Maniphest T56437

Crash when entering Particle Edit mode
Closed, ResolvedPublic
Actions

Description

System Information
MacOS 10.12.6
3,49 GHz Intel Core i7
NVIDIA GeForce GTX 1070

Blender Version
Broken: (2.8 77e1942e0e1)

Blender crashes when applying hair particles and then entering Particle Edit mode

Exact steps for others to reproduce the error

On the default cube, add a new particle system and set it to hair
With the object selected, enter Particle Edit mode
Crash

Related Objects

Mentioned Here: rB77e1942e0e1e: Armature: Add ghosting support (old x-ray)

Event Timeline

William Reynish (billreynish) created this task.Aug 17 2018, 1:50 PM

No crash from me when switching from Object mode to ParticelEdit one.

@Sergey Sharybin (sergey), did get a crash when switching from ParticleEdit to Edit mode and back, though, mode switching code using some COW ID freed by depsgraph…

=================================================================
==14860==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e0000f4e18 at pc 0x55f4686ffe19 bp 0x7ffee0fcb320 sp 0x7ffee0fcb318
READ of size 8 at 0x60e0000f4e18 thread T0
    #0 0x55f4686ffe18 in recalc_emitter_field /home/i74700deb64/blender/__work__/src/source/blender/editors/physics/particle_edit.c:1301
    #1 0x55f468722e05 in particle_edit_toggle_exec /home/i74700deb64/blender/__work__/src/source/blender/editors/physics/particle_edit.c:4829
    #2 0x55f46787ab76 in wm_operator_invoke /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1331
    #3 0x55f46787bb4d in wm_operator_call_internal /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1516
    #4 0x55f46787bddc in WM_operator_name_call_ptr /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1564
    #5 0x55f46787be30 in WM_operator_name_call /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1570
    #6 0x55f468515e6f in ED_object_mode_toggle /home/i74700deb64/blender/__work__/src/source/blender/editors/object/object_modes.c:163
    #7 0x55f468513119 in object_mode_set_exec /home/i74700deb64/blender/__work__/src/source/blender/editors/object/object_edit.c:1648
    #8 0x55f46787ab76 in wm_operator_invoke /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1331
    #9 0x55f46787ecc2 in wm_handler_operator_call /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2040
    #10 0x55f467880710 in wm_handlers_do_intern /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2325
    #11 0x55f4678821a5 in wm_handlers_do /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2583
    #12 0x55f46788533d in wm_event_do_handlers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:3037
    #13 0x55f46786a24d in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:412
    #14 0x55f46785fded in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:525
    #15 0x7f84045adb16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16)
    #16 0x55f46785f1c9 in _start (/home/i74700deb64/blender/__work__/build_blender28_debug/bin/blender+0x333a1c9)

0x60e0000f4e18 is located 120 bytes inside of 152-byte region [0x60e0000f4da0,0x60e0000f4e38)
freed by thread T19 here:
    #0 0x7f840d842b50 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8b50)
    #1 0x55f46aff4d62 in MEM_lockfree_freeN /home/i74700deb64/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:164
    #2 0x55f469f57e9b in modifier_free_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:173
    #3 0x55f469fb4757 in BKE_object_free_modifiers /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:196
    #4 0x55f469fb5fa7 in BKE_object_free /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:471
    #5 0x55f469e93187 in BKE_libblock_free_datablock /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/library_remap.c:771
    #6 0x55f46aa986cf in DEG::deg_free_copy_on_write_datablock(ID*) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1004
    #7 0x55f46aa97f3a in DEG::deg_update_copy_on_write_datablock(DEG::Depsgraph const*, DEG::IDDepsNode const*) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:868
    #8 0x55f46aa98821 in DEG::deg_evaluate_copy_on_write(Depsgraph*, DEG::IDDepsNode const*) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1021
    #9 0x55f46aa6a799 in void std::__invoke_impl<void, void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>(std::__invoke_other, void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*&&, DEG::IDDepsNode*&) /usr/include/c++/8/bits/invoke.h:60
    #10 0x55f46aa68326 in std::__invoke_result<void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>::type std::__invoke<void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>(void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*&&, DEG::IDDepsNode*&) /usr/include/c++/8/bits/invoke.h:95
    #11 0x55f46aa657ca in void std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)>::__call<void, Depsgraph*&&, 0ul, 1ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/8/functional:400
    #12 0x55f46aa61001 in void std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/8/functional:484
    #13 0x55f46aa5b269 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/8/bits/std_function.h:297
    #14 0x55f46aa93927 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/8/bits/std_function.h:687
    #15 0x55f46aa91ff2 in deg_task_run_func /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval.cc:94
    #16 0x55f46aa05373 in handle_local_queue /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:419
    #17 0x55f46aa05373 in task_scheduler_thread_run /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:448
    #18 0x7f840bd71f29 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7f29)

previously allocated by thread T0 here:
    #0 0x7f840d8430b8 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe90b8)
    #1 0x55f46aff51e7 in MEM_lockfree_callocN /home/i74700deb64/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:282
    #2 0x55f469f57a94 in modifier_new /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/modifier.c:132
    #3 0x55f469fbb32b in BKE_object_copy_data /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/object.c:1263
    #4 0x55f469e5700b in BKE_id_copy_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/library.c:573
    #5 0x55f46aa95546 in id_copy_inplace_no_main /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:280
    #6 0x55f46aa96ca8 in DEG::deg_expand_copy_on_write_datablock(DEG::Depsgraph const*, DEG::IDDepsNode const*, DEG::DepsgraphNodeBuilder*, bool) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:660
    #7 0x55f46aa97f5a in DEG::deg_update_copy_on_write_datablock(DEG::Depsgraph const*, DEG::IDDepsNode const*) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:869
    #8 0x55f46aa98821 in DEG::deg_evaluate_copy_on_write(Depsgraph*, DEG::IDDepsNode const*) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1021
    #9 0x55f46aa6a799 in void std::__invoke_impl<void, void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>(std::__invoke_other, void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*&&, DEG::IDDepsNode*&) /usr/include/c++/8/bits/invoke.h:60
    #10 0x55f46aa68326 in std::__invoke_result<void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>::type std::__invoke<void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*, DEG::IDDepsNode*&>(void (*&)(Depsgraph*, DEG::IDDepsNode const*), Depsgraph*&&, DEG::IDDepsNode*&) /usr/include/c++/8/bits/invoke.h:95
    #11 0x55f46aa657ca in void std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)>::__call<void, Depsgraph*&&, 0ul, 1ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/8/functional:400
    #12 0x55f46aa61001 in void std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/8/functional:484
    #13 0x55f46aa5b269 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, DEG::IDDepsNode*))(Depsgraph*, DEG::IDDepsNode const*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/8/bits/std_function.h:297
    #14 0x55f46aa93927 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/8/bits/std_function.h:687
    #15 0x55f46aa91ff2 in deg_task_run_func /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval.cc:94
    #16 0x55f46aa08dd9 in handle_local_queue /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:419
    #17 0x55f46aa08dd9 in BLI_task_pool_work_and_wait /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:900
    #18 0x55f46aa936dc in DEG::deg_evaluate_on_refresh(DEG::Depsgraph*) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval.cc:276
    #19 0x55f46aa3d834 in DEG_evaluate_on_refresh /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/depsgraph_eval.cc:66
    #20 0x55f46a0f1a7d in BKE_scene_graph_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1429
    #21 0x55f467873847 in wm_event_do_depsgraph /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:336
    #22 0x55f467873a1a in wm_event_do_refresh_wm_and_depsgraph /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:362
    #23 0x55f467874ab4 in wm_event_do_notifiers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:518
    #24 0x55f46786a259 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:415
    #25 0x55f46785fded in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:525
    #26 0x7f84045adb16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16)

Thread T19 created by T0 here:
    #0 0x7f840d7a3ef0 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x49ef0)
    #1 0x55f46aa05956 in BLI_task_scheduler_create /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:504
    #2 0x55f46aa0cc8e in BLI_task_scheduler_get /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/threads.c:176
    #3 0x55f46aa0b6b0 in BLI_task_parallel_range /home/i74700deb64/blender/__work__/src/source/blender/blenlib/intern/task.c:1099
    #4 0x55f46aa99f99 in flush_prepare /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:122
    #5 0x55f46aa99f99 in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:359
    #6 0x55f46aa48242 in DEG_graph_flush_update /home/i74700deb64/blender/__work__/src/source/blender/depsgraph/intern/depsgraph_tag.cc:639
    #7 0x55f46a0f1a71 in BKE_scene_graph_update_tagged /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/scene.c:1425
    #8 0x55f467873847 in wm_event_do_depsgraph /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:336
    #9 0x55f467893823 in wm_file_read_post /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_files.c:493
    #10 0x55f4678951f4 in wm_homefile_read /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_files.c:897
    #11 0x55f4678a6740 in WM_init /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_init_exit.c:253
    #12 0x55f46785fad4 in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:438
    #13 0x7f84045adb16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16)

SUMMARY: AddressSanitizer: heap-use-after-free /home/i74700deb64/blender/__work__/src/source/blender/editors/physics/particle_edit.c:1301 in recalc_emitter_field
Shadow bytes around the buggy address:
  0x0c1c80016970: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
  0x0c1c80016980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c1c80016990: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c1c800169a0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c1c800169b0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c1c800169c0: fd fd fd[fd]fd fd fd fa fa fa fa fa fa fa fa fa
  0x0c1c800169d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c1c800169e0: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
  0x0c1c800169f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c1c80016a00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c1c80016a10: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==14860==ABORTING

The same here. Any attempt to enter in "Particle Edit" closes the software immediately. This with the last Beta, and with the previous Beta, and the alphas too.

MacOS 10.13.6 (High Sierra)
3,4 GHz Intel Core i5
NVIDIA GeForce GTX 780M 4Gb

Blender Version: v2.80.35

Brecht Van Lommel (brecht) edited projects, added BF Blender; removed BF Blender: 2.8.Dec 11 2018, 3:09 PM

Can not reproduce this anymore, but there were quite a few reports on all sort of mode switches and particle edit mode were addressed.

Thanks for the report, if the crash is still happening, please make a new report with simple .blend and steps to reproduce.

For me, whenever I create a 'Quick fur' from the starting cube, and tab into 'Edit Particle' mode, it still crashes instantly. ( Build - 6th of January )
I will try and figure out where my crash reports are hiding, and make a new bug report.

Thank you

@Kristian Emil (z01nk), please make a new bug report, with it's own steps and everything.

I am not sure what you mean by reports being hiding from you, as far as the bug tracker is concerned, you did not submit any reports yet.

If you're talking about text files with crash dump/backtraces, ignore them. Exact steps to reproduce the issue is more important anyway.

@Sergey Sharybin (sergey) yeah I thought attaching my text crash dump file, would help, but I don't know where it's being saved to. Anyways, if the exact steps are more important, I'll do that.

Thank you Sergey

Crash when entering Particle Edit modeClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

Crash when entering Particle Edit mode
Closed, ResolvedPublic
Actions