blender
/
blender
92
308
Fork 426
Code Issues 6.3k Pull Requests 609 Projects 19 Wiki Activity

Regression: Crash on dragging a Speaker NLA strip #110161

New Issue
Closed
opened 2023-07-16 08:21:25 +02:00 by Albert-OShea · 5 comments
Albert-OShea commented 2023-07-16 08:21:25 +02:00
First-time contributor
Copy Link

System Information
Operating system: Windows-10-10.0.22621-SP0 64 Bits
Graphics card: NVIDIA GeForce GTX 1080/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 517.48

Blender Version
Broken: version: 4.0.0 Alpha, branch: main, commit date: 2023-07-12 23:36, hash: 5f7e07e05321
Worked: Don't know, doesn't work in 3.6 either. However, the crash seems slightly different in 3.6, it works on the first drag, but when you do it a second time, blender then crashes.
Edit: This behavior can also occur in 4.0. It's seemingly random if it will crash on the first drag or second drag of the strip.

Caused by 8833f5dbf9

Short description of error
Adding a Speaker object adds an NLA track with a strip. If you drag this strip along the track and let go, Blender will crash.

Exact steps for others to reproduce the error

  1. Download and open speaker_crash.blend.
  2. In the NLA editor, drag the NLA strip to the right and let go with your mouse.
  3. If this doesn't cause a crash, repeat this action and drag the strip again.
**System Information** Operating system: Windows-10-10.0.22621-SP0 64 Bits Graphics card: NVIDIA GeForce GTX 1080/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 517.48 **Blender Version** Broken: version: 4.0.0 Alpha, branch: main, commit date: 2023-07-12 23:36, hash: `5f7e07e05321` Worked: Don't know, doesn't work in 3.6 either. However, the crash seems slightly different in 3.6, it works on the first drag, but when you do it a second time, blender then crashes. Edit: This behavior can also occur in 4.0. It's seemingly random if it will crash on the first drag or second drag of the strip. Caused by 8833f5dbf92c **Short description of error** Adding a Speaker object adds an NLA track with a strip. If you drag this strip along the track and let go, Blender will crash. **Exact steps for others to reproduce the error** 1. Download and open speaker_crash.blend. 2. In the NLA editor, drag the NLA strip to the right and let go with your mouse. 3. If this doesn't cause a crash, repeat this action and drag the strip again.
speaker_crash.blend
870 KiB
Albert-OShea added the
Type
Report
Status
Needs Triage
Priority
Normal
 labels 2023-07-16 08:21:26 +02:00
YimingWu commented 2023-07-16 10:24:59 +02:00
Member
Copy Link

I have these errors here output in the console:

WARN (bpy.rna): source/blender/python/intern/bpy_rna.c:1337 pyrna_enum_to_py: current value '-1' matches no enum in 'NlaStrip', '', 'type'
While moving NLA strips, a transition strip could no longer be applied to the new positions and was removed.

I can repeat the crash after several tries, also sometimes I can trigger the crash when ctrl-z moving the strip. The strip would disappear after confirming the move. Occasionally it shows up like this:

图片

I'm able to break this during undo and it crashed at BKE_nlastrip_remove_and_free() from BKE_memfile_undo_decode(). Unable to repeat the crash by just dragging the strip when running from the debugger.

I have these errors here output in the console: ``` WARN (bpy.rna): source/blender/python/intern/bpy_rna.c:1337 pyrna_enum_to_py: current value '-1' matches no enum in 'NlaStrip', '', 'type' While moving NLA strips, a transition strip could no longer be applied to the new positions and was removed. ``` I can repeat the crash after several tries, also sometimes I can trigger the crash when `ctrl-z` moving the strip. The strip would disappear after confirming the move. Occasionally it shows up like this: ![图片](/attachments/cd360051-365b-4e8f-9f31-9bda648ce38d) I'm able to break this during undo and it crashed at `BKE_nlastrip_remove_and_free()` from `BKE_memfile_undo_decode()`. Unable to repeat the crash by just dragging the strip when running from the debugger.
图片.png
10 KiB
Philipp Oeser commented 2023-07-17 10:01:40 +02:00
Member
Copy Link

Caused by 8833f5dbf9

Guess we need to have a depsgraph update and/or notifiers?

==310596==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110004fd0c8 at pc 0x7ffff7849e0b bp 0x7fffffffcc30 sp 0x7fffffffc3e0
READ of size 216 at 0x6110004fd0c8 thread T0
    #0 0x7ffff7849e0a in __interceptor_memcpy (/lib64/libasan.so.8+0x49e0a)
    #1 0x41432f9 in mywrite /blender/source/blender/blenloader/intern/writefile.cc:564
    #2 0x4144526 in writestruct_at_address_nr /blender/source/blender/blenloader/intern/writefile.cc:691
    #3 0x41445c7 in writestruct_nr /blender/source/blender/blenloader/intern/writefile.cc:697
    #4 0x4144934 in writelist_nr /blender/source/blender/blenloader/intern/writefile.cc:734
    #5 0x414d3f7 in BLO_write_struct_list_by_id /blender/source/blender/blenloader/intern/writefile.cc:1685
    #6 0x106471a in blend_write_nla_strips /blender/source/blender/blenkernel/intern/nla.c:2353
    #7 0x1065190 in BKE_nla_blend_write /blender/source/blender/blenkernel/intern/nla.c:2420
    #8 0x30a2849 in BKE_animdata_blend_write /blender/source/blender/blenkernel/intern/anim_data.c:1474
    #9 0x11e2e84 in object_blend_write /blender/source/blender/blenkernel/intern/object.cc:568
    #10 0x414b10a in write_file_handle /blender/source/blender/blenloader/intern/writefile.cc:1321
    #11 0x414cb9f in BLO_write_file_mem /blender/source/blender/blenloader/intern/writefile.cc:1587
    #12 0xc439e4d in BKE_memfile_undo_encode /blender/source/blender/blenkernel/intern/blender_undo.cc:134
    #13 0xa0b8165 in memfile_undosys_step_encode /blender/source/blender/editors/undo/memfile_undo.cc:89
    #14 0xc7ac463 in undosys_step_encode /blender/source/blender/blenkernel/intern/undo_system.cc:148
    #15 0xc7b1b47 in BKE_undosys_step_push_with_type /blender/source/blender/blenkernel/intern/undo_system.cc:563
    #16 0xc7b25c7 in BKE_undosys_step_push /blender/source/blender/blenkernel/intern/undo_system.cc:608
    #17 0xa0afdf4 in ED_undo_push /blender/source/blender/editors/undo/ed_undo.cc:139
    #18 0xa0b1f87 in ED_undo_push_op /blender/source/blender/editors/undo/ed_undo.cc:405
    #19 0x3cea02b in wm_operator_finished /blender/source/blender/windowmanager/intern/wm_event_system.cc:1140
    #20 0x3cf82de in wm_handler_operator_call /blender/source/blender/windowmanager/intern/wm_event_system.cc:2495
    #21 0x3d07f1e in wm_handlers_do_intern /blender/source/blender/windowmanager/intern/wm_event_system.cc:3376
    #22 0x3d0855f in wm_handlers_do /blender/source/blender/windowmanager/intern/wm_event_system.cc:3426
    #23 0x3d12ae4 in wm_event_do_handlers /blender/source/blender/windowmanager/intern/wm_event_system.cc:4053
    #24 0x3cc36fa in WM_main /blender/source/blender/windowmanager/intern/wm.c:632
    #25 0x8dfc48 in main /blender/source/creator/creator.c:576
    #26 0x7fffedc4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
    #27 0x7fffedc4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
    #28 0x8defc4 in _start (/build_linux_debug/bin/blender+0x8defc4)

0x6110004fd0c8 is located 8 bytes inside of 224-byte region [0x6110004fd0c0,0x6110004fd1a0)
freed by thread T0 here:
    #0 0x7ffff78b9388 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xb9388)
    #1 0x1b7921d2 in MEM_lockfree_freeN /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:104
    #2 0x104d192 in BKE_nlastrip_free /blender/source/blender/blenkernel/intern/nla.c:92
    #3 0x1060ed8 in nlastrip_validate_transition_start_end /blender/source/blender/blenkernel/intern/nla.c:1976
    #4 0x1061069 in BKE_nla_validate_state /blender/source/blender/blenkernel/intern/nla.c:1996
    #5 0xb1fc192 in ED_nla_postop_refresh /blender/source/blender/editors/space_nla/nla_edit.cc:71
    #6 0x9ec796b in special_aftertrans_update__nla /blender/source/blender/editors/transform/transform_convert_nla.c:989
    #7 0x9dc82f3 in special_aftertrans_update /blender/source/blender/editors/transform/transform_convert.c:658
    #8 0x9dadb9d in transformEnd /blender/source/blender/editors/transform/transform.c:2153
    #9 0xa02824f in transform_modal /blender/source/blender/editors/transform/transform_ops.c:465
    #10 0x3cf7d7d in wm_handler_operator_call /blender/source/blender/windowmanager/intern/wm_event_system.cc:2462
    #11 0x3d07f1e in wm_handlers_do_intern /blender/source/blender/windowmanager/intern/wm_event_system.cc:3376
    #12 0x3d0855f in wm_handlers_do /blender/source/blender/windowmanager/intern/wm_event_system.cc:3426
    #13 0x3d12ae4 in wm_event_do_handlers /blender/source/blender/windowmanager/intern/wm_event_system.cc:4053
    #14 0x3cc36fa in WM_main /blender/source/blender/windowmanager/intern/wm.c:632
    #15 0x8dfc48 in main /blender/source/creator/creator.c:576
    #16 0x7fffedc4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

previously allocated by thread T0 here:
    #0 0x7ffff78ba6af in __interceptor_malloc (/lib64/libasan.so.8+0xba6af)
    #1 0x1b792b6c in MEM_lockfree_mallocN /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:249
    #2 0x3f15705 in read_struct /blender/source/blender/blenloader/intern/readfile.cc:1758
    #3 0x3f1c1f7 in read_data_into_datamap /blender/source/blender/blenloader/intern/readfile.cc:2477
    #4 0x3f22ec0 in read_libblock /blender/source/blender/blenloader/intern/readfile.cc:2952
    #5 0x3f2c14d in blo_read_file_internal /blender/source/blender/blenloader/intern/readfile.cc:3551
    #6 0x3f018ed in BLO_read_from_file /blender/source/blender/blenloader/intern/readblenentry.cc:414
    #7 0x9038b2 in BKE_blendfile_read /blender/source/blender/blenkernel/intern/blendfile.cc:1038
    #8 0x3d383d3 in WM_file_read /blender/source/blender/windowmanager/intern/wm_files.cc:1011
    #9 0x3d451b9 in wm_file_read_opwrap /blender/source/blender/windowmanager/intern/wm_files.cc:2692
    #10 0x3d46246 in wm_open_mainfile__open /blender/source/blender/windowmanager/intern/wm_files.cc:2815
    #11 0x3d45577 in operator_state_dispatch /blender/source/blender/windowmanager/intern/wm_files.cc:2728
    #12 0x3d464a9 in wm_open_mainfile_dispatch /blender/source/blender/windowmanager/intern/wm_files.cc:2839
    #13 0x3d4584d in wm_open_mainfile__discard_changes /blender/source/blender/windowmanager/intern/wm_files.cc:2767
    #14 0x3d45577 in operator_state_dispatch /blender/source/blender/windowmanager/intern/wm_files.cc:2728
    #15 0x3d464a9 in wm_open_mainfile_dispatch /blender/source/blender/windowmanager/intern/wm_files.cc:2839
    #16 0x3d464d6 in wm_open_mainfile_invoke /blender/source/blender/windowmanager/intern/wm_files.cc:2844
    #17 0x3cee5e9 in wm_operator_invoke /blender/source/blender/windowmanager/intern/wm_event_system.cc:1526
    #18 0x3cf04ae in wm_operator_call_internal /blender/source/blender/windowmanager/intern/wm_event_system.cc:1761
    #19 0x3cf05b7 in WM_operator_name_call_ptr /blender/source/blender/windowmanager/intern/wm_event_system.cc:1775
    #20 0x3cf1b09 in WM_operator_name_call_ptr_with_depends_on_cursor /blender/source/blender/windowmanager/intern/wm_event_system.cc:1968
    #21 0xa163987 in ui_apply_but_funcs_after /blender/source/blender/editors/interface/interface_handlers.cc:1038
    #22 0xa1f7d80 in ui_popup_handler /blender/source/blender/editors/interface/interface_handlers.cc:11634
    #23 0x3ce73b5 in wm_handler_ui_call /blender/source/blender/windowmanager/intern/wm_event_system.cc:820
    #24 0x3d071a0 in wm_handlers_do_intern /blender/source/blender/windowmanager/intern/wm_event_system.cc:3309
    #25 0x3d0855f in wm_handlers_do /blender/source/blender/windowmanager/intern/wm_event_system.cc:3426
    #26 0x3d12ae4 in wm_event_do_handlers /blender/source/blender/windowmanager/intern/wm_event_system.cc:4053
    #27 0x3cc36fa in WM_main /blender/source/blender/windowmanager/intern/wm.c:632
    #28 0x8dfc48 in main /blender/source/creator/creator.c:576
    #29 0x7fffedc4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

SUMMARY: AddressSanitizer: heap-use-after-free (/lib64/libasan.so.8+0x49e0a) in __interceptor_memcpy
Shadow bytes around the buggy address:
  0x0c22800979c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c22800979d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c22800979e0: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
  0x0c22800979f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2280097a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
=>0x0c2280097a10: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd
  0x0c2280097a20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280097a30: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2280097a40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280097a50: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
  0x0c2280097a60: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==310596==ABORTING

CC @nrupsis
CC @dr.sybren

Caused by 8833f5dbf92c Guess we need to have a depsgraph update and/or notifiers? ``` ==310596==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110004fd0c8 at pc 0x7ffff7849e0b bp 0x7fffffffcc30 sp 0x7fffffffc3e0 READ of size 216 at 0x6110004fd0c8 thread T0 #0 0x7ffff7849e0a in __interceptor_memcpy (/lib64/libasan.so.8+0x49e0a) #1 0x41432f9 in mywrite /blender/source/blender/blenloader/intern/writefile.cc:564 #2 0x4144526 in writestruct_at_address_nr /blender/source/blender/blenloader/intern/writefile.cc:691 #3 0x41445c7 in writestruct_nr /blender/source/blender/blenloader/intern/writefile.cc:697 #4 0x4144934 in writelist_nr /blender/source/blender/blenloader/intern/writefile.cc:734 #5 0x414d3f7 in BLO_write_struct_list_by_id /blender/source/blender/blenloader/intern/writefile.cc:1685 #6 0x106471a in blend_write_nla_strips /blender/source/blender/blenkernel/intern/nla.c:2353 #7 0x1065190 in BKE_nla_blend_write /blender/source/blender/blenkernel/intern/nla.c:2420 #8 0x30a2849 in BKE_animdata_blend_write /blender/source/blender/blenkernel/intern/anim_data.c:1474 #9 0x11e2e84 in object_blend_write /blender/source/blender/blenkernel/intern/object.cc:568 #10 0x414b10a in write_file_handle /blender/source/blender/blenloader/intern/writefile.cc:1321 #11 0x414cb9f in BLO_write_file_mem /blender/source/blender/blenloader/intern/writefile.cc:1587 #12 0xc439e4d in BKE_memfile_undo_encode /blender/source/blender/blenkernel/intern/blender_undo.cc:134 #13 0xa0b8165 in memfile_undosys_step_encode /blender/source/blender/editors/undo/memfile_undo.cc:89 #14 0xc7ac463 in undosys_step_encode /blender/source/blender/blenkernel/intern/undo_system.cc:148 #15 0xc7b1b47 in BKE_undosys_step_push_with_type /blender/source/blender/blenkernel/intern/undo_system.cc:563 #16 0xc7b25c7 in BKE_undosys_step_push /blender/source/blender/blenkernel/intern/undo_system.cc:608 #17 0xa0afdf4 in ED_undo_push /blender/source/blender/editors/undo/ed_undo.cc:139 #18 0xa0b1f87 in ED_undo_push_op /blender/source/blender/editors/undo/ed_undo.cc:405 #19 0x3cea02b in wm_operator_finished /blender/source/blender/windowmanager/intern/wm_event_system.cc:1140 #20 0x3cf82de in wm_handler_operator_call /blender/source/blender/windowmanager/intern/wm_event_system.cc:2495 #21 0x3d07f1e in wm_handlers_do_intern /blender/source/blender/windowmanager/intern/wm_event_system.cc:3376 #22 0x3d0855f in wm_handlers_do /blender/source/blender/windowmanager/intern/wm_event_system.cc:3426 #23 0x3d12ae4 in wm_event_do_handlers /blender/source/blender/windowmanager/intern/wm_event_system.cc:4053 #24 0x3cc36fa in WM_main /blender/source/blender/windowmanager/intern/wm.c:632 #25 0x8dfc48 in main /blender/source/creator/creator.c:576 #26 0x7fffedc4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) #27 0x7fffedc4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) #28 0x8defc4 in _start (/build_linux_debug/bin/blender+0x8defc4) 0x6110004fd0c8 is located 8 bytes inside of 224-byte region [0x6110004fd0c0,0x6110004fd1a0) freed by thread T0 here: #0 0x7ffff78b9388 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xb9388) #1 0x1b7921d2 in MEM_lockfree_freeN /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:104 #2 0x104d192 in BKE_nlastrip_free /blender/source/blender/blenkernel/intern/nla.c:92 #3 0x1060ed8 in nlastrip_validate_transition_start_end /blender/source/blender/blenkernel/intern/nla.c:1976 #4 0x1061069 in BKE_nla_validate_state /blender/source/blender/blenkernel/intern/nla.c:1996 #5 0xb1fc192 in ED_nla_postop_refresh /blender/source/blender/editors/space_nla/nla_edit.cc:71 #6 0x9ec796b in special_aftertrans_update__nla /blender/source/blender/editors/transform/transform_convert_nla.c:989 #7 0x9dc82f3 in special_aftertrans_update /blender/source/blender/editors/transform/transform_convert.c:658 #8 0x9dadb9d in transformEnd /blender/source/blender/editors/transform/transform.c:2153 #9 0xa02824f in transform_modal /blender/source/blender/editors/transform/transform_ops.c:465 #10 0x3cf7d7d in wm_handler_operator_call /blender/source/blender/windowmanager/intern/wm_event_system.cc:2462 #11 0x3d07f1e in wm_handlers_do_intern /blender/source/blender/windowmanager/intern/wm_event_system.cc:3376 #12 0x3d0855f in wm_handlers_do /blender/source/blender/windowmanager/intern/wm_event_system.cc:3426 #13 0x3d12ae4 in wm_event_do_handlers /blender/source/blender/windowmanager/intern/wm_event_system.cc:4053 #14 0x3cc36fa in WM_main /blender/source/blender/windowmanager/intern/wm.c:632 #15 0x8dfc48 in main /blender/source/creator/creator.c:576 #16 0x7fffedc4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) previously allocated by thread T0 here: #0 0x7ffff78ba6af in __interceptor_malloc (/lib64/libasan.so.8+0xba6af) #1 0x1b792b6c in MEM_lockfree_mallocN /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:249 #2 0x3f15705 in read_struct /blender/source/blender/blenloader/intern/readfile.cc:1758 #3 0x3f1c1f7 in read_data_into_datamap /blender/source/blender/blenloader/intern/readfile.cc:2477 #4 0x3f22ec0 in read_libblock /blender/source/blender/blenloader/intern/readfile.cc:2952 #5 0x3f2c14d in blo_read_file_internal /blender/source/blender/blenloader/intern/readfile.cc:3551 #6 0x3f018ed in BLO_read_from_file /blender/source/blender/blenloader/intern/readblenentry.cc:414 #7 0x9038b2 in BKE_blendfile_read /blender/source/blender/blenkernel/intern/blendfile.cc:1038 #8 0x3d383d3 in WM_file_read /blender/source/blender/windowmanager/intern/wm_files.cc:1011 #9 0x3d451b9 in wm_file_read_opwrap /blender/source/blender/windowmanager/intern/wm_files.cc:2692 #10 0x3d46246 in wm_open_mainfile__open /blender/source/blender/windowmanager/intern/wm_files.cc:2815 #11 0x3d45577 in operator_state_dispatch /blender/source/blender/windowmanager/intern/wm_files.cc:2728 #12 0x3d464a9 in wm_open_mainfile_dispatch /blender/source/blender/windowmanager/intern/wm_files.cc:2839 #13 0x3d4584d in wm_open_mainfile__discard_changes /blender/source/blender/windowmanager/intern/wm_files.cc:2767 #14 0x3d45577 in operator_state_dispatch /blender/source/blender/windowmanager/intern/wm_files.cc:2728 #15 0x3d464a9 in wm_open_mainfile_dispatch /blender/source/blender/windowmanager/intern/wm_files.cc:2839 #16 0x3d464d6 in wm_open_mainfile_invoke /blender/source/blender/windowmanager/intern/wm_files.cc:2844 #17 0x3cee5e9 in wm_operator_invoke /blender/source/blender/windowmanager/intern/wm_event_system.cc:1526 #18 0x3cf04ae in wm_operator_call_internal /blender/source/blender/windowmanager/intern/wm_event_system.cc:1761 #19 0x3cf05b7 in WM_operator_name_call_ptr /blender/source/blender/windowmanager/intern/wm_event_system.cc:1775 #20 0x3cf1b09 in WM_operator_name_call_ptr_with_depends_on_cursor /blender/source/blender/windowmanager/intern/wm_event_system.cc:1968 #21 0xa163987 in ui_apply_but_funcs_after /blender/source/blender/editors/interface/interface_handlers.cc:1038 #22 0xa1f7d80 in ui_popup_handler /blender/source/blender/editors/interface/interface_handlers.cc:11634 #23 0x3ce73b5 in wm_handler_ui_call /blender/source/blender/windowmanager/intern/wm_event_system.cc:820 #24 0x3d071a0 in wm_handlers_do_intern /blender/source/blender/windowmanager/intern/wm_event_system.cc:3309 #25 0x3d0855f in wm_handlers_do /blender/source/blender/windowmanager/intern/wm_event_system.cc:3426 #26 0x3d12ae4 in wm_event_do_handlers /blender/source/blender/windowmanager/intern/wm_event_system.cc:4053 #27 0x3cc36fa in WM_main /blender/source/blender/windowmanager/intern/wm.c:632 #28 0x8dfc48 in main /blender/source/creator/creator.c:576 #29 0x7fffedc4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) SUMMARY: AddressSanitizer: heap-use-after-free (/lib64/libasan.so.8+0x49e0a) in __interceptor_memcpy Shadow bytes around the buggy address: 0x0c22800979c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c22800979d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c22800979e0: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa 0x0c22800979f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2280097a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa =>0x0c2280097a10: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd 0x0c2280097a20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2280097a30: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2280097a40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2280097a50: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa 0x0c2280097a60: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==310596==ABORTING ``` CC @nrupsis CC @dr.sybren
Philipp Oeser changed title from Crash on dragging a Speaker NLA strip to Regression: Crash on dragging a Speaker NLA strip 2023-07-17 10:02:08 +02:00
Philipp Oeser added
Priority
High
 and removed
Priority
Normal
 labels 2023-07-17 10:02:21 +02:00
Pratik Borhade added this to the 3.6 LTS milestone 2023-07-28 12:37:37 +02:00
Guillermo Venegas commented 2023-07-29 06:34:36 +02:00
Contributor
Copy Link

There is more bugs related to this, to take note:

If a transition strip is dragged to the left or the right of the strips, Blender will crash

If we delete the first/last strip in the nlatrack and if the next/prev strip is a sound strip blender also crash

Fixed on #110605

There is more bugs related to this, to take note: If a transition strip is dragged to the left or the right of the strips, Blender will crash If we delete the first/last strip in the nlatrack and if the next/prev strip is a sound strip blender also crash Fixed on https://projects.blender.org/blender/blender/pulls/110605 <video src="/attachments/8e97ae24-a6a2-4f3c-b97e-713d8bf64a6d" title="2023-07-28 22-28-22.mp4" controls></video>
2023-07-28 22-28-22.mp4
2.5 MiB
👍 1
Blender Bot added
Status
Resolved
 and removed
Status
Confirmed
 labels 2023-08-03 14:20:01 +02:00
Philipp Oeser commented 2023-08-31 11:20:38 +02:00
Member
Copy Link

@dr.sybren : will add 5b3398a673 to LTS #109399 if you dont mind

@dr.sybren : will add 5b3398a6738e5ae08fce1fa77e9ca4be55b22760 to LTS #109399 if you dont mind
Sybren A. Stüvel commented 2023-09-08 13:47:23 +02:00
Member
Copy Link

@lichtwerk thanks!

@lichtwerk thanks!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
blender-v4.0-release
universal-scene-description
tmp_libupdate_41
blender-projects-basics
brush-assets-project
temp-sculpt-dyntopo
blender-v3.6-release
blender-v3.3-release
anim/animation-id-113594
bridge-curves
sculpt-blender
asset-browser-frontend-split
asset-shelf
tmp-usd-python-mtl
tmp-usd-3.6
blender-v3.5-release
blender-v2.93-release
realtime-clock
sculpt-dev
gpencil-next
bevelv2
xr-dev
v4.0.1
v4.0.0
v3.6.5
v3.3.12
v3.6.4
v3.6.3
v3.3.11
v3.6.2
v3.3.10
v3.6.1
v3.3.9
v3.6.0
v3.3.8
v3.3.7
v2.93.18
v3.5.1
v3.3.6
v2.93.17
v3.5.0
v2.93.16
v3.3.5
v3.3.4
v2.93.15
v2.93.14
v3.3.3
v2.93.13
v2.93.12
v3.4.1
v3.3.2
v3.4.0
v3.3.1
v2.93.11
v3.3.0
v3.2.2
v2.93.10
v3.2.1
v3.2.0
v2.83.20
v2.93.9
v3.1.2
v3.1.1
v3.1.0
v2.83.19
v2.93.8
v3.0.1
v2.93.7
v3.0.0
v2.93.6
v2.93.5
v2.83.18
v2.93.4
v2.93.3
v2.83.17
v2.93.2
v2.93.1
v2.83.16
v2.93.0
v2.83.15
v2.83.14
v2.83.13
v2.92.0
v2.83.12
v2.91.2
v2.83.10
v2.91.0
v2.83.9
v2.83.8
v2.83.7
v2.90.1
v2.83.6.1
v2.83.6
v2.90.0
v2.83.5
v2.83.4
v2.83.3
v2.83.2
v2.83.1
v2.83
v2.82a
v2.82
v2.81a
v2.81
v2.80
v2.80-rc3
v2.80-rc2
v2.80-rc1
v2.79b
v2.79a
v2.79
v2.79-rc2
v2.79-rc1
v2.78c
v2.78b
v2.78a
v2.78
v2.78-rc2
v2.78-rc1
v2.77a
v2.77
v2.77-rc2
v2.77-rc1
v2.76b
v2.76a
v2.76
v2.76-rc3
v2.76-rc2
v2.76-rc1
v2.75a
v2.75
v2.75-rc2
v2.75-rc1
v2.74
v2.74-rc4
v2.74-rc3
v2.74-rc2
v2.74-rc1
v2.73a
v2.73
v2.73-rc1
v2.72b
2.72b
v2.72a
v2.72
v2.72-rc1
v2.71
v2.71-rc2
v2.71-rc1
v2.70a
v2.70
v2.70-rc2
v2.70-rc
v2.69
v2.68a
v2.68
v2.67b
v2.67a
v2.67
v2.66a
v2.66
v2.65a
v2.65
v2.64a
v2.64
v2.63a
v2.63
v2.61
v2.60a
v2.60
v2.59
v2.58a
v2.58
v2.57b
v2.57a
v2.57
v2.56a
v2.56
v2.55
v2.54
v2.53
v2.52
v2.51
v2.50
v2.49b
v2.49a
v2.49
v2.48a
v2.48
v2.47
v2.46
v2.45
v2.44
v2.43
v2.42a
v2.42
v2.41
v2.40
v2.37a
v2.37
v2.36
v2.35a
v2.35
v2.34
v2.33a
v2.33
v2.32
v2.31a
v2.31
v2.30
v2.28c
v2.28a
v2.28
v2.27
v2.26
v2.25
Labels
Clear labels   
Interest
Alembic

  
Interest
Animation & Rigging

  
Interest
Asset Browser

  
Interest
Asset Browser Project Overview

  
Interest
Audio

  
Interest
Automated Testing

  
Interest
Blender Asset Bundle

  
Interest
BlendFile

  
Interest
Collada

  
Interest
Compatibility
This issue affects/is about backward or forward compatibility

  
Interest
Compositing

  
Interest
Core

  
Interest
Cycles

  
Interest
Dependency Graph

  
Interest
Development Management

  
Interest
EEVEE

  
Interest
EEVEE & Viewport

  
Interest
Freestyle

  
Interest
Geometry Nodes

  
Interest
Grease Pencil

  
Interest
ID Management

  
Interest
Images & Movies

  
Interest
Import Export

  
Interest
Line Art

  
Interest
Masking

  
Interest
Metal

  
Interest
Modeling

  
Interest
Modifiers

  
Interest
Motion Tracking

  
Interest
Nodes & Physics

  
Interest
OpenGL

  
Interest
Overlay

  
Interest
Overrides

  
Interest
Performance

  
Interest
Physics

  
Interest
Pipeline, Assets & IO

  
Interest
Platforms, Builds & Tests

  
Interest
Python API

  
Interest
Render & Cycles

  
Interest
Render Pipeline

  
Interest
Sculpt, Paint & Texture

  
Interest
Text Editor

  
Interest
Translations

  
Interest
Triaging

  
Interest
Undo

  
Interest
USD

  
Interest
User Interface

  
Interest
UV Editing

  
Interest
VFX & Video

  
Interest
Video Sequencer

  
Interest
Virtual Reality

  
Interest
Vulkan

  
Interest
Wayland

  
Interest
Workbench

  
Legacy
Blender 2.8 Project

  
Legacy
Milestone 1: Basic, Local Asset Browser

  
Legacy
OpenGL Error

  
Meta
Good First Issue

  
Meta
Papercut

  
Meta
Retrospective

  
Meta
Security
Issues relating to security: https://wiki.blender.org/wiki/Process/Vulnerability_Reports

  
Module
Animation & Rigging

  
Module
Core

  
Module
Development Management

  
Module
EEVEE & Viewport

  
Module
Grease Pencil

  
Module
Modeling

  
Module
Nodes & Physics

  
Module
Pipeline, Assets & IO

  
Module
Platforms, Builds & Tests

  
Module
Python API

  
Module
Render & Cycles

  
Module
Sculpt, Paint & Texture

  
Module
Triaging

  
Module
User Interface

  
Module
VFX & Video

  
Platform
FreeBSD

  
Platform
Linux

  
Platform
macOS

  
Platform
Windows

  
Priority
High

  
Priority
Low

  
Priority
Normal

  
Priority
Unbreak Now!

  
Status
Archived

  
Status
Confirmed

  
Status
Duplicate

  
Status
Needs Info from Developers

  
Status
Needs Information from User

  
Status
Needs Triage

  
Status
Resolved

  
Type
Bug

  
Type
Design

  
Type
Known Issue

  
Type
Patch

  
Type
Report

  
Type
To Do

No Label
Interest
Alembic
Interest
Animation & Rigging
Interest
Asset Browser
Interest
Asset Browser Project Overview
Interest
Audio
Interest
Automated Testing
Interest
Blender Asset Bundle
Interest
BlendFile
Interest
Collada
Interest
Compatibility
Interest
Compositing
Interest
Core
Interest
Cycles
Interest
Dependency Graph
Interest
Development Management
Interest
EEVEE
Interest
EEVEE & Viewport
Interest
Freestyle
Interest
Geometry Nodes
Interest
Grease Pencil
Interest
ID Management
Interest
Images & Movies
Interest
Import Export
Interest
Line Art
Interest
Masking
Interest
Metal
Interest
Modeling
Interest
Modifiers
Interest
Motion Tracking
Interest
Nodes & Physics
Interest
OpenGL
Interest
Overlay
Interest
Overrides
Interest
Performance
Interest
Physics
Interest
Pipeline, Assets & IO
Interest
Platforms, Builds & Tests
Interest
Python API
Interest
Render & Cycles
Interest
Render Pipeline
Interest
Sculpt, Paint & Texture
Interest
Text Editor
Interest
Translations
Interest
Triaging
Interest
Undo
Interest
USD
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Interest
Video Sequencer
Interest
Virtual Reality
Interest
Vulkan
Interest
Wayland
Interest
Workbench
Legacy
Blender 2.8 Project
Legacy
Milestone 1: Basic, Local Asset Browser
Legacy
OpenGL Error
Meta
Good First Issue
Meta
Papercut
Meta
Retrospective
Meta
Security
Module
Animation & Rigging
Module
Core
Module
Development Management
Module
EEVEE & Viewport
Module
Grease Pencil
Module
Modeling
Module
Nodes & Physics
Module
Pipeline, Assets & IO
Module
Platforms, Builds & Tests
Module
Python API
Module
Render & Cycles
Module
Sculpt, Paint & Texture
Module
Triaging
Module
User Interface
Module
VFX & Video
Platform
FreeBSD
Platform
Linux
Platform
macOS
Platform
Windows
Priority
High
Priority
Low
Priority
Normal
Priority
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
Milestone
Clear milestone
No items
No Milestone
3.6 LTS
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
5 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: blender/blender#110161
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?