Critical Metal Driver Bug
So, i was tinkering around in the Metal API, and i seem to have found a critical segfault, here is the bug report
=====================================================
The issue is with the function newBufferWithBytes:length:options: of an MTLDevice instance, Options, can either be MTLResourceStorageModeShared or MTLResourceStorageModePrivate, however, the function seems to segfaults at large allocations, such as 20 MB buffers, this is for MTLResourceStorageModePrivate exclusively.
Reproducing the issue is simple, i have attached a simple main.mm files, which running, consistently segfaults on my computer the moment it hits [device newBufferWithBytes…].
this wasn’t done in the Xcode IDE, just in neovim + cmake, the compiler :
Apple clang version 21.0.0 (clang-2100.0.123.102)
Target: arm64-apple-darwin25.2.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
mac os : 26.2 (25C56)
Reproducible in debug and release builds.
Considering the fact that there is a paper in the documentation, that talks about copying data to a private resource using a staging buffer (here is the link) :
https://developer.apple.com/documentation/metal/copying-data-to-a-private-resource?language=objc
it makes me think that newBufferWithBytes:length:options was never intended to be able to allocate private resources, however, considering the fact that it succeeds in small allocations, and segfaults in big allocations, i believe this is misleading and requires fixing, either by removing the MTLResourceStorageModePrivate option, or making it do the blit internally.
Thanks, looking forward to this issue getting fixed!
after submitting this to Feedback Assistant, after some time, Apple replies with "works as currently designed" which means, this wasn't an issue. Now, i find that to be extremely weird since this is a genuine segfault.
Can yall reproduce it? i'm afraid it's only on my machine.#include <Metal/Metal.h>
#include <vector>
int main() {
id<MTLDevice> device = MTLCreateSystemDefaultDevice();
std::vector<unsigned char> vec(20 * 1024 * 1024);
memset(vec.data(), 0, 20 * 1024 * 1024);
printf("here works\n");
id<MTLBuffer> buff =
[device newBufferWithBytes:vec.data()
length:20 * 1024 * 1024
options:MTLResourceStorageModePrivate];
printf("it doesn't make it to here\n");
[buff release];
[device release];
return 0;
}
just this snippet is enough to reproduce it on my computer, crashes, every single time. I don't know if there is something massive here i'm missing out.
