==24701==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070005f39b0 at pc 0x00000fb75944 bp 0x7f1103a76340 sp 0x7f1103a76330 WRITE of size 8 at 0x6070005f39b0 thread T98 #0 0xfb75943 in remlink /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1073 #1 0xfb75bbd in rem_memblock /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1084 #2 0xfb7522d in MEM_guarded_freeN /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1003 #3 0xfb71fad in MEM_guarded_reallocN_id /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:392 #4 0x2b09dc3 in BKE_pbvh_node_add_proxy /home/jacques/blender-git/blender/source/blender/blenkernel/intern/pbvh.c:2842 #5 0x690e41b in do_draw_brush_task_cb_ex /home/jacques/blender-git/blender/source/blender/editors/sculpt_paint/sculpt.c:2766 #6 0x2b44f7a in PBVHTask::operator()(tbb::blocked_range const&) const (/home/jacques/blender-git/build_linux/bin/blender+0x2b44f7a) #7 0x2b55f4e in tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>::run_body(tbb::blocked_range&) (/home/jacques/blender-git/build_linux/bin/blender+0x2b55f4e) #8 0x2b53b29 in void tbb::interface9::internal::dynamic_grainsize_mode >::work_balance, PBVHTask, tbb::auto_partitioner const>, tbb::blocked_range >(tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>&, tbb::blocked_range&) (/home/jacques/blender-git/build_linux/bin/blender+0x2b53b29) #9 0x2b52535 in void tbb::interface9::internal::partition_type_base::execute, PBVHTask, tbb::auto_partitioner const>, tbb::blocked_range >(tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>&, tbb::blocked_range&) (/home/jacques/blender-git/build_linux/bin/blender+0x2b52535) #10 0x2b4fde2 in tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>::execute() (/home/jacques/blender-git/build_linux/bin/blender+0x2b4fde2) #11 0x392e4f4 in tbb::internal::custom_scheduler::process_bypass_loop(tbb::internal::context_guard_helper&, tbb::task*, long) (/home/jacques/blender-git/build_linux/bin/blender+0x392e4f4) #12 0x392fbc4 in tbb::internal::custom_scheduler::local_wait_for_all(tbb::task&, tbb::task*) (/home/jacques/blender-git/build_linux/bin/blender+0x392fbc4) #13 0x391f6d7 in tbb::internal::arena::process(tbb::internal::generic_scheduler&) (/home/jacques/blender-git/build_linux/bin/blender+0x391f6d7) #14 0x3929782 in tbb::internal::market::process(rml::job&) (/home/jacques/blender-git/build_linux/bin/blender+0x3929782) #15 0x392b585 in tbb::internal::rml::private_worker::run() (/home/jacques/blender-git/build_linux/bin/blender+0x392b585) #16 0x392b7c8 in tbb::internal::rml::private_worker::thread_routine(void*) (/home/jacques/blender-git/build_linux/bin/blender+0x392b7c8) #17 0x7f1166ad1421 in start_thread (/usr/lib/libpthread.so.0+0x9421) #18 0x7f1166698b82 in __GI___clone (/usr/lib/libc.so.6+0xffb82) 0x6070005f39b0 is located 16 bytes inside of 72-byte region [0x6070005f39a0,0x6070005f39e8) freed by thread T0 here: #0 0x7f1166ba10e9 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:123 #1 0xfb764b9 in rem_memblock /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1117 #2 0xfb7522d in MEM_guarded_freeN /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1003 #3 0xfb71fad in MEM_guarded_reallocN_id /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:392 #4 0x2b09dc3 in BKE_pbvh_node_add_proxy /home/jacques/blender-git/blender/source/blender/blenkernel/intern/pbvh.c:2842 #5 0x690e41b in do_draw_brush_task_cb_ex /home/jacques/blender-git/blender/source/blender/editors/sculpt_paint/sculpt.c:2766 #6 0x2b44f7a in PBVHTask::operator()(tbb::blocked_range const&) const (/home/jacques/blender-git/build_linux/bin/blender+0x2b44f7a) #7 0x2b55f4e in tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>::run_body(tbb::blocked_range&) (/home/jacques/blender-git/build_linux/bin/blender+0x2b55f4e) #8 0x2b53b29 in void tbb::interface9::internal::dynamic_grainsize_mode >::work_balance, PBVHTask, tbb::auto_partitioner const>, tbb::blocked_range >(tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>&, tbb::blocked_range&) (/home/jacques/blender-git/build_linux/bin/blender+0x2b53b29) #9 0x2b52535 in void tbb::interface9::internal::partition_type_base::execute, PBVHTask, tbb::auto_partitioner const>, tbb::blocked_range >(tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>&, tbb::blocked_range&) (/home/jacques/blender-git/build_linux/bin/blender+0x2b52535) #10 0x2b4fde2 in tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>::execute() (/home/jacques/blender-git/build_linux/bin/blender+0x2b4fde2) #11 0x392e4f4 in tbb::internal::custom_scheduler::process_bypass_loop(tbb::internal::context_guard_helper&, tbb::task*, long) (/home/jacques/blender-git/build_linux/bin/blender+0x392e4f4) #12 0x613000a8dd77 () previously allocated by thread T85 here: #0 0x7f1166ba1459 in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0xfb72c3a in MEM_guarded_mallocN /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:514 #2 0x2b09e82 in BKE_pbvh_node_add_proxy /home/jacques/blender-git/blender/source/blender/blenkernel/intern/pbvh.c:2845 #3 0x690e41b in do_draw_brush_task_cb_ex /home/jacques/blender-git/blender/source/blender/editors/sculpt_paint/sculpt.c:2766 #4 0x2b44f7a in PBVHTask::operator()(tbb::blocked_range const&) const (/home/jacques/blender-git/build_linux/bin/blender+0x2b44f7a) #5 0x2b55f4e in tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>::run_body(tbb::blocked_range&) (/home/jacques/blender-git/build_linux/bin/blender+0x2b55f4e) #6 0x2b53b29 in void tbb::interface9::internal::dynamic_grainsize_mode >::work_balance, PBVHTask, tbb::auto_partitioner const>, tbb::blocked_range >(tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>&, tbb::blocked_range&) (/home/jacques/blender-git/build_linux/bin/blender+0x2b53b29) #7 0x2b52535 in void tbb::interface9::internal::partition_type_base::execute, PBVHTask, tbb::auto_partitioner const>, tbb::blocked_range >(tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>&, tbb::blocked_range&) (/home/jacques/blender-git/build_linux/bin/blender+0x2b52535) #8 0x2b4fde2 in tbb::interface9::internal::start_for, PBVHTask, tbb::auto_partitioner const>::execute() (/home/jacques/blender-git/build_linux/bin/blender+0x2b4fde2) #9 0x392e4f4 in tbb::internal::custom_scheduler::process_bypass_loop(tbb::internal::context_guard_helper&, tbb::task*, long) (/home/jacques/blender-git/build_linux/bin/blender+0x392e4f4) #10 0x62d001d180ff () Thread T98 created by T90 here: #0 0x7f1166b471c7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:214 #1 0x392b335 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x392b335) #2 0x60c00024fe7f () Thread T90 created by T85 here: #0 0x7f1166b471c7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:214 #1 0x392b335 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x392b335) #2 0x62d001d1817f () Thread T85 created by T0 here: #0 0x7f1166b471c7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:214 #1 0x392b335 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x392b335) #2 0x62d001d1837f () SUMMARY: AddressSanitizer: heap-use-after-free /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1073 in remlink Shadow bytes around the buggy address: 0x0c0e800b66e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800b66f0: fa fa fa fa fa fa fa fa fa fa fa fa fd fd fd fd 0x0c0e800b6700: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd 0x0c0e800b6710: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd 0x0c0e800b6720: fd fa fa fa fa fa fd fd fd fd fd fd fd fd fd fa =>0x0c0e800b6730: fa fa fa fa fd fd[fd]fd fd fd fd fd fd fa fa fa 0x0c0e800b6740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800b6750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800b6760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800b6770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800b6780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==24701==ABORTING ==24951==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0002686d8 at pc 0x00000fb7581a bp 0x7f853dadfaa0 sp 0x7f853dadfa90 WRITE of size 8 at 0x60c0002686d8 thread T84 #0 0xfb75819 in remlink /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1071 #1 0xfb75bbd in rem_memblock /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1084 #2 0xfb7522d in MEM_guarded_freeN /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1003 #3 0x2b4492a in PBVHTask::~PBVHTask() (/home/jacques/blender-git/build_linux/bin/blender+0x2b4492a) #4 0x2b5b5e7 in tbb::interface9::internal::finish_reduce::~finish_reduce() (/home/jacques/blender-git/build_linux/bin/blender+0x2b5b5e7) #5 0x392e651 in tbb::internal::custom_scheduler::process_bypass_loop(tbb::internal::context_guard_helper&, tbb::task*, long) (/home/jacques/blender-git/build_linux/bin/blender+0x392e651) #6 0x392fbc4 in tbb::internal::custom_scheduler::local_wait_for_all(tbb::task&, tbb::task*) (/home/jacques/blender-git/build_linux/bin/blender+0x392fbc4) #7 0x391f6d7 in tbb::internal::arena::process(tbb::internal::generic_scheduler&) (/home/jacques/blender-git/build_linux/bin/blender+0x391f6d7) #8 0x3929782 in tbb::internal::market::process(rml::job&) (/home/jacques/blender-git/build_linux/bin/blender+0x3929782) #9 0x392b585 in tbb::internal::rml::private_worker::run() (/home/jacques/blender-git/build_linux/bin/blender+0x392b585) #10 0x392b7c8 in tbb::internal::rml::private_worker::thread_routine(void*) (/home/jacques/blender-git/build_linux/bin/blender+0x392b7c8) #11 0x7f859cd7a421 in start_thread (/usr/lib/libpthread.so.0+0x9421) #12 0x7f859c941b82 in __GI___clone (/usr/lib/libc.so.6+0xffb82) 0x60c0002686d8 is located 24 bytes inside of 128-byte region [0x60c0002686c0,0x60c000268740) freed by thread T0 here: #0 0x7f859ce4a0e9 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:123 #1 0xfb764b9 in rem_memblock /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1117 #2 0xfb7522d in MEM_guarded_freeN /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1003 #3 0x2b4492a in PBVHTask::~PBVHTask() (/home/jacques/blender-git/build_linux/bin/blender+0x2b4492a) #4 0x2b5b5e7 in tbb::interface9::internal::finish_reduce::~finish_reduce() (/home/jacques/blender-git/build_linux/bin/blender+0x2b5b5e7) #5 0x392e651 in tbb::internal::custom_scheduler::process_bypass_loop(tbb::internal::context_guard_helper&, tbb::task*, long) (/home/jacques/blender-git/build_linux/bin/blender+0x392e651) #6 0x7fffe0d641cf ([stack]+0x211cf) previously allocated by thread T94 here: #0 0x7f859ce4a459 in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0xfb72c3a in MEM_guarded_mallocN /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:514 #2 0x2b44a8e in PBVHTask::init_chunk(void*) (/home/jacques/blender-git/build_linux/bin/blender+0x2b44a8e) #3 0x2b44836 in PBVHTask::PBVHTask(PBVHTask&, tbb::split) (/home/jacques/blender-git/build_linux/bin/blender+0x2b44836) #4 0x2b5044a in tbb::interface9::internal::start_reduce, PBVHTask, tbb::auto_partitioner const>::execute() (/home/jacques/blender-git/build_linux/bin/blender+0x2b5044a) #5 0x392e4f4 in tbb::internal::custom_scheduler::process_bypass_loop(tbb::internal::context_guard_helper&, tbb::task*, long) (/home/jacques/blender-git/build_linux/bin/blender+0x392e4f4) #6 0x62d001f15aff () Thread T84 created by T0 here: #0 0x7f859cdf01c7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:214 #1 0x392b335 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x392b335) #2 0x60c00047ab7f () Thread T94 created by T87 here: #0 0x7f859cdf01c7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:214 #1 0x392b335 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x392b335) #2 0x62d001f15f7f () Thread T87 created by T85 here: #0 0x7f859cdf01c7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:214 #1 0x392b335 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x392b335) #2 0x60c000450f3f () Thread T85 created by T0 here: #0 0x7f859cdf01c7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:214 #1 0x392b335 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x392b335) #2 0x62d001f1637f () SUMMARY: AddressSanitizer: heap-use-after-free /home/jacques/blender-git/blender/intern/guardedalloc/intern/mallocn_guarded_impl.c:1071 in remlink Shadow bytes around the buggy address: 0x0c1880045080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1880045090: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c18800450a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c18800450b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c18800450c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c18800450d0: fa fa fa fa fa fa fa fa fd fd fd[fd]fd fd fd fd 0x0c18800450e0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x0c18800450f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1880045100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1880045110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1880045120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==24951==ABORTING