================================================================= ==55032==ERROR: AddressSanitizer: heap-use-after-free on address 0x00032bba9f10 at pc 0x00012a339570 bp 0x00032a165ad0 sp 0x00032a165ac8 READ of size 8 at 0x00032bba9f10 thread T20 #0 0x12a33956c in invocation function for block in blender::gpu::MTLCommandBufferManager::submit(bool) mtl_command_buffer.mm:132 #1 0x1a6bf2abc in MTLDispatchListApply+0x30 (Metal:arm64e+0x21abc) #2 0x1a6bf2e98 in -[_MTLCommandBuffer didCompleteWithStartTime:endTime:error:]+0x1e8 (Metal:arm64e+0x21e98) #3 0x1bb900eb4 in -[IOGPUMetalCommandBuffer didCompleteWithStartTime:endTime:error:]+0xd8 (IOGPU:arm64e+0x2eb4) #4 0x1a6bf2b50 in -[_MTLCommandQueue commandBufferDidComplete:startTime:completionTime:error:]+0x68 (Metal:arm64e+0x21b50) #5 0x1bb90a9e0 in IOGPUNotificationQueueDispatchAvailableCompletionNotifications+0x7c (IOGPU:arm64e+0xc9e0) #6 0x1bb90aaec in __IOGPUNotificationQueueSetDispatchQueue_block_invoke+0x3c (IOGPU:arm64e+0xcaec) #7 0x16aa6a6b0 in __wrap_dispatch_mach_create_block_invoke+0xdc (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x526b0) #8 0x19c6d64a4 in _dispatch_client_callout4+0x10 (libdispatch.dylib:arm64e+0x44a4) #9 0x19c6f2884 in _dispatch_mach_msg_invoke+0x1d0 (libdispatch.dylib:arm64e+0x20884) #10 0x19c6dd894 in _dispatch_lane_serial_drain+0x16c (libdispatch.dylib:arm64e+0xb894) #11 0x19c6f35d4 in _dispatch_mach_invoke+0x1b8 (libdispatch.dylib:arm64e+0x215d4) #12 0x19c6dd894 in _dispatch_lane_serial_drain+0x16c (libdispatch.dylib:arm64e+0xb894) #13 0x19c6de574 in _dispatch_lane_invoke+0x1ac (libdispatch.dylib:arm64e+0xc574) #14 0x19c6dd894 in _dispatch_lane_serial_drain+0x16c (libdispatch.dylib:arm64e+0xb894) #15 0x19c6de540 in _dispatch_lane_invoke+0x178 (libdispatch.dylib:arm64e+0xc540) #16 0x19c6e92cc in _dispatch_root_queue_drain_deferred_wlh+0x11c (libdispatch.dylib:arm64e+0x172cc) #17 0x19c6e8b40 in _dispatch_workloop_worker_thread+0x190 (libdispatch.dylib:arm64e+0x16b40) #18 0x19c883008 in _pthread_wqthread+0x11c (libsystem_pthread.dylib:arm64e+0x3008) #19 0x19c881d24 in start_wqthread+0x4 (libsystem_pthread.dylib:arm64e+0x1d24) 0x00032bba9f10 is located 6928 bytes inside of 40360-byte region [0x00032bba8400,0x00032bbb21a8) freed by thread T48 here: #0 0x16aa79b8c in wrap__ZdlPv+0x74 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x61b8c) #1 0x12a3481a8 in blender::gpu::MTLContext::~MTLContext() mtl_context.mm:280 #2 0x129e4c34c in GPU_context_discard(GPUContext*) gpu_context.cc:124 #3 0x1135b9ebc in RE_engine_gpu_context_destroy engine.cc:1323 #4 0x11bd573c4 in ccl::BlenderDisplayDriver::gpu_context_destroy() display_driver.cpp:837 #5 0x11bd4954c in ccl::BlenderDisplayDriver::gpu_resources_destroy() display_driver.cpp:890 #6 0x11bd48d64 in ccl::BlenderDisplayDriver::~BlenderDisplayDriver() display_driver.cpp:452 #7 0x11bd38e40 in ccl::BlenderDisplayDriver::~BlenderDisplayDriver() display_driver.cpp:451 #8 0x11bd38e94 in ccl::BlenderDisplayDriver::~BlenderDisplayDriver() display_driver.cpp:451 #9 0x11c148494 in std::__1::default_delete::operator()[abi:ue170006](ccl::DisplayDriver*) const unique_ptr.h:68 #10 0x11c148194 in std::__1::unique_ptr>::reset[abi:ue170006](ccl::DisplayDriver*) unique_ptr.h:300 #11 0x11c147f8c in std::__1::unique_ptr>::~unique_ptr[abi:ue170006]() unique_ptr.h:266 #12 0x11c14708c in std::__1::unique_ptr>::~unique_ptr[abi:ue170006]() unique_ptr.h:266 #13 0x1256ce1c8 in ccl::PathTraceDisplay::~PathTraceDisplay() path_trace_display.h:30 #14 0x1256cdb28 in ccl::PathTraceDisplay::~PathTraceDisplay() path_trace_display.h:30 #15 0x1256cdb7c in ccl::PathTraceDisplay::~PathTraceDisplay() path_trace_display.h:30 #16 0x12564c060 in std::__1::default_delete::operator()[abi:ue170006](ccl::PathTraceDisplay*) const unique_ptr.h:68 #17 0x12564bd60 in std::__1::unique_ptr>::reset[abi:ue170006](ccl::PathTraceDisplay*) unique_ptr.h:300 #18 0x125684a48 in std::__1::unique_ptr>::operator=[abi:ue170006](std::nullptr_t) unique_ptr.h:269 #19 0x125684478 in ccl::PathTrace::set_display_driver(std::__1::unique_ptr>) path_trace.cpp:638 #20 0x1236674e8 in ccl::Session::thread_run() session.cpp:267 #21 0x123683f18 in decltype(*std::declval().*std::declval()()) std::__1::__invoke[abi:ue170006](void (ccl::Session::*&)(), ccl::Session*&) invoke.h:308 #22 0x123683dc8 in std::__1::__bind_return, std::__1::tuple<>, __is_valid_bind_return, std::__1::tuple<>>::value>::type std::__1::__apply_functor[abi:ue170006], 0ul, std::__1::tuple<>>(void (ccl::Session::*&)(), std::__1::tuple&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) bind.h:260 #23 0x123683c14 in std::__1::__bind_return, std::__1::tuple<>, __is_valid_bind_return, std::__1::tuple<>>::value>::type std::__1::__bind::operator()[abi:ue170006]<>() bind.h:292 #24 0x123683a4c in decltype(std::declval&>()()) std::__1::__invoke[abi:ue170006]&>(std::__1::__bind&) invoke.h:340 #25 0x123683958 in void std::__1::__invoke_void_return_wrapper::__call[abi:ue170006]&>(std::__1::__bind&) invoke.h:415 #26 0x123683908 in std::__1::__function::__alloc_func, std::__1::allocator>, void ()>::operator()[abi:ue170006]() function.h:193 #27 0x12367de44 in std::__1::__function::__func, std::__1::allocator>, void ()>::operator()() function.h:364 #28 0x100eef7c0 in std::__1::__function::__value_func::operator()[abi:ue170006]() const function.h:518 #29 0x100eef4dc in std::__1::function::operator()() const function.h:1169 previously allocated by thread T0 here: #0 0x16aa7974c in wrap__Znwm+0x74 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x6174c) #1 0x12a30b10c in blender::gpu::MTLBackend::context_alloc(void*, void*) mtl_backend.mm:49 #2 0x129e488ec in GPU_context_create(void*, void*) gpu_context.cc:114 #3 0x1135b9894 in RE_engine_gpu_context_create engine.cc:1296 #4 0x11bd440f0 in ccl::BlenderDisplayDriver::gpu_context_create() display_driver.cpp:813 #5 0x11bd43b60 in ccl::BlenderDisplayDriver::BlenderDisplayDriver(BL::RenderEngine&, BL::Scene&, bool) display_driver.cpp:447 #6 0x11bd48c28 in ccl::BlenderDisplayDriver::BlenderDisplayDriver(BL::RenderEngine&, BL::Scene&, bool) display_driver.cpp:445 #7 0x11c16391c in std::__1::__unique_if::__unique_single std::__1::make_unique[abi:ue170006](BL::RenderEngine&, BL::Scene&, bool&) unique_ptr.h:689 #8 0x11c13299c in ccl::BlenderSession::ensure_display_driver_if_needed() session.cpp:1136 #9 0x11c15c8a0 in ccl::BlenderSession::synchronize(BL::Depsgraph&) session.cpp:796 #10 0x11c0ede64 in ccl::sync_func(_object*, _object*) python.cpp:397 #11 0x12a7b85c4 in cfunction_call methodobject.c:553 #12 0x12a76d1b4 in _PyObject_MakeTpCall call.c:214 #13 0x12a84d904 in _PyEval_EvalFrameDefault ceval.c #14 0x12a845468 in _PyEval_Vector ceval.c:6434 #15 0x10c8a1f70 in bpy_class_call(bContext*, PointerRNA*, FunctionRNA*, ParameterList*) bpy_rna.cc:8901 #16 0x10c096288 in engine_view_update(RenderEngine*, bContext const*, Depsgraph*) rna_render.cc:238 #17 0x109caf9dc in external_draw_scene_do_v3d(void*) external_engine.cc:258 #18 0x109caf058 in external_draw_scene_do(void*) external_engine.cc:389 #19 0x109cae61c in external_draw_scene(void*) external_engine.cc:422 #20 0x109661ff4 in drw_engines_draw_scene() draw_manager_c.cc:1127 #21 0x109658cb4 in DRW_draw_render_loop_ex(Depsgraph*, RenderEngineType*, ARegion*, View3D*, GPUViewport*, bContext const*) draw_manager_c.cc:1774 #22 0x109656ebc in DRW_draw_view(bContext const*) draw_manager_c.cc:1646 #23 0x11548cf98 in view3d_draw_view(bContext const*, ARegion*) view3d_draw.cc:1563 #24 0x11548cc8c in view3d_main_region_draw(bContext const*, ARegion*) view3d_draw.cc:1598 #25 0x10c94f0c4 in ED_region_do_draw(bContext*, ARegion*) area.cc:528 #26 0x107b8018c in wm_draw_window_offscreen(bContext*, wmWindow*, bool) wm_draw.cc:1006 #27 0x107b7c1dc in wm_draw_window(bContext*, wmWindow*) wm_draw.cc:1177 #28 0x107b7ac64 in wm_draw_update(bContext*) wm_draw.cc:1581 #29 0x107b4bb2c in WM_main(bContext*) wm.cc:643 Thread T20 created by T0 here: Thread T48 created by T0 here: #0 0x16aa63d6c in wrap_pthread_create+0x54 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x4bd6c) #1 0x12597f4f4 in ccl::thread::thread(std::__1::function) thread.cpp:23 #2 0x12597f730 in ccl::thread::thread(std::__1::function) thread.cpp:15 #3 0x123665e84 in ccl::Session::Session(ccl::SessionParams const&, ccl::SceneParams const&) session.cpp:78 #4 0x123684544 in ccl::Session::Session(ccl::SessionParams const&, ccl::SceneParams const&) session.cpp:37 #5 0x11c118b24 in ccl::BlenderSession::create_session() session.cpp:126 #6 0x11c124ae4 in ccl::BlenderSession::reset_session(BL::BlendData&, BL::Depsgraph&) session.cpp:190 #7 0x11c0ee3f8 in ccl::reset_func(_object*, _object*) python.cpp:374 #8 0x12a7b85c4 in cfunction_call methodobject.c:553 #9 0x12a76d1b4 in _PyObject_MakeTpCall call.c:214 #10 0x12a84d904 in _PyEval_EvalFrameDefault ceval.c #11 0x12a845468 in _PyEval_Vector ceval.c:6434 #12 0x10c8a1f70 in bpy_class_call(bContext*, PointerRNA*, FunctionRNA*, ParameterList*) bpy_rna.cc:8901 #13 0x10c096288 in engine_view_update(RenderEngine*, bContext const*, Depsgraph*) rna_render.cc:238 #14 0x109caf9dc in external_draw_scene_do_v3d(void*) external_engine.cc:258 #15 0x109caf058 in external_draw_scene_do(void*) external_engine.cc:389 #16 0x109cae61c in external_draw_scene(void*) external_engine.cc:422 #17 0x109661ff4 in drw_engines_draw_scene() draw_manager_c.cc:1127 #18 0x109658cb4 in DRW_draw_render_loop_ex(Depsgraph*, RenderEngineType*, ARegion*, View3D*, GPUViewport*, bContext const*) draw_manager_c.cc:1774 #19 0x109656ebc in DRW_draw_view(bContext const*) draw_manager_c.cc:1646 #20 0x11548cf98 in view3d_draw_view(bContext const*, ARegion*) view3d_draw.cc:1563 #21 0x11548cc8c in view3d_main_region_draw(bContext const*, ARegion*) view3d_draw.cc:1598 #22 0x10c94f0c4 in ED_region_do_draw(bContext*, ARegion*) area.cc:528 #23 0x107b8018c in wm_draw_window_offscreen(bContext*, wmWindow*, bool) wm_draw.cc:1006 #24 0x107b7c1dc in wm_draw_window(bContext*, wmWindow*) wm_draw.cc:1177 #25 0x107b7ac64 in wm_draw_update(bContext*) wm_draw.cc:1581 #26 0x107b4bb2c in WM_main(bContext*) wm.cc:643 #27 0x100c11f6c in main creator.cc:588 #28 0x19c4fe0dc () SUMMARY: AddressSanitizer: heap-use-after-free mtl_command_buffer.mm:132 in invocation function for block in blender::gpu::MTLCommandBufferManager::submit(bool) Shadow bytes around the buggy address: 0x00032bba9c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x00032bba9d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x00032bba9d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x00032bba9e00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x00032bba9e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x00032bba9f00: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd 0x00032bba9f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x00032bbaa000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x00032bbaa080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x00032bbaa100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x00032bbaa180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==55032==ABORTING