================================================================= ==31402==ERROR: AddressSanitizer: heap-use-after-free on address 0x615000cb0c98 at pc 0x555557eea5bb bp 0x7fffaf78c1e0 sp 0x7fffaf78c1d0 READ of size 8 at 0x615000cb0c98 thread T78 #0 0x555557eea5ba in BKE_node_tree_copy_data /home/clement/Blender/blender/source/blender/blenkernel/intern/node.c:1412 #1 0x555557dceddb in BKE_id_copy_ex /home/clement/Blender/blender/source/blender/blenkernel/intern/library.c:712 #2 0x555558510a1c in id_copy_inplace_no_main /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:282 #3 0x555558512dfc in DEG::deg_expand_copy_on_write_datablock(DEG::Depsgraph const*, DEG::IDNode const*, DEG::DepsgraphNodeBuilder*, bool) /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:842 #4 0x555558515bba in DEG::deg_update_copy_on_write_datablock(DEG::Depsgraph const*, DEG::IDNode const*) /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1157 #5 0x55555851641f in DEG::deg_evaluate_copy_on_write(Depsgraph*, DEG::IDNode const*) /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1292 #6 0x5555584dcd71 in void std::__invoke_impl(std::__invoke_other, void (*&)(Depsgraph*, DEG::IDNode const*), Depsgraph*&&, DEG::IDNode*&) /usr/include/c++/8.3.0/bits/invoke.h:60 #7 0x5555584da454 in std::__invoke_result::type std::__invoke(void (*&)(Depsgraph*, DEG::IDNode const*), Depsgraph*&&, DEG::IDNode*&) /usr/include/c++/8.3.0/bits/invoke.h:95 #8 0x5555584d73bb in void std::_Bind, DEG::IDNode*))(Depsgraph*, DEG::IDNode const*)>::__call(std::tuple&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/8.3.0/functional:400 #9 0x5555584d20ec in void std::_Bind, DEG::IDNode*))(Depsgraph*, DEG::IDNode const*)>::operator()(Depsgraph*&&) /usr/include/c++/8.3.0/functional:484 #10 0x5555584cb7b4 in std::_Function_handler, DEG::IDNode*))(Depsgraph*, DEG::IDNode const*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/8.3.0/bits/std_function.h:297 #11 0x55555850ed8e in std::function::operator()(Depsgraph*) const /usr/include/c++/8.3.0/bits/std_function.h:687 #12 0x55555850cfaf in deg_task_run_func /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:86 #13 0x55555847c9c1 in task_scheduler_thread_run /home/clement/Blender/blender/source/blender/blenlib/intern/task.c:450 #14 0x7ffff5b97a91 in start_thread (/usr/lib/libpthread.so.0+0x7a91) #15 0x7ffff472acd2 in __clone (/usr/lib/libc.so.6+0xfacd2) 0x615000cb0c98 is located 24 bytes inside of 488-byte region [0x615000cb0c80,0x615000cb0e68) freed by thread T173 here: #0 0x7ffff72b4f89 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:66 #1 0x5555585eb02b in MEM_lockfree_freeN /home/clement/Blender/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:157 #2 0x555557eedb32 in node_free_node /home/clement/Blender/blender/source/blender/blenkernel/intern/node.c:1857 #3 0x555557eee5e0 in ntreeFreeTree /home/clement/Blender/blender/source/blender/blenkernel/intern/node.c:1978 #4 0x555557e0bfb5 in BKE_libblock_free_datablock /home/clement/Blender/blender/source/blender/blenkernel/intern/library_remap.c:844 #5 0x5555585162c8 in DEG::deg_free_copy_on_write_datablock(ID*) /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1277 #6 0x555558531d07 in DEG::IDNode::destroy() /home/clement/Blender/blender/source/blender/depsgraph/intern/node/deg_node_id.cc:164 #7 0x55555848fcb8 in DEG::Depsgraph::clear_id_nodes_conditional(std::function const&) /home/clement/Blender/blender/source/blender/depsgraph/intern/depsgraph.cc:154 #8 0x55555848ff1a in DEG::Depsgraph::clear_id_nodes() /home/clement/Blender/blender/source/blender/depsgraph/intern/depsgraph.cc:165 #9 0x55555848f273 in DEG::Depsgraph::~Depsgraph() /home/clement/Blender/blender/source/blender/depsgraph/intern/depsgraph.cc:91 #10 0x555558491404 in DEG_graph_free /home/clement/Blender/blender/source/blender/depsgraph/intern/depsgraph.cc:326 #11 0x55555867d208 in engine_depsgraph_free /home/clement/Blender/blender/source/blender/render/intern/source/external_engine.c:518 #12 0x55555867f1aa in RE_engine_render /home/clement/Blender/blender/source/blender/render/intern/source/external_engine.c:779 #13 0x555558687fab in do_render_3d /home/clement/Blender/blender/source/blender/render/intern/source/pipeline.c:1147 #14 0x555558693a48 in RE_PreviewRender /home/clement/Blender/blender/source/blender/render/intern/source/pipeline.c:2771 #15 0x55555b5888a3 in shader_preview_render /home/clement/Blender/blender/source/blender/editors/render/render_preview.c:905 #16 0x55555b588cab in shader_preview_startjob /home/clement/Blender/blender/source/blender/editors/render/render_preview.c:943 #17 0x55555b58a3f6 in icon_preview_startjob /home/clement/Blender/blender/source/blender/editors/render/render_preview.c:1149 #18 0x55555b58a5c4 in common_preview_startjob /home/clement/Blender/blender/source/blender/editors/render/render_preview.c:1171 #19 0x55555b58afab in icon_preview_startjob_all_sizes /home/clement/Blender/blender/source/blender/editors/render/render_preview.c:1254 #20 0x555558c52586 in do_job_thread /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_jobs.c:376 #21 0x555558485165 in tslot_thread_start /home/clement/Blender/blender/source/blender/blenlib/intern/threads.c:259 #22 0x7ffff5b97a91 in start_thread (/usr/lib/libpthread.so.0+0x7a91) previously allocated by thread T77 here: #0 0x7ffff72b55a1 in __interceptor_calloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:95 #1 0x5555585eb4b0 in MEM_lockfree_callocN /home/clement/Blender/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267 #2 0x555557ee74f2 in BKE_node_copy_ex /home/clement/Blender/blender/source/blender/blenkernel/intern/node.c:1034 #3 0x555557eea4ad in BKE_node_tree_copy_data /home/clement/Blender/blender/source/blender/blenkernel/intern/node.c:1406 #4 0x555557dceddb in BKE_id_copy_ex /home/clement/Blender/blender/source/blender/blenkernel/intern/library.c:712 #5 0x555558510a1c in id_copy_inplace_no_main /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:282 #6 0x555558512dfc in DEG::deg_expand_copy_on_write_datablock(DEG::Depsgraph const*, DEG::IDNode const*, DEG::DepsgraphNodeBuilder*, bool) /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:842 #7 0x555558515bba in DEG::deg_update_copy_on_write_datablock(DEG::Depsgraph const*, DEG::IDNode const*) /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1157 #8 0x55555851641f in DEG::deg_evaluate_copy_on_write(Depsgraph*, DEG::IDNode const*) /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1292 #9 0x5555584dcd71 in void std::__invoke_impl(std::__invoke_other, void (*&)(Depsgraph*, DEG::IDNode const*), Depsgraph*&&, DEG::IDNode*&) /usr/include/c++/8.3.0/bits/invoke.h:60 #10 0x5555584da454 in std::__invoke_result::type std::__invoke(void (*&)(Depsgraph*, DEG::IDNode const*), Depsgraph*&&, DEG::IDNode*&) /usr/include/c++/8.3.0/bits/invoke.h:95 #11 0x5555584d73bb in void std::_Bind, DEG::IDNode*))(Depsgraph*, DEG::IDNode const*)>::__call(std::tuple&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/8.3.0/functional:400 #12 0x5555584d20ec in void std::_Bind, DEG::IDNode*))(Depsgraph*, DEG::IDNode const*)>::operator()(Depsgraph*&&) /usr/include/c++/8.3.0/functional:484 #13 0x5555584cb7b4 in std::_Function_handler, DEG::IDNode*))(Depsgraph*, DEG::IDNode const*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/8.3.0/bits/std_function.h:297 #14 0x55555850ed8e in std::function::operator()(Depsgraph*) const /usr/include/c++/8.3.0/bits/std_function.h:687 #15 0x55555850cfaf in deg_task_run_func /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:86 #16 0x55555847c9c1 in task_scheduler_thread_run /home/clement/Blender/blender/source/blender/blenlib/intern/task.c:450 #17 0x7ffff5b97a91 in start_thread (/usr/lib/libpthread.so.0+0x7a91) Thread T78 created by T0 here: #0 0x7ffff72156d5 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cc:202 #1 0x55555847d3ac in BLI_task_scheduler_create /home/clement/Blender/blender/source/blender/blenlib/intern/task.c:517 #2 0x555558484d2b in BLI_task_scheduler_get /home/clement/Blender/blender/source/blender/blenlib/intern/threads.c:176 #3 0x55555848359a in BLI_task_parallel_range /home/clement/Blender/blender/source/blender/blenlib/intern/task.c:1151 #4 0x55555851e200 in flush_prepare /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:115 #5 0x55555851e200 in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:351 #6 0x5555584a8fd5 in DEG_graph_flush_update /home/clement/Blender/blender/source/blender/depsgraph/intern/depsgraph_tag.cc:698 #7 0x55555802fb1e in scene_graph_update_tagged /home/clement/Blender/blender/source/blender/blenkernel/intern/scene.c:1540 #8 0x55555802fbb9 in BKE_scene_graph_update_tagged /home/clement/Blender/blender/source/blender/blenkernel/intern/scene.c:1560 #9 0x555558c11886 in wm_event_do_depsgraph /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_event_system.c:350 #10 0x555558c33f6e in wm_file_read_post /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_files.c:561 #11 0x555558c35f93 in wm_homefile_read /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_files.c:1071 #12 0x555558c502dc in WM_init /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_init_exit.c:261 #13 0x555557b3bc0d in main /home/clement/Blender/blender/source/creator/creator.c:423 #14 0x7ffff4653ce2 in __libc_start_main (/usr/lib/libc.so.6+0x23ce2) Thread T173 created by T0 here: #0 0x7ffff72156d5 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cc:202 #1 0x555558485269 in BLI_threadpool_insert /home/clement/Blender/blender/source/blender/blenlib/intern/threads.c:275 #2 0x555558c52cdb in WM_jobs_start /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_jobs.c:466 #3 0x555558c53dd4 in wm_jobs_timer /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_jobs.c:678 #4 0x555558c97714 in wm_window_timer /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_window.c:1552 #5 0x555558c97bb9 in wm_window_process_events /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_window.c:1590 #6 0x555558c044a2 in WM_main /home/clement/Blender/blender/source/blender/windowmanager/intern/wm.c:414 #7 0x555557b3bdb9 in main /home/clement/Blender/blender/source/creator/creator.c:500 #8 0x7ffff4653ce2 in __libc_start_main (/usr/lib/libc.so.6+0x23ce2) Thread T77 created by T0 here: #0 0x7ffff72156d5 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cc:202 #1 0x55555847d3ac in BLI_task_scheduler_create /home/clement/Blender/blender/source/blender/blenlib/intern/task.c:517 #2 0x555558484d2b in BLI_task_scheduler_get /home/clement/Blender/blender/source/blender/blenlib/intern/threads.c:176 #3 0x55555848359a in BLI_task_parallel_range /home/clement/Blender/blender/source/blender/blenlib/intern/task.c:1151 #4 0x55555851e200 in flush_prepare /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:115 #5 0x55555851e200 in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /home/clement/Blender/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:351 #6 0x5555584a8fd5 in DEG_graph_flush_update /home/clement/Blender/blender/source/blender/depsgraph/intern/depsgraph_tag.cc:698 #7 0x55555802fb1e in scene_graph_update_tagged /home/clement/Blender/blender/source/blender/blenkernel/intern/scene.c:1540 #8 0x55555802fbb9 in BKE_scene_graph_update_tagged /home/clement/Blender/blender/source/blender/blenkernel/intern/scene.c:1560 #9 0x555558c11886 in wm_event_do_depsgraph /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_event_system.c:350 #10 0x555558c33f6e in wm_file_read_post /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_files.c:561 #11 0x555558c35f93 in wm_homefile_read /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_files.c:1071 #12 0x555558c502dc in WM_init /home/clement/Blender/blender/source/blender/windowmanager/intern/wm_init_exit.c:261 #13 0x555557b3bc0d in main /home/clement/Blender/blender/source/creator/creator.c:423 #14 0x7ffff4653ce2 in __libc_start_main (/usr/lib/libc.so.6+0x23ce2) SUMMARY: AddressSanitizer: heap-use-after-free /home/clement/Blender/blender/source/blender/blenkernel/intern/node.c:1412 in BKE_node_tree_copy_data Shadow bytes around the buggy address: 0x0c2a8018e140: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a8018e150: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a8018e160: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a8018e170: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa 0x0c2a8018e180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c2a8018e190: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a8018e1a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a8018e1b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a8018e1c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa 0x0c2a8018e1d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a8018e1e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==31402==ABORTING