Crash when using to_mesh() on a depsgraph object in a driver
Needs Triage, NormalPublic
Actions

Description

System Information
Operating system: Windows-10-10.0.19041-SP0 64 Bits
Graphics card: GeForce GTX 1080/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 457.30

Blender Version
Broken: version: 2.91.0, branch: master, commit date: 2020-11-25 08:34, hash: rB0f45cab862b8

Short description of error
Blender crashes when we use the following driver for a bone's X position:

def Test(self, depsgraph):
    cube = depsgraph.objects.get("Cube")
    mesh = cube.to_mesh()
    result = mesh.vertices[0].co.x
    return result

# Test(self, depsgraph)
bpy.app.driver_namespace["Test"] = Test

Exact steps for others to reproduce the error

Open the attached .blend file
Run the driver.py script
In the Driver window, highlight the Expression: Test(self, depsgraph) and press Enter
Scrub the timeline

crashTest.blend773 KBDownload

Event Timeline

Kevin Hays (haysk) created this task.Dec 24 2020, 11:42 PM

Kevin Hays (haysk) updated the task description. (Show Details)

I can reproduce a crash, but I'm not sure if this use of the Python API in the driver is permitted. I'm confirming this for now, so that the Data, Assets & I/O module can take a closer look.

==19863==ERROR: AddressSanitizer: heap-use-after-free on address 0x61c0000548b0 at pc 0x000018f10dd5 bp 0x7fffffffb680 sp 0x7fffffffb670
READ of size 1 at 0x61c0000548b0 thread T0
    #0 0x18f10dd4 in BLI_strnlen /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/string.c:854
    #1 0x18f0c766 in BLI_strncpy /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/string.c:109
    #2 0x4ebd47f in mesh_new_from_mesh /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh_convert.c:1191
    #3 0x4ebdc31 in mesh_new_from_mesh_object /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh_convert.c:1229
    #4 0x4ebdd2e in BKE_mesh_new_from_object /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh_convert.c:1245
    #5 0x39d698d in BKE_object_to_mesh /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object.c:5446
    #6 0x7346e9f in rna_Object_to_mesh /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_object_api.c:399
    #7 0x73669f7 in Object_to_mesh_call /home/dev/01-data/01-git/blender-git/build_linux_debug_full/source/blender/makesrna/intern/rna_object_gen.c:3384
    #8 0x6de6495 in RNA_function_call /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access.c:7527
    #9 0x783f49a in pyrna_func_call /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_rna.c:6315
    #10 0x1753e566 in _PyObject_FastCallKeywords Objects/call.c:199
    #11 0x3518642 in call_function Python/ceval.c:4619
    #12 0x351f1f0 in _PyEval_EvalFrameDefault Python/ceval.c:3093
    #13 0x35173fa in function_code_fastcall Objects/call.c:283
    #14 0x3518694 in call_function Python/ceval.c:4616
    #15 0x351cd63 in _PyEval_EvalFrameDefault Python/ceval.c:3124
    #16 0x175df31c in _PyEval_EvalCodeWithName Python/ceval.c:3930
    #17 0x175df59d in PyEval_EvalCodeEx Python/ceval.c:3959
    #18 0x175df5ca in PyEval_EvalCode Python/ceval.c:524
    #19 0x77ffca6 in BPY_driver_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_driver.c:653
    #20 0x4dd8ecc in evaluate_driver_python /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/fcurve_driver.c:1263
    #21 0x4dd90e2 in evaluate_driver /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/fcurve_driver.c:1300
    #22 0x4dc9dd4 in evaluate_fcurve_driver /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/fcurve.c:2150
    #23 0x4dca329 in calculate_fcurve /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/fcurve.c:2206
    #24 0x4b56558 in BKE_animsys_eval_driver /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/anim_sys.c:2962
    #25 0x1747795c in void std::__invoke_impl<void, void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*, ID*&, int&, FCurve*&>(std::__invoke_other, void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*&&, ID*&, int&, FCurve*&) /usr/include/c++/9/bits/invoke.h:60
    #26 0x1746fe3e in std::__invoke_result<void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*, ID*&, int&, FCurve*&>::type std::__invoke<void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*, ID*&, int&, FCurve*&>(void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*&&, ID*&, int&, FCurve*&) /usr/include/c++/9/bits/invoke.h:95
    #27 0x17464481 in void std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul, 3ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul, 3ul>) /usr/include/c++/9/functional:400
    #28 0x17458959 in void std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/9/functional:484
    #29 0x1744daf3 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/9/bits/std_function.h:300
    #30 0x173c0b3a in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/9/bits/std_function.h:688
    #31 0x173bc0a9 in evaluate_node /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:113
    #32 0x173bc0f8 in deg_task_run_func /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:124
    #33 0x18f5cd00 in Task::operator()() const::{lambda()#1}::operator()() const /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:118
    #34 0x18f5e173 in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:93
    #35 0x4fa0844 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x4fa0844)
    #36 0x18f5d3d0 in void tbb::interface7::internal::isolate_impl<void, Task::operator()() const::{lambda()#1} const>(Task::operator()() const::{lambda()#1} const&) /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:160
    #37 0x18f5d07a in tbb::interface7::internal::return_type_or_void<Task::operator()() const::{lambda()#1}>::type tbb::interface7::this_task_arena::isolate<Task::operator()() const::{lambda()#1}>(tbb::interface7::internal::return_type_or_void const&) /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:395
    #38 0x18f5cdd1 in Task::operator()() const /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:118
    #39 0x18f5e013 in tbb::internal::function_task<Task>::execute() /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task.h:1048
    #40 0x4fadf44 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x4fadf44)
    #41 0x4fae1fa in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x4fae1fa)
    #42 0x389bf3b in tbb::task::wait_for_all() /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task.h:809
    #43 0x68957e6 in tbb::internal::task_group_base::wait() /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_group.h:168
    #44 0x18f5a876 in tbb_task_pool_work_and_wait /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:250
    #45 0x18f5be2e in BLI_task_pool_work_and_wait /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:499
    #46 0x173be9e1 in blender::deg::deg_evaluate_on_refresh(blender::deg::Depsgraph*) /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:397
    #47 0x172dd1c2 in deg_flush_updates_and_refresh /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/depsgraph_eval.cc:58
    #48 0x172dd432 in DEG_evaluate_on_framechange /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/depsgraph_eval.cc:82
    #49 0x3bf086e in BKE_scene_graph_update_for_newframe /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/scene.c:2682
    #50 0x7954b24 in ED_update_for_newframe /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/screen/screen_edit.c:1616
    #51 0x7992144 in screen_animation_step_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/screen/screen_ops.c:4547
    #52 0x4fd6225 in wm_operator_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1300
    #53 0x4fde5ec in wm_handler_operator_call /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2141
    #54 0x4fe213b in wm_handlers_do_keymap_with_keymap_handler /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2466
    #55 0x4fe58ee in wm_handlers_do_intern /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2762
    #56 0x4fe6b7c in wm_handlers_do /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2886
    #57 0x4fed203 in wm_event_do_handlers /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:3417
    #58 0x4fb9a8f in WM_main /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm.c:635
    #59 0x3521cfa in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:522
    #60 0x7ffff6e4b0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #61 0x3520ead in _start (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x3520ead)

0x61c0000548b0 is located 48 bytes inside of 1800-byte region [0x61c000054880,0x61c000054f88)
freed by thread T11 here:
    #0 0x7ffff76927cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
    #1 0x18f9c230 in MEM_lockfree_freeN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:129
    #2 0x381990a in BKE_mesh_eval_delete /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:991
    #3 0x39a826d in BKE_object_free_derived_caches /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object.c:1563
    #4 0x4b031e0 in mesh_build_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:1856
    #5 0x4b04f91 in makeDerivedMesh /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:2020
    #6 0x39f830e in BKE_object_handle_data_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:193
    #7 0x39fb0b4 in BKE_object_eval_uber_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:385
    #8 0x17476e99 in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:60
    #9 0x1746f395 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:95
    #10 0x17463398 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/9/functional:400
    #11 0x17457ad9 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/9/functional:484
    #12 0x1744cc73 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/9/bits/std_function.h:300
    #13 0x173c0b3a in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/9/bits/std_function.h:688
    #14 0x173bc0a9 in evaluate_node /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:113
    #15 0x173bc0f8 in deg_task_run_func /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:124
    #16 0x18f5cd00 in Task::operator()() const::{lambda()#1}::operator()() const /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:118
    #17 0x18f5e173 in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:93
    #18 0x4fa0844 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x4fa0844)
    #19 0x7fffca0cba3f  (<unknown module>)

previously allocated by thread T12 here:
    #0 0x7ffff7692dc6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
    #1 0x18f9c91f in MEM_lockfree_callocN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:235
    #2 0x37640e2 in BKE_libblock_alloc_notest /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/lib_id.c:1042
    #3 0x3764246 in BKE_libblock_alloc /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/lib_id.c:1060
    #4 0x3765392 in BKE_libblock_copy_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/lib_id.c:1234
    #5 0x375feba in BKE_id_copy_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/lib_id.c:589
    #6 0x381996e in BKE_mesh_copy_for_eval /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1002
    #7 0x4afcef8 in mesh_calc_modifiers /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:1371
    #8 0x4b032c8 in mesh_build_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:1872
    #9 0x4b04f91 in makeDerivedMesh /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:2020
    #10 0x39f830e in BKE_object_handle_data_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:193
    #11 0x39fb0b4 in BKE_object_eval_uber_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:385
    #12 0x17476e99 in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:60
    #13 0x1746f395 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:95
    #14 0x17463398 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/9/functional:400
    #15 0x17457ad9 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/9/functional:484
    #16 0x1744cc73 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/9/bits/std_function.h:300
    #17 0x173c0b3a in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/9/bits/std_function.h:688
    #18 0x173bc0a9 in evaluate_node /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:113
    #19 0x173bc0f8 in deg_task_run_func /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:124
    #20 0x18f5cd00 in Task::operator()() const::{lambda()#1}::operator()() const /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:118
    #21 0x18f5e173 in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:93
    #22 0x4fa0844 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x4fa0844)
    #23 0x7fffc9ccaa3f  (<unknown module>)

Thread T11 created by T0 here:
    #0 0x7ffff75bf805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    #1 0x4fa9bb8 in tbb::internal::rml::private_server::wake_some(int) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x4fa9bb8)
    #2 0x62d00016637f  (<unknown module>)

Thread T12 created by T10 here:
    #0 0x7ffff75bf805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    #1 0x4fa9bb8 in tbb::internal::rml::private_server::wake_some(int) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x4fa9bb8)
    #2 0x76fff  (<unknown module>)

Thread T10 created by T0 here:
    #0 0x7ffff75bf805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    #1 0x4fa9bb8 in tbb::internal::rml::private_server::wake_some(int) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x4fa9bb8)
    #2 0x60c00005793f  (<unknown module>)

SUMMARY: AddressSanitizer: heap-use-after-free /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/string.c:854 in BLI_strnlen
Shadow bytes around the buggy address:
  0x0c38800028c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c38800028d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c38800028e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c38800028f0: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880002900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c3880002910: fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd
  0x0c3880002920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3880002930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3880002940: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3880002950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3880002960: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc

Robert Guetzkow (rjg) changed the task status from Needs Triage to Confirmed.Dec 27 2020, 4:39 PM

This can crash in several different places... Here is another ASAN backtrace:

=================================================================
==37951==ERROR: AddressSanitizer: heap-use-after-free on address 0x61c0000d69c0 at pc 0x00001071a69b bp 0x7fae80e95e20 sp 0x7fae80e95e18
READ of size 8 at 0x61c0000d69c0 thread T24
    #0 0x1071a69a in mesh_new_from_mesh_object /home/guest/blender/src/source/blender/blenkernel/intern/mesh_convert.c:1226
    #1 0x1071a90c in BKE_mesh_new_from_object /home/guest/blender/src/source/blender/blenkernel/intern/mesh_convert.c:1245
    #2 0x109eb282 in BKE_object_to_mesh /home/guest/blender/src/source/blender/blenkernel/intern/object.c:5446
    #3 0x13f519e6 in rna_Object_to_mesh /home/guest/blender/src/source/blender/makesrna/intern/rna_object_api.c:399
    #4 0x13f6fecb in Object_to_mesh_call source/blender/makesrna/intern/rna_object_gen.c:3384
    #5 0x139f4539 in RNA_function_call /home/guest/blender/src/source/blender/makesrna/intern/rna_access.c:7527
    #6 0x1443f979 in pyrna_func_call /home/guest/blender/src/source/blender/python/intern/bpy_rna.c:6315
    #7 0x7faeca892bef in _PyObject_MakeTpCall (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0xc7bef)
    #8 0x7faeca8432e1 in _PyEval_EvalFrameDefault (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x782e1)
    #9 0x7faeca83a022  (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x6f022)
    #10 0x7faeca841105 in _PyEval_EvalFrameDefault (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x76105)
    #11 0x7faeca96f5cb  (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x1a45cb)
    #12 0x7faeca96f91d in _PyEval_EvalCodeWithName (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x1a491d)
    #13 0x7faeca96f96d in PyEval_EvalCodeEx (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x1a496d)
    #14 0x7faeca96af6a in PyEval_EvalCode (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x19ff6a)
    #15 0x143d3d6d in BPY_driver_exec /home/guest/blender/src/source/blender/python/intern/bpy_driver.c:653
    #16 0x10425c0f in evaluate_driver_python /home/guest/blender/src/source/blender/blenkernel/intern/fcurve_driver.c:1263
    #17 0x10425e20 in evaluate_driver /home/guest/blender/src/source/blender/blenkernel/intern/fcurve_driver.c:1300
    #18 0x10416e9a in evaluate_fcurve_driver /home/guest/blender/src/source/blender/blenkernel/intern/fcurve.c:2150
    #19 0x104173e7 in calculate_fcurve /home/guest/blender/src/source/blender/blenkernel/intern/fcurve.c:2206
    #20 0x1015bede in BKE_animsys_eval_driver /home/guest/blender/src/source/blender/blenkernel/intern/anim_sys.c:2962
    #21 0x28d1b82b in void std::__invoke_impl<void, void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*, ID*&, int&, FCurve*&>(std::__invoke_other, void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*&&, ID*&, int&, FCurve*&) /usr/include/c++/10/bits/invoke.h:60
    #22 0x28d16de6 in std::__invoke_result<void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*, ID*&, int&, FCurve*&>::type std::__invoke<void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*, ID*&, int&, FCurve*&>(void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*&&, ID*&, int&, FCurve*&) /usr/include/c++/10/bits/invoke.h:95
    #23 0x28d0fbcc in void std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul, 3ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul, 3ul>) /usr/include/c++/10/functional:416
    #24 0x28d0836a in void std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/10/functional:499
    #25 0x28cff1cf in void std::__invoke_impl<void, std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>&, Depsgraph*>(std::__invoke_other, std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:60
    #26 0x28cf4c91 in std::enable_if<is_invocable_r_v<void, std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>&, Depsgraph*>, void>::type std::__invoke_r<void, std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>&, Depsgraph*>(std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:110
    #27 0x28cec453 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/10/bits/std_function.h:291
    #28 0x28e2c698 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/10/bits/std_function.h:622
    #29 0x28e27da7 in evaluate_node /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:113
    #30 0x28e27df1 in deg_task_run_func /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:124
    #31 0x2959387e in Task::operator()() const::{lambda()#1}::operator()() const /home/guest/blender/src/source/blender/blenlib/intern/task_pool.cc:118
    #32 0x29594b32 in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /usr/include/tbb/task_arena.h:96
    #33 0x7faecd3e3554 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/lib/x86_64-linux-gnu/libtbb.so.2+0x25554)
    #34 0x29593e6b in void tbb::interface7::internal::isolate_impl<void, Task::operator()() const::{lambda()#1} const>(Task::operator()() const::{lambda()#1} const&) /usr/include/tbb/task_arena.h:216
    #35 0x29593b5b in tbb::interface7::internal::return_type_or_void<Task::operator()() const::{lambda()#1}>::type tbb::interface7::this_task_arena::isolate<Task::operator()() const::{lambda()#1}>(tbb::interface7::internal::return_type_or_void const&) /usr/include/tbb/task_arena.h:472
    #36 0x29593936 in Task::operator()() const /home/guest/blender/src/source/blender/blenlib/intern/task_pool.cc:118
    #37 0x295949d9 in tbb::internal::function_task<Task>::execute() /usr/include/tbb/task.h:1059
    #38 0x7faecd3e9494  (/lib/x86_64-linux-gnu/libtbb.so.2+0x2b494)
    #39 0x7faecd3e97ca  (/lib/x86_64-linux-gnu/libtbb.so.2+0x2b7ca)
    #40 0x7faecd3e3266  (/lib/x86_64-linux-gnu/libtbb.so.2+0x25266)
    #41 0x7faecd3e18ef  (/lib/x86_64-linux-gnu/libtbb.so.2+0x238ef)
    #42 0x7faecd3dde5b  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fe5b)
    #43 0x7faecd3de0b8  (/lib/x86_64-linux-gnu/libtbb.so.2+0x200b8)
    #44 0x7faecd3a4ea6 in start_thread nptl/pthread_create.c:477
    #45 0x7faec6de1d8e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfdd8e)

0x61c0000d69c0 is located 320 bytes inside of 1800-byte region [0x61c0000d6880,0x61c0000d6f88)
freed by thread T35 here:
    #0 0x7faecd4acb6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
    #1 0x295ceeaa in MEM_lockfree_freeN /home/guest/blender/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:129
    #2 0x106f3293 in BKE_mesh_eval_delete /home/guest/blender/src/source/blender/blenkernel/intern/mesh.c:989
    #3 0x109bd74d in BKE_object_free_derived_caches /home/guest/blender/src/source/blender/blenkernel/intern/object.c:1563
    #4 0x103ceafb in mesh_build_data /home/guest/blender/src/source/blender/blenkernel/intern/DerivedMesh.cc:1856
    #5 0x103d0856 in makeDerivedMesh /home/guest/blender/src/source/blender/blenkernel/intern/DerivedMesh.cc:2020
    #6 0x10a1d50a in BKE_object_handle_data_update /home/guest/blender/src/source/blender/blenkernel/intern/object_update.c:193
    #7 0x10a2025f in BKE_object_eval_uber_data /home/guest/blender/src/source/blender/blenkernel/intern/object_update.c:385
    #8 0x28d1b1cc in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/10/bits/invoke.h:60
    #9 0x28d16658 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/10/bits/invoke.h:95
    #10 0x28d0ef16 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/10/functional:416
    #11 0x28d07a42 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/10/functional:499
    #12 0x28cfe617 in void std::__invoke_impl<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>(std::__invoke_other, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:60
    #13 0x28cf3ef3 in std::enable_if<is_invocable_r_v<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>, void>::type std::__invoke_r<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>(std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:110
    #14 0x28ceba43 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/10/bits/std_function.h:291
    #15 0x28e2c698 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/10/bits/std_function.h:622
    #16 0x28e27da7 in evaluate_node /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:113
    #17 0x28e27df1 in deg_task_run_func /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:124
    #18 0x2959387e in Task::operator()() const::{lambda()#1}::operator()() const /home/guest/blender/src/source/blender/blenlib/intern/task_pool.cc:118
    #19 0x29594b32 in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /usr/include/tbb/task_arena.h:96
    #20 0x7faecd3e3554 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/lib/x86_64-linux-gnu/libtbb.so.2+0x25554)
    #21 0x7fae70b3325f  (<unknown module>)

previously allocated by thread T26 here:
    #0 0x7faecd4ad037 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
    #1 0x295cf588 in MEM_lockfree_callocN /home/guest/blender/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:235
    #2 0x10610c4f in BKE_libblock_alloc_notest /home/guest/blender/src/source/blender/blenkernel/intern/lib_id.c:1042
    #3 0x10610d98 in BKE_libblock_alloc /home/guest/blender/src/source/blender/blenkernel/intern/lib_id.c:1060
    #4 0x10611eca in BKE_libblock_copy_ex /home/guest/blender/src/source/blender/blenkernel/intern/lib_id.c:1234
    #5 0x1060cbc2 in BKE_id_copy_ex /home/guest/blender/src/source/blender/blenkernel/intern/lib_id.c:589
    #6 0x106f32f2 in BKE_mesh_copy_for_eval /home/guest/blender/src/source/blender/blenkernel/intern/mesh.c:1000
    #7 0x103c8920 in mesh_calc_modifiers /home/guest/blender/src/source/blender/blenkernel/intern/DerivedMesh.cc:1371
    #8 0x103cebe3 in mesh_build_data /home/guest/blender/src/source/blender/blenkernel/intern/DerivedMesh.cc:1872
    #9 0x103d0856 in makeDerivedMesh /home/guest/blender/src/source/blender/blenkernel/intern/DerivedMesh.cc:2020
    #10 0x10a1d50a in BKE_object_handle_data_update /home/guest/blender/src/source/blender/blenkernel/intern/object_update.c:193
    #11 0x10a2025f in BKE_object_eval_uber_data /home/guest/blender/src/source/blender/blenkernel/intern/object_update.c:385
    #12 0x28d1b1cc in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/10/bits/invoke.h:60
    #13 0x28d16658 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/10/bits/invoke.h:95
    #14 0x28d0ef16 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/10/functional:416
    #15 0x28d07a42 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/10/functional:499
    #16 0x28cfe617 in void std::__invoke_impl<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>(std::__invoke_other, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:60
    #17 0x28cf3ef3 in std::enable_if<is_invocable_r_v<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>, void>::type std::__invoke_r<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>(std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:110
    #18 0x28ceba43 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/10/bits/std_function.h:291
    #19 0x28e2c698 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/10/bits/std_function.h:622
    #20 0x28e27da7 in evaluate_node /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:113
    #21 0x28e27df1 in deg_task_run_func /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:124
    #22 0x2959387e in Task::operator()() const::{lambda()#1}::operator()() const /home/guest/blender/src/source/blender/blenlib/intern/task_pool.cc:118
    #23 0x29594b32 in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /usr/include/tbb/task_arena.h:96
    #24 0x7faecd3e3554 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/lib/x86_64-linux-gnu/libtbb.so.2+0x25554)
    #25 0x7fae7c25725f  (<unknown module>)

Thread T24 created by T0 here:
    #0 0x7faecd4582a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7faecd3ddd2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)

Thread T35 created by T27 here:
    #0 0x7faecd4582a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7faecd3ddd2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)
    #2 0x7fae811e8c7f  (<unknown module>)

Thread T27 created by T25 here:
    #0 0x7faecd4582a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7faecd3ddd2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)

Thread T25 created by T0 here:
    #0 0x7faecd4582a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7faecd3ddd2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)
    #2 0x7fae811e907f  (<unknown module>)

Thread T26 created by T24 here:
    #0 0x7faecd4582a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7faecd3ddd2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)

SUMMARY: AddressSanitizer: heap-use-after-free /home/guest/blender/src/source/blender/blenkernel/intern/mesh_convert.c:1226 in mesh_new_from_mesh_object
Shadow bytes around the buggy address:
  0x0c3880012ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880012cf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880012d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880012d10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3880012d20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c3880012d30: fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd
  0x0c3880012d40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3880012d50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3880012d60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3880012d70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3880012d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==37951==ABORTING

I think that this code cannot work in a driver because depsgraph is not aware of the dependency from the Object to its mesh evaluation then?

But even with adding manually explicit dependencies over Cube.001 mesh and object (through unused driver variables)...

...it still crashes, although with a slithly different backtrace:

=================================================================
==39279==ERROR: AddressSanitizer: heap-use-after-free on address 0x616000314574 at pc 0x0000102d7e6f bp 0x7f0c704f1b00 sp 0x7f0c704f1af8
READ of size 4 at 0x616000314574 thread T24
    #0 0x102d7e6e in CustomData_merge /home/guest/blender/src/source/blender/blenkernel/intern/customdata.c:2159
    #1 0x102d87d3 in CustomData_copy /home/guest/blender/src/source/blender/blenkernel/intern/customdata.c:2200
    #2 0x106e351e in mesh_copy_data /home/guest/blender/src/source/blender/blenkernel/intern/mesh.c:132
    #3 0x1060cccc in BKE_id_copy_ex /home/guest/blender/src/source/blender/blenkernel/intern/lib_id.c:592
    #4 0x10719f75 in mesh_new_from_mesh /home/guest/blender/src/source/blender/blenkernel/intern/mesh_convert.c:1187
    #5 0x1071a814 in mesh_new_from_mesh_object /home/guest/blender/src/source/blender/blenkernel/intern/mesh_convert.c:1229
    #6 0x1071a90c in BKE_mesh_new_from_object /home/guest/blender/src/source/blender/blenkernel/intern/mesh_convert.c:1245
    #7 0x109eb282 in BKE_object_to_mesh /home/guest/blender/src/source/blender/blenkernel/intern/object.c:5446
    #8 0x13f519e6 in rna_Object_to_mesh /home/guest/blender/src/source/blender/makesrna/intern/rna_object_api.c:399
    #9 0x13f6fecb in Object_to_mesh_call source/blender/makesrna/intern/rna_object_gen.c:3384
    #10 0x139f4539 in RNA_function_call /home/guest/blender/src/source/blender/makesrna/intern/rna_access.c:7527
    #11 0x1443f979 in pyrna_func_call /home/guest/blender/src/source/blender/python/intern/bpy_rna.c:6315
    #12 0x7f0cc58d9bef in _PyObject_MakeTpCall (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0xc7bef)
    #13 0x7f0cc588a2e1 in _PyEval_EvalFrameDefault (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x782e1)
    #14 0x7f0cc5881022  (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x6f022)
    #15 0x7f0cc5888105 in _PyEval_EvalFrameDefault (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x76105)
    #16 0x7f0cc59b65cb  (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x1a45cb)
    #17 0x7f0cc59b691d in _PyEval_EvalCodeWithName (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x1a491d)
    #18 0x7f0cc59b696d in PyEval_EvalCodeEx (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x1a496d)
    #19 0x7f0cc59b1f6a in PyEval_EvalCode (/lib/x86_64-linux-gnu/libpython3.9.so.1.0+0x19ff6a)
    #20 0x143d3d6d in BPY_driver_exec /home/guest/blender/src/source/blender/python/intern/bpy_driver.c:653
    #21 0x10425c0f in evaluate_driver_python /home/guest/blender/src/source/blender/blenkernel/intern/fcurve_driver.c:1263
    #22 0x10425e20 in evaluate_driver /home/guest/blender/src/source/blender/blenkernel/intern/fcurve_driver.c:1300
    #23 0x10416e9a in evaluate_fcurve_driver /home/guest/blender/src/source/blender/blenkernel/intern/fcurve.c:2150
    #24 0x104173e7 in calculate_fcurve /home/guest/blender/src/source/blender/blenkernel/intern/fcurve.c:2206
    #25 0x1015bede in BKE_animsys_eval_driver /home/guest/blender/src/source/blender/blenkernel/intern/anim_sys.c:2962
    #26 0x28d1b82b in void std::__invoke_impl<void, void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*, ID*&, int&, FCurve*&>(std::__invoke_other, void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*&&, ID*&, int&, FCurve*&) /usr/include/c++/10/bits/invoke.h:60
    #27 0x28d16de6 in std::__invoke_result<void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*, ID*&, int&, FCurve*&>::type std::__invoke<void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*, ID*&, int&, FCurve*&>(void (*&)(Depsgraph*, ID*, int, FCurve*), Depsgraph*&&, ID*&, int&, FCurve*&) /usr/include/c++/10/bits/invoke.h:95
    #28 0x28d0fbcc in void std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul, 3ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul, 3ul>) /usr/include/c++/10/functional:416
    #29 0x28d0836a in void std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/10/functional:499
    #30 0x28cff1cf in void std::__invoke_impl<void, std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>&, Depsgraph*>(std::__invoke_other, std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:60
    #31 0x28cf4c91 in std::enable_if<is_invocable_r_v<void, std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>&, Depsgraph*>, void>::type std::__invoke_r<void, std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>&, Depsgraph*>(std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:110
    #32 0x28cec453 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, ID*, int, FCurve*))(Depsgraph*, ID*, int, FCurve*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/10/bits/std_function.h:291
    #33 0x28e2c698 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/10/bits/std_function.h:622
    #34 0x28e27af5 in evaluate_node /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:109
    #35 0x28e27df1 in deg_task_run_func /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:124
    #36 0x2959387e in Task::operator()() const::{lambda()#1}::operator()() const /home/guest/blender/src/source/blender/blenlib/intern/task_pool.cc:118
    #37 0x29594b32 in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /usr/include/tbb/task_arena.h:96
    #38 0x7f0cc842a554 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/lib/x86_64-linux-gnu/libtbb.so.2+0x25554)
    #39 0x29593e6b in void tbb::interface7::internal::isolate_impl<void, Task::operator()() const::{lambda()#1} const>(Task::operator()() const::{lambda()#1} const&) /usr/include/tbb/task_arena.h:216
    #40 0x29593b5b in tbb::interface7::internal::return_type_or_void<Task::operator()() const::{lambda()#1}>::type tbb::interface7::this_task_arena::isolate<Task::operator()() const::{lambda()#1}>(tbb::interface7::internal::return_type_or_void const&) /usr/include/tbb/task_arena.h:472
    #41 0x29593936 in Task::operator()() const /home/guest/blender/src/source/blender/blenlib/intern/task_pool.cc:118
    #42 0x295949d9 in tbb::internal::function_task<Task>::execute() /usr/include/tbb/task.h:1059
    #43 0x7f0cc8430494  (/lib/x86_64-linux-gnu/libtbb.so.2+0x2b494)
    #44 0x7f0cc84307ca  (/lib/x86_64-linux-gnu/libtbb.so.2+0x2b7ca)
    #45 0x7f0cc842a266  (/lib/x86_64-linux-gnu/libtbb.so.2+0x25266)
    #46 0x7f0cc84288ef  (/lib/x86_64-linux-gnu/libtbb.so.2+0x238ef)
    #47 0x7f0cc8424e5b  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fe5b)
    #48 0x7f0cc84250b8  (/lib/x86_64-linux-gnu/libtbb.so.2+0x200b8)
    #49 0x7f0cc83ebea6 in start_thread nptl/pthread_create.c:477
    #50 0x7f0cc1e28d8e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfdd8e)

0x616000314574 is located 244 bytes inside of 528-byte region [0x616000314480,0x616000314690)
freed by thread T33 here:
    #0 0x7f0cc84f3b6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
    #1 0x295ceeaa in MEM_lockfree_freeN /home/guest/blender/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:129
    #2 0x102d8f9c in CustomData_free /home/guest/blender/src/source/blender/blenkernel/intern/customdata.c:2241
    #3 0x106f0015 in mesh_clear_geometry /home/guest/blender/src/source/blender/blenkernel/intern/mesh.c:804
    #4 0x106e3b98 in mesh_free_data /home/guest/blender/src/source/blender/blenkernel/intern/mesh.c:159
    #5 0x106efbea in BKE_mesh_free /home/guest/blender/src/source/blender/blenkernel/intern/mesh.c:795
    #6 0x106f3222 in BKE_mesh_eval_delete /home/guest/blender/src/source/blender/blenkernel/intern/mesh.c:987
    #7 0x109bd74d in BKE_object_free_derived_caches /home/guest/blender/src/source/blender/blenkernel/intern/object.c:1563
    #8 0x103ceafb in mesh_build_data /home/guest/blender/src/source/blender/blenkernel/intern/DerivedMesh.cc:1856
    #9 0x103d0856 in makeDerivedMesh /home/guest/blender/src/source/blender/blenkernel/intern/DerivedMesh.cc:2020
    #10 0x10a1d50a in BKE_object_handle_data_update /home/guest/blender/src/source/blender/blenkernel/intern/object_update.c:193
    #11 0x10a2025f in BKE_object_eval_uber_data /home/guest/blender/src/source/blender/blenkernel/intern/object_update.c:385
    #12 0x28d1b1cc in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/10/bits/invoke.h:60
    #13 0x28d16658 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/10/bits/invoke.h:95
    #14 0x28d0ef16 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/10/functional:416
    #15 0x28d07a42 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/10/functional:499
    #16 0x28cfe617 in void std::__invoke_impl<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>(std::__invoke_other, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:60
    #17 0x28cf3ef3 in std::enable_if<is_invocable_r_v<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>, void>::type std::__invoke_r<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>(std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:110
    #18 0x28ceba43 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/10/bits/std_function.h:291
    #19 0x28e2c698 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/10/bits/std_function.h:622
    #20 0x28e27af5 in evaluate_node /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:109
    #21 0x28e27df1 in deg_task_run_func /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:124
    #22 0x2959387e in Task::operator()() const::{lambda()#1}::operator()() const /home/guest/blender/src/source/blender/blenlib/intern/task_pool.cc:118
    #23 0x29594b32 in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /usr/include/tbb/task_arena.h:96
    #24 0x7f0cc842a554 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/lib/x86_64-linux-gnu/libtbb.so.2+0x25554)
    #25 0x7f0c6ce2c25f  (<unknown module>)

previously allocated by thread T37 here:
    #0 0x7f0cc84f4037 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
    #1 0x295cf588 in MEM_lockfree_callocN /home/guest/blender/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:235
    #2 0x295cf834 in MEM_lockfree_calloc_arrayN /home/guest/blender/src/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267
    #3 0x102dcfa2 in customData_resize /home/guest/blender/src/source/blender/blenkernel/intern/customdata.c:2492
    #4 0x102dd9c1 in customData_add_layer__internal /home/guest/blender/src/source/blender/blenkernel/intern/customdata.c:2564
    #5 0x102d7deb in CustomData_merge /home/guest/blender/src/source/blender/blenkernel/intern/customdata.c:2155
    #6 0x102d87d3 in CustomData_copy /home/guest/blender/src/source/blender/blenkernel/intern/customdata.c:2200
    #7 0x106e351e in mesh_copy_data /home/guest/blender/src/source/blender/blenkernel/intern/mesh.c:132
    #8 0x1060cccc in BKE_id_copy_ex /home/guest/blender/src/source/blender/blenkernel/intern/lib_id.c:592
    #9 0x106f32f2 in BKE_mesh_copy_for_eval /home/guest/blender/src/source/blender/blenkernel/intern/mesh.c:1000
    #10 0x103c8920 in mesh_calc_modifiers /home/guest/blender/src/source/blender/blenkernel/intern/DerivedMesh.cc:1371
    #11 0x103cebe3 in mesh_build_data /home/guest/blender/src/source/blender/blenkernel/intern/DerivedMesh.cc:1872
    #12 0x103d0856 in makeDerivedMesh /home/guest/blender/src/source/blender/blenkernel/intern/DerivedMesh.cc:2020
    #13 0x10a1d50a in BKE_object_handle_data_update /home/guest/blender/src/source/blender/blenkernel/intern/object_update.c:193
    #14 0x10a2025f in BKE_object_eval_uber_data /home/guest/blender/src/source/blender/blenkernel/intern/object_update.c:385
    #15 0x28d1b1cc in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/10/bits/invoke.h:60
    #16 0x28d16658 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/10/bits/invoke.h:95
    #17 0x28d0ef16 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/10/functional:416
    #18 0x28d07a42 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/10/functional:499
    #19 0x28cfe617 in void std::__invoke_impl<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>(std::__invoke_other, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:60
    #20 0x28cf3ef3 in std::enable_if<is_invocable_r_v<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>, void>::type std::__invoke_r<void, std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*>(std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>&, Depsgraph*&&) /usr/include/c++/10/bits/invoke.h:110
    #21 0x28ceba43 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/10/bits/std_function.h:291
    #22 0x28e2c698 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/10/bits/std_function.h:622
    #23 0x28e27af5 in evaluate_node /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:109
    #24 0x28e27df1 in deg_task_run_func /home/guest/blender/src/source/blender/depsgraph/intern/eval/deg_eval.cc:124
    #25 0x2959387e in Task::operator()() const::{lambda()#1}::operator()() const /home/guest/blender/src/source/blender/blenlib/intern/task_pool.cc:118
    #26 0x29594b32 in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /usr/include/tbb/task_arena.h:96
    #27 0x7f0cc842a554 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/lib/x86_64-linux-gnu/libtbb.so.2+0x25554)
    #28 0x7f0c6c22925f  (<unknown module>)

Thread T24 created by T0 here:
    #0 0x7f0cc849f2a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7f0cc8424d2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)

Thread T33 created by T27 here:
    #0 0x7f0cc849f2a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7f0cc8424d2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)
    #2 0x7f0c7c638c7f  (<unknown module>)

Thread T27 created by T25 here:
    #0 0x7f0cc849f2a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7f0cc8424d2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)

Thread T25 created by T0 here:
    #0 0x7f0cc849f2a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7f0cc8424d2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)
    #2 0x7f0c7c63907f  (<unknown module>)

Thread T37 created by T31 here:
    #0 0x7f0cc849f2a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7f0cc8424d2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)
    #2 0x7f0c7c638a7f  (<unknown module>)

Thread T31 created by T26 here:
    #0 0x7f0cc849f2a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7f0cc8424d2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)
    #2 0x7f0c7c638d7f  (<unknown module>)

Thread T26 created by T24 here:
    #0 0x7f0cc849f2a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x7f0cc8424d2c  (/lib/x86_64-linux-gnu/libtbb.so.2+0x1fd2c)

SUMMARY: AddressSanitizer: heap-use-after-free /home/guest/blender/src/source/blender/blenkernel/intern/customdata.c:2159 in CustomData_merge
Shadow bytes around the buggy address:
  0x0c2c8005a850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c8005a860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c8005a870: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c8005a880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c8005a890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c2c8005a8a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd
  0x0c2c8005a8b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c8005a8c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c8005a8d0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c8005a8e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c8005a8f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==39279==ABORTING

In any case, this is for the depsgraph & animation department, not really related to Data & IO module...

@Kevin Hays (haysk) converting an object to a mesh may not be the most elegant approach here. What is your use case for this code? Why not use something like a Hook constraint, for example? What kind of object are you converting to a mesh?

Sybren A. Stüvel (sybren) changed the task status from Confirmed to Needs Information from User.Jan 26 2021, 5:36 PM

In T84117#1101246, @Sybren A. Stüvel (sybren) wrote:

@Kevin Hays (haysk) converting an object to a mesh may not be the most elegant approach here. What is your use case for this code? Why not use something like a Hook constraint, for example? What kind of object are you converting to a mesh?

So when I encountered this crash, I was working on a facial mocap system. I have footage of a face with dots painted on it, and tracked those dots to give me motion-tracked empties. My goal was to use those empty positions to drive the bone positions of a rigged character.

However there's not a 1:1 mapping from tracker dots to character bone positions. I wrote some python code to figure out the best character bone positions based on the input tracker data.
Unfortunately my code had poor results when relying solely on tracker locations as input data, so I created a mesh that connects the tracker dots: https://i.imgur.com/JeAJUYe.gif
The idea was to use edge lengths and edge angles as input data for my code that calculates the character bone positions. My code was able to produce better, less-jittery bone positions using the edge data, but also but also crashed often (hence the bug report).

I admit this is probably a pretty obscure use case, but it crashes consistently which is why I decided to report the bug.
I ended up going with an off-line approach by calculating bone positions for each frame, and inserting a keyframe of my calculated bone location (as opposed to relying on drivers to give me the correct bone positions for the current frame).

Philipp Oeser (lichtwerk) changed the task status from Needs Information from User to Needs Triage.Fri, Feb 19, 2:58 PM

Crash when using to_mesh() on a depsgraph object in a driverNeeds Triage, NormalPublicActions

Description

Event Timeline

Crash when using to_mesh() on a depsgraph object in a driver
Needs Triage, NormalPublic
Actions