000000041108f3 in BKE_scene_update_for_newframe (eval_ctx=0x602000145cf8, bmain=0x61c0000ad088, sce=0x6220000b2908, lay=1)
216	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1738
217	#8 0x0000000002e17fd1 in ED_update_for_newframe (bmain=0x61c0000ad088, scene=0x6220000b2908, UNUSED_mute=1) at /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/screen_edit.c:2078
218	#9 0x0000000002e2d795 in screen_animation_step (C=0x60b000053b88, UNUSED_op=0x60f00000dd88, event=0x60c000171288) at /home/i74700deb64/blender/__work__/src/source/blender/editors/screen/screen_ops.c:3473
219	#10 0x000000000213cdc3 in wm_operator_invoke (C=0x60b000053b88, ot=0x610000088848, event=0x60c000171288, properties=0x603000296bf8, reports=0x0, poll_only=false)
220	at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1036
221	#11 0x000000000214021d in wm_handler_operator_call (C=0x60b000053b88, handlers=0x6120002b5710, handler=0x60d000371a18, event=0x60c000171288, properties=0x603000296bf8)
222	at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1637
223	#12 0x0000000002141891 in wm_handlers_do_intern (C=0x60b000053b88, event=0x60c000171288, handlers=0x6120002b5710)
224	at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1904
225	#13 0x00000000021420da in wm_handlers_do (C=0x60b000053b88, event=0x60c000171288, handlers=0x6120002b5710) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2013
226	#14 0x0000000002144080 in wm_event_do_handlers (C=0x60b000053b88) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2377
227	#15 0x000000000212841b in WM_main (C=0x60b000053b88) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:489
228	#16 0x000000000212632b in main (argc=1, argv=0x7fffffffe208) at /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1725
229	(gdb)
230	(gdb)
231	(gdb) bt
232	#0 0x00000000041b92a8 in copy_v3_v3 (r=0x6240003827e0, a=0xbebebebebebebf36) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/math_vector_inline.c:66
233	#1 0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x624000382108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494
234	#2 0x000000000359db67 in meshdeformModifier_do (md=0x613000144888, ob=0x61b000212488, dm=0x61c000119888, vertexCos=0x6330008f8808, numVerts=8171)
235	at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:369
236	#3 0x000000000359e116 in deformVerts (md=0x613000144888, ob=0x61b000212488, derivedData=0x0, vertexCos=0x6330008f8808, numVerts=8171, UNUSED_flag=MOD_APPLY_USECACHE)
237	at /home/i74700deb64/blender/__work__/src/source/blender/modifiers/intern/MOD_meshdeform.c:420
238	#4 0x0000000003fa387f in modwrap_deformVerts (md=0x613000144888, ob=0x61b000212488, dm=0x0, vertexCos=0x6330008f8808, numVerts=8171, flag=MOD_APPLY_USECACHE)
239	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:774
240	#5 0x0000000003c76850 in mesh_calc_modifiers (scene=0x6220000b2908, ob=0x61b000212488, inputVertexCos=0x0, deform_r=0x61b000212990, final_r=0x61b000212998, useRenderParams=0, useDeform=1, needMapping=0,
241	dataMask=637534233, index=-1, useCache=1, build_shapekey_layers=0) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:1568
242	#6 0x0000000003c7bfd9 in mesh_build_data (scene=0x6220000b2908, ob=0x61b000212488, dataMask=637534233, build_shapekey_layers=0)
243	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2275
244	#7 0x0000000003c7c88c in makeDerivedMesh (scene=0x6220000b2908, ob=0x61b000212488, em=0x0, dataMask=637534233, build_shapekey_layers=0)
245	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/DerivedMesh.c:2348
246	#8 0x0000000004010342 in BKE_object_handle_update_ex (eval_ctx=0x602000145cf8, scene=0x6220000b2908, ob=0x61b000212488, rbw=0x0, do_proxy_update=false)
247	at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:3045
248	#9 0x000000000410f4d2 in scene_update_object_func (pool=0x610000128148, taskdata=0x60c000217848, threadid=7) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1408
249	#10 0x000000000497fb7e in task_scheduler_thread_run (thread_p=0x60c000167568) at /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:161
250	#11 0x00007ffff4f8e0a4 in start_thread (arg=0x7fffbac94700) at pthread_create.c:309
251	#12 0x00007ffff100eccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
252	(gdb) up
253	#1 0x00000000041c4a55 in ccgdm_getVertCos (dm=0x61c0001e2088, cos=0x624000382108) at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/subsurf_ccg.c:1494
254	1494 copy_v3_v3(cos[i++], ccgSubSurf_getEdgeData(ss, e, x));
255	(gdb) print e
256	$1 = (CCGEdge *) 0xbebebebebebebebe
257	(gdb) print index
258	$2 = 2
259	(gdb) print edgeMap2
260	$3 = (CCGEdge **) 0x61d000804888
261	(gdb) print edgeMap2[0]
262	$4 = (CCGEdge *) 0x631000e8c5e0
263	(gdb) print edgeMap2[1]
264	$5 = (CCGEdge *) 0x631000e8c6a0
265	(gdb) print edgeMap2[2]
266	$6 = (CCGEdge *) 0xbebebebebebebebe
267	(gdb) print edgeMap2[3]
268	$7 = (CCGEdge *) 0xbebebebebebebebe
269	(gdb) print edgeMap2[4]
270	$8 = (CCGEdge *) 0x631000e8c8f8
271	(gdb) print edgeMap2[5]
272	$9 = (CCGEdge *) 0x631000e8c9b8
273	(gdb) print edgeMap2[6]
274	$10 = (CCGEdge *) 0x631000e8ca78
275	(gdb) print edgeMap2[7]
276	$11 = (CCGEdge *) 0xbebebebebebebebe
277	(gdb) print edgeMap2[9]
278	$12 = (CCGEdge *) 0xbebebebebebebebe
279	(gdb) print edgeMap2[10]
280	$13 = (CCGEdge *) 0x631000e8cdb0
281	(gdb)

And after 'protecting' the iterator crap behind a mutex lock (see patch below), I'm unable to reproduce the crash anymore.

P175 T42748

1	diff --git a/source/blender/blenkernel/intern/subsurf_ccg.c b/source/blender/blenkernel/intern/subsurf_ccg.c
2	index 12d7409..5607170 100644
3	--- a/source/blender/blenkernel/intern/subsurf_ccg.c
4	+++ b/source/blender/blenkernel/intern/subsurf_ccg.c
5	@@ -1436,7 +1436,8 @@ static void ccgdm_getVertCos(DerivedMesh dm, float (cos)[3])
6	CCGEdge **edgeMap2;
7	CCGVert **vertMap2;
8	int index, totvert, totedge, totface;
9	-
10	+
11	+ BLI_lock_thread(LOCK_CUSTOM1);
12	totvert = ccgSubSurf_getNumVerts(ss);
13	vertMap2 = MEM_mallocN(totvert * sizeof(*vertMap2), "vertmap");
14	for (vi = ccgSubSurf_getVertIterator(ss); !ccgVertIterator_isStopped(vi); ccgVertIterator_next(vi)) {
15	@@ -1464,6 +1465,8 @@ static void ccgdm_getVertCos(DerivedMesh dm, float (cos)[3])
16	}
17	ccgFaceIterator_free(fi);
18
19	+ BLI_unlock_thread(LOCK_CUSTOM1);
20	+
21	i = 0;
22	for (index = 0; index < totface; index++) {
23	CCGFace *f = faceMap2[index];

Now, I do not understand from a first look why CCG iterators would not be thread safe, they seem to use their own counters and everything, and only read common 'shared' data from SS struct?

Because if we have to explicitly thread-protect all uses of those iterators...

I'd say it's allocation is not thread safe. Couple of ideas:

Use spin locks in around the allocation in the CCGSubSurf.c
Make memarena safe for threading (maybe as a config flag when creating new arena)

Ok, so here is a patch to make memarena threadsafe.

Notes:

Only makes (c)alloc threadsafe, other functions I would consider 'maintenance' ones, they should only be called by 'owner' thread anyway.
Kept it optional, because using spinlock here still makes allocations about twice slower, in the end... :/ Don't think we can avoid a lock here, though.
Code in MOD_meshdeform.c is of course for tests only, to be trashed before commit!

P176 T42748

1	diff --git a/source/blender/blenkernel/intern/subsurf_ccg.c b/source/blender/blenkernel/intern/subsurf_ccg.c
2	index 12d7409..18e0ec8 100644
3	--- a/source/blender/blenkernel/intern/subsurf_ccg.c
4	+++ b/source/blender/blenkernel/intern/subsurf_ccg.c
5	@@ -169,6 +169,8 @@ static CCGSubSurf _getSubSurf(CCGSubSurf prevSS, int subdivLevels,
6	CCGAllocatorIFC allocatorIFC;
7	CCGAllocatorHDL allocator = BLI_memarena_new(MEM_SIZE_OPTIMAL(1 << 16), "subsurf arena");
8
9	+ BLI_memarena_set_threadsafe((MemArena *)allocator);
10	+
11	allocatorIFC.alloc = arena_alloc;
12	allocatorIFC.realloc = arena_realloc;
13	allocatorIFC.free = arena_free;
14	diff --git a/source/blender/blenlib/BLI_memarena.h b/source/blender/blenlib/BLI_memarena.h
15	index 8d5a765..a063445 100644
16	--- a/source/blender/blenlib/BLI_memarena.h
17	+++ b/source/blender/blenlib/BLI_memarena.h
18	@@ -57,6 +57,8 @@ void BLI_memarena_free(struct MemArena *ma) ATTR_NONNULL(1);
19	void BLI_memarena_use_malloc(struct MemArena *ma) ATTR_NONNULL(1);
20	void BLI_memarena_use_calloc(struct MemArena *ma) ATTR_NONNULL(1);
21	void BLI_memarena_use_align(struct MemArena *ma, const size_t align) ATTR_NONNULL(1);
22	+void BLI_memarena_set_threadsafe(struct MemArena *ma);
23	+void BLI_memarena_clear_threadsafe(struct MemArena *ma);
24	void BLI_memarena_alloc(struct MemArena ma, size_t size) ATTR_WARN_UNUSED_RESULT ATTR_NONNULL(1) ATTR_MALLOC ATTR_ALLOC_SIZE(2);
25	void BLI_memarena_calloc(struct MemArena ma, size_t size) ATTR_WARN_UNUSED_RESULT ATTR_NONNULL(1) ATTR_MALLOC ATTR_ALLOC_SIZE(2);
26
27	diff --git a/source/blender/blenlib/intern/BLI_memarena.c b/source/blender/blenlib/intern/BLI_memarena.c
28	index dd0997c..08dd545 100644
29	--- a/source/blender/blenlib/intern/BLI_memarena.c
30	+++ b/source/blender/blenlib/intern/BLI_memarena.c
31	@@ -38,6 +38,7 @@
32	#include "BLI_utildefines.h"
33	#include "BLI_memarena.h"
34	#include "BLI_linklist.h"
35	+#include "BLI_threads.h"
36	#include "BLI_strict_flags.h"
37
38	#ifdef WITH_MEM_VALGRIND
39	@@ -53,6 +54,8 @@ struct MemArena {
40	size_t align;
41
42	bool use_calloc;
43	+
44	+ SpinLock *spin_lock, spin_lock_;
45	};
46
47	MemArena BLI_memarena_new(const size_t bufsize, const char name)
48	@@ -66,6 +69,8 @@ MemArena BLI_memarena_new(const size_t bufsize, const char name)
49	VALGRIND_CREATE_MEMPOOL(ma, 0, false);
50	#endif
51
52	+ ma->spin_lock = NULL;
53	+
54	return ma;
55	}
56
57	@@ -85,6 +90,22 @@ void BLI_memarena_use_align(struct MemArena *ma, const size_t align)
58	ma->align = align;
59	}
60
61	+void BLI_memarena_set_threadsafe(MemArena *ma)
62	+{
63	+ if (!ma->spin_lock) {
64	+ BLI_spin_init(&ma->spin_lock_);
65	+ ma->spin_lock = &ma->spin_lock_;
66	+ }
67	+}
68	+
69	+void BLI_memarena_clear_threadsafe(MemArena *ma)
70	+{
71	+ if (ma->spin_lock) {
72	+ ma->spin_lock = NULL;
73	+ BLI_spin_end(&ma->spin_lock_);
74	+ }
75	+}
76	+
77	void BLI_memarena_free(MemArena *ma)
78	{
79	BLI_linklist_freeN(ma->bufs);
80	@@ -93,6 +114,8 @@ void BLI_memarena_free(MemArena *ma)
81	VALGRIND_DESTROY_MEMPOOL(ma);
82	#endif
83
84	+ BLI_memarena_clear_threadsafe(ma);
85	+
86	MEM_freeN(ma);
87	}
88
89	@@ -117,6 +140,10 @@ void BLI_memarena_alloc(MemArena ma, size_t size)
90	* size up to multiple of 8 */
91	size = PADUP(size, ma->align);
92
93	+ if (ma->spin_lock) {
94	+ BLI_spin_lock(ma->spin_lock);
95	+ }
96	+
97	if (UNLIKELY(size > ma->cursize)) {
98	if (size > ma->bufsize - (ma->align - 1)) {
99	ma->cursize = PADUP(size + 1, ma->align);
100	@@ -138,6 +165,10 @@ void BLI_memarena_alloc(MemArena ma, size_t size)
101	VALGRIND_MEMPOOL_ALLOC(ma, ptr, size);
102	#endif
103
104	+ if (ma->spin_lock) {
105	+ BLI_spin_unlock(ma->spin_lock);
106	+ }
107	+
108	return ptr;
109	}
110
111	diff --git a/source/blender/modifiers/intern/MOD_meshdeform.c b/source/blender/modifiers/intern/MOD_meshdeform.c
112	index 584b5b5..364146f 100644
113	--- a/source/blender/modifiers/intern/MOD_meshdeform.c
114	+++ b/source/blender/modifiers/intern/MOD_meshdeform.c
115	@@ -415,6 +415,24 @@ static void deformVerts(ModifierData md, Object ob,
116	{
117	DerivedMesh *dm = get_dm(ob, NULL, derivedData, NULL, false, false);
118
119	+
120	+ if (0) {
121	+ #include "BLI_memarena.h"
122	+ #include "PIL_time_utildefines.h"
123	+ MemArena *ma = BLI_memarena_new(BLI_MEMARENA_STD_BUFSIZE, __func__);
124	+ int i = 1000000;
125	+
126	+ BLI_memarena_set_threadsafe(ma);
127	+
128	+ TIMEIT_START(foo);
129	+ while (i--) {
130	+ BLI_memarena_alloc(ma, sizeof(int));
131	+ }
132	+ TIMEIT_END(foo);
133	+
134	+ BLI_memarena_free(ma);
135	+ }
136	+
137	modifier_vgroup_cache(md, vertexCos); /* if next modifier needs original vertices */
138
139	meshdeformModifier_do(md, ob, dm, vertexCos, numVerts);

Campbell, your advice would be most welcomed here as well! :)

Argh, there's a reason we've got differencial nowadays! :P Would be easier to give feedback on the patch :) Do you mind re-uploading it to the code review?

sure sec :)

Bastien Montagne (mont29) added a revision: D930: Make memarena's alloc threadsafe..Dec 9 2014, 4:58 PM

Using arena for iterators here is really bad, since these iterators are used while drawing (looks like its probably leaking memory even).

Using stack memory for iterators fixes. will commit shortly

Edit, I couldn't get it to leak memory, so in practice it seems ok (but still error prone for leaks).

Closed by commit rB602250d9fe79.

For the records, here is a light file that should crash pretty much instantaneously on any machine (using build previous to above commit).

crash-2s_b.blend2 MBDownload

Crash in subsurf_ccg.c ccgdm_getVertCos (possibly due to improper use of GET_INT_FROM_POINTER)Closed, ResolvedPublicActions

Description

Revisions and Commits

Related Objects

Event Timeline

Crash in subsurf_ccg.c ccgdm_getVertCos (possibly due to improper use of GET_INT_FROM_POINTER)
Closed, ResolvedPublic
Actions