Page MenuHome
Create Task
Maniphest T43283

Crash Upon Opening File
Closed, ResolvedPublic
Actions

Description

System Information
64bit Manjaro Linux, kernel 3.14.27
GeForce GTX 650 Ti, driver version 343.36

Blender Version
Broken: (example: 2.73 c24b694, see splash screen)

Short description of error
I lost about a day's worth of work after inadvertently introducing an object which would, with very specific circumstances, cause blender to crash if you opened the file or used the Undo function. After narrowing down the issue, it appears to occur with a specific object that uses the Mirror, Armature, Solidify, and Subdivision modifiers (in that order), and the crash condition is created when weights have been transferred to the affected object.

Exact steps for others to reproduce the error
Just open this file:

NoseScalesCrash.blend332 KBDownload

Note 1: Splicing the problem object off into a separate file was tricky, since blender would sometimes crash when simply pasting a copy of the object!
Note 2: I also tested with the windows version of Blender, by running it under WINE. The crash still occurs there.

Revisions and Commits

rB Blender
rB119ff676e1b3 Fix T43283: Crash on undo/redo/ and save/reload after (new) weight transfer.

Related Objects

Event Timeline

Zauber Paracelsus (zauberexonar) created this task.Jan 16 2015, 7:41 PM
Zauber Paracelsus (zauberexonar) raised the priority of this task from to 90.
Zauber Paracelsus (zauberexonar) updated the task description. (Show Details)
Zauber Paracelsus (zauberexonar) added a project: BF Blender.
Zauber Paracelsus (zauberexonar) edited a custom field.
Zauber Paracelsus (zauberexonar) added a subscriber: Zauber Paracelsus (zauberexonar).
Bastien Montagne (mont29) added subscribers: Sergey Sharybin (sergey), Campbell Barton (campbellbarton), Bastien Montagne (mont29).Jan 17 2015, 12:49 AM

Ouch, looks to me that .blend file is heavily corrupted… At least, that’s what I can guess from that backtrace:

P186 T43283
1(gdb) bt
2#0 0x00007ffff6f5dd70 in __asan_report_error () from /usr/lib/x86_64-linux-gnu/libasan.so.1
3#1 0x00007ffff6f337ad in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.1
4#2 0x00000000048324d8 in mywrite (wd=0x60700019afc8,
5 adr=0x8fe3c08 <_ZZN5Eigen17CoeffBasedProductIKNS_9TransposeIKNS_3MapIKNS_6MatrixIdLi2ELi3ELi1ELi2ELi3EEELi0ENS_6StrideILi0ELi0EEEEEEES9_Li6EEC4ISA_S8_EERKT_RKT0_E19__PRETTY_FUNCTION__+392>, len=1104)
6 at /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:404
7#3 0x00000000048329be in writestruct_at_address (wd=0x60700019afc8, filecode=1096040772, structname=0x87b9e00 "MDeformWeight", nr=138,
8 adr=0x8fe3c08 <_ZZN5Eigen17CoeffBasedProductIKNS_9TransposeIKNS_3MapIKNS_6MatrixIdLi2ELi3ELi1ELi2ELi3EEELi0ENS_6StrideILi0ELi0EEEEEEES9_Li6EEC4ISA_S8_EERKT_RKT0_E19__PRETTY_FUNCTION__+392>,
9 data=0x8fe3c08 <_ZZN5Eigen17CoeffBasedProductIKNS_9TransposeIKNS_3MapIKNS_6MatrixIdLi2ELi3ELi1ELi2ELi3EEELi0ENS_6StrideILi0ELi0EEEEEEES9_Li6EEC4ISA_S8_EERKT_RKT0_E19__PRETTY_FUNCTION__+392>)
10 at /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:476
11#4 0x0000000004832a4d in writestruct (wd=0x60700019afc8, filecode=1096040772, structname=0x87b9e00 "MDeformWeight", nr=138,
12 adr=0x8fe3c08 <_ZZN5Eigen17CoeffBasedProductIKNS_9TransposeIKNS_3MapIKNS_6MatrixIdLi2ELi3ELi1ELi2ELi3EEELi0ENS_6StrideILi0ELi0EEEEEEES9_Li6EEC4ISA_S8_EERKT_RKT0_E19__PRETTY_FUNCTION__+392>)
13 at /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:481
14#5 0x000000000483c3bf in write_dverts (wd=0x60700019afc8, count=53, dvlist=0x618000654088) at /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:1823
15#6 0x000000000483cbac in write_customdata (wd=0x60700019afc8, id=0x7fffffffc6d0, count=53, data=0x7fffffffc7e8, partial_type=-1, partial_count=0)
16 at /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:1892
17#7 0x000000000483d6f0 in write_meshes (wd=0x60700019afc8, idbase=0x61c00009a4f8) at /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:1967
18#8 0x00000000048489bb in write_file_handle (mainvar=0x61c00009a088, ww=0x0, compare=0x0, current=0x6190003c6dd8, write_user_block=0, write_flags=33558530, thumb=0x0)
19 at /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:3546
20#9 0x00000000048496f9 in BLO_write_file_mem (mainvar=0x61c00009a088, compare=0x0, current=0x6190003c6dd8, write_flags=33558530)
21 at /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:3724
22#10 0x0000000003cd2f84 in BKE_write_undo (C=0x60b00000af98, name=0x81881c0 "original") at /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/blender.c:705
23#11 0x00000000021570b2 in WM_file_read (C=0x60b00000af98, filepath=0x7fffffffd470 "/home/i74700deb64/Téléchargements/NoseScalesCrash.blend", reports=0x6040002e5f98)
24 at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_files.c:510
25#12 0x00000000021791a6 in wm_file_read_opwrap (C=0x60b00000af98, filepath=0x7fffffffd470 "/home/i74700deb64/Téléchargements/NoseScalesCrash.blend", reports=0x6040002e5f98, autoexec_init=false)
26 at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_operators.c:2328
27#13 0x0000000002179734 in wm_open_mainfile_exec (C=0x60b00000af98, op=0x60f00014f598) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_operators.c:2387
28#14 0x0000000002147837 in wm_operator_invoke (C=0x60b00000af98, ot=0x61000008f448, event=0x0, properties=0x7fffffffdb10, reports=0x0, poll_only=false)
29 at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1046
30#15 0x0000000002148545 in wm_operator_call_internal (C=0x60b00000af98, ot=0x61000008f448, properties=0x7fffffffdb10, reports=0x0, context=7, poll_only=false)
31 at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1225
32#16 0x00000000021487a6 in WM_operator_name_call_ptr (C=0x60b00000af98, ot=0x61000008f448, context=7, properties=0x7fffffffdb10)
33 at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1273
34#17 0x00000000028f8429 in ui_apply_but_funcs_after (C=0x60b00000af98) at /home/i74700deb64/blender/__work__/src/source/blender/editors/interface/interface_handlers.c:667
35#18 0x000000000293d03e in ui_popup_handler (C=0x60b00000af98, event=0x60c000227808, userdata=0x611000849588) at /home/i74700deb64/blender/__work__/src/source/blender/editors/interface/interface_handlers.c:9257
36#19 0x0000000002143571 in wm_handler_ui_call (C=0x60b00000af98, handler=0x60d00024e808, event=0x60c000227808, always_pass=0)
37 at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:424
38#20 0x000000000214c1dc in wm_handlers_do_intern (C=0x60b00000af98, event=0x60c000227808, handlers=0x61200004bea0)
39 at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1925
40#21 0x000000000214c7fc in wm_handlers_do (C=0x60b00000af98, event=0x60c000227808, handlers=0x61200004bea0) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2009
41#22 0x000000000214e127 in wm_event_do_handlers (C=0x60b00000af98) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2292
42#23 0x0000000002132bbb in WM_main (C=0x60b00000af98) at /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:489
43#24 0x0000000002130acb in main (argc=1, argv=0x7fffffffe268) at /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1740
44(gdb) continue
45Continuing.
46=================================================================
47==22007==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000008fe3c9e at pc 0x7ffff6f33792 bp 0x7fffffffc2d0 sp 0x7fffffffba90
48READ of size 1104 at 0x000008fe3c9e thread T0
49 #0 0x7ffff6f33791 (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x2e791)
50 #1 0x48324d7 in mywrite /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:404
51 #2 0x48329bd in writestruct_at_address /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:476
52 #3 0x4832a4c in writestruct /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:481
53 #4 0x483c3be in write_dverts /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:1823
54 #5 0x483cbab in write_customdata /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:1892
55 #6 0x483d6ef in write_meshes /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:1967
56 #7 0x48489ba in write_file_handle /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:3546
57 #8 0x48496f8 in BLO_write_file_mem /home/i74700deb64/blender/__work__/src/source/blender/blenloader/intern/writefile.c:3724
58 #9 0x3cd2f83 in BKE_write_undo /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/blender.c:705
59 #10 0x21570b1 in WM_file_read /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_files.c:510
60 #11 0x21791a5 in wm_file_read_opwrap /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_operators.c:2328
61 #12 0x2179733 in wm_open_mainfile_exec /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_operators.c:2387
62 #13 0x2147836 in wm_operator_invoke /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1046
63 #14 0x2148544 in wm_operator_call_internal /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1225
64 #15 0x21487a5 in WM_operator_name_call_ptr /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1273
65 #16 0x28f8428 in ui_apply_but_funcs_after /home/i74700deb64/blender/__work__/src/source/blender/editors/interface/interface_handlers.c:667
66 #17 0x293d03d in ui_popup_handler /home/i74700deb64/blender/__work__/src/source/blender/editors/interface/interface_handlers.c:9257
67 #18 0x2143570 in wm_handler_ui_call /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:424
68 #19 0x214c1db in wm_handlers_do_intern /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1925
69 #20 0x214c7fb in wm_handlers_do /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2009
70 #21 0x214e126 in wm_event_do_handlers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2292
71 #22 0x2132bba in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:489
72 #23 0x2130aca in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:1740
73 #24 0x7ffff0ef4b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
74 #25 0x212b68e (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x212b68e)
75
760x000008fe3c9e is located 0 bytes to the right of global variable '__PRETTY_FUNCTION__' from '/home/i74700deb64/blender/__work__/src/extern/libmv/third_party/ceres/internal/ceres/generated/partitioned_matrix_view_2_4_3.cc' (0x8fe3a80) of size 542
77 '__PRETTY_FUNCTION__' is ascii string 'Eigen::CoeffBasedProduct<Lhs, Rhs, NestingFlags>::CoeffBasedProduct(const Lhs&, const Rhs&) [with Lhs = Eigen::Transpose<const Eigen::Map<const Eigen::Matrix<double, 2, 3, 1, 2, 3>, 0, Eigen::Stride<0, 0> > >; Rhs = Eigen::Map<const Eigen::Matrix<double, 2, 3, 1, 2, 3>, 0, Eigen::Stride<0, 0> >; LhsNested = const Eigen::Transpose<const Eigen::Map<const Eigen::Matrix<double, 2, 3, 1, 2, 3>, 0, Eigen::Stride<0, 0> > >; RhsNested = const Eigen::Map<const Eigen::Matrix<double, 2, 3, 1, 2, 3>, 0, Eigen::Stride<0, 0> >; int NestingFlags = 6]'
780x000008fe3c9e is located 34 bytes to the left of global variable '__PRETTY_FUNCTION__' from '/home/i74700deb64/blender/__work__/src/extern/libmv/third_party/ceres/internal/ceres/generated/partitioned_matrix_view_2_4_3.cc' (0x8fe3cc0) of size 544
79 '__PRETTY_FUNCTION__' is ascii string 'Eigen::CoeffBasedProduct<Lhs, Rhs, NestingFlags>::CoeffBasedProduct(const Lhs&, const Rhs&) [with Lhs = Eigen::Transpose<const Eigen::Map<const Eigen::Matrix<double, 2, 3, 1, 2, 3>, 0, Eigen::Stride<0, 0> > >; Rhs = Eigen::Map<const Eigen::Matrix<double, 2, 3, 1, 2, 3>, 0, Eigen::Stride<0, 0> >; LhsNested = const Eigen::Transpose<const Eigen::Map<const Eigen::Matrix<double, 2, 3, 1, 2, 3>, 0, Eigen::Stride<0, 0> > >; RhsNested = const Eigen::Map<const Eigen::Matrix<double, 2, 3, 1, 2, 3>, 0, Eigen::Stride<0, 0> >; int NestingFlags = 256]'
80SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 ??
81Shadow bytes around the buggy address:
82 0x0000811f4740: 00 00 00 00 00 00 00 00 00 06 f9 f9 f9 f9 f9 f9
83 0x0000811f4750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
84 0x0000811f4760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
85 0x0000811f4770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
86 0x0000811f4780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
87=>0x0000811f4790: 00 00 00[06]f9 f9 f9 f9 00 00 00 00 00 00 00 00
88 0x0000811f47a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
89 0x0000811f47b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
90 0x0000811f47c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
91 0x0000811f47d0: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9
92 0x0000811f47e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
93Shadow byte legend (one shadow byte represents 8 application bytes):
94 Addressable: 00
95 Partially addressable: 01 02 03 04 05 06 07
96 Heap left redzone: fa
97 Heap right redzone: fb
98 Freed heap region: fd
99 Stack left redzone: f1
100 Stack mid redzone: f2
101 Stack right redzone: f3
102 Stack partial redzone: f4
103 Stack after return: f5
104 Stack use after scope: f8
105 Global redzone: f9
106 Global init order: f6
107 Poisoned by user: f7
108 Contiguous container OOB:fc
109 ASan internal: fe
110==22007==ABORTING

Looks like some pointer in the file has ugly bad value?

Zauber Paracelsus (zauberexonar) added a comment.Jan 17 2015, 1:05 AM

I don't think the problem is so much the file, but rather it may be some kind of mishandling with weight painting or deformation? The crash occurs after I transferred weights from one model to the problem model. But when I instead just created the DEF-head group and then set it to 100% on all vertices, there were no problems.

Zauber Paracelsus (zauberexonar) added a comment.Jan 17 2015, 1:18 AM

Okay, I've made another repro file. This one does not produce the crash, but rather sets the stage for the trigger conditions. For this I have used a different model off of blendswap, since I do not yet intend for the character models to be available in public.

File:

NoseScalesCrashTest.blend418 KBDownload

Repro: Open the file. The blend will be in Weight Paint mode. Go to the left and press Transfer Weights. From there, you have two ways to trigger the crash:

  1. Make some quick random change or select an object, then press CTRL-Z to undo.
  2. Save the file (preferably a copy), then try to reload it.
Sergey Sharybin (sergey) lowered the priority of this task from 90 to 30.Jan 17 2015, 10:10 AM

The file is corrupted beyond repairable state. We can not fix anything in blender in order to support this file working, But we should fix bug which lead to such a corrupted file.

For this we need exact steps of reproducing such a corrupted file from totally correct one.

Zauber Paracelsus (zauberexonar) added a comment.Jan 17 2015, 2:58 PM

@Sergey Sharybin (sergey): Check my previous comment, before yours.

Sergey Sharybin (sergey) added a comment.Jan 17 2015, 3:38 PM

@Zauber Paracelsus (zauberexonar), save and reload makes no changes to internal data structures. Same applies to selection and undo. So the file is still somewhat corrupted and not good for tracking down actual bug.

So your comment before mine doesn't actually help.

Zauber Paracelsus (zauberexonar) added a comment.Jan 17 2015, 3:57 PM

Actually, I should point out that the problem begins with using the Transfer Weights function in weight painting mode.

Furthermore, I should clarify that I've been using a development build of Blender, where the Transfer Weights function appears to have been overhauled.

I'm betting that I ran into a new bug introduced in the Transfer Weights function, especially since the crash/corruption issue does not occur when I use the 2.73 release build.

Bastien Montagne (mont29) claimed this task.Jan 17 2015, 3:59 PM

Eeeeeeh, that’s a whole other topic!

Checking...

Zauber Paracelsus (zauberexonar) added a comment.Jan 17 2015, 4:01 PM

Further testing, and with new repro steps. It'll occur on ANYTHING you use Transfer Weights on.

New repro steps:

  1. Create a new scene, using a development build of blender.
  2. Create two cubes near one another
  3. On one cube, add a single vertex group and assign weights.
  4. Select the first cube, then shift-select the other cube.
  5. Go into Weight Painting mode
  6. Use the Transfer Weights function
  7. Save, and then reopen the file.
Bastien Montagne (mont29) raised the priority of this task from 30 to 50.Jan 17 2015, 4:02 PM
Bastien Montagne (mont29) changed the task status from Unknown Status to Resolved.Jan 17 2015, 5:45 PM
Bastien Montagne (mont29) added a commit: rB119ff676e1b3: Fix T43283: Crash on undo/redo/ and save/reload after (new) weight transfer..

Closed by commit rB119ff676e1b3.

Zauber Paracelsus (zauberexonar) added a comment.Jan 18 2015, 4:59 PM

@Bastien Montagne (mont29): I just freshly compiled blender from git this morning. The crash no longer occurs with the original model(s) I discovered it on. However, it continues to occur with a slight variation on the repro steps I posted above:

  1. Create a new scene, using a development build of blender.
  2. Create two cubes near one another
  3. On one cube, add a single vertex group and assign weights.
  4. Select the first cube, then shift-select the other cube.
  5. Go into Weight Painting mode
  6. Use the Transfer Weights function
  7. Select any other object, then hit CTRL-Z

Further, it seems like it will only crash sometimes on a bad saved file, but doing step 7 above on that file repros a crash, as will attempting to Transfer Weights again, or trying to remove a vertex group. In fact, every other thing I do on that file, even something as innocuous as entering edit mode, will trigger a crash. So, perhaps there is an unfixed code path that still has the issue?

Bastien Montagne (mont29) added a comment.Jan 18 2015, 5:39 PM

@Zauber Paracelsus (zauberexonar) cannot reproduce following steps you gave here… Unless you mean, you are still using a corrupted file? in this case, yes, even in a new scene issue will remain, but starting from scratch with startup file I get absolutely no crash here.

Zauber Paracelsus (zauberexonar) added a comment.Jan 18 2015, 5:51 PM

Issue repros on my build from just a couple hours ago that was compiled fresh off of git. However, the issue does not repro at all on the nightly I just downloaded.

Very weird :-/

Bastien Montagne (mont29) added a comment.Jan 18 2015, 6:01 PM

what’s the hash shown on blender startup panel?

Zauber Paracelsus (zauberexonar) added a comment.EditedJan 18 2015, 6:06 PM

For the nightly, the hash is 6e97db7. For the build I compiled myself (where the issue still repros partially), there is no hash. This is the output from git on the command line:

[zauber@manjaro blender]$ git describe --tags
v2.73-rc1-328-gecc58da
[zauber@manjaro blender]$ git rev-parse HEAD
ecc58da8f1d110498e700b804cb44adba1145113
Bastien Montagne (mont29) added a comment.Jan 18 2015, 6:23 PM

That is pretty much exactly the same code… no reason to have that difference in behavior.

Maybe make a full rebuild (make clean, then usual build command)?

Zauber Paracelsus (zauberexonar) added a comment.Jan 20 2015, 4:18 PM

Deleted my blender source directory entirely, and redownloaded everything from git so that I had a clean slate. Issue no longer repros.