==13197==ERROR: AddressSanitizer: heap-use-after-free on address 0x616000763290 at pc 0x000003b7fde3 bp 0x7fcafb5855b0 sp 0x7fcafb5855a0
READ of size 4 at 0x616000763290 thread T28
    #0 0x3b7fde2 in customData_free_layer__internal /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:1989
    #1 0x3b803e8 in CustomData_free /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2021
    #2 0x7c2bbc2 in vertex_interpolation_end /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_mesh.c:294
    #3 0x7c308ce in subdiv_mesh_ensure_vertex_interpolation /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_mesh.c:689
    #4 0x7c315db in subdiv_mesh_vertex_inner /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_mesh.c:774
    #5 0x3197f70 in subdiv_foreach_inner_vertices_regular /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:635
    #6 0x3198ae6 in subdiv_foreach_inner_vertices /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:691
    #7 0x3198d07 in subdiv_foreach_vertices /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:705
    #8 0x31a8192 in subdiv_foreach_task /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:1820
    #9 0x10781dde in RangeTask::operator()(tbb::blocked_range<int> const&) const /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_range.cc:95
    #10 0x1078d034 in tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>::run_body(tbb::blocked_range<int>&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for.h:115
    #11 0x1078ac28 in void tbb::interface9::internal::dynamic_grainsize_mode<tbb::interface9::internal::adaptive_mode<tbb::interface9::internal::auto_partition_type> >::work_balance<tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>, tbb::blocked_range<int> >(tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>&, tbb::blocked_range<int>&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/partitioner.h:423
    #12 0x10789d84 in void tbb::interface9::internal::partition_type_base<tbb::interface9::internal::auto_partition_type>::execute<tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>, tbb::blocked_range<int> >(tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>&, tbb::blocked_range<int>&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/partitioner.h:256
    #13 0x107874d4 in tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>::execute() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for.h:142
    #14 0x3e12a14 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x3e12a14)
    #15 0x3e140e4 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) (/home/jeroen/blender-git/build_linux/bin/blender+0x3e140e4)
    #16 0x3e05e47 in tbb::internal::arena::process(tbb::internal::generic_scheduler&) (/home/jeroen/blender-git/build_linux/bin/blender+0x3e05e47)
    #17 0x3e0dc92 in tbb::internal::market::process(rml::job&) (/home/jeroen/blender-git/build_linux/bin/blender+0x3e0dc92)
    #18 0x3e0faa5 in tbb::internal::rml::private_worker::run() (/home/jeroen/blender-git/build_linux/bin/blender+0x3e0faa5)
    #19 0x3e0fce8 in tbb::internal::rml::private_worker::thread_routine(void*) (/home/jeroen/blender-git/build_linux/bin/blender+0x3e0fce8)
    #20 0x7fcb32d3a668 in start_thread /build/glibc-t7JzpG/glibc-2.30/nptl/pthread_create.c:479
    #21 0x7fcb32510322 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x122322)

0x616000763290 is located 16 bytes inside of 528-byte region [0x616000763280,0x616000763490)
freed by thread T28 here:
    #0 0x7fcb32e666ef in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d6ef)
    #1 0x107bc3af in MEM_lockfree_freeN /home/jeroen/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:157
    #2 0x3b80533 in CustomData_free /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2025
    #3 0x7c2bbc2 in vertex_interpolation_end /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_mesh.c:294
    #4 0x7c308ce in subdiv_mesh_ensure_vertex_interpolation /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_mesh.c:689
    #5 0x7c315db in subdiv_mesh_vertex_inner /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_mesh.c:774
    #6 0x3197f70 in subdiv_foreach_inner_vertices_regular /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:635
    #7 0x3198ae6 in subdiv_foreach_inner_vertices /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:691
    #8 0x3198d07 in subdiv_foreach_vertices /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:705
    #9 0x31a8192 in subdiv_foreach_task /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:1820
    #10 0x10781dde in RangeTask::operator()(tbb::blocked_range<int> const&) const /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_range.cc:95
    #11 0x1078d034 in tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>::run_body(tbb::blocked_range<int>&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for.h:115
    #12 0x1078b059 in void tbb::interface9::internal::dynamic_grainsize_mode<tbb::interface9::internal::adaptive_mode<tbb::interface9::internal::auto_partition_type> >::work_balance<tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>, tbb::blocked_range<int> >(tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>&, tbb::blocked_range<int>&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/partitioner.h:438
    #13 0x10789d84 in void tbb::interface9::internal::partition_type_base<tbb::interface9::internal::auto_partition_type>::execute<tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>, tbb::blocked_range<int> >(tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>&, tbb::blocked_range<int>&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/partitioner.h:256
    #14 0x107874d4 in tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>::execute() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for.h:142
    #15 0x3e12a14 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x3e12a14)
    #16 0x616000000007  (<unknown module>)

previously allocated by thread T28 here:
    #0 0x7fcb32e66ce6 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dce6)
    #1 0x107bcb0e in MEM_lockfree_callocN /home/jeroen/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267
    #2 0x107bcdf0 in MEM_lockfree_calloc_arrayN /home/jeroen/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:299
    #3 0x3b84b4c in customData_resize /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2299
    #4 0x3b855f9 in customData_add_layer__internal /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2369
    #5 0x3b7f368 in CustomData_merge /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:1936
    #6 0x3b7fd58 in CustomData_copy /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:1982
    #7 0x7c2a20b in vertex_interpolation_init /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_mesh.c:207
    #8 0x7c309e6 in subdiv_mesh_ensure_vertex_interpolation /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_mesh.c:695
    #9 0x7c315db in subdiv_mesh_vertex_inner /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_mesh.c:774
    #10 0x3198719 in subdiv_foreach_inner_vertices_special /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:659
    #11 0x3198aff in subdiv_foreach_inner_vertices /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:694
    #12 0x3198d07 in subdiv_foreach_vertices /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:705
    #13 0x31a8192 in subdiv_foreach_task /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/subdiv_foreach.c:1820
    #14 0x10781dde in RangeTask::operator()(tbb::blocked_range<int> const&) const /home/jeroen/blender-git/blender/source/blender/blenlib/intern/task_range.cc:95
    #15 0x1078d034 in tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>::run_body(tbb::blocked_range<int>&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for.h:115
    #16 0x1078b059 in void tbb::interface9::internal::dynamic_grainsize_mode<tbb::interface9::internal::adaptive_mode<tbb::interface9::internal::auto_partition_type> >::work_balance<tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>, tbb::blocked_range<int> >(tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>&, tbb::blocked_range<int>&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/partitioner.h:438
    #17 0x10789d84 in void tbb::interface9::internal::partition_type_base<tbb::interface9::internal::auto_partition_type>::execute<tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>, tbb::blocked_range<int> >(tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>&, tbb::blocked_range<int>&) /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/partitioner.h:256
    #18 0x107874d4 in tbb::interface9::internal::start_for<tbb::blocked_range<int>, RangeTask, tbb::auto_partitioner const>::execute() /home/jeroen/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for.h:142
    #19 0x3e12a14 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jeroen/blender-git/build_linux/bin/blender+0x3e12a14)
    #20 0x616000000007  (<unknown module>)

Thread T28 created by T24 here:
    #0 0x7fcb32d93805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    #1 0x3e0f855 in tbb::internal::rml::private_server::wake_some(int) (/home/jeroen/blender-git/build_linux/bin/blender+0x3e0f855)
    #2 0x62d00013417f  (<unknown module>)

Thread T24 created by T0 here:
    #0 0x7fcb32d93805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    #1 0x3e0f855 in tbb::internal::rml::private_server::wake_some(int) (/home/jeroen/blender-git/build_linux/bin/blender+0x3e0f855)
    #2 0x62d00013437f  (<unknown module>)

SUMMARY: AddressSanitizer: heap-use-after-free /home/jeroen/blender-git/blender/source/blender/blenkernel/intern/customdata.c:1989 in customData_free_layer__internal
Shadow bytes around the buggy address:
  0x0c2c800e4600: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800e4610: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800e4620: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800e4630: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800e4640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2c800e4650: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800e4660: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800e4670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800e4680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800e4690: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800e46a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==13197==ABORTING