macOS: heap-use-after-free quitting Blender with active Cycles viewport render #129674

Closed
opened 2024-11-01 11:25:42 +01:00 by Sergey Sharybin · 1 comment

System Information
Operating system: macOS-14.6.1-arm64-arm-64bit 64 Bits
Graphics card: Metal API Apple M2 Ultra 1.2

Blender Version
Broken: version: 4.4.0 Alpha, branch: main, commit date: 2024-11-01 08:42, hash: 509090e7c3e7
Worked: prior #128987

Short description of error

Quitting Blender with active Cycles viewport render results in heap-use-after-free ASAN error. The nominal release builds arep probably prone to crashes, but this is harder to replicate.

Exact steps for others to reproduce the error

  • Compile Blender debug with WITH_COMPILER_ASAN
  • blender --factory-startup
  • Switch render engine to Cycles
  • Switch viewport to rendered shading
  • Cmd-Q to quit blender (don't save)

With the monkey.blend the ASAN printed the whole stacktrace (the startup was a bit terse, with just a note about heap-use-after-free):

=================================================================
==46771==ERROR: AddressSanitizer: heap-use-after-free on address 0x000341a19f10 at pc 0x00012adb50f8 bp 0x000320585ad0 sp 0x000320585ac8
READ of size 8 at 0x000341a19f10 thread T29
    #0 0x12adb50f4 in invocation function for block in blender::gpu::MTLCommandBufferManager::submit(bool) mtl_command_buffer.mm:132
    #1 0x1a1517a7c in MTLDispatchListApply+0x30 (Metal:arm64e+0x21a7c)
    #2 0x1a1517e58 in -[_MTLCommandBuffer didCompleteWithStartTime:endTime:error:]+0x1e8 (Metal:arm64e+0x21e58)
    #3 0x1b623feb4 in -[IOGPUMetalCommandBuffer didCompleteWithStartTime:endTime:error:]+0xd8 (IOGPU:arm64e+0x2eb4)
    #4 0x1a1517b10 in -[_MTLCommandQueue commandBufferDidComplete:startTime:completionTime:error:]+0x68 (Metal:arm64e+0x21b10)
    #5 0x1b62499e0 in IOGPUNotificationQueueDispatchAvailableCompletionNotifications+0x7c (IOGPU:arm64e+0xc9e0)
    #6 0x1b6249aec in __IOGPUNotificationQueueSetDispatchQueue_block_invoke+0x3c (IOGPU:arm64e+0xcaec)
    #7 0x16c0b26b0 in __wrap_dispatch_mach_create_block_invoke+0xdc (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x526b0)
    #8 0x196ff54a4 in _dispatch_client_callout4+0x10 (libdispatch.dylib:arm64e+0x44a4)
    #9 0x197011884 in _dispatch_mach_msg_invoke+0x1d0 (libdispatch.dylib:arm64e+0x20884)
    #10 0x196ffc894 in _dispatch_lane_serial_drain+0x16c (libdispatch.dylib:arm64e+0xb894)
    #11 0x1970125d4 in _dispatch_mach_invoke+0x1b8 (libdispatch.dylib:arm64e+0x215d4)
    #12 0x196ffc894 in _dispatch_lane_serial_drain+0x16c (libdispatch.dylib:arm64e+0xb894)
    #13 0x196ffd574 in _dispatch_lane_invoke+0x1ac (libdispatch.dylib:arm64e+0xc574)
    #14 0x196ffc894 in _dispatch_lane_serial_drain+0x16c (libdispatch.dylib:arm64e+0xb894)
    #15 0x196ffd540 in _dispatch_lane_invoke+0x178 (libdispatch.dylib:arm64e+0xc540)
    #16 0x1970082cc in _dispatch_root_queue_drain_deferred_wlh+0x11c (libdispatch.dylib:arm64e+0x172cc)
    #17 0x197007b40 in _dispatch_workloop_worker_thread+0x190 (libdispatch.dylib:arm64e+0x16b40)
    #18 0x1971a2008 in _pthread_wqthread+0x11c (libsystem_pthread.dylib:arm64e+0x3008)
    #19 0x1971a0d24 in start_wqthread+0x4 (libsystem_pthread.dylib:arm64e+0x1d24)

0x000341a19f10 is located 6928 bytes inside of 40360-byte region [0x000341a18400,0x000341a221a8)
freed by thread T101 here:
    #0 0x16c0c1b8c in wrap__ZdlPv+0x74 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x61b8c)
    #1 0x12adc3d30 in blender::gpu::MTLContext::~MTLContext() mtl_context.mm:279
    #2 0x12a850118 in GPU_context_discard(GPUContext*) gpu_context.cc:124
    #3 0x113f962d0 in RE_engine_gpu_context_destroy engine.cc:1323
    #4 0x11c767b28 in ccl::BlenderDisplayDriver::gpu_context_destroy() display_driver.cpp:837
    #5 0x11c759cb0 in ccl::BlenderDisplayDriver::gpu_resources_destroy() display_driver.cpp:890
    #6 0x11c7594c8 in ccl::BlenderDisplayDriver::~BlenderDisplayDriver() display_driver.cpp:452
    #7 0x11c7495a4 in ccl::BlenderDisplayDriver::~BlenderDisplayDriver() display_driver.cpp:451
    #8 0x11c7495f8 in ccl::BlenderDisplayDriver::~BlenderDisplayDriver() display_driver.cpp:451
    #9 0x11cb58c94 in std::__1::default_delete<ccl::DisplayDriver>::operator()[abi:ue170006](ccl::DisplayDriver*) const unique_ptr.h:68
    #10 0x11cb58994 in std::__1::unique_ptr<ccl::DisplayDriver, std::__1::default_delete<ccl::DisplayDriver>>::reset[abi:ue170006](ccl::DisplayDriver*) unique_ptr.h:300
    #11 0x11cb5878c in std::__1::unique_ptr<ccl::DisplayDriver, std::__1::default_delete<ccl::DisplayDriver>>::~unique_ptr[abi:ue170006]() unique_ptr.h:266
    #12 0x11cb5788c in std::__1::unique_ptr<ccl::DisplayDriver, std::__1::default_delete<ccl::DisplayDriver>>::~unique_ptr[abi:ue170006]() unique_ptr.h:266
    #13 0x1260e6c80 in ccl::PathTraceDisplay::~PathTraceDisplay() path_trace_display.h:30
    #14 0x1260e65e0 in ccl::PathTraceDisplay::~PathTraceDisplay() path_trace_display.h:30
    #15 0x1260e6634 in ccl::PathTraceDisplay::~PathTraceDisplay() path_trace_display.h:30
    #16 0x12606483c in std::__1::default_delete<ccl::PathTraceDisplay>::operator()[abi:ue170006](ccl::PathTraceDisplay*) const unique_ptr.h:68
    #17 0x12606453c in std::__1::unique_ptr<ccl::PathTraceDisplay, std::__1::default_delete<ccl::PathTraceDisplay>>::reset[abi:ue170006](ccl::PathTraceDisplay*) unique_ptr.h:300
    #18 0x12609d500 in std::__1::unique_ptr<ccl::PathTraceDisplay, std::__1::default_delete<ccl::PathTraceDisplay>>::operator=[abi:ue170006](std::nullptr_t) unique_ptr.h:269
    #19 0x12609cf30 in ccl::PathTrace::set_display_driver(std::__1::unique_ptr<ccl::DisplayDriver, std::__1::default_delete<ccl::DisplayDriver>>) path_trace.cpp:641
    #20 0x12407fcc4 in ccl::Session::thread_run() session.cpp:267
    #21 0x12409c6f4 in decltype(*std::declval<ccl::Session*&>().*std::declval<void (ccl::Session::*&)()>()()) std::__1::__invoke[abi:ue170006]<void (ccl::Session::*&)(), ccl::Session*&, void>(void (ccl::Session::*&)(), ccl::Session*&) invoke.h:308
    #22 0x12409c5a4 in std::__1::__bind_return<void (ccl::Session::*)(), std::__1::tuple<ccl::Session*>, std::__1::tuple<>, __is_valid_bind_return<void (ccl::Session::*)(), std::__1::tuple<ccl::Session*>, std::__1::tuple<>>::value>::type std::__1::__apply_functor[abi:ue170006]<void (ccl::Session::*)(), std::__1::tuple<ccl::Session*>, 0ul, std::__1::tuple<>>(void (ccl::Session::*&)(), std::__1::tuple<ccl::Session*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) bind.h:260
    #23 0x12409c3f0 in std::__1::__bind_return<void (ccl::Session::*)(), std::__1::tuple<ccl::Session*>, std::__1::tuple<>, __is_valid_bind_return<void (ccl::Session::*)(), std::__1::tuple<ccl::Session*>, std::__1::tuple<>>::value>::type std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>::operator()[abi:ue170006]<>() bind.h:292
    #24 0x12409c228 in decltype(std::declval<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>&>()()) std::__1::__invoke[abi:ue170006]<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>&>(std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>&) invoke.h:340
    #25 0x12409c134 in void std::__1::__invoke_void_return_wrapper<void, true>::__call[abi:ue170006]<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>&>(std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>&) invoke.h:415
    #26 0x12409c0e4 in std::__1::__function::__alloc_func<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>, std::__1::allocator<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>>, void ()>::operator()[abi:ue170006]() function.h:193
    #27 0x124096620 in std::__1::__function::__func<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>, std::__1::allocator<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>>, void ()>::operator()() function.h:364
    #28 0x1011f4dd0 in std::__1::__function::__value_func<void ()>::operator()[abi:ue170006]() const function.h:518
    #29 0x1011f4aec in std::__1::function<void ()>::operator()() const function.h:1169

previously allocated by thread T0 here:
    #0 0x16c0c174c in wrap__Znwm+0x74 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x6174c)
    #1 0x12ad8721c in blender::gpu::MTLBackend::context_alloc(void*, void*) mtl_backend.mm:49
    #2 0x12a84c6b8 in GPU_context_create(void*, void*) gpu_context.cc:114
    #3 0x113f95ca8 in RE_engine_gpu_context_create engine.cc:1296
    #4 0x11c754854 in ccl::BlenderDisplayDriver::gpu_context_create() display_driver.cpp:813
    #5 0x11c7542c4 in ccl::BlenderDisplayDriver::BlenderDisplayDriver(BL::RenderEngine&, BL::Scene&, bool) display_driver.cpp:447
    #6 0x11c75938c in ccl::BlenderDisplayDriver::BlenderDisplayDriver(BL::RenderEngine&, BL::Scene&, bool) display_driver.cpp:445
    #7 0x11cb74124 in std::__1::__unique_if<ccl::BlenderDisplayDriver>::__unique_single std::__1::make_unique[abi:ue170006]<ccl::BlenderDisplayDriver, BL::RenderEngine&, BL::Scene&, bool&>(BL::RenderEngine&, BL::Scene&, bool&) unique_ptr.h:689
    #8 0x11cb43194 in ccl::BlenderSession::ensure_display_driver_if_needed() session.cpp:1136
    #9 0x11cb6d0a0 in ccl::BlenderSession::synchronize(BL::Depsgraph&) session.cpp:796
    #10 0x11cafe630 in ccl::sync_func(_object*, _object*) python.cpp:397
    #11 0x12b2309f0 in cfunction_call methodobject.c:553
    #12 0x12b1e55e0 in _PyObject_MakeTpCall call.c:214
    #13 0x12b2c5d30 in _PyEval_EvalFrameDefault ceval.c
    #14 0x12b2bd894 in _PyEval_Vector ceval.c:6434
    #15 0x10cf19eb8 in bpy_class_call(bContext*, PointerRNA*, FunctionRNA*, ParameterList*) bpy_rna.cc:9436
    #16 0x10c6b9914 in engine_view_update(RenderEngine*, bContext const*, Depsgraph*) rna_render.cc:238
    #17 0x109fd5530 in external_draw_scene_do_v3d(void*) external_engine.cc:259
    #18 0x109fd4bac in external_draw_scene_do(void*) external_engine.cc:390
    #19 0x109fd4170 in external_draw_scene(void*) external_engine.cc:423
    #20 0x109987e04 in drw_engines_draw_scene() draw_manager_c.cc:1127
    #21 0x10997eaec in DRW_draw_render_loop_ex(Depsgraph*, RenderEngineType*, ARegion*, View3D*, GPUViewport*, bContext const*) draw_manager_c.cc:1774
    #22 0x10997cd1c in DRW_draw_view(bContext const*) draw_manager_c.cc:1646
    #23 0x115e6fe20 in view3d_draw_view(bContext const*, ARegion*) view3d_draw.cc:1563
    #24 0x115e6fb14 in view3d_main_region_draw(bContext const*, ARegion*) view3d_draw.cc:1598
    #25 0x10cfc768c in ED_region_do_draw(bContext*, ARegion*) area.cc:528
    #26 0x107ea82b0 in wm_draw_window_offscreen(bContext*, wmWindow*, bool) wm_draw.cc:1006
    #27 0x107ea4300 in wm_draw_window(bContext*, wmWindow*) wm_draw.cc:1177
    #28 0x107ea2d88 in wm_draw_update(bContext*) wm_draw.cc:1581
    #29 0x107e73c50 in WM_main(bContext*) wm.cc:646

Thread T29 created by unknown thread
Thread T101 created by T0 here:
    #0 0x16c0abd6c in wrap_pthread_create+0x54 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x4bd6c)
    #1 0x126395d1c in ccl::thread::thread(std::__1::function<void ()>) thread.cpp:23
    #2 0x126395f58 in ccl::thread::thread(std::__1::function<void ()>) thread.cpp:15
    #3 0x12407e660 in ccl::Session::Session(ccl::SessionParams const&, ccl::SceneParams const&) session.cpp:78
    #4 0x12409cd20 in ccl::Session::Session(ccl::SessionParams const&, ccl::SceneParams const&) session.cpp:37
    #5 0x11cb29314 in ccl::BlenderSession::create_session() session.cpp:126
    #6 0x11cb352d4 in ccl::BlenderSession::reset_session(BL::BlendData&, BL::Depsgraph&) session.cpp:190
    #7 0x11cafebc4 in ccl::reset_func(_object*, _object*) python.cpp:374
    #8 0x12b2309f0 in cfunction_call methodobject.c:553
    #9 0x12b1e55e0 in _PyObject_MakeTpCall call.c:214
    #10 0x12b2c5d30 in _PyEval_EvalFrameDefault ceval.c
    #11 0x12b2bd894 in _PyEval_Vector ceval.c:6434
    #12 0x10cf19eb8 in bpy_class_call(bContext*, PointerRNA*, FunctionRNA*, ParameterList*) bpy_rna.cc:9436
    #13 0x10c6b9914 in engine_view_update(RenderEngine*, bContext const*, Depsgraph*) rna_render.cc:238
    #14 0x109fd5530 in external_draw_scene_do_v3d(void*) external_engine.cc:259
    #15 0x109fd4bac in external_draw_scene_do(void*) external_engine.cc:390
    #16 0x109fd4170 in external_draw_scene(void*) external_engine.cc:423
    #17 0x109987e04 in drw_engines_draw_scene() draw_manager_c.cc:1127
    #18 0x10997eaec in DRW_draw_render_loop_ex(Depsgraph*, RenderEngineType*, ARegion*, View3D*, GPUViewport*, bContext const*) draw_manager_c.cc:1774
    #19 0x10997cd1c in DRW_draw_view(bContext const*) draw_manager_c.cc:1646
    #20 0x115e6fe20 in view3d_draw_view(bContext const*, ARegion*) view3d_draw.cc:1563
    #21 0x115e6fb14 in view3d_main_region_draw(bContext const*, ARegion*) view3d_draw.cc:1598
    #22 0x10cfc768c in ED_region_do_draw(bContext*, ARegion*) area.cc:528
    #23 0x107ea82b0 in wm_draw_window_offscreen(bContext*, wmWindow*, bool) wm_draw.cc:1006
    #24 0x107ea4300 in wm_draw_window(bContext*, wmWindow*) wm_draw.cc:1177
    #25 0x107ea2d88 in wm_draw_update(bContext*) wm_draw.cc:1581
    #26 0x107e73c50 in WM_main(bContext*) wm.cc:646
    #27 0x100f1606c in main creator.cc:588
    #28 0x196e1b150  (<unknown module>)

SUMMARY: AddressSanitizer: heap-use-after-free mtl_command_buffer.mm:132 in invocation function for block in blender::gpu::MTLCommandBufferManager::submit(bool)
Shadow bytes around the buggy address:
  0x000341a19c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x000341a19d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x000341a19d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x000341a19e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x000341a19e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x000341a19f00: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x000341a19f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x000341a1a000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x000341a1a080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x000341a1a100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x000341a1a180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==46771==ABORTING
zsh: abort      UBSAN_OPTIONS=suppressions=/Users/sergey/Developer/bf/ubsan_suppressions.txt
**System Information** Operating system: macOS-14.6.1-arm64-arm-64bit 64 Bits Graphics card: Metal API Apple M2 Ultra 1.2 **Blender Version** Broken: version: 4.4.0 Alpha, branch: main, commit date: 2024-11-01 08:42, hash: `509090e7c3e7` Worked: prior #128987 **Short description of error** Quitting Blender with active Cycles viewport render results in `heap-use-after-free` ASAN error. The nominal release builds arep probably prone to crashes, but this is harder to replicate. **Exact steps for others to reproduce the error** * Compile Blender debug with `WITH_COMPILER_ASAN` * `blender --factory-startup` * Switch render engine to Cycles * Switch viewport to rendered shading * Cmd-Q to quit blender (don't save) With the `monkey.blend` the ASAN printed the whole stacktrace (the startup was a bit terse, with just a note about heap-use-after-free): ``` ================================================================= ==46771==ERROR: AddressSanitizer: heap-use-after-free on address 0x000341a19f10 at pc 0x00012adb50f8 bp 0x000320585ad0 sp 0x000320585ac8 READ of size 8 at 0x000341a19f10 thread T29 #0 0x12adb50f4 in invocation function for block in blender::gpu::MTLCommandBufferManager::submit(bool) mtl_command_buffer.mm:132 #1 0x1a1517a7c in MTLDispatchListApply+0x30 (Metal:arm64e+0x21a7c) #2 0x1a1517e58 in -[_MTLCommandBuffer didCompleteWithStartTime:endTime:error:]+0x1e8 (Metal:arm64e+0x21e58) #3 0x1b623feb4 in -[IOGPUMetalCommandBuffer didCompleteWithStartTime:endTime:error:]+0xd8 (IOGPU:arm64e+0x2eb4) #4 0x1a1517b10 in -[_MTLCommandQueue commandBufferDidComplete:startTime:completionTime:error:]+0x68 (Metal:arm64e+0x21b10) #5 0x1b62499e0 in IOGPUNotificationQueueDispatchAvailableCompletionNotifications+0x7c (IOGPU:arm64e+0xc9e0) #6 0x1b6249aec in __IOGPUNotificationQueueSetDispatchQueue_block_invoke+0x3c (IOGPU:arm64e+0xcaec) #7 0x16c0b26b0 in __wrap_dispatch_mach_create_block_invoke+0xdc (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x526b0) #8 0x196ff54a4 in _dispatch_client_callout4+0x10 (libdispatch.dylib:arm64e+0x44a4) #9 0x197011884 in _dispatch_mach_msg_invoke+0x1d0 (libdispatch.dylib:arm64e+0x20884) #10 0x196ffc894 in _dispatch_lane_serial_drain+0x16c (libdispatch.dylib:arm64e+0xb894) #11 0x1970125d4 in _dispatch_mach_invoke+0x1b8 (libdispatch.dylib:arm64e+0x215d4) #12 0x196ffc894 in _dispatch_lane_serial_drain+0x16c (libdispatch.dylib:arm64e+0xb894) #13 0x196ffd574 in _dispatch_lane_invoke+0x1ac (libdispatch.dylib:arm64e+0xc574) #14 0x196ffc894 in _dispatch_lane_serial_drain+0x16c (libdispatch.dylib:arm64e+0xb894) #15 0x196ffd540 in _dispatch_lane_invoke+0x178 (libdispatch.dylib:arm64e+0xc540) #16 0x1970082cc in _dispatch_root_queue_drain_deferred_wlh+0x11c (libdispatch.dylib:arm64e+0x172cc) #17 0x197007b40 in _dispatch_workloop_worker_thread+0x190 (libdispatch.dylib:arm64e+0x16b40) #18 0x1971a2008 in _pthread_wqthread+0x11c (libsystem_pthread.dylib:arm64e+0x3008) #19 0x1971a0d24 in start_wqthread+0x4 (libsystem_pthread.dylib:arm64e+0x1d24) 0x000341a19f10 is located 6928 bytes inside of 40360-byte region [0x000341a18400,0x000341a221a8) freed by thread T101 here: #0 0x16c0c1b8c in wrap__ZdlPv+0x74 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x61b8c) #1 0x12adc3d30 in blender::gpu::MTLContext::~MTLContext() mtl_context.mm:279 #2 0x12a850118 in GPU_context_discard(GPUContext*) gpu_context.cc:124 #3 0x113f962d0 in RE_engine_gpu_context_destroy engine.cc:1323 #4 0x11c767b28 in ccl::BlenderDisplayDriver::gpu_context_destroy() display_driver.cpp:837 #5 0x11c759cb0 in ccl::BlenderDisplayDriver::gpu_resources_destroy() display_driver.cpp:890 #6 0x11c7594c8 in ccl::BlenderDisplayDriver::~BlenderDisplayDriver() display_driver.cpp:452 #7 0x11c7495a4 in ccl::BlenderDisplayDriver::~BlenderDisplayDriver() display_driver.cpp:451 #8 0x11c7495f8 in ccl::BlenderDisplayDriver::~BlenderDisplayDriver() display_driver.cpp:451 #9 0x11cb58c94 in std::__1::default_delete<ccl::DisplayDriver>::operator()[abi:ue170006](ccl::DisplayDriver*) const unique_ptr.h:68 #10 0x11cb58994 in std::__1::unique_ptr<ccl::DisplayDriver, std::__1::default_delete<ccl::DisplayDriver>>::reset[abi:ue170006](ccl::DisplayDriver*) unique_ptr.h:300 #11 0x11cb5878c in std::__1::unique_ptr<ccl::DisplayDriver, std::__1::default_delete<ccl::DisplayDriver>>::~unique_ptr[abi:ue170006]() unique_ptr.h:266 #12 0x11cb5788c in std::__1::unique_ptr<ccl::DisplayDriver, std::__1::default_delete<ccl::DisplayDriver>>::~unique_ptr[abi:ue170006]() unique_ptr.h:266 #13 0x1260e6c80 in ccl::PathTraceDisplay::~PathTraceDisplay() path_trace_display.h:30 #14 0x1260e65e0 in ccl::PathTraceDisplay::~PathTraceDisplay() path_trace_display.h:30 #15 0x1260e6634 in ccl::PathTraceDisplay::~PathTraceDisplay() path_trace_display.h:30 #16 0x12606483c in std::__1::default_delete<ccl::PathTraceDisplay>::operator()[abi:ue170006](ccl::PathTraceDisplay*) const unique_ptr.h:68 #17 0x12606453c in std::__1::unique_ptr<ccl::PathTraceDisplay, std::__1::default_delete<ccl::PathTraceDisplay>>::reset[abi:ue170006](ccl::PathTraceDisplay*) unique_ptr.h:300 #18 0x12609d500 in std::__1::unique_ptr<ccl::PathTraceDisplay, std::__1::default_delete<ccl::PathTraceDisplay>>::operator=[abi:ue170006](std::nullptr_t) unique_ptr.h:269 #19 0x12609cf30 in ccl::PathTrace::set_display_driver(std::__1::unique_ptr<ccl::DisplayDriver, std::__1::default_delete<ccl::DisplayDriver>>) path_trace.cpp:641 #20 0x12407fcc4 in ccl::Session::thread_run() session.cpp:267 #21 0x12409c6f4 in decltype(*std::declval<ccl::Session*&>().*std::declval<void (ccl::Session::*&)()>()()) std::__1::__invoke[abi:ue170006]<void (ccl::Session::*&)(), ccl::Session*&, void>(void (ccl::Session::*&)(), ccl::Session*&) invoke.h:308 #22 0x12409c5a4 in std::__1::__bind_return<void (ccl::Session::*)(), std::__1::tuple<ccl::Session*>, std::__1::tuple<>, __is_valid_bind_return<void (ccl::Session::*)(), std::__1::tuple<ccl::Session*>, std::__1::tuple<>>::value>::type std::__1::__apply_functor[abi:ue170006]<void (ccl::Session::*)(), std::__1::tuple<ccl::Session*>, 0ul, std::__1::tuple<>>(void (ccl::Session::*&)(), std::__1::tuple<ccl::Session*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) bind.h:260 #23 0x12409c3f0 in std::__1::__bind_return<void (ccl::Session::*)(), std::__1::tuple<ccl::Session*>, std::__1::tuple<>, __is_valid_bind_return<void (ccl::Session::*)(), std::__1::tuple<ccl::Session*>, std::__1::tuple<>>::value>::type std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>::operator()[abi:ue170006]<>() bind.h:292 #24 0x12409c228 in decltype(std::declval<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>&>()()) std::__1::__invoke[abi:ue170006]<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>&>(std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>&) invoke.h:340 #25 0x12409c134 in void std::__1::__invoke_void_return_wrapper<void, true>::__call[abi:ue170006]<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>&>(std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>&) invoke.h:415 #26 0x12409c0e4 in std::__1::__function::__alloc_func<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>, std::__1::allocator<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>>, void ()>::operator()[abi:ue170006]() function.h:193 #27 0x124096620 in std::__1::__function::__func<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>, std::__1::allocator<std::__1::__bind<void (ccl::Session::*)(), ccl::Session*>>, void ()>::operator()() function.h:364 #28 0x1011f4dd0 in std::__1::__function::__value_func<void ()>::operator()[abi:ue170006]() const function.h:518 #29 0x1011f4aec in std::__1::function<void ()>::operator()() const function.h:1169 previously allocated by thread T0 here: #0 0x16c0c174c in wrap__Znwm+0x74 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x6174c) #1 0x12ad8721c in blender::gpu::MTLBackend::context_alloc(void*, void*) mtl_backend.mm:49 #2 0x12a84c6b8 in GPU_context_create(void*, void*) gpu_context.cc:114 #3 0x113f95ca8 in RE_engine_gpu_context_create engine.cc:1296 #4 0x11c754854 in ccl::BlenderDisplayDriver::gpu_context_create() display_driver.cpp:813 #5 0x11c7542c4 in ccl::BlenderDisplayDriver::BlenderDisplayDriver(BL::RenderEngine&, BL::Scene&, bool) display_driver.cpp:447 #6 0x11c75938c in ccl::BlenderDisplayDriver::BlenderDisplayDriver(BL::RenderEngine&, BL::Scene&, bool) display_driver.cpp:445 #7 0x11cb74124 in std::__1::__unique_if<ccl::BlenderDisplayDriver>::__unique_single std::__1::make_unique[abi:ue170006]<ccl::BlenderDisplayDriver, BL::RenderEngine&, BL::Scene&, bool&>(BL::RenderEngine&, BL::Scene&, bool&) unique_ptr.h:689 #8 0x11cb43194 in ccl::BlenderSession::ensure_display_driver_if_needed() session.cpp:1136 #9 0x11cb6d0a0 in ccl::BlenderSession::synchronize(BL::Depsgraph&) session.cpp:796 #10 0x11cafe630 in ccl::sync_func(_object*, _object*) python.cpp:397 #11 0x12b2309f0 in cfunction_call methodobject.c:553 #12 0x12b1e55e0 in _PyObject_MakeTpCall call.c:214 #13 0x12b2c5d30 in _PyEval_EvalFrameDefault ceval.c #14 0x12b2bd894 in _PyEval_Vector ceval.c:6434 #15 0x10cf19eb8 in bpy_class_call(bContext*, PointerRNA*, FunctionRNA*, ParameterList*) bpy_rna.cc:9436 #16 0x10c6b9914 in engine_view_update(RenderEngine*, bContext const*, Depsgraph*) rna_render.cc:238 #17 0x109fd5530 in external_draw_scene_do_v3d(void*) external_engine.cc:259 #18 0x109fd4bac in external_draw_scene_do(void*) external_engine.cc:390 #19 0x109fd4170 in external_draw_scene(void*) external_engine.cc:423 #20 0x109987e04 in drw_engines_draw_scene() draw_manager_c.cc:1127 #21 0x10997eaec in DRW_draw_render_loop_ex(Depsgraph*, RenderEngineType*, ARegion*, View3D*, GPUViewport*, bContext const*) draw_manager_c.cc:1774 #22 0x10997cd1c in DRW_draw_view(bContext const*) draw_manager_c.cc:1646 #23 0x115e6fe20 in view3d_draw_view(bContext const*, ARegion*) view3d_draw.cc:1563 #24 0x115e6fb14 in view3d_main_region_draw(bContext const*, ARegion*) view3d_draw.cc:1598 #25 0x10cfc768c in ED_region_do_draw(bContext*, ARegion*) area.cc:528 #26 0x107ea82b0 in wm_draw_window_offscreen(bContext*, wmWindow*, bool) wm_draw.cc:1006 #27 0x107ea4300 in wm_draw_window(bContext*, wmWindow*) wm_draw.cc:1177 #28 0x107ea2d88 in wm_draw_update(bContext*) wm_draw.cc:1581 #29 0x107e73c50 in WM_main(bContext*) wm.cc:646 Thread T29 created by unknown thread Thread T101 created by T0 here: #0 0x16c0abd6c in wrap_pthread_create+0x54 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x4bd6c) #1 0x126395d1c in ccl::thread::thread(std::__1::function<void ()>) thread.cpp:23 #2 0x126395f58 in ccl::thread::thread(std::__1::function<void ()>) thread.cpp:15 #3 0x12407e660 in ccl::Session::Session(ccl::SessionParams const&, ccl::SceneParams const&) session.cpp:78 #4 0x12409cd20 in ccl::Session::Session(ccl::SessionParams const&, ccl::SceneParams const&) session.cpp:37 #5 0x11cb29314 in ccl::BlenderSession::create_session() session.cpp:126 #6 0x11cb352d4 in ccl::BlenderSession::reset_session(BL::BlendData&, BL::Depsgraph&) session.cpp:190 #7 0x11cafebc4 in ccl::reset_func(_object*, _object*) python.cpp:374 #8 0x12b2309f0 in cfunction_call methodobject.c:553 #9 0x12b1e55e0 in _PyObject_MakeTpCall call.c:214 #10 0x12b2c5d30 in _PyEval_EvalFrameDefault ceval.c #11 0x12b2bd894 in _PyEval_Vector ceval.c:6434 #12 0x10cf19eb8 in bpy_class_call(bContext*, PointerRNA*, FunctionRNA*, ParameterList*) bpy_rna.cc:9436 #13 0x10c6b9914 in engine_view_update(RenderEngine*, bContext const*, Depsgraph*) rna_render.cc:238 #14 0x109fd5530 in external_draw_scene_do_v3d(void*) external_engine.cc:259 #15 0x109fd4bac in external_draw_scene_do(void*) external_engine.cc:390 #16 0x109fd4170 in external_draw_scene(void*) external_engine.cc:423 #17 0x109987e04 in drw_engines_draw_scene() draw_manager_c.cc:1127 #18 0x10997eaec in DRW_draw_render_loop_ex(Depsgraph*, RenderEngineType*, ARegion*, View3D*, GPUViewport*, bContext const*) draw_manager_c.cc:1774 #19 0x10997cd1c in DRW_draw_view(bContext const*) draw_manager_c.cc:1646 #20 0x115e6fe20 in view3d_draw_view(bContext const*, ARegion*) view3d_draw.cc:1563 #21 0x115e6fb14 in view3d_main_region_draw(bContext const*, ARegion*) view3d_draw.cc:1598 #22 0x10cfc768c in ED_region_do_draw(bContext*, ARegion*) area.cc:528 #23 0x107ea82b0 in wm_draw_window_offscreen(bContext*, wmWindow*, bool) wm_draw.cc:1006 #24 0x107ea4300 in wm_draw_window(bContext*, wmWindow*) wm_draw.cc:1177 #25 0x107ea2d88 in wm_draw_update(bContext*) wm_draw.cc:1581 #26 0x107e73c50 in WM_main(bContext*) wm.cc:646 #27 0x100f1606c in main creator.cc:588 #28 0x196e1b150 (<unknown module>) SUMMARY: AddressSanitizer: heap-use-after-free mtl_command_buffer.mm:132 in invocation function for block in blender::gpu::MTLCommandBufferManager::submit(bool) Shadow bytes around the buggy address: 0x000341a19c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x000341a19d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x000341a19d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x000341a19e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x000341a19e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x000341a19f00: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x000341a19f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x000341a1a000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x000341a1a080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x000341a1a100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x000341a1a180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==46771==ABORTING zsh: abort UBSAN_OPTIONS=suppressions=/Users/sergey/Developer/bf/ubsan_suppressions.txt ```
Sergey Sharybin added the
Status
Needs Triage
Severity
Normal
Type
Bug
labels 2024-11-01 11:25:43 +01:00
Author
Owner

Closing in favor of #129661

Closing in favor of #129661
Blender Bot added
Status
Archived
and removed
Status
Needs Triage
labels 2024-11-01 12:28:06 +01:00
Sign in to join this conversation.
No Label
Interest
Alembic
Interest
Animation & Rigging
Interest
Asset System
Interest
Audio
Interest
Automated Testing
Interest
Blender Asset Bundle
Interest
BlendFile
Interest
Code Documentation
Interest
Collada
Interest
Compatibility
Interest
Compositing
Interest
Core
Interest
Cycles
Interest
Dependency Graph
Interest
Development Management
Interest
EEVEE
Interest
FBX
Interest
Freestyle
Interest
Geometry Nodes
Interest
glTF
Interest
Grease Pencil
Interest
ID Management
Interest
Images & Movies
Interest
Import Export
Interest
Line Art
Interest
Masking
Interest
Metal
Interest
Modeling
Interest
Modifiers
Interest
Motion Tracking
Interest
Nodes & Physics
Interest
OpenGL
Interest
Overlay
Interest
Overrides
Interest
Performance
Interest
Physics
Interest
Pipeline & IO
Interest
Platforms, Builds & Tests
Interest
Python API
Interest
Render & Cycles
Interest
Render Pipeline
Interest
Sculpt, Paint & Texture
Interest
Text Editor
Interest
Translations
Interest
Triaging
Interest
Undo
Interest
USD
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Interest
Video Sequencer
Interest
Viewport & EEVEE
Interest
Virtual Reality
Interest
Vulkan
Interest
Wayland
Interest
Workbench
Interest: X11
Legacy
Asset Browser Project
Legacy
Blender 2.8 Project
Legacy
Milestone 1: Basic, Local Asset Browser
Legacy
OpenGL Error
Meta
Good First Issue
Meta
Papercut
Meta
Retrospective
Meta
Security
Module
Animation & Rigging
Module
Asset System
Module
Core
Module
Development Management
Module
Grease Pencil
Module
Modeling
Module
Nodes & Physics
Module
Pipeline & IO
Module
Platforms, Builds & Tests
Module
Python API
Module
Render & Cycles
Module
Sculpt, Paint & Texture
Module
Triaging
Module
User Interface
Module
VFX & Video
Module
Viewport & EEVEE
Platform
FreeBSD
Platform
Linux
Platform
macOS
Platform
Windows
Severity
High
Severity
Low
Severity
Normal
Severity
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: blender/blender#129674
No description provided.