=================================================================
==364620==ERROR: AddressSanitizer: heap-use-after-free on address 0x61300097f530 at pc 0x5590b2f8a3c2 bp 0x7fff6d1f8b80 sp 0x7fff6d1f8b70
READ of size 2 at 0x61300097f530 thread T0
#0 0x5590b2f8a3c1 in blender::deg::deg_copy_on_write_is_needed(ID const*) /src/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1056
#1 0x5590b2f87fd4 in foreach_libblock_remap_callback /src/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:511
#2 0x5590b20d1f93 in BKE_lib_query_foreachid_process /src/blender/source/blender/blenkernel/intern/lib_query.c:87
#3 0x5590b1f87be7 in greasepencil_foreach_id /src/blender/source/blender/blenkernel/intern/gpencil.c:128
#4 0x5590b20d35d9 in library_foreach_ID_link /src/blender/source/blender/blenkernel/intern/lib_query.c:334
#5 0x5590b20d37a3 in BKE_library_foreach_ID_link /src/blender/source/blender/blenkernel/intern/lib_query.c:353
#6 0x5590b2f894bb in deg_expand_copy_on_write_datablock /src/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:834
#7 0x5590b2f8991d in blender::deg::deg_update_copy_on_write_datablock(blender::deg::Depsgraph const*, blender::deg::IDNode const*) /src/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:889
#8 0x5590b2f8a041 in blender::deg::deg_evaluate_copy_on_write(Depsgraph*, blender::deg::IDNode const*) /src/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1024
#9 0x5590b2edf38e in operator() /src/blender/source/blender/depsgraph/intern/builder/deg_builder_nodes.cc:174
#10 0x5590b2eff991 in __invoke_impl<void, blender::deg::DepsgraphNodeBuilder::add_id_node(ID*)::<lambda(Depsgraph*)>&, Depsgraph*> /usr/include/c++/11.2.0/bits/invoke.h:61
#11 0x5590b2efab3e in __invoke_r<void, blender::deg::DepsgraphNodeBuilder::add_id_node(ID*)::<lambda(Depsgraph*)>&, Depsgraph*> /usr/include/c++/11.2.0/bits/invoke.h:111
#12 0x5590b2ef790b in _M_invoke /usr/include/c++/11.2.0/bits/std_function.h:291
#13 0x5590b2f84dec in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/11.2.0/bits/std_function.h:560
#14 0x5590b2f82e1e in evaluate_node /src/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:102
#15 0x5590b2f82e68 in deg_task_run_func /src/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:113
#16 0x5590b6555328 in Task::operator()() const /src/blender/source/blender/blenlib/intern/task_pool.cc:164
#17 0x5590b6555531 in tbb_task_pool_run /src/blender/source/blender/blenlib/intern/task_pool.cc:213
#18 0x5590b65556c9 in tbb_task_pool_work_and_wait /src/blender/source/blender/blenlib/intern/task_pool.cc:226
#19 0x5590b65562c2 in BLI_task_pool_work_and_wait /src/blender/source/blender/blenlib/intern/task_pool.cc:486
#20 0x5590b2f83ecb in blender::deg::deg_evaluate_on_refresh(blender::deg::Depsgraph*) /src/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:377
#21 0x5590b2fc6c70 in deg_flush_updates_and_refresh /src/blender/source/blender/depsgraph/intern/depsgraph_eval.cc:44
#22 0x5590b2fc6e60 in DEG_evaluate_on_refresh /src/blender/source/blender/depsgraph/intern/depsgraph_eval.cc:68
#23 0x5590b2485471 in scene_graph_update_tagged /src/blender/source/blender/blenkernel/intern/scene.c:2573
#24 0x5590b2485582 in BKE_scene_graph_update_tagged /src/blender/source/blender/blenkernel/intern/scene.c:2622
#25 0x5590b17541ff in wm_event_do_depsgraph /src/blender/source/blender/windowmanager/intern/wm_event_system.c:377
#26 0x5590b1754479 in wm_event_do_refresh_wm_and_depsgraph /src/blender/source/blender/windowmanager/intern/wm_event_system.c:399
#27 0x5590b1755d69 in wm_event_do_notifiers /src/blender/source/blender/windowmanager/intern/wm_event_system.c:609
#28 0x5590b173fa20 in WM_main /src/blender/source/blender/windowmanager/intern/wm.c:625
#29 0x5590b17326a6 in main /src/blender/source/creator/creator.c:544
#30 0x7f191d83030f in __libc_start_call_main (/usr/lib/libc.so.6+0x2d30f)
#31 0x7f191d8303c0 in __libc_start_main@GLIBC_2.2.5 (/usr/lib/libc.so.6+0x2d3c0)
#32 0x5590b1731c64 in _start (/src/cmake_debug/bin/blender+0x4d73c64)
0x61300097f530 is located 48 bytes inside of 376-byte region [0x61300097f500,0x61300097f678)
freed by thread T0 here:
#0 0x7f191dfcda79 in __interceptor_free /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x5590b6566b18 in MEM_lockfree_freeN /src/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:116
#2 0x5590b20ad2df in BKE_id_free_ex /src/blender/source/blender/blenkernel/intern/lib_id_delete.c:162
#3 0x5590b20e937b in BKE_main_free /src/blender/source/blender/blenkernel/intern/main.c:60
#4 0x5590b1acda43 in BKE_blender_globals_clear /src/blender/source/blender/blenkernel/intern/blender.c:164
#5 0x5590b1ad2b38 in setup_app_data /src/blender/source/blender/blenkernel/intern/blendfile.c:291
#6 0x5590b1ad37c2 in setup_app_blend_file_data /src/blender/source/blender/blenkernel/intern/blendfile.c:446
#7 0x5590b1ad3a28 in BKE_blendfile_read_setup_ex /src/blender/source/blender/blenkernel/intern/blendfile.c:476
#8 0x5590b1ad3a73 in BKE_blendfile_read_setup /src/blender/source/blender/blenkernel/intern/blendfile.c:485
#9 0x5590b1ad0bc0 in BKE_memfile_undo_decode /src/blender/source/blender/blenkernel/intern/blender_undo.c:83
#10 0x5590b4e4f5b0 in memfile_undosys_step_decode /src/blender/source/blender/editors/undo/memfile_undo.c:210
#11 0x5590b2676aeb in undosys_step_decode /src/blender/source/blender/blenkernel/intern/undo_system.c:201
#12 0x5590b267a807 in BKE_undosys_step_load_data_ex /src/blender/source/blender/blenkernel/intern/undo_system.c:781
#13 0x5590b267ab25 in BKE_undosys_step_undo_with_data_ex /src/blender/source/blender/blenkernel/intern/undo_system.c:827
#14 0x5590b267ab54 in BKE_undosys_step_undo_with_data /src/blender/source/blender/blenkernel/intern/undo_system.c:832
#15 0x5590b267abd8 in BKE_undosys_step_undo /src/blender/source/blender/blenkernel/intern/undo_system.c:838
#16 0x5590b4e4a973 in ed_undo_step_direction /src/blender/source/blender/editors/undo/ed_undo.c:287
#17 0x5590b4e4bbba in ed_undo_exec /src/blender/source/blender/editors/undo/ed_undo.c:503
#18 0x5590b175a7c0 in wm_operator_invoke /src/blender/source/blender/windowmanager/intern/wm_event_system.c:1338
#19 0x5590b176024a in wm_handler_operator_call /src/blender/source/blender/windowmanager/intern/wm_event_system.c:2333
#20 0x5590b1762593 in wm_handlers_do_keymap_with_keymap_handler /src/blender/source/blender/windowmanager/intern/wm_event_system.c:2687
#21 0x5590b1764abf in wm_handlers_do_intern /src/blender/source/blender/windowmanager/intern/wm_event_system.c:3009
#22 0x5590b1765958 in wm_handlers_do /src/blender/source/blender/windowmanager/intern/wm_event_system.c:3150
#23 0x5590b1769626 in wm_event_do_handlers /src/blender/source/blender/windowmanager/intern/wm_event_system.c:3790
#24 0x5590b173fa14 in WM_main /src/blender/source/blender/windowmanager/intern/wm.c:622
#25 0x5590b17326a6 in main /src/blender/source/creator/creator.c:544
#26 0x7f191d83030f in __libc_start_call_main (/usr/lib/libc.so.6+0x2d30f)
previously allocated by thread T0 here:
#0 0x7f191dfcdfb9 in __interceptor_calloc /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x5590b656708a in MEM_lockfree_callocN /src/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:222
#2 0x5590b20a4e6d in BKE_libblock_alloc_notest /src/blender/source/blender/blenkernel/intern/lib_id.c:1042
#3 0x5590b20a5000 in BKE_libblock_alloc /src/blender/source/blender/blenkernel/intern/lib_id.c:1054
#4 0x5590b20a591c in BKE_id_new /src/blender/source/blender/blenkernel/intern/lib_id.c:1162
#5 0x5590b211a42c in BKE_material_add /src/blender/source/blender/blenkernel/intern/material.c:292
#6 0x5590b211a459 in BKE_gpencil_material_add /src/blender/source/blender/blenkernel/intern/material.c:301
#7 0x5590b1f9145e in BKE_gpencil_object_material_new /src/blender/source/blender/blenkernel/intern/gpencil.c:1725
#8 0x5590b1f949c5 in BKE_gpencil_object_material_ensure_by_name /src/blender/source/blender/blenkernel/intern/gpencil.c:2215
#9 0x5590b44d31e7 in gpencil_stroke_material /src/blender/source/blender/editors/gpencil/gpencil_add_stroke.c:40
#10 0x5590b44d351f in ED_gpencil_create_stroke /src/blender/source/blender/editors/gpencil/gpencil_add_stroke.c:199
#11 0x5590b487009f in object_gpencil_add_exec /src/blender/source/blender/editors/object/object_add.cc:1370
#12 0x5590b175a7c0 in wm_operator_invoke /src/blender/source/blender/windowmanager/intern/wm_event_system.c:1338
#13 0x5590b175b738 in wm_operator_call_internal /src/blender/source/blender/windowmanager/intern/wm_event_system.c:1531
#14 0x5590b175b95f in WM_operator_name_call_ptr /src/blender/source/blender/windowmanager/intern/wm_event_system.c:1578
#15 0x5590b175c6a2 in WM_operator_name_call_ptr_with_depends_on_cursor /src/blender/source/blender/windowmanager/intern/wm_event_system.c:1766
#16 0x5590b270e184 in ui_apply_but_funcs_after /src/blender/source/blender/editors/interface/interface_handlers.c:1009
#17 0x5590b2762b3b in ui_popup_handler /src/blender/source/blender/editors/interface/interface_handlers.c:11473
#18 0x5590b1756376 in wm_handler_ui_call /src/blender/source/blender/windowmanager/intern/wm_event_system.c:695
#19 0x5590b1764ce7 in wm_handlers_do_intern /src/blender/source/blender/windowmanager/intern/wm_event_system.c:3030
#20 0x5590b1765958 in wm_handlers_do /src/blender/source/blender/windowmanager/intern/wm_event_system.c:3150
#21 0x5590b176904e in wm_event_do_handlers /src/blender/source/blender/windowmanager/intern/wm_event_system.c:3708
#22 0x5590b173fa14 in WM_main /src/blender/source/blender/windowmanager/intern/wm.c:622
#23 0x5590b17326a6 in main /src/blender/source/creator/creator.c:544
#24 0x7f191d83030f in __libc_start_call_main (/usr/lib/libc.so.6+0x2d30f)
SUMMARY: AddressSanitizer: heap-use-after-free /src/blender/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc:1056 in blender::deg::deg_copy_on_write_is_needed(ID const*)
Shadow bytes around the buggy address:
0x0c2680127e50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2680127e60: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c2680127e70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2680127e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2680127e90: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
=>0x0c2680127ea0: fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd
0x0c2680127eb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2680127ec0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c2680127ed0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c2680127ee0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2680127ef0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==364620==ABORTING
fish: Job 1, '/src/blender/blender.bin' terminated by signal SIGABRT (Abort)