Page MenuHome
Paste P911

T61473 ASAN
ActivePublic

Authored by Philipp Oeser (lichtwerk) on Feb 13 2019, 11:59 AM.
=================================================================
==4538==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020000d6218 at pc 0x000004c543e7 bp 0x7ffd32093900 sp 0x7ffd320938f0
WRITE of size 8 at 0x6020000d6218 thread T0
#0 0x4c543e6 in BLI_rng_seed /blender/source/blender/blenlib/intern/rand.c:85
#1 0x4c54464 in BLI_rng_srandom /blender/source/blender/blenlib/intern/rand.c:93
#2 0x3fc8065 in precalculate_effector /blender/source/blender/blenkernel/intern/effect.c:154
#3 0x3fc8aa1 in add_effector_evaluation /blender/source/blender/blenkernel/intern/effect.c:204
#4 0x3fc93f6 in BKE_effectors_create /blender/source/blender/blenkernel/intern/effect.c:291
#5 0x427a162 in psys_update_effectors /blender/source/blender/blenkernel/intern/particle_system.c:1296
#6 0x428dea5 in hair_step /blender/source/blender/blenkernel/intern/particle_system.c:3238
#7 0x4298a3a in particle_system_update /blender/source/blender/blenkernel/intern/particle_system.c:4303
#8 0x32746df in deformVerts /blender/source/blender/modifiers/intern/MOD_particlesystem.c:200
#9 0x4184da0 in modwrap_deformVerts /blender/source/blender/blenkernel/intern/modifier.c:843
#10 0x3dc9427 in mesh_calc_modifiers /blender/source/blender/blenkernel/intern/DerivedMesh.c:1236
#11 0x3dcfa8b in mesh_build_data /blender/source/blender/blenkernel/intern/DerivedMesh.c:2033
#12 0x3dd0506 in makeDerivedMesh /blender/source/blender/blenkernel/intern/DerivedMesh.c:2149
#13 0x421ad74 in BKE_object_handle_data_update /blender/source/blender/blenkernel/intern/object_update.c:182
#14 0x421c359 in BKE_object_eval_uber_data /blender/source/blender/blenkernel/intern/object_update.c:355
#15 0x4cf4cf1 in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/8/bits/invoke.h:60
#16 0x4cf295f in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/8/bits/invoke.h:95
#17 0x4ceffb6 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/8/functional:400
#18 0x4cebaf7 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/8/functional:484
#19 0x4ce613b in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/8/bits/std_function.h:297
#20 0x4d209a1 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/8/bits/std_function.h:687
#21 0x4d1ec56 in deg_task_run_func /blender/source/blender/depsgraph/intern/eval/deg_eval.cc:87
#22 0x4c875e6 in handle_local_queue /blender/source/blender/blenlib/intern/task.c:416
#23 0x4c875e6 in BLI_task_pool_work_and_wait /blender/source/blender/blenlib/intern/task.c:903
#24 0x4d20712 in DEG::deg_evaluate_on_refresh(DEG::Depsgraph*) /blender/source/blender/depsgraph/intern/eval/deg_eval.cc:320
#25 0x4cbe284 in DEG_evaluate_on_refresh /blender/source/blender/depsgraph/intern/depsgraph_eval.cc:62
#26 0x4307087 in BKE_scene_graph_update_tagged /blender/source/blender/blenkernel/intern/scene.c:1496
#27 0x1aea4c6 in wm_event_do_depsgraph /blender/source/blender/windowmanager/intern/wm_event_system.c:340
#28 0x1aea69b in wm_event_do_refresh_wm_and_depsgraph /blender/source/blender/windowmanager/intern/wm_event_system.c:365
#29 0x1aeb73a in wm_event_do_notifiers /blender/source/blender/windowmanager/intern/wm_event_system.c:523
#30 0x1ae0b83 in WM_main /blender/source/blender/windowmanager/intern/wm.c:420
#31 0x1ad6156 in main /blender/source/creator/creator.c:504
#32 0x7fa15ef20412 in __libc_start_main (/lib64/libc.so.6+0x24412)
#33 0x1ad569d in _start (/build_28_ASAN/bin/blender+0x1ad569d)
0x6020000d6218 is located 8 bytes inside of 16-byte region [0x6020000d6210,0x6020000d6220)
freed by thread T0 here:
#0 0x7fa162486480 in free (/lib64/libasan.so.5+0xef480)
#1 0x5164a52 in MEM_lockfree_freeN /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:155
#2 0x4c543a3 in BLI_rng_free /blender/source/blender/blenlib/intern/rand.c:80
#3 0x3fc7e2f in BKE_partdeflect_free /blender/source/blender/blenkernel/intern/effect.c:139
#4 0x4232f27 in BKE_particlesettings_free /blender/source/blender/blenkernel/intern/particle.c:450
#5 0x40b1783 in BKE_libblock_free_datablock /blender/source/blender/blenkernel/intern/library_remap.c:776
#6 0x4297a30 in particle_settings_free_local /blender/source/blender/blenkernel/intern/particle_system.c:4197
#7 0x4298860 in particle_system_update /blender/source/blender/blenkernel/intern/particle_system.c:4292
#8 0x32746df in deformVerts /blender/source/blender/modifiers/intern/MOD_particlesystem.c:200
#9 0x4184da0 in modwrap_deformVerts /blender/source/blender/blenkernel/intern/modifier.c:843
#10 0x3dc9427 in mesh_calc_modifiers /blender/source/blender/blenkernel/intern/DerivedMesh.c:1236
#11 0x3dcfa8b in mesh_build_data /blender/source/blender/blenkernel/intern/DerivedMesh.c:2033
#12 0x3dd0506 in makeDerivedMesh /blender/source/blender/blenkernel/intern/DerivedMesh.c:2149
#13 0x421ad74 in BKE_object_handle_data_update /blender/source/blender/blenkernel/intern/object_update.c:182
#14 0x421c359 in BKE_object_eval_uber_data /blender/source/blender/blenkernel/intern/object_update.c:355
#15 0x4cf4cf1 in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/8/bits/invoke.h:60
#16 0x4cf295f in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/8/bits/invoke.h:95
#17 0x4ceffb6 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/8/functional:400
#18 0x4cebaf7 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/8/functional:484
#19 0x4ce613b in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/8/bits/std_function.h:297
#20 0x4d209a1 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/8/bits/std_function.h:687
#21 0x4d1ec56 in deg_task_run_func /blender/source/blender/depsgraph/intern/eval/deg_eval.cc:87
#22 0x4c875e6 in handle_local_queue /blender/source/blender/blenlib/intern/task.c:416
#23 0x4c875e6 in BLI_task_pool_work_and_wait /blender/source/blender/blenlib/intern/task.c:903
#24 0x4d20712 in DEG::deg_evaluate_on_refresh(DEG::Depsgraph*) /blender/source/blender/depsgraph/intern/eval/deg_eval.cc:320
#25 0x4cbe284 in DEG_evaluate_on_refresh /blender/source/blender/depsgraph/intern/depsgraph_eval.cc:62
#26 0x4307087 in BKE_scene_graph_update_tagged /blender/source/blender/blenkernel/intern/scene.c:1496
#27 0x1aea4c6 in wm_event_do_depsgraph /blender/source/blender/windowmanager/intern/wm_event_system.c:340
#28 0x1aea69b in wm_event_do_refresh_wm_and_depsgraph /blender/source/blender/windowmanager/intern/wm_event_system.c:365
#29 0x1aeb73a in wm_event_do_notifiers /blender/source/blender/windowmanager/intern/wm_event_system.c:523
#30 0x1ae0b83 in WM_main /blender/source/blender/windowmanager/intern/wm.c:420
previously allocated by thread T17 here:
#0 0x7fa162486848 in __interceptor_malloc (/lib64/libasan.so.5+0xef848)
#1 0x51651e2 in MEM_lockfree_mallocN /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:309
#2 0x4c542e3 in BLI_rng_new /blender/source/blender/blenlib/intern/rand.c:59
#3 0x3fc7f81 in precalculate_effector /blender/source/blender/blenkernel/intern/effect.c:151
#4 0x3fc8aa1 in add_effector_evaluation /blender/source/blender/blenkernel/intern/effect.c:204
#5 0x3fc93f6 in BKE_effectors_create /blender/source/blender/blenkernel/intern/effect.c:291
#6 0x427a162 in psys_update_effectors /blender/source/blender/blenkernel/intern/particle_system.c:1296
#7 0x428dea5 in hair_step /blender/source/blender/blenkernel/intern/particle_system.c:3238
#8 0x4298a3a in particle_system_update /blender/source/blender/blenkernel/intern/particle_system.c:4303
#9 0x32746df in deformVerts /blender/source/blender/modifiers/intern/MOD_particlesystem.c:200
#10 0x4184da0 in modwrap_deformVerts /blender/source/blender/blenkernel/intern/modifier.c:843
#11 0x3dc9427 in mesh_calc_modifiers /blender/source/blender/blenkernel/intern/DerivedMesh.c:1236
#12 0x3dcfa8b in mesh_build_data /blender/source/blender/blenkernel/intern/DerivedMesh.c:2033
#13 0x3dd0506 in makeDerivedMesh /blender/source/blender/blenkernel/intern/DerivedMesh.c:2149
#14 0x421ad74 in BKE_object_handle_data_update /blender/source/blender/blenkernel/intern/object_update.c:182
#15 0x421c359 in BKE_object_eval_uber_data /blender/source/blender/blenkernel/intern/object_update.c:355
#16 0x4cf4cf1 in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/8/bits/invoke.h:60
#17 0x4cf295f in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/8/bits/invoke.h:95
#18 0x4ceffb6 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/8/functional:400
#19 0x4cebaf7 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/8/functional:484
#20 0x4ce613b in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/8/bits/std_function.h:297
#21 0x4d209a1 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/8/bits/std_function.h:687
#22 0x4d1ec56 in deg_task_run_func /blender/source/blender/depsgraph/intern/eval/deg_eval.cc:87
#23 0x4c832da in task_scheduler_thread_run /blender/source/blender/blenlib/intern/task.c:438
#24 0x7fa15f0d058d in start_thread (/lib64/libpthread.so.0+0x858d)
Thread T17 created by T0 here:
#0 0x7fa1623e3043 in __interceptor_pthread_create (/lib64/libasan.so.5+0x4c043)
#1 0x4c83c5b in BLI_task_scheduler_create /blender/source/blender/blenlib/intern/task.c:501
#2 0x4c8b4d1 in BLI_task_scheduler_get /blender/source/blender/blenlib/intern/threads.c:173
#3 0x4c89da4 in BLI_task_parallel_range /blender/source/blender/blenlib/intern/task.c:1109
#4 0x4d27983 in flush_prepare /blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:116
#5 0x4d27983 in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:371
#6 0x4cce769 in DEG_graph_flush_update /blender/source/blender/depsgraph/intern/depsgraph_tag.cc:707
#7 0x430707b in BKE_scene_graph_update_tagged /blender/source/blender/blenkernel/intern/scene.c:1492
#8 0x1aea4c6 in wm_event_do_depsgraph /blender/source/blender/windowmanager/intern/wm_event_system.c:340
#9 0x1b098d6 in wm_file_read_post /blender/source/blender/windowmanager/intern/wm_files.c:489
#10 0x1b0bb5d in wm_homefile_read /blender/source/blender/windowmanager/intern/wm_files.c:1005
#11 0x1b1dae7 in WM_init /blender/source/blender/windowmanager/intern/wm_init_exit.c:250
#12 0x1ad5faa in main /blender/source/creator/creator.c:429
#13 0x7fa15ef20412 in __libc_start_main (/lib64/libc.so.6+0x24412)
SUMMARY: AddressSanitizer: heap-use-after-free /blender/source/blender/blenlib/intern/rand.c:85 in BLI_rng_seed
Shadow bytes around the buggy address:
0x0c0480012bf0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x0c0480012c00: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x0c0480012c10: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x0c0480012c20: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x0c0480012c30: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fa
=>0x0c0480012c40: fa fa fd[fd]fa fa fd fa fa fa fd fa fa fa fd fa
0x0c0480012c50: fa fa fd fa fa fa fd fd fa fa fd fa fa fa fd fd
0x0c0480012c60: fa fa 00 00 fa fa fd fa fa fa fd fa fa fa fd fa
0x0c0480012c70: fa fa 00 00 fa fa 00 04 fa fa fd fa fa fa 00 00
0x0c0480012c80: fa fa 00 04 fa fa 00 04 fa fa 00 04 fa fa 00 fa
0x0c0480012c90: fa fa 00 00 fa fa 00 04 fa fa fd fa fa fa 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==4538==ABORTING