================================================================= ==15344== ERROR: AddressSanitizer: heap-use-after-free on address 0x608e000962f8 at pc 0x22969e0 bp 0x7fff514390f0 sp 0x7fff514390e8 READ of size 4 at 0x608e000962f8 thread T0 #0 0x22969df in BLI_mempool_iterstep ./source/blender/blenlib/intern/BLI_mempool.c:518 #1 0x18838e1 in bmiter__face_of_mesh_step ./source/blender/bmesh/intern/bmesh_iterators.c:334 #2 0x183235b in BM_iter_step ./source/blender/bmesh/intern/bmesh_iterators_inline.h:42 #3 0x183bcef in BMO_remove_tagged_context ./source/blender/bmesh/intern/bmesh_construct.c:651 #4 0x19e1dc3 in bmo_delete_exec ./source/blender/bmesh/operators/bmo_dupe.c:456 #5 0x18ed781 in BMO_op_exec ./source/blender/bmesh/intern/bmesh_operators.c:219 #6 0x190bc90 in BMO_op_callf ./source/blender/bmesh/intern/bmesh_operators.c:1897 #7 0x1a3e842 in bmo_weld_verts_exec ./source/blender/bmesh/operators/bmo_removedoubles.c:209 #8 0x18ed781 in BMO_op_exec ./source/blender/bmesh/intern/bmesh_operators.c:219 #9 0x1a44e05 in bmo_collapse_exec ./source/blender/bmesh/operators/bmo_removedoubles.c:400 #10 0x18ed781 in BMO_op_exec ./source/blender/bmesh/intern/bmesh_operators.c:219 #11 0x10588f4 in EDBM_op_callf ./source/blender/editors/mesh/editmesh_utils.c:267 #12 0x10e9402 in edbm_collapse_edge_exec ./source/blender/editors/mesh/editmesh_tools.c:390 #13 0x8b0f2d in wm_operator_invoke ./source/blender/windowmanager/intern/wm_event_system.c:1006 #14 0x8b1d40 in wm_operator_call_internal ./source/blender/windowmanager/intern/wm_event_system.c:1185 #15 0x8b1ee7 in WM_operator_name_call ./source/blender/windowmanager/intern/wm_event_system.c:1234 #16 0xf0b016 in ui_apply_but_funcs_after ./source/blender/editors/interface/interface_handlers.c:499 (discriminator 3) #17 0xf45e4a in ui_handler_popup ./source/blender/editors/interface/interface_handlers.c:7745 #18 0x8ad569 in wm_handler_ui_call ./source/blender/windowmanager/intern/wm_event_system.c:416 #19 0x8b54cb in wm_handlers_do_intern ./source/blender/windowmanager/intern/wm_event_system.c:1868 #20 0x8b5a9e in wm_handlers_do ./source/blender/windowmanager/intern/wm_event_system.c:1947 #21 0x8b70ce in wm_event_do_handlers ./source/blender/windowmanager/intern/wm_event_system.c:2193 #22 0x89e12b in WM_main ./source/blender/windowmanager/intern/wm.c:459 (discriminator 1) #23 0x89c756 in main ./source/creator/creator.c:1673 #24 0x7f41d880ade4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260 #25 0x897ff8 in _start ??:? 0x608e000962f8 is located 248 bytes inside of 28752-byte region [0x608e00096200,0x608e0009d250) freed by thread T0 here: #0 0x7f41dc03f4ca in __interceptor_free ??:? #1 0x23b16ed in rem_memblock ./intern/guardedalloc/intern/mallocn.c:987 #2 0x23b0de4 in MEM_freeN ./intern/guardedalloc/intern/mallocn.c:885 #3 0x2295194 in mempool_chunk_free ./source/blender/blenlib/intern/BLI_mempool.c:217 #4 0x2295210 in mempool_chunk_free_all ./source/blender/blenlib/intern/BLI_mempool.c:227 (discriminator 2) #5 0x2295c12 in BLI_mempool_free ./source/blender/blenlib/intern/BLI_mempool.c:356 #6 0x184ee90 in bm_kill_only_face ./source/blender/bmesh/intern/bmesh_core.c:617 #7 0x184f577 in BM_face_kill ./source/blender/bmesh/intern/bmesh_core.c:714 #8 0x1832311 in BMO_remove_tagged_faces ./source/blender/bmesh/intern/bmesh_construct.c:508 #9 0x183bcef in BMO_remove_tagged_context ./source/blender/bmesh/intern/bmesh_construct.c:651 #10 0x19e1dc3 in bmo_delete_exec ./source/blender/bmesh/operators/bmo_dupe.c:456 #11 0x18ed781 in BMO_op_exec ./source/blender/bmesh/intern/bmesh_operators.c:219 #12 0x190bc90 in BMO_op_callf ./source/blender/bmesh/intern/bmesh_operators.c:1897 #13 0x1a3e842 in bmo_weld_verts_exec ./source/blender/bmesh/operators/bmo_removedoubles.c:209 #14 0x18ed781 in BMO_op_exec ./source/blender/bmesh/intern/bmesh_operators.c:219 #15 0x1a44e05 in bmo_collapse_exec ./source/blender/bmesh/operators/bmo_removedoubles.c:400 #16 0x18ed781 in BMO_op_exec ./source/blender/bmesh/intern/bmesh_operators.c:219 #17 0x10588f4 in EDBM_op_callf ./source/blender/editors/mesh/editmesh_utils.c:267 #18 0x10e9402 in edbm_collapse_edge_exec ./source/blender/editors/mesh/editmesh_tools.c:390 #19 0x8b0f2d in wm_operator_invoke ./source/blender/windowmanager/intern/wm_event_system.c:1006 #20 0x8b1d40 in wm_operator_call_internal ./source/blender/windowmanager/intern/wm_event_system.c:1185 #21 0x8b1ee7 in WM_operator_name_call ./source/blender/windowmanager/intern/wm_event_system.c:1234 #22 0xf0b016 in ui_apply_but_funcs_after ./source/blender/editors/interface/interface_handlers.c:499 (discriminator 3) #23 0xf45e4a in ui_handler_popup ./source/blender/editors/interface/interface_handlers.c:7745 #24 0x8ad569 in wm_handler_ui_call ./source/blender/windowmanager/intern/wm_event_system.c:416 #25 0x8b54cb in wm_handlers_do_intern ./source/blender/windowmanager/intern/wm_event_system.c:1868 #26 0x8b5a9e in wm_handlers_do ./source/blender/windowmanager/intern/wm_event_system.c:1947 #27 0x8b70ce in wm_event_do_handlers ./source/blender/windowmanager/intern/wm_event_system.c:2193 #28 0x89e12b in WM_main ./source/blender/windowmanager/intern/wm.c:459 (discriminator 1) #29 0x89c756 in main ./source/creator/creator.c:1673 previously allocated by thread T0 here: #0 0x7f41dc03f5aa in malloc ??:? #1 0x23afbcc in MEM_mallocN ./intern/guardedalloc/intern/mallocn.c:530 #2 0x2294d28 in mempool_chunk_alloc ./source/blender/blenlib/intern/BLI_mempool.c:140 #3 0x22955aa in BLI_mempool_create ./source/blender/blenlib/intern/BLI_mempool.c:274 (discriminator 2) #4 0x18bc0cd in bm_mempool_init ./source/blender/bmesh/intern/bmesh_mesh.c:56 #5 0x18bf48a in BM_mesh_create ./source/blender/bmesh/intern/bmesh_mesh.c:140 #6 0x1e8ca57 in BKE_mesh_to_bmesh ./source/blender/blenkernel/intern/mesh.c:535 #7 0x10591df in EDBM_mesh_make ./source/blender/editors/mesh/editmesh_utils.c:358 #8 0x1150c83 in ED_object_editmode_enter ./source/blender/editors/object/object_edit.c:482 #9 0x1151348 in editmode_toggle_exec ./source/blender/editors/object/object_edit.c:574 #10 0x8b0f2d in wm_operator_invoke ./source/blender/windowmanager/intern/wm_event_system.c:1006 #11 0x8b1d40 in wm_operator_call_internal ./source/blender/windowmanager/intern/wm_event_system.c:1185 #12 0x8b1ee7 in WM_operator_name_call ./source/blender/windowmanager/intern/wm_event_system.c:1234 #13 0x115ab79 in object_mode_set_exec ./source/blender/editors/object/object_edit.c:1600 #14 0x8b0f2d in wm_operator_invoke ./source/blender/windowmanager/intern/wm_event_system.c:1006 #15 0x8b3cfb in wm_handler_operator_call ./source/blender/windowmanager/intern/wm_event_system.c:1568 #16 0x8b52ef in wm_handlers_do_intern ./source/blender/windowmanager/intern/wm_event_system.c:1836 #17 0x8b5a9e in wm_handlers_do ./source/blender/windowmanager/intern/wm_event_system.c:1947 #18 0x8b745e in wm_event_do_handlers ./source/blender/windowmanager/intern/wm_event_system.c:2239 #19 0x89e12b in WM_main ./source/blender/windowmanager/intern/wm.c:459 (discriminator 1) #20 0x89c756 in main ./source/creator/creator.c:1673 #21 0x7f41d880ade4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260 Shadow bytes around the buggy address: 0x0c124000ac00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c124000ac10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c124000ac20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c124000ac30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c124000ac40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c124000ac50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd] 0x0c124000ac60:fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c124000ac70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c124000ac80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c124000ac90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c124000aca0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==15344== ABORTING