Page MenuHome
Create Task
Maniphest T56471

Crashes when extruding with snap setting turned on
Closed, DuplicatePublic
Actions

Description

System Information
Windows 10 and Nvidia Geforce GTX 960 , AMD FX 8300 3.30 Ghz , 16 gb
Also checked on the same PC with Linux Ubuntu 18.04 , and it have the same bug.
Blender Version
Broken: blender-2.80-5bd731b6730-win64 Aug 24 2018 02:35:49
also blender-2.80-0cf12dfc14f-linux-glibc219-x86_64 Aug 24 2018 01:28:24
Worked: (optional)

Crashes when extruding edges in edit mode with snap setting turned on

  1. Create a sphere, add to it Sub surf modifer, aplly it.
  2. Add new plane .Turn edit mode.
  3. Select 2 vertex or 1 edge .
  4. Turn on snapping ( to faces )
  5. Extrude few or more times edge on the sphere with snapping to the sphere. It will constantly crash.

On the sphere it crashes not so often ( maybe need around 20 times to extrude (to make crash ) . On more dense mesh (complex dynotopo head around 500 000 tris) crash is more often ( almost every extrude , 1 or 2 enough to make a crash).
If I turn off snapping , then all fine, no crashes.
Thanks for your work , you are awesome =) Good luck.
Also here is simple file with an explanation ( Just go in edit mode and extrude)

Snap_bug_report.blend5 MBDownload

Related Objects

Event Timeline

Andrey (andruxa696) created this task.Aug 20 2018, 11:08 PM
Charlie Jolly (charlie) added a subscriber: Charlie Jolly (charlie).Aug 21 2018, 4:46 PM

Confirmed after a bit of trial and error, MSVS2017, Windows 10 debug build, this information might help.

Bastien Montagne (mont29) lowered the priority of this task from 90 to 30.Aug 21 2018, 5:18 PM
Bastien Montagne (mont29) added a subscriber: Bastien Montagne (mont29).

Please follow our submission template and guidelines, also read these tips about bug reports, and make a complete, valid bug report, with required info, precise description of the issue (only ONE issue per report!), precise steps to reproduce it, small and simple .blend and/or other files to do so if needed, etc.

Andrey (andruxa696) updated the task description. (Show Details)Aug 24 2018, 12:08 PM
Andrey (andruxa696) added a comment.Aug 24 2018, 12:16 PM

Hi, I have changed description a little bit and added small and simple .blend file.
There also notes (grease pencil) in blend file , I hope it will help to reproduce this bug. I do not know what I need to add else to description to help you find error . I hope now you have enough information. Thanks and good luck.

Bastien Montagne (mont29) claimed this task.Sep 4 2018, 11:24 AM
Bastien Montagne (mont29) raised the priority of this task from 30 to 50.
Bastien Montagne (mont29) edited projects, added Modeling; removed BF Blender.

(painfully) managed to reproduce the crash once, but must admit I’m a bit puzzled by the ASAN backtrace…

=================================================================
==28350==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d0008b7488 at pc 0x555d1da4f094 bp 0x7ffc77d5e990 sp 0x7ffc77d5e988
READ of size 8 at 0x61d0008b7488 thread T0
    #0 0x555d1da4f093 in bvhtree_from_editmesh_looptri_create_tree /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/bvhutils.c:876
    #1 0x555d1da4ff35 in bvhtree_from_editmesh_looptri_ex /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/bvhutils.c:988
    #2 0x555d1bc0c46d in raycastEditMesh /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_snap_object.c:595
    #3 0x555d1bc0d494 in raycastObj /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_snap_object.c:741
    #4 0x555d1bc0d7e8 in raycast_obj_cb /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_snap_object.c:792
    #5 0x555d1bc0989e in iter_snap_objects /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_snap_object.c:229
    #6 0x555d1bc0dbc7 in raycastObjects /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_snap_object.c:857
    #7 0x555d1bc1b687 in transform_snap_context_project_view3d_mixed_impl /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_snap_object.c:2619
    #8 0x555d1bc1c1fe in ED_transform_snap_object_project_view3d_ex /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_snap_object.c:2726
    #9 0x555d1bc1c25b in ED_transform_snap_object_project_view3d /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_snap_object.c:2752
    #10 0x555d1bbfac9e in applyProject /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_snap.c:301
    #11 0x555d1bbb992a in recalcData_objects /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_generics.c:813
    #12 0x555d1bbbc536 in recalcData /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_generics.c:1110
    #13 0x555d1baf3fee in applyTranslation /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform.c:4909
    #14 0x555d1badfecd in transformApply /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform.c:2612
    #15 0x555d1bbe40e5 in transform_modal /home/i74700deb64/blender/__work__/src/source/blender/editors/transform/transform_ops.c:415
    #16 0x555d1b6d8cf5 in wm_macro_modal /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_operator_type.c:397
    #17 0x555d1b69eebe in wm_handler_operator_call /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1960
    #18 0x555d1b6a292e in wm_handlers_do_intern /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2546
    #19 0x555d1b6a2b74 in wm_handlers_do /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2585
    #20 0x555d1b6a560e in wm_event_do_handlers /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:2954
    #21 0x555d1b68ab88 in WM_main /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm.c:412
    #22 0x555d1b68061d in main /home/i74700deb64/blender/__work__/src/source/creator/creator.c:525
    #23 0x7f7397d08b16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16)
    #24 0x555d1b67f9f9 in _start (/home/i74700deb64/blender/__work__/build_blender28_debug/bin/blender+0x33519f9)

0x61d0008b7488 is located 8 bytes inside of 1976-byte region [0x61d0008b7480,0x61d0008b7c38)
freed by thread T0 here:
    #0 0x7f73a09f1b50 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8b50)
    #1 0x555d1ee4dd7e in MEM_lockfree_freeN /home/i74700deb64/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:164
    #2 0x555d1dbe2f4a in editmesh_tessface_calc_intern /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/editmesh.c:138
    #3 0x555d1dbe302d in BKE_editmesh_tessface_calc /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/editmesh.c:153
    #4 0x555d1c12d1be in EDBM_update_generic /home/i74700deb64/blender/__work__/src/source/blender/editors/mesh/editmesh_utils.c:1340
    #5 0x555d1c1750d8 in edbm_extrude_region_exec /home/i74700deb64/blender/__work__/src/source/blender/editors/mesh/editmesh_extrude.c:753
    #6 0x555d1b6d87fc in wm_macro_invoke_internal /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_operator_type.c:364
    #7 0x555d1b6d8a3f in wm_macro_invoke /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_operator_type.c:385
    #8 0x555d1b69b17a in wm_operator_invoke /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1321
    #9 0x555d1b69c483 in wm_operator_call_internal /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1516
    #10 0x555d1b69c9a8 in WM_operator_call_py /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1630
    #11 0x555d1c8b6134 in pyop_call /home/i74700deb64/blender/__work__/src/source/blender/python/intern/bpy_operator.c:245
    #12 0x7f739ff6875a in _PyCFunction_FastCallDict (/usr/lib/x86_64-linux-gnu/libpython3.6m.so.1.0+0x21375a)

previously allocated by thread T0 here:
    #0 0x7f73a09f1ed0 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8ed0)
    #1 0x555d1ee4e50e in MEM_lockfree_mallocN /home/i74700deb64/blender/__work__/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:318
    #2 0x555d1dbe2f97 in editmesh_tessface_calc_intern /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/editmesh.c:139
    #3 0x555d1dbe302d in BKE_editmesh_tessface_calc /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/editmesh.c:153
    #4 0x555d1c12d1be in EDBM_update_generic /home/i74700deb64/blender/__work__/src/source/blender/editors/mesh/editmesh_utils.c:1340
    #5 0x555d1c1750d8 in edbm_extrude_region_exec /home/i74700deb64/blender/__work__/src/source/blender/editors/mesh/editmesh_extrude.c:753
    #6 0x555d1b6d87fc in wm_macro_invoke_internal /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_operator_type.c:364
    #7 0x555d1b6d8a3f in wm_macro_invoke /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_operator_type.c:385
    #8 0x555d1b69b17a in wm_operator_invoke /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1321
    #9 0x555d1b69c483 in wm_operator_call_internal /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1516
    #10 0x555d1b69c9a8 in WM_operator_call_py /home/i74700deb64/blender/__work__/src/source/blender/windowmanager/intern/wm_event_system.c:1630
    #11 0x555d1c8b6134 in pyop_call /home/i74700deb64/blender/__work__/src/source/blender/python/intern/bpy_operator.c:245
    #12 0x7f739ff6875a in _PyCFunction_FastCallDict (/usr/lib/x86_64-linux-gnu/libpython3.6m.so.1.0+0x21375a)

SUMMARY: AddressSanitizer: heap-use-after-free /home/i74700deb64/blender/__work__/src/source/blender/blenkernel/intern/bvhutils.c:876 in bvhtree_from_editmesh_looptri_create_tree
Shadow bytes around the buggy address:
  0x0c3a8010ee40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3a8010ee50: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8010ee60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8010ee70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8010ee80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c3a8010ee90: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3a8010eea0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3a8010eeb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3a8010eec0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3a8010eed0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3a8010eee0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==28350==ABORTING

Smelling some COW issue again, as if BMEditMesh used in raycasting code was not the same as the one used to generate the looptris, but rather shallow COW-py of it... Still investigating.

Bastien Montagne (mont29) added a comment.Sep 4 2018, 2:20 PM

Uh, this is actually same as T56167

Bastien Montagne (mont29) closed this task as a duplicate of T56167: [2.8 Crash] Program crash when extruding+face snap.Sep 4 2018, 2:20 PM