blender
/
blender
133
398
Fork 578
Code Issues 6.3k Pull Requests 746 Projects 19 Wiki Activity

Bad data editing by during DEG evaluation? #53800

New Issue
Closed
opened 2018-01-16 12:51:54 +01:00 by Bastien Montagne · 14 comments
Bastien Montagne commented 2018-01-16 12:51:54 +01:00
Owner
Copy Link

Short description of error

Currently, creating a new static override from linked object in Blender (using spacebar-menu -> 'make_override') crashes in undo step creation code, due to use-after-free memory access.

Exact steps for others to reproduce the error

  • Use a Debug build of Blender with ASAN enabled.
  • From default startup, link an object.
  • Select that linked object.
  • Hit space, type in 'over' and execute make_override operator.
  • If it does not crash immediately, trying e.g. to select something else in the scene should trigger to bug.

Detailed ASAN trace:

=================================================================
==4409==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d00086e3e8 at pc 0x5636e9bd9438 bp 0x7ffdebbbfea0 sp 0x7ffdebbbfe98
READ of size 8 at 0x60d00086e3e8 thread T0
    - 0 0x5636e9bd9437 in rna_iterator_listbase_begin /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_access.c:4126
    - 1 0x5636e9ec9548 in rna_Object_collection_properties_begin /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_object.c:249
    - 2 0x5636e9edc65b in Object_collection_properties_begin /home/i74700deb64/blender/__work__/build_cmake_dbg/source/blender/makesrna/intern/rna_object_gen.c:1759
    - 3 0x5636e9bd2f74 in RNA_property_collection_begin /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_access.c:3335
    - 4 0x5636e9f579b0 in rna_property_override_diff_default /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_rna.c:1435
    - 5 0x5636e9beaec2 in rna_property_override_diff /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_access.c:7198
    - 6 0x5636e9bec2d2 in RNA_struct_override_matches /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_access.c:7415
    - 7 0x5636e96dc94e in BKE_override_static_operations_create /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/library_override.c:526
    - 8 0x5636e96dcd24 in BKE_main_override_static_operations_create /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/library_override.c:562
    - 9 0x5636e762659e in ED_undo_push /home/i74700deb64/blender/__work__/src/source/blender/editors/util/undo.c:87
    - 10 0x5636e7627157 in ED_undo_push_op /home/i74700deb64/blender/__work__/src/source/blender/editors/util/undo.c:250
    - 11 0x5636e700b197 in wm_operator_finished /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:830
    - 12 0x5636e700e13b in wm_operator_invoke /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1244
    - 13 0x5636e7011a17 in wm_handler_operator_call /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1907
    - 14 0x5636e70133a1 in wm_handlers_do_intern /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2187
    - 15 0x5636e701487a in wm_handlers_do /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2448
    - 16 0x5636e7016bee in wm_event_do_handlers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2836
    - 17 0x5636e6ff4e56 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:521
    - 18 0x5636e6fea6b9 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:527
    - 19 0x7f4497e46f29 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20f29)
    #20 0x5636e6fe9979 in _start (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x37b9979)

0x60d00086e3e8 is located 104 bytes inside of 136-byte region [0x60d00086e380,0x60d00086e408)
freed by thread T14 here:
    - 0 0x7f44a3e4b8c8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd98c8)
    - 1 0x5636ea8806d7 in MEM_lockfree_freeN /home/i74700deb64/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:164
    - 2 0x5636e993ea1b in idproperty_reset /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/layer.c:2068
    - 3 0x5636e993ec93 in BKE_layer_eval_layer_collection_pre /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/layer.c:2085
    - 4 0x5636ea357089 in void std::__invoke_impl<void, void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>(std::__invoke_other, void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*&&, ID*&, ViewLayer*&) /usr/include/c++/7/bits/invoke.h:60
    - 5 0x5636ea356b44 in std::__invoke_result<void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>::type std::__invoke<void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>(void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*&&, ID*&, ViewLayer*&) /usr/include/c++/7/bits/invoke.h:95
    - 6 0x5636ea3564ac in void std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)>::__call<void, EvaluationContext*&&, 0ul, 1ul, 2ul>(std::tuple<EvaluationContext*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/7/functional:467
    - 7 0x5636ea355a43 in void std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)>::operator()<EvaluationContext*, void>(EvaluationContext*&&) /usr/include/c++/7/functional:551
    - 8 0x5636ea354cdf in std::_Function_handler<void (EvaluationContext*), std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)> >::_M_invoke(std::_Any_data const&, EvaluationContext*&&) /usr/include/c++/7/bits/std_function.h:316
    - 9 0x5636ea33e4fe in std::function<void (EvaluationContext*)>::operator()(EvaluationContext*) const /usr/include/c++/7/bits/std_function.h:706
    - 10 0x5636ea33cc74 in deg_task_run_func /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval.cc:93
    - 11 0x5636ea2bea7c in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:441
    #12 0x7f44a1f7f519 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7519)

previously allocated by thread T0 here:
    - 0 0x7f44a3e4bdf8 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd9df8)
    - 1 0x5636ea880bdd in MEM_lockfree_callocN /home/i74700deb64/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:281
    - 2 0x5636e96793fb in IDP_New /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/idprop.c:1033
    - 3 0x5636e993ea33 in idproperty_reset /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/layer.c:2070
    - 4 0x5636e993ec93 in BKE_layer_eval_layer_collection_pre /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/layer.c:2085
    - 5 0x5636ea357089 in void std::__invoke_impl<void, void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>(std::__invoke_other, void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*&&, ID*&, ViewLayer*&) /usr/include/c++/7/bits/invoke.h:60
    - 6 0x5636ea356b44 in std::__invoke_result<void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>::type std::__invoke<void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>(void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*&&, ID*&, ViewLayer*&) /usr/include/c++/7/bits/invoke.h:95
    - 7 0x5636ea3564ac in void std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)>::__call<void, EvaluationContext*&&, 0ul, 1ul, 2ul>(std::tuple<EvaluationContext*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/7/functional:467
    - 8 0x5636ea355a43 in void std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)>::operator()<EvaluationContext*, void>(EvaluationContext*&&) /usr/include/c++/7/functional:551
    - 9 0x5636ea354cdf in std::_Function_handler<void (EvaluationContext*), std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)> >::_M_invoke(std::_Any_data const&, EvaluationContext*&&) /usr/include/c++/7/bits/std_function.h:316
    - 10 0x5636ea33e4fe in std::function<void (EvaluationContext*)>::operator()(EvaluationContext*) const /usr/include/c++/7/bits/std_function.h:706
    - 11 0x5636ea33cc74 in deg_task_run_func /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval.cc:93
    - 12 0x5636ea2c24b5 in BLI_task_pool_work_and_wait /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:893
    - 13 0x5636ea33e379 in DEG::deg_evaluate_on_refresh(EvaluationContext*, DEG::Depsgraph*) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval.cc:263
    - 14 0x5636ea2ef491 in DEG_evaluate_on_refresh /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/depsgraph_eval.cc:106
    - 15 0x5636e9962b79 in BKE_scene_graph_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1434
    - 16 0x5636e9ac3dd1 in BKE_workspace_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/workspace.c:522
    - 17 0x5636e7007fab in wm_event_do_refresh_wm_and_depsgraph /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:342
    - 18 0x5636e7008f93 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:495
    - 19 0x5636e6ff4e62 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:524
    - 20 0x5636e6fea6b9 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:527
    - 21 0x7f4497e46f29 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20f29)

Thread T14 created by T0 here:
    - 0 0x7f44a3da9390 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37390)
    - 1 0x5636ea2bf3e4 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:504
    - 2 0x5636ea2c669e in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:176
    - 3 0x5636ea2c50f6 in BLI_task_parallel_range /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:1099
    - 4 0x5636ea342f8c in flush_prepare /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:104
    - 5 0x5636ea342f8c in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:264
    - 6 0x5636ea2f669e in DEG_graph_flush_update /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/depsgraph_tag.cc:428
    - 7 0x5636e9962b66 in BKE_scene_graph_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1430
    - 8 0x5636e9f693f6 in rna_Scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_scene_api.c:143
    - 9 0x5636e9f9c11a in Scene_update_call /home/i74700deb64/blender/__work__/build_cmake_dbg/source/blender/makesrna/intern/rna_scene_gen.c:8873
    - 10 0x5636e9be63ec in RNA_function_call /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_access.c:6475
    - 11 0x5636e83d537a in pyrna_func_call /home/i74700deb64/blender/__work__/src/source/blender/python/intern/bpy_rna.c:5682
    #12 0x7f44a302a218 in _PyObject_FastCallDict (/usr/lib/x86_64-linux-gnu/libpython3.6m.so.1.0+0x7c218)

So looks like RNA diffing code (called from 'undo_step' function) is accessing some Object's data (ID props), while that same data is being replaced in threaded scene update.

I might be wrong here, but to me allowing deg evaluation to mess with 'real' data is pure evil, afaik we are trying to avoid that completely with CoW? But still, would be better to avoid that kind of behavior, this can also crash randomly when accessing data from py script (including UI) e.g.

Worth noting that with CoW enabled, it does not crash, btw.

**Short description of error** Currently, creating a new static override from linked object in Blender (using spacebar-menu -> 'make_override') crashes in undo step creation code, due to use-after-free memory access. **Exact steps for others to reproduce the error** * Use a Debug build of Blender with ASAN enabled. * From default startup, link an object. * Select that linked object. * Hit space, type in 'over' and execute make_override operator. * If it does not crash immediately, trying e.g. to select something else in the scene should trigger to bug. Detailed ASAN trace: ``` ================================================================= ==4409==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d00086e3e8 at pc 0x5636e9bd9438 bp 0x7ffdebbbfea0 sp 0x7ffdebbbfe98 READ of size 8 at 0x60d00086e3e8 thread T0 - 0 0x5636e9bd9437 in rna_iterator_listbase_begin /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_access.c:4126 - 1 0x5636e9ec9548 in rna_Object_collection_properties_begin /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_object.c:249 - 2 0x5636e9edc65b in Object_collection_properties_begin /home/i74700deb64/blender/__work__/build_cmake_dbg/source/blender/makesrna/intern/rna_object_gen.c:1759 - 3 0x5636e9bd2f74 in RNA_property_collection_begin /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_access.c:3335 - 4 0x5636e9f579b0 in rna_property_override_diff_default /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_rna.c:1435 - 5 0x5636e9beaec2 in rna_property_override_diff /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_access.c:7198 - 6 0x5636e9bec2d2 in RNA_struct_override_matches /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_access.c:7415 - 7 0x5636e96dc94e in BKE_override_static_operations_create /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/library_override.c:526 - 8 0x5636e96dcd24 in BKE_main_override_static_operations_create /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/library_override.c:562 - 9 0x5636e762659e in ED_undo_push /home/i74700deb64/blender/__work__/src/source/blender/editors/util/undo.c:87 - 10 0x5636e7627157 in ED_undo_push_op /home/i74700deb64/blender/__work__/src/source/blender/editors/util/undo.c:250 - 11 0x5636e700b197 in wm_operator_finished /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:830 - 12 0x5636e700e13b in wm_operator_invoke /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1244 - 13 0x5636e7011a17 in wm_handler_operator_call /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1907 - 14 0x5636e70133a1 in wm_handlers_do_intern /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2187 - 15 0x5636e701487a in wm_handlers_do /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2448 - 16 0x5636e7016bee in wm_event_do_handlers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2836 - 17 0x5636e6ff4e56 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:521 - 18 0x5636e6fea6b9 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:527 - 19 0x7f4497e46f29 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20f29) #20 0x5636e6fe9979 in _start (/home/i74700deb64/blender/__work__/build_cmake_dbg/bin/blender+0x37b9979) 0x60d00086e3e8 is located 104 bytes inside of 136-byte region [0x60d00086e380,0x60d00086e408) freed by thread T14 here: - 0 0x7f44a3e4b8c8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd98c8) - 1 0x5636ea8806d7 in MEM_lockfree_freeN /home/i74700deb64/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:164 - 2 0x5636e993ea1b in idproperty_reset /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/layer.c:2068 - 3 0x5636e993ec93 in BKE_layer_eval_layer_collection_pre /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/layer.c:2085 - 4 0x5636ea357089 in void std::__invoke_impl<void, void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>(std::__invoke_other, void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*&&, ID*&, ViewLayer*&) /usr/include/c++/7/bits/invoke.h:60 - 5 0x5636ea356b44 in std::__invoke_result<void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>::type std::__invoke<void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>(void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*&&, ID*&, ViewLayer*&) /usr/include/c++/7/bits/invoke.h:95 - 6 0x5636ea3564ac in void std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)>::__call<void, EvaluationContext*&&, 0ul, 1ul, 2ul>(std::tuple<EvaluationContext*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/7/functional:467 - 7 0x5636ea355a43 in void std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)>::operator()<EvaluationContext*, void>(EvaluationContext*&&) /usr/include/c++/7/functional:551 - 8 0x5636ea354cdf in std::_Function_handler<void (EvaluationContext*), std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)> >::_M_invoke(std::_Any_data const&, EvaluationContext*&&) /usr/include/c++/7/bits/std_function.h:316 - 9 0x5636ea33e4fe in std::function<void (EvaluationContext*)>::operator()(EvaluationContext*) const /usr/include/c++/7/bits/std_function.h:706 - 10 0x5636ea33cc74 in deg_task_run_func /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval.cc:93 - 11 0x5636ea2bea7c in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:441 #12 0x7f44a1f7f519 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7519) previously allocated by thread T0 here: - 0 0x7f44a3e4bdf8 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd9df8) - 1 0x5636ea880bdd in MEM_lockfree_callocN /home/i74700deb64/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:281 - 2 0x5636e96793fb in IDP_New /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/idprop.c:1033 - 3 0x5636e993ea33 in idproperty_reset /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/layer.c:2070 - 4 0x5636e993ec93 in BKE_layer_eval_layer_collection_pre /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/layer.c:2085 - 5 0x5636ea357089 in void std::__invoke_impl<void, void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>(std::__invoke_other, void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*&&, ID*&, ViewLayer*&) /usr/include/c++/7/bits/invoke.h:60 - 6 0x5636ea356b44 in std::__invoke_result<void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>::type std::__invoke<void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*, ID*&, ViewLayer*&>(void (*&)(EvaluationContext const*, ID*, ViewLayer*), EvaluationContext*&&, ID*&, ViewLayer*&) /usr/include/c++/7/bits/invoke.h:95 - 7 0x5636ea3564ac in void std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)>::__call<void, EvaluationContext*&&, 0ul, 1ul, 2ul>(std::tuple<EvaluationContext*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/7/functional:467 - 8 0x5636ea355a43 in void std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)>::operator()<EvaluationContext*, void>(EvaluationContext*&&) /usr/include/c++/7/functional:551 - 9 0x5636ea354cdf in std::_Function_handler<void (EvaluationContext*), std::_Bind<void (*(std::_Placeholder<1>, ID*, ViewLayer*))(EvaluationContext const*, ID*, ViewLayer*)> >::_M_invoke(std::_Any_data const&, EvaluationContext*&&) /usr/include/c++/7/bits/std_function.h:316 - 10 0x5636ea33e4fe in std::function<void (EvaluationContext*)>::operator()(EvaluationContext*) const /usr/include/c++/7/bits/std_function.h:706 - 11 0x5636ea33cc74 in deg_task_run_func /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval.cc:93 - 12 0x5636ea2c24b5 in BLI_task_pool_work_and_wait /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:893 - 13 0x5636ea33e379 in DEG::deg_evaluate_on_refresh(EvaluationContext*, DEG::Depsgraph*) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval.cc:263 - 14 0x5636ea2ef491 in DEG_evaluate_on_refresh /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/depsgraph_eval.cc:106 - 15 0x5636e9962b79 in BKE_scene_graph_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1434 - 16 0x5636e9ac3dd1 in BKE_workspace_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/workspace.c:522 - 17 0x5636e7007fab in wm_event_do_refresh_wm_and_depsgraph /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:342 - 18 0x5636e7008f93 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:495 - 19 0x5636e6ff4e62 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:524 - 20 0x5636e6fea6b9 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:527 - 21 0x7f4497e46f29 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20f29) Thread T14 created by T0 here: - 0 0x7f44a3da9390 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37390) - 1 0x5636ea2bf3e4 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:504 - 2 0x5636ea2c669e in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:176 - 3 0x5636ea2c50f6 in BLI_task_parallel_range /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:1099 - 4 0x5636ea342f8c in flush_prepare /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:104 - 5 0x5636ea342f8c in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:264 - 6 0x5636ea2f669e in DEG_graph_flush_update /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/depsgraph_tag.cc:428 - 7 0x5636e9962b66 in BKE_scene_graph_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1430 - 8 0x5636e9f693f6 in rna_Scene_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_scene_api.c:143 - 9 0x5636e9f9c11a in Scene_update_call /home/i74700deb64/blender/__work__/build_cmake_dbg/source/blender/makesrna/intern/rna_scene_gen.c:8873 - 10 0x5636e9be63ec in RNA_function_call /home/i74700deb64/blender/__work__/src/source/blender/makesrna/intern/rna_access.c:6475 - 11 0x5636e83d537a in pyrna_func_call /home/i74700deb64/blender/__work__/src/source/blender/python/intern/bpy_rna.c:5682 #12 0x7f44a302a218 in _PyObject_FastCallDict (/usr/lib/x86_64-linux-gnu/libpython3.6m.so.1.0+0x7c218) ``` So looks like RNA diffing code (called from 'undo_step' function) is accessing some Object's data (ID props), while that same data is being replaced in threaded scene update. I might be wrong here, but to me allowing deg evaluation to mess with 'real' data is pure evil, afaik we are trying to avoid that completely with CoW? But still, would be better to avoid that kind of behavior, this can also crash randomly when accessing data from py script (including UI) e.g. Worth noting that with CoW enabled, it does not crash, btw.
Bastien Montagne commented 2018-01-16 12:51:54 +01:00
Author
Owner
Copy Link

Added subscriber: @mont29

Added subscriber: @mont29
Bastien Montagne commented 2018-01-16 12:52:17 +01:00
Author
Owner
Copy Link

Added subscriber: @dfelinto

Added subscriber: @dfelinto
Dalai Felinto was assigned by Bastien Montagne 2018-01-16 14:02:31 +01:00
Dalai Felinto commented 2018-03-19 22:23:40 +01:00
Owner
Copy Link

Good news, I managed to reproduce this in a unit test: P638. I'm still not sure of what is going on though.

Good news, I managed to reproduce this in a unit test: [P638](https://archive.blender.org/developer/P638.txt). I'm still not sure of what is going on though.
Dalai Felinto commented 2018-03-20 21:23:27 +01:00
Owner
Copy Link

Technically we can remove this (ob.collection_properties) from the RNA. I added it there mostly because of the unittests - this way I could see if the dynamic override system was working.

I would rather not remove it though. Can't we flag some RNA properties to be skipped from RNA diff? Or is this the only real-time data that is exposed via RNA (and written in threads)?

That won't change the fact that we are indeed creating run-time evaluation data in depsgraph. But I don't see the issue of this. It's not different than setting object final visibility via depsgraph, stored in its ob->base_flag.

Technically we can remove this (`ob.collection_properties`) from the RNA. I added it there mostly because of the unittests - this way I could see if the dynamic override system was working. I would rather not remove it though. Can't we flag some RNA properties to be skipped from RNA diff? Or is this the only real-time data that is exposed via RNA (and written in threads)? That won't change the fact that we are indeed creating run-time evaluation data in depsgraph. But I don't see the issue of this. It's not different than setting object final visibility via depsgraph, stored in its `ob->base_flag`.
Sergey Sharybin commented 2018-03-21 17:37:09 +01:00
Owner
Copy Link

Added subscriber: @Sergey

Added subscriber: @Sergey
Sergey Sharybin commented 2018-03-21 17:37:09 +01:00
Owner
Copy Link

This is either due to missed update flush to the object (which could be fixed from dependency graph side). But it is also very well possible is that flush is not needed on that object, and that you're just referencing freed data. Similar to what could happen with other evaluated data, like derived mesh.

On the one hand, you should skip evaluated data from diff. But on another hand, you can not skip object's data which will both be holding original datablock (for data from bmain) or evaluated datablock (for objects from depsgraph).

I would also think that make override should operate on the original datablock, which will not reference anything from it's collection properties. So, making CoW enabled by default (and not allowing to disable it) would solve the issue.

This is either due to missed update flush to the object (which could be fixed from dependency graph side). But it is also very well possible is that flush is not needed on that object, and that you're just referencing freed data. Similar to what could happen with other evaluated data, like derived mesh. On the one hand, you should skip evaluated data from diff. But on another hand, you can not skip object's data which will both be holding original datablock (for data from bmain) or evaluated datablock (for objects from depsgraph). I would also think that make override should operate on the original datablock, which will not reference anything from it's collection properties. So, making CoW enabled by default (and not allowing to disable it) would solve the issue.
Dalai Felinto removed their assignment 2018-03-23 23:57:16 +01:00
Bastien Montagne was assigned by Dalai Felinto 2018-03-23 23:57:16 +01:00
Dalai Felinto commented 2018-03-23 23:57:16 +01:00
Owner
Copy Link

As discussed over IRC with Bastien, this can be fixed by ignoring real-time evaluated properties for the RNA diff 0c753c1dc4.

As discussed over IRC with Bastien, this can be fixed by ignoring real-time evaluated properties for the RNA diff 0c753c1dc4a.
Bastien Montagne commented 2018-03-26 10:38:49 +02:00
Author
Owner
Copy Link

@dfelinto I will do that yes (though I could not reproduce crash with current blender2.8 anymore… go figure).

Point remains, that imho it should not be allowed for threaded depsgraph to directly affect data, not when something else might be running in main thread. Am a bit wondering how it is possible actually for main thread to be doing undo step, while depsgraph is running in some other threads? Is new deg using a deferred/background? I would expect DEG to call 'process tasks and wait' from main thread…

@dfelinto I will do that yes (though I could not reproduce crash with current blender2.8 anymore… go figure). Point remains, that imho it should not be allowed for threaded depsgraph to directly affect data, not when something else might be running in main thread. Am a bit wondering how it is possible actually for main thread to be doing undo step, while depsgraph is running in some other threads? Is new deg using a deferred/background? I would expect DEG to call 'process tasks and wait' from main thread…
blender-admin commented 2018-03-26 10:41:31 +02:00
Copy Link

This issue was referenced by 13f80a152a

This issue was referenced by 13f80a152a3a84286330b1bc6d9818279b976e91
Bastien Montagne commented 2018-03-26 10:43:25 +02:00
Author
Owner
Copy Link

Changed status from 'Open' to: 'Resolved'

Changed status from 'Open' to: 'Resolved'
Sergey Sharybin commented 2018-03-26 10:55:25 +02:00
Owner
Copy Link

@mont29, the only case when depsgraph might change some of the data is for things like material review. But those don't use objects from main bmain, only materials are shared and no write to them is happening to my knowledge. Undo step is supposed to stop all the running jobs.

Depsgraph does not do any deferred tasks, all its threads are done after DEG_evaluate_on_refresh() and DEG_evaluate_on_framechange() are done.

Possible reasons why depsgraph threads are active during undo:

  • Preview job is still running (which is not supposed to happen).
  • Memory compression which is sort of deferred thread is running (though, not sure it will do anything with the depsgraph).

Are you sure there are depsgraph threads active during undo? To me it seems more like due to changes in relations, some of the runtime only-data is not evaluated/assigned by dependency graph (since object is no longer in the graph or so), but is being accessed by generic RNA traversal algorithm (which dereferences previously assigned pointer).

@mont29, the only case when depsgraph might change some of the data is for things like material review. But those don't use objects from main bmain, only materials are shared and no write to them is happening to my knowledge. Undo step is supposed to stop all the running jobs. Depsgraph does not do any deferred tasks, all its threads are done after `DEG_evaluate_on_refresh()` and `DEG_evaluate_on_framechange()` are done. Possible reasons why depsgraph threads are active during undo: - Preview job is still running (which is not supposed to happen). - Memory compression which is sort of deferred thread is running (though, not sure it will do anything with the depsgraph). Are you sure there are depsgraph threads active during undo? To me it seems more like due to changes in relations, some of the runtime only-data is not evaluated/assigned by dependency graph (since object is no longer in the graph or so), but is being accessed by generic RNA traversal algorithm (which dereferences previously assigned pointer).
Bastien Montagne commented 2018-03-26 14:05:54 +02:00
Author
Owner
Copy Link

@Sergey It’s hard to be sure of anything, especially since I cannot reproduce the issue anymore currently. But, reading ASAN report from initial post:

  • Thread0: RNA accessor of Object.collection_properties merely accesses (DNA) Object.base_collection_properties, which is not NULL but points to freed memory
  • Thread14: That memory has been freed by some DEG-called layer process, which ends up calling idproperty_reset(), and that func immediately re-assign object->base_collection_properties with newly allocated mem.

I’m not sure to see how this access-after-free could happen, besides a concurrent situation between execution of RNA accessor (from undo code) and idproperty_reset (from DEG)?

Note that thread14 is created from DEG_graph_flush_update(), triggered from RNA's Scene.update() (py API), not regular DEG process I believe? At least, it does not seem to go through DEG_evaluate_on_refresh() nor DEG_evaluate_on_framechange()

@Sergey It’s hard to be sure of anything, especially since I cannot reproduce the issue anymore currently. But, reading ASAN report from initial post: * Thread0: RNA accessor of Object.collection_properties merely accesses (DNA) Object.base_collection_properties, which is not NULL but points to freed memory * Thread14: That memory has been freed by some DEG-called layer process, which ends up calling `idproperty_reset()`, and that func immediately re-assign object->base_collection_properties with newly allocated mem. I’m not sure to see how this access-after-free could happen, besides a concurrent situation between execution of RNA accessor (from undo code) and idproperty_reset (from DEG)? Note that thread14 is created from `DEG_graph_flush_update()`, triggered from RNA's Scene.update() (py API), not regular DEG process I believe? At least, it does not seem to go through `DEG_evaluate_on_refresh()` nor `DEG_evaluate_on_framechange()`…
Sergey Sharybin commented 2018-03-26 14:20:45 +02:00
Owner
Copy Link

@mont29, this doesn't necessarily mean that both threads are running outside. What could be happening is:

  • Thread 0 invokes depsgraph update
  • Depsgraph updates relations, kicks out some object from it
  • Thread 14 updates scene collections, freeing old ID properties, allocating new ones.
  • Depsgraph update is done
  • Thread 0 continues to work, accesses object which was somewhere in the past evaluated, but is NOT evaluated by the depsgraph update from few lines above.
  • You have crash.

Either that, or object is not tagged for update, and hence it doesn't receive updated pointer for collection properties.

The point here is: it is not necessarily a concurrent access, such a bad memory access might happen in a "linear" fashion.

What we can try doing, is to NULL all runtime fields when object goes away from graph. But don't think it's really needed to be done now, with CoW this will happen auto-magically: evaluated fields will only be written to object owned by Depsgraph. So undo system will not see them. And then, if some object is not part of depsgraph anymore, it is gone forever.

@mont29, this doesn't necessarily mean that both threads are running outside. What could be happening is: - Thread 0 invokes depsgraph update - Depsgraph updates relations, kicks out some object from it - Thread 14 updates scene collections, freeing old ID properties, allocating new ones. - Depsgraph update is done - Thread 0 continues to work, accesses object which was somewhere in the past evaluated, but is NOT evaluated by the depsgraph update from few lines above. - You have crash. Either that, or object is not tagged for update, and hence it doesn't receive updated pointer for collection properties. The point here is: it is not necessarily a concurrent access, such a bad memory access might happen in a "linear" fashion. What we can try doing, is to NULL all runtime fields when object goes away from graph. But don't think it's really needed to be done now, with CoW this will happen auto-magically: evaluated fields will only be written to object owned by Depsgraph. So undo system will not see them. And then, if some object is not part of depsgraph anymore, it is gone forever.
Bastien Montagne commented 2018-03-26 15:02:07 +02:00
Author
Owner
Copy Link

Yes, agree that CoW should make that kind of issue history, so let’s wait and hope for the Mighty CoW! :)

Yes, agree that CoW should make that kind of issue history, so let’s wait and hope for the Mighty CoW! :)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
brush-assets-project
universal-scene-description
fix-121021
blender-v4.1-release
blender-v3.3-release
blender-v3.6-release
blender-v3.6-temp_wmoss_animrig_public
temp-sculpt-dyntopo
gpencil-next
anim/animation-id-113594
blender-v4.0-release
blender-projects-basics
bridge-curves
sculpt-blender
asset-browser-frontend-split
asset-shelf
tmp-usd-python-mtl
tmp-usd-3.6
blender-v3.5-release
blender-v2.93-release
realtime-clock
sculpt-dev
bevelv2
xr-dev
v4.1.1
v3.6.11
v3.3.18
v4.1.0
v3.3.17
v3.6.10
v3.6.9
v3.3.16
v3.6.8
v3.6.7
v3.3.14
v4.0.2
v4.0.1
v4.0.0
v3.6.5
v3.3.12
v3.6.4
v3.6.3
v3.3.11
v3.6.2
v3.3.10
v3.6.1
v3.3.9
v3.6.0
v3.3.8
v3.3.7
v2.93.18
v3.5.1
v3.3.6
v2.93.17
v3.5.0
v2.93.16
v3.3.5
v3.3.4
v2.93.15
v2.93.14
v3.3.3
v2.93.13
v2.93.12
v3.4.1
v3.3.2
v3.4.0
v3.3.1
v2.93.11
v3.3.0
v3.2.2
v2.93.10
v3.2.1
v3.2.0
v2.83.20
v2.93.9
v3.1.2
v3.1.1
v3.1.0
v2.83.19
v2.93.8
v3.0.1
v2.93.7
v3.0.0
v2.93.6
v2.93.5
v2.83.18
v2.93.4
v2.93.3
v2.83.17
v2.93.2
v2.93.1
v2.83.16
v2.93.0
v2.83.15
v2.83.14
v2.83.13
v2.92.0
v2.83.12
v2.91.2
v2.83.10
v2.91.0
v2.83.9
v2.83.8
v2.83.7
v2.90.1
v2.83.6.1
v2.83.6
v2.90.0
v2.83.5
v2.83.4
v2.83.3
v2.83.2
v2.83.1
v2.83
v2.82a
v2.82
v2.81a
v2.81
v2.80
v2.80-rc3
v2.80-rc2
v2.80-rc1
v2.79b
v2.79a
v2.79
v2.79-rc2
v2.79-rc1
v2.78c
v2.78b
v2.78a
v2.78
v2.78-rc2
v2.78-rc1
v2.77a
v2.77
v2.77-rc2
v2.77-rc1
v2.76b
v2.76a
v2.76
v2.76-rc3
v2.76-rc2
v2.76-rc1
v2.75a
v2.75
v2.75-rc2
v2.75-rc1
v2.74
v2.74-rc4
v2.74-rc3
v2.74-rc2
v2.74-rc1
v2.73a
v2.73
v2.73-rc1
v2.72b
2.72b
v2.72a
v2.72
v2.72-rc1
v2.71
v2.71-rc2
v2.71-rc1
v2.70a
v2.70
v2.70-rc2
v2.70-rc
v2.69
v2.68a
v2.68
v2.67b
v2.67a
v2.67
v2.66a
v2.66
v2.65a
v2.65
v2.64a
v2.64
v2.63a
v2.63
v2.61
v2.60a
v2.60
v2.59
v2.58a
v2.58
v2.57b
v2.57a
v2.57
v2.56a
v2.56
v2.55
v2.54
v2.53
v2.52
v2.51
v2.50
v2.49b
v2.49a
v2.49
v2.48a
v2.48
v2.47
v2.46
v2.45
v2.44
v2.43
v2.42a
v2.42
v2.41
v2.40
v2.37a
v2.37
v2.36
v2.35a
v2.35
v2.34
v2.33a
v2.33
v2.32
v2.31a
v2.31
v2.30
v2.28c
v2.28a
v2.28
v2.27
v2.26
v2.25
Labels
Clear labels   
Interest
Alembic

  
Interest
Animation & Rigging

  
Interest
Asset Browser

  
Interest
Asset Browser Project Overview

  
Interest
Audio

  
Interest
Automated Testing

  
Interest
Blender Asset Bundle

  
Interest
BlendFile

  
Interest
Collada

  
Interest
Compatibility
This issue affects/is about backward or forward compatibility

  
Interest
Compositing

  
Interest
Core

  
Interest
Cycles

  
Interest
Dependency Graph

  
Interest
Development Management

  
Interest
EEVEE

  
Interest
EEVEE & Viewport

  
Interest
Freestyle

  
Interest
Geometry Nodes

  
Interest
Grease Pencil

  
Interest
ID Management

  
Interest
Images & Movies

  
Interest
Import Export

  
Interest
Line Art

  
Interest
Masking

  
Interest
Metal

  
Interest
Modeling

  
Interest
Modifiers

  
Interest
Motion Tracking

  
Interest
Nodes & Physics

  
Interest
OpenGL

  
Interest
Overlay

  
Interest
Overrides

  
Interest
Performance

  
Interest
Physics

  
Interest
Pipeline, Assets & IO

  
Interest
Platforms, Builds & Tests

  
Interest
Python API

  
Interest
Render & Cycles

  
Interest
Render Pipeline

  
Interest
Sculpt, Paint & Texture

  
Interest
Text Editor

  
Interest
Translations

  
Interest
Triaging

  
Interest
Undo

  
Interest
USD

  
Interest
User Interface

  
Interest
UV Editing

  
Interest
VFX & Video

  
Interest
Video Sequencer

  
Interest
Virtual Reality

  
Interest
Vulkan

  
Interest
Wayland
Issues relating to Wayland windowing support.

  
Interest
Workbench

  
Interest: X11

Issues relating to Xorg/X11 support.

  
Legacy
Blender 2.8 Project

  
Legacy
Milestone 1: Basic, Local Asset Browser

  
Legacy
OpenGL Error

  
Meta
Good First Issue

  
Meta
Papercut

  
Meta
Retrospective

  
Meta
Security
Issues relating to security: https://wiki.blender.org/wiki/Process/Vulnerability_Reports

  
Module
Animation & Rigging

  
Module
Core

  
Module
Development Management

  
Module
EEVEE & Viewport

  
Module
Grease Pencil

  
Module
Modeling

  
Module
Nodes & Physics

  
Module
Pipeline, Assets & IO

  
Module
Platforms, Builds & Tests

  
Module
Python API

  
Module
Render & Cycles

  
Module
Sculpt, Paint & Texture

  
Module
Triaging

  
Module
User Interface

  
Module
VFX & Video

  
Platform
FreeBSD

  
Platform
Linux

  
Platform
macOS

  
Platform
Windows

  
Priority
High

  
Priority
Low

  
Priority
Normal

  
Priority
Unbreak Now!

  
Status
Archived

  
Status
Confirmed

  
Status
Duplicate

  
Status
Needs Info from Developers

  
Status
Needs Information from User

  
Status
Needs Triage

  
Status
Resolved

  
Type
Bug

  
Type
Design

  
Type
Known Issue

  
Type
Patch

  
Type
Report

  
Type
To Do

No Label
Interest
Alembic
Interest
Animation & Rigging
Interest
Asset Browser
Interest
Asset Browser Project Overview
Interest
Audio
Interest
Automated Testing
Interest
Blender Asset Bundle
Interest
BlendFile
Interest
Collada
Interest
Compatibility
Interest
Compositing
Interest
Core
Interest
Cycles
Interest
Dependency Graph
Interest
Development Management
Interest
EEVEE
Interest
EEVEE & Viewport
Interest
Freestyle
Interest
Geometry Nodes
Interest
Grease Pencil
Interest
ID Management
Interest
Images & Movies
Interest
Import Export
Interest
Line Art
Interest
Masking
Interest
Metal
Interest
Modeling
Interest
Modifiers
Interest
Motion Tracking
Interest
Nodes & Physics
Interest
OpenGL
Interest
Overlay
Interest
Overrides
Interest
Performance
Interest
Physics
Interest
Pipeline, Assets & IO
Interest
Platforms, Builds & Tests
Interest
Python API
Interest
Render & Cycles
Interest
Render Pipeline
Interest
Sculpt, Paint & Texture
Interest
Text Editor
Interest
Translations
Interest
Triaging
Interest
Undo
Interest
USD
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Interest
Video Sequencer
Interest
Virtual Reality
Interest
Vulkan
Interest
Wayland
Interest
Workbench
Interest: X11
Legacy
Blender 2.8 Project
Legacy
Milestone 1: Basic, Local Asset Browser
Legacy
OpenGL Error
Meta
Good First Issue
Meta
Papercut
Meta
Retrospective
Meta
Security
Module
Animation & Rigging
Module
Core
Module
Development Management
Module
EEVEE & Viewport
Module
Grease Pencil
Module
Modeling
Module
Nodes & Physics
Module
Pipeline, Assets & IO
Module
Platforms, Builds & Tests
Module
Python API
Module
Render & Cycles
Module
Sculpt, Paint & Texture
Module
Triaging
Module
User Interface
Module
VFX & Video
Platform
FreeBSD
Platform
Linux
Platform
macOS
Platform
Windows
Priority
High
Priority
Low
Priority
Normal
Priority
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
Bastien Montagne
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: blender/blender#53800
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?