================================================================= ==364620==ERROR: AddressSanitizer: heap-use-after-free on address 0x61300097f530 at pc 0x5590b2f8a3c2 bp 0x7fff6d1f8b80 sp 0x7fff6d1f8b70 READ of size 2 at 0x61300097f530 thread T0 #0 0x5590b2f8a3c1 in blender::deg::deg_copy_on_write_is_needed(ID const*) source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1056 #1 0x5590b2f87fd4 in foreach_libblock_remap_callback source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:511 #2 0x5590b20d1f93 in BKE_lib_query_foreachid_process source/blender/blenkernel/intern/lib_query.c:87 #3 0x5590b1f87be7 in greasepencil_foreach_id source/blender/blenkernel/intern/gpencil.c:128 #4 0x5590b20d35d9 in library_foreach_ID_link source/blender/blenkernel/intern/lib_query.c:334 #5 0x5590b20d37a3 in BKE_library_foreach_ID_link source/blender/blenkernel/intern/lib_query.c:353 #6 0x5590b2f894bb in deg_expand_copy_on_write_datablock source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:834 #7 0x5590b2f8991d in blender::deg::deg_update_copy_on_write_datablock(blender::deg::Depsgraph const*, blender::deg::IDNode const*) source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:889 #8 0x5590b2f8a041 in blender::deg::deg_evaluate_copy_on_write(Depsgraph*, blender::deg::IDNode const*) source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1024 #9 0x5590b2edf38e in operator() source/blender/depsgraph/intern/builder/deg_builder_nodes.cc:174 #10 0x5590b2eff991 in __invoke_impl&, Depsgraph*> /usr/include/c++/11.2.0/bits/invoke.h:61 #11 0x5590b2efab3e in __invoke_r&, Depsgraph*> /usr/include/c++/11.2.0/bits/invoke.h:111 #12 0x5590b2ef790b in _M_invoke /usr/include/c++/11.2.0/bits/std_function.h:291 #13 0x5590b2f84dec in std::function::operator()(Depsgraph*) const /usr/include/c++/11.2.0/bits/std_function.h:560 #14 0x5590b2f82e1e in evaluate_node source/blender/depsgraph/intern/eval/deg_eval.cc:102 #15 0x5590b2f82e68 in deg_task_run_func source/blender/depsgraph/intern/eval/deg_eval.cc:113 #16 0x5590b6555328 in Task::operator()() const source/blender/blenlib/intern/task_pool.cc:164 #17 0x5590b6555531 in tbb_task_pool_run source/blender/blenlib/intern/task_pool.cc:213 #18 0x5590b65556c9 in tbb_task_pool_work_and_wait source/blender/blenlib/intern/task_pool.cc:226 #19 0x5590b65562c2 in BLI_task_pool_work_and_wait source/blender/blenlib/intern/task_pool.cc:486 #20 0x5590b2f83ecb in blender::deg::deg_evaluate_on_refresh(blender::deg::Depsgraph*) source/blender/depsgraph/intern/eval/deg_eval.cc:377 #21 0x5590b2fc6c70 in deg_flush_updates_and_refresh source/blender/depsgraph/intern/depsgraph_eval.cc:44 #22 0x5590b2fc6e60 in DEG_evaluate_on_refresh source/blender/depsgraph/intern/depsgraph_eval.cc:68 #23 0x5590b2485471 in scene_graph_update_tagged source/blender/blenkernel/intern/scene.c:2573 #24 0x5590b2485582 in BKE_scene_graph_update_tagged source/blender/blenkernel/intern/scene.c:2622 #25 0x5590b17541ff in wm_event_do_depsgraph source/blender/windowmanager/intern/wm_event_system.c:377 #26 0x5590b1754479 in wm_event_do_refresh_wm_and_depsgraph source/blender/windowmanager/intern/wm_event_system.c:399 #27 0x5590b1755d69 in wm_event_do_notifiers source/blender/windowmanager/intern/wm_event_system.c:609 #28 0x5590b173fa20 in WM_main source/blender/windowmanager/intern/wm.c:625 #29 0x5590b17326a6 in main source/creator/creator.c:544 #30 0x7f191d83030f in __libc_start_call_main (/usr/lib/libc.so.6+0x2d30f) #31 0x7f191d8303c0 in __libc_start_main@GLIBC_2.2.5 (/usr/lib/libc.so.6+0x2d3c0) #32 0x5590b1731c64 in _start (/src/cmake_debug/bin/blender+0x4d73c64) 0x61300097f530 is located 48 bytes inside of 376-byte region [0x61300097f500,0x61300097f678) freed by thread T0 here: #0 0x7f191dfcda79 in __interceptor_free /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x5590b6566b18 in MEM_lockfree_freeN intern/guardedalloc/intern/mallocn_lockfree_impl.c:116 #2 0x5590b20ad2df in BKE_id_free_ex source/blender/blenkernel/intern/lib_id_delete.c:162 #3 0x5590b20e937b in BKE_main_free source/blender/blenkernel/intern/main.c:60 #4 0x5590b1acda43 in BKE_blender_globals_clear source/blender/blenkernel/intern/blender.c:164 #5 0x5590b1ad2b38 in setup_app_data source/blender/blenkernel/intern/blendfile.c:291 #6 0x5590b1ad37c2 in setup_app_blend_file_data source/blender/blenkernel/intern/blendfile.c:446 #7 0x5590b1ad3a28 in BKE_blendfile_read_setup_ex source/blender/blenkernel/intern/blendfile.c:476 #8 0x5590b1ad3a73 in BKE_blendfile_read_setup source/blender/blenkernel/intern/blendfile.c:485 #9 0x5590b1ad0bc0 in BKE_memfile_undo_decode source/blender/blenkernel/intern/blender_undo.c:83 #10 0x5590b4e4f5b0 in memfile_undosys_step_decode source/blender/editors/undo/memfile_undo.c:210 #11 0x5590b2676aeb in undosys_step_decode source/blender/blenkernel/intern/undo_system.c:201 #12 0x5590b267a807 in BKE_undosys_step_load_data_ex source/blender/blenkernel/intern/undo_system.c:781 #13 0x5590b267ab25 in BKE_undosys_step_undo_with_data_ex source/blender/blenkernel/intern/undo_system.c:827 #14 0x5590b267ab54 in BKE_undosys_step_undo_with_data source/blender/blenkernel/intern/undo_system.c:832 #15 0x5590b267abd8 in BKE_undosys_step_undo source/blender/blenkernel/intern/undo_system.c:838 #16 0x5590b4e4a973 in ed_undo_step_direction source/blender/editors/undo/ed_undo.c:287 #17 0x5590b4e4bbba in ed_undo_exec source/blender/editors/undo/ed_undo.c:503 #18 0x5590b175a7c0 in wm_operator_invoke source/blender/windowmanager/intern/wm_event_system.c:1338 #19 0x5590b176024a in wm_handler_operator_call source/blender/windowmanager/intern/wm_event_system.c:2333 #20 0x5590b1762593 in wm_handlers_do_keymap_with_keymap_handler source/blender/windowmanager/intern/wm_event_system.c:2687 #21 0x5590b1764abf in wm_handlers_do_intern source/blender/windowmanager/intern/wm_event_system.c:3009 #22 0x5590b1765958 in wm_handlers_do source/blender/windowmanager/intern/wm_event_system.c:3150 #23 0x5590b1769626 in wm_event_do_handlers source/blender/windowmanager/intern/wm_event_system.c:3790 #24 0x5590b173fa14 in WM_main source/blender/windowmanager/intern/wm.c:622 #25 0x5590b17326a6 in main source/creator/creator.c:544 #26 0x7f191d83030f in __libc_start_call_main (/usr/lib/libc.so.6+0x2d30f) previously allocated by thread T0 here: #0 0x7f191dfcdfb9 in __interceptor_calloc /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x5590b656708a in MEM_lockfree_callocN intern/guardedalloc/intern/mallocn_lockfree_impl.c:222 #2 0x5590b20a4e6d in BKE_libblock_alloc_notest source/blender/blenkernel/intern/lib_id.c:1042 #3 0x5590b20a5000 in BKE_libblock_alloc source/blender/blenkernel/intern/lib_id.c:1054 #4 0x5590b20a591c in BKE_id_new source/blender/blenkernel/intern/lib_id.c:1162 #5 0x5590b211a42c in BKE_material_add source/blender/blenkernel/intern/material.c:292 #6 0x5590b211a459 in BKE_gpencil_material_add source/blender/blenkernel/intern/material.c:301 #7 0x5590b1f9145e in BKE_gpencil_object_material_new source/blender/blenkernel/intern/gpencil.c:1725 #8 0x5590b1f949c5 in BKE_gpencil_object_material_ensure_by_name source/blender/blenkernel/intern/gpencil.c:2215 #9 0x5590b44d31e7 in gpencil_stroke_material source/blender/editors/gpencil/gpencil_add_stroke.c:40 #10 0x5590b44d351f in ED_gpencil_create_stroke source/blender/editors/gpencil/gpencil_add_stroke.c:199 #11 0x5590b487009f in object_gpencil_add_exec source/blender/editors/object/object_add.cc:1370 #12 0x5590b175a7c0 in wm_operator_invoke source/blender/windowmanager/intern/wm_event_system.c:1338 #13 0x5590b175b738 in wm_operator_call_internal source/blender/windowmanager/intern/wm_event_system.c:1531 #14 0x5590b175b95f in WM_operator_name_call_ptr source/blender/windowmanager/intern/wm_event_system.c:1578 #15 0x5590b175c6a2 in WM_operator_name_call_ptr_with_depends_on_cursor source/blender/windowmanager/intern/wm_event_system.c:1766 #16 0x5590b270e184 in ui_apply_but_funcs_after source/blender/editors/interface/interface_handlers.c:1009 #17 0x5590b2762b3b in ui_popup_handler source/blender/editors/interface/interface_handlers.c:11473 #18 0x5590b1756376 in wm_handler_ui_call source/blender/windowmanager/intern/wm_event_system.c:695 #19 0x5590b1764ce7 in wm_handlers_do_intern source/blender/windowmanager/intern/wm_event_system.c:3030 #20 0x5590b1765958 in wm_handlers_do source/blender/windowmanager/intern/wm_event_system.c:3150 #21 0x5590b176904e in wm_event_do_handlers source/blender/windowmanager/intern/wm_event_system.c:3708 #22 0x5590b173fa14 in WM_main source/blender/windowmanager/intern/wm.c:622 #23 0x5590b17326a6 in main source/creator/creator.c:544 #24 0x7f191d83030f in __libc_start_call_main (/usr/lib/libc.so.6+0x2d30f) SUMMARY: AddressSanitizer: heap-use-after-free source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1056 in blender::deg::deg_copy_on_write_is_needed(ID const*) Shadow bytes around the buggy address: 0x0c2680127e50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2680127e60: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c2680127e70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2680127e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2680127e90: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa =>0x0c2680127ea0: fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd 0x0c2680127eb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2680127ec0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c2680127ed0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c2680127ee0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2680127ef0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==364620==ABORTING fish: Job 1, 'blender.bin' terminated by signal SIGABRT (Abort)