PT-2025-37440 · Pypi · Usd-Core
Published
2025-09-04
·
Updated
2025-09-04
CVSS v3.1
9.4
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H |
Summary
A Use-After-Free (UAF) vulnerability has been discovered in the Sdf PathNode module of the Pixar OpenUSD library. This issue occurs during the deletion of the Sdf PrimPathNode object in multi-threaded environments, where freed memory is accessed. This results in segmentation faults or bus errors, allowing attackers to potentially exploit the vulnerability for remote code execution (RCE). By using a specially crafted .usd file, an attacker could gain control of the affected system. The vulnerability has been confirmed in multiple OpenUSD tools, including sdfdump, usdtree, usdcat, and sdffilter.
Patches
This is fixed with commit 0d74f31, with the fix available in OpenUSD 25.08 and onwards.
Details
The issue is a Use-After-Free vulnerability in the Sdf PathNode destruction process, specifically in Sdf PrimPathNode::~Sdf PrimPathNode(). When multiple threads attempt to destroy or modify the same Sdf PathNode object, a race condition can occur, causing the object to be accessed after it has been freed. This leads to segmentation faults or bus errors, as observed in the crash logs.
root@DESKTOP-7VTO277:/mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/bin# ./sdffilter /mnt/c/Users/HomePc/Downloads/one.usd
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'extent' to a prim path (/HumanFemale Group/HumanFemaleHair.xformOpOrder)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'extent' to a prim path (/HumanFemale Group/SocksHuman.xformOp:transform)
AddressSanitizer:DEADLYSIGNAL
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'extent' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Face/Eyes/LEye/Pupil sbdv/LEye/Iris sbdv.faceVertexCounts)
=================================================================
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexCounts' to a prim path (/HumanFemale Group/HumanFemaleHair.xformOpOrder)
AddressSanitizerWarning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexCounts' to a prim path (/HumanFemale Group/SocksHuman.xformOp:transform)
:DEADLYSIGNAL
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Standin' to path '/HumanFemale Group/KidThinButtonDown/Geom/LSock/Hair/Body/HeelSeam sbdv/BrowL HairLayer.primvars:displayColor'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexIndices' to a prim path (/HumanFemale Group/SocksHuman.xformOp:transform)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Tongue sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Body/Body sbdv.points'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexIndices' to a prim path (/HumanFemale Group/HumanFemaleHair.xformOpOrder)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Geom' to path '/HumanFemale Group/KidThinButtonDown/Geom/LSock/Hair/Body/HeelSeam sbdv.faceVertexCounts'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'points' to a prim path (/HumanFemale Group/HumanFemaleHair.xformOpOrder)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Cornea sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Body/Body sbdv.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:displayColor' to a prim path (/HumanFemale Group/HumanFemaleHair.xformOpOrder)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Iris sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Body/Body sbdv.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'extent' to a prim path (/RShoe/Body/ShoeBody sbdv/Geom/RShoe/Sole/Standin/Shell sbdv.interpolateBoundary)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:geomBindTransform' to a prim path (/HumanFemale Group/HumanFemaleHair.xformOpOrder)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexCounts' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Face/Eyes/LEye/Pupil sbdv/LEye/Iris sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointIndices' to a prim path (/HumanFemale Group/HumanFemaleHair.xformOpOrder)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexIndices' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Face/Eyes/LEye/Pupil sbdv/LEye/Iris sbdv.faceVertexCounts)
==270474==ERROR: AddressSanitizer: SEGV on unknown address 0x7f8500000008 (pc 0x7f855a574b2b bp 0x7ffcd379aa30 sp 0x7ffcd379a770 T0)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Pupil sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Body/Body sbdv.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'points' to a prim path (/HumanFemale Group/SocksHuman.xformOp:transform)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexCounts' to a prim path (/RShoe/Body/ShoeBody sbdv/Geom/RShoe/Sole/Standin/Shell sbdv.interpolateBoundary)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:displayColor' to a prim path (/HumanFemale Group/SocksHuman.xformOp:transform)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Sclera sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Body/Body sbdv.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:geomBindTransform' to a prim path (/HumanFemale Group/SocksHuman.xformOp:transform)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointIndices' to a prim path (/HumanFemale Group/SocksHuman.xformOp:transform)
==270474==The signal is caused by a WRITE memory access.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointWeights' to a prim path (/HumanFemale Group/SocksHuman.xformOp:transform)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'points' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Face/Eyes/LEye/Pupil sbdv/LEye/Iris sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexIndices' to a prim path (/RShoe/Body/ShoeBody sbdv/Geom/RShoe/Sole/Standin/Shell sbdv.interpolateBoundary)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointWeights' to a prim path (/HumanFemale Group/HumanFemaleHair.xformOpOrder)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'points' to a prim path (/RShoe/Body/ShoeBody sbdv/Geom/RShoe/Sole/Standin/Shell sbdv.interpolateBoundary)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'subdivisionScheme' to a prim path (/HumanFemale Group/HumanFemaleHair.xformOpOrder)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:displayColor' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Face/Eyes/LEye/Pupil sbdv/LEye/Iris sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:displayColor' to a prim path (/RShoe/Body/ShoeBody sbdv/Geom/RShoe/Sole/Standin/Shell sbdv.interpolateBoundary)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'subdivisionScheme' to a prim path (/HumanFemale Group/SocksHuman.xformOp:transform)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:geomBindTransform' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Face/Eyes/LEye/Pupil sbdv/LEye/Iris sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointIndices' to a prim path (/RShoe/Body/ShoeBody sbdv/Geom/RShoe/Sole/Standin/Shell sbdv.interpolateBoundary)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointIndices' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Face/Eyes/LEye/Pupil sbdv/LEye/Iris sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointWeights' to a prim path (/RShoe/Body/ShoeBody sbdv/Geom/RShoe/Sole/Standin/Shell sbdv.interpolateBoundary)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointWeights' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Face/Eyes/LEye/Pupil sbdv/LEye/Iris sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'visibility' to a prim path (/RShoe/Body/ShoeBody sbdv/Geom/RShoe/Sole/Standin/Shell sbdv.interpolateBoundary)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'subdivisionScheme' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=faceBones}Geom/Face/Eyes/LEye/Pupil sbdv/LEye/Iris sbdv.faceVertexCounts)
AddressSanitizer:DEADLYSIGNAL
#0 0x7f855a574b2b in std:: atomic base<unsigned int>::fetch add(unsigned int, std::memory order) /usr/include/c++/11/bits/atomic base.h:618
#1 0x7f855a574b2b in pxrInternal v0 24 pxrReserved ::TfDelegatedCountIncrement(pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:742
#2 0x7f855a574b2b in pxrInternal v0 24 pxrReserved ::TfDelegatedCountPtr<pxrInternal v0 24 pxrReserved ::Sdf PathNode const>:: IncrementIfValid() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/tf/delegatedCountPtr.h:247
#3 0x7f855a574b2b in pxrInternal v0 24 pxrReserved ::TfDelegatedCountPtr<pxrInternal v0 24 pxrReserved ::Sdf PathNode const>::TfDelegatedCountPtr(pxrInternal v0 24 pxrReserved ::TfDelegatedCountIncrementTagType, pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/tf/delegatedCountPtr.h:116
#4 0x7f855a574b2b in pxrInternal v0 24 pxrReserved ::Sdf PrimPathNode::~Sdf PrimPathNode() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.cpp:752
#5 0x5653213d7c80 in pxrInternal v0 24 pxrReserved ::Sdf PathNode:: Destroy() const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:659
#6 0x5653213d7c80 in pxrInternal v0 24 pxrReserved ::TfDelegatedCountDecrement(pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:746
#7 0x5653213d7c80 in pxrInternal v0 24 pxrReserved ::Sdf PathNodeHandleImpl<pxrInternal v0 24 pxrReserved ::Sdf Pool<pxrInternal v0 24 pxrReserved ::Sdf PathPrimTag, 24u, 8u, 16384u>::Handle, true, pxrInternal v0 24 pxrReserved ::Sdf PathNode const>:: DecRef() const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.h:177
#8 0x5653213d7c80 in pxrInternal v0 24 pxrReserved ::Sdf PathNodeHandleImpl<pxrInternal v0 24 pxrReserved ::Sdf Pool<pxrInternal v0 24 pxrReserved ::Sdf PathPrimTag, 24u, 8u, 16384u>::Handle, true, pxrInternal v0 24 pxrReserved ::Sdf PathNode const>::~Sdf PathNodeHandleImpl() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.h:97
AddressSanitizer:DEADLYSIGNAL
AddressSanitizer: nested bug in the same thread, aborting.root@DESKTOP-7VTO277:/mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/bin# ./usdcat /mnt/c/Users/HomePc/Downloads/one.usd
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'LEye' to path '/HumanFemale Group/HumanFemale/Geom/Body/Body sbdv/HumanFemale Anim Face Eyes REye Lids OutCornerUD.xformOp:transform'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'xformOp:transform' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Body sbdv/HumanFemale Anim Face Mouth JawUD/Geom/Face/Eyes/LEye/Sclera sbdv.primvars:skel:jointIndices)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Cornea sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=faceBones}Geom/Hair/Layers/Geom/LShoe/Body/HeelSeam sbdv.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'xformOpOrder' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Body sbdv/HumanFemale Anim Face Mouth JawUD/Geom/Face/Eyes/LEye/Sclera sbdv.primvars:skel:jointIndices)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Iris sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=faceBones}Geom/Hair/Layers/Geom/LShoe/Body/HeelSeam sbdv.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Pupil sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=faceBones}Geom/Hair/Layers/Geom/LShoe/Body/HeelSeam sbdv.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'HeelSeam sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=faceBones}Geom/Hair/Layers/Geom/LShoe/Body/ShoeBody sbdv.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'xformOp:transform' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Body sbdv/HumanFemale Anim Face Mouth JawUD/Geom/Face/Eyes/LEye/Pupil sbdv.subdivisionScheme)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Geom' to path '/HumanFemale Group/HumanFemale/Geom/Body/Body sbdv/HumanFemale Anim Face Mouth JawUD/Geom/Face/Eyes/LEye/Sclera sbdv.primvars:skel:jointIndices'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'xformOpOrder' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Body sbdv/HumanFemale Anim Face Mouth JawUD/Geom/Face/Eyes/LEye/Pupil sbdv.subdivisionScheme)
AddressSanitizer:DEADLYSIGNAL
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointIndices' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=faceBones}Geom/Hair/Layers/Geom/LShoe/Body/ShoeBody sbdv.primvars:skel:jointWeights)
=================================================================
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'ShoeBody sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=faceBones}Geom/Hair/Layers/Geom/LShoe/Body/ShoeBody sbdv.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Tongue sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=reduced}Geom/Face/Body sbdv.primvars:skel:jointIndices'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'doubleSided' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=high}Geom/Hair/Layers/Geom/LShoe/BrowL HairLayer/Body/ShoeBody sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointWeights' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=faceBones}Geom/Hair/Layers/Geom/LShoe/Body/ShoeBody sbdv.primvars:skel:jointWeights)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Sclera sbdv' to path '/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=faceBones}Geom/Hair/Layers/Geom/LShoe/Body/HeelSeam sbdv.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Geom' to path '/HumanFemale Group/HumanFemale/Geom/Body/Body sbdv/HumanFemale Anim Face Mouth JawUD/Geom/Face/Eyes/LEye/Pupil sbdv.subdivisionScheme'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'REye' to path '/HumanFemale Group/HumanFemale/Geom/Body/Body sbdv/HumanFemale Anim Face Eyes REye Lids OutCornerUD.xformOp:transform'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'extent' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=high}Geom/Hair/Layers/Geom/LShoe/BrowL HairLayer/Body/ShoeBody sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexCounts' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=high}Geom/Hair/Layers/Geom/LShoe/BrowL HairLayer/Body/ShoeBody sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexIndices' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=high}Geom/Hair/Layers/Geom/LShoe/BrowL HairLayer/Body/ShoeBody sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'points' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=high}Geom/Hair/Layers/Geom/LShoe/BrowL HairLayer/Body/ShoeBody sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:displayColor' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=high}Geom/Hair/Layers/Geom/LShoe/BrowL HairLayer/Body/ShoeBody sbdv.faceVertexCounts)
==271750==ERROR: AddressSanitizer: SEGV on unknown address 0x7f9602c0040f (pc 0x7f962b94286f bp 0x7f96233abb40 sp 0x7f96233abaf0 T10)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:geomBindTransform' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=high}Geom/Hair/Layers/Geom/LShoe/BrowL HairLayer/Body/ShoeBody sbdv.faceVertexCounts)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'subdivisionScheme' to a prim path (/HumanFemale Group/HumanFemale{rigComplexity=}{rigComplexity=high}Geom/Hair/Layers/Geom/LShoe/BrowL HairLayer/Body/ShoeBody sbdv.faceVertexCounts)
==271750==The signal is caused by a READ memory access.
#0 0x7f962b94286f in WriteTextToBuffer<pxrInternal v0 24 pxrReserved ::(anonymous namespace):: StringBuffer> /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.cpp:662
#1 0x7f962b942d6f in pxrInternal v0 24 pxrReserved ::Sdf PathNode:: CreatePathToken(pxrInternal v0 24 pxrReserved ::Sdf PathNode const*, pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.cpp:620
#2 0x7f962b945eb3 in operator() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.cpp:506
#3 0x7f962b945eb3 in FindOrCreate<pxrInternal v0 24 pxrReserved ::Sdf PathNode::GetPathToken(const pxrInternal v0 24 pxrReserved ::Sdf PathNode*, const pxrInternal v0 24 pxrReserved ::Sdf PathNode*)::<lambda()> > /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.cpp:458
#4 0x7f962b945eb3 in pxrInternal v0 24 pxrReserved ::Sdf PathNode::GetPathToken(pxrInternal v0 24 pxrReserved ::Sdf PathNode const*, pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.cpp:504
#5 0x7f962b852a5c in pxrInternal v0 24 pxrReserved ::SdfPath::GetToken() const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp:339
#6 0x7f962b852d2c in pxrInternal v0 24 pxrReserved ::SdfPath::GetText() const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp:353
#7 0x7f962b868bd7 in pxrInternal v0 24 pxrReserved ::SdfPath::AppendChild(pxrInternal v0 24 pxrReserved ::TfToken const&) const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp:824
#8 0x7f962b8708b6 in pxrInternal v0 24 pxrReserved ::SdfPath::AppendElementToken(pxrInternal v0 24 pxrReserved ::TfToken const&) const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp:1166
#9 0x7f962ca352e5 in pxrInternal v0 24 pxrReserved ::Usd CrateFile::CrateFile:: BuildDecompressedPathsImpl(std::vector<unsigned int, std::allocator<unsigned int> > const&, std::vector<int, std::allocator<int> > const&, std::vector<int, std::allocator<int> > const&, unsigned long, pxrInternal v0 24 pxrReserved ::SdfPath, pxrInternal v0 24 pxrReserved ::WorkDispatcher&) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/usd/crateFile.cpp:3741
#10 0x7f962ca3d435 in operator() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/usd/crateFile.cpp:3775
#11 0x7f962ca3d435 in execute /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/work/dispatcher.h:170
#12 0x7f9629c0f135 in tbb::internal::custom scheduler<tbb::internal::IntelSchedulerTraits>::process bypass loop(tbb::internal::context guard helper<false>&, tbb::task*, long) ../../src/tbb/custom scheduler.h:474
#13 0x7f9629c1026c in tbb::internal::custom scheduler<tbb::internal::IntelSchedulerTraits>::local wait for all(tbb::task&, tbb::task*) ../../src/tbb/custom scheduler.h:636
#14 0x7f9629bfa5d3 in tbb::internal::arena::process(tbb::internal::generic scheduler&) ../../src/tbb/arena.cpp:196
#15 0x7f9629bf1741 in tbb::internal::market::process(rml::job&) ../../src/tbb/market.cpp:667
#16 0x7f9629be3889 in tbb::internal::rml::private worker::run() ../../src/tbb/private server.cpp:266
#17 0x7f9629be472a in tbb::internal::rml::private worker::thread routine(void*) ../../src/tbb/private server.cpp:219
#18 0x7f96296c4ac2 in start thread nptl/pthread create.c:442
#19 0x7f962975684f (/lib/x86 64-linux-gnu/libc.so.6+0x12684f)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.cpp:662 in WriteTextToBuffer<pxrInternal v0 24 pxrReserved ::(anonymous namespace):: StringBuffer>
Thread T10 created by T3 here:
#0 0x7f962e987685 in interceptor pthread create ../../../../src/libsanitizer/asan/asan interceptors.cpp:216
#1 0x7f9629be4ff1 in rml::internal::thread monitor::launch(void* (*)(void*), void*, unsigned long) ../../src/tbb/../rml/server/thread monitor.h:218
#2 0x7f9629be4ff1 in tbb::internal::rml::private worker::wake or launch() ../../src/tbb/private server.cpp:297
#3 0x7f9629be3303 in tbb::internal::rml::private server::wake some(int) ../../src/tbb/private server.cpp:395
#4 0x7f9629be3722 in tbb::internal::rml::private server::propagate chain reaction() ../../src/tbb/private server.cpp:157
#5 0x7f9629be3722 in tbb::internal::rml::private worker::run() ../../src/tbb/private server.cpp:257
#6 0x7f9629be472a in tbb::internal::rml::private worker::thread routine(void*) ../../src/tbb/private server.cpp:219
#7 0x7f96296c4ac2 in start thread nptl/pthread create.c:442
Thread T3 created by T1 here:
#0 0x7f962e987685 in interceptor pthread create ../../../../src/libsanitizer/asan/asan interceptors.cpp:216
#1 0x7f9629be4ff1 in rml::internal::thread monitor::launch(void* (*)(void*), void*, unsigned long) ../../src/tbb/../rml/server/thread monitor.h:218
#2 0x7f9629be4ff1 in tbb::internal::rml::private worker::wake or launch() ../../src/tbb/private server.cpp:297
#3 0x7f9629be3303 in tbb::internal::rml::private server::wake some(int) ../../src/tbb/private server.cpp:395
#4 0x7f9629be3722 in tbb::internal::rml::private server::propagate chain reaction() ../../src/tbb/private server.cpp:157
#5 0x7f9629be3722 in tbb::internal::rml::private worker::run() ../../src/tbb/private server.cpp:257
#6 0x7f9629be472a in tbb::internal::rml::private worker::thread routine(void*) ../../src/tbb/private server.cpp:219
#7 0x7f96296c4ac2 in start thread nptl/pthread create.c:442
Thread T1 created by T0 here:
#0 0x7f962e987685 in interceptor pthread create ../../../../src/libsanitizer/asan/asan interceptors.cpp:216
#1 0x7f9629be4ff1 in rml::internal::thread monitor::launch(void* (*)(void*), void*, unsigned long) ../../src/tbb/../rml/server/thread monitor.h:218
#2 0x7f9629be4ff1 in tbb::internal::rml::private worker::wake or launch() ../../src/tbb/private server.cpp:297
#3 0x7f9629be3303 in tbb::internal::rml::private server::wake some(int) ../../src/tbb/private server.cpp:395
#4 0x7f9629be3479 in tbb::internal::rml::private server::adjust job count estimate(int) ../../src/tbb/private server.cpp:406
#5 0x7f9629bf4f27 in tbb::internal::market::adjust demand(tbb::internal::arena&, int) ../../src/tbb/market.cpp:655
#6 0x7f9629c0d7e0 in void tbb::internal::arena::advertise new work<(tbb::internal::arena::new work type)0>() ../../src/tbb/arena.h:548
#7 0x7f9629c096e8 in tbb::internal::generic scheduler::local spawn(tbb::task*, tbb::task*&) ../../src/tbb/scheduler.cpp:716
#8 0x7f9629c09e36 in tbb::internal::generic scheduler::spawn(tbb::task&, tbb::task*&) ../../src/tbb/scheduler.cpp:742
#9 0x7f962a56553b in tbb::interface5::internal::task base::spawn(tbb::task&) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/include/tbb/task.h:1125
#10 0x7f962a56553b in Run<const pxrInternal v0 24 pxrReserved ::Plug ReadPlugInfo(const std::vector<std:: cxx11::basic string<char> >&, bool, const AddVisitedPathCallback&, const AddPluginCallback&, pxrInternal v0 24 pxrReserved ::Plug TaskArena*)::<lambda()>&> /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/work/dispatcher.h:99
#11 0x7f962a56553b in Run<pxrInternal v0 24 pxrReserved ::Plug ReadPlugInfo(const std::vector<std:: cxx11::basic string<char> >&, bool, const AddVisitedPathCallback&, const AddPluginCallback&, pxrInternal v0 24 pxrReserved ::Plug TaskArena*)::<lambda()> > /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/info.cpp:462
#12 0x7f962a56553b in Run<pxrInternal v0 24 pxrReserved ::Plug ReadPlugInfo(const std::vector<std:: cxx11::basic string<char> >&, bool, const AddVisitedPathCallback&, const AddPluginCallback&, pxrInternal v0 24 pxrReserved ::Plug TaskArena*)::<lambda()> > /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/info.cpp:495
#13 0x7f962a56553b in pxrInternal v0 24 pxrReserved ::Plug ReadPlugInfo(std::vector<std:: cxx11::basic string<char, std::char traits<char>, std::allocator<char> >, std::allocator<std:: cxx11::basic string<char, std::char traits<char>, std::allocator<char> > > > const&, bool, std::function<bool (std:: cxx11::basic string<char, std::char traits<char>, std::allocator<char> > const&)> const&, std::function<void (pxrInternal v0 24 pxrReserved ::Plug RegistrationMetadata const&)> const&, pxrInternal v0 24 pxrReserved ::Plug TaskArena*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/info.cpp:716
#14 0x7f962a6052a6 in operator() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/registry.cpp:125
#15 0x7f962a6052a6 in operator() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/include/tbb/task arena.h:96
#16 0x7f9629bf7d38 in tbb::interface7::internal::isolate within arena(tbb::interface7::internal::delegate base&, long) ../../src/tbb/arena.cpp:1199
#17 0x7f962a606cb3 in isolate impl<void, const pxrInternal v0 24 pxrReserved ::PlugRegistry:: RegisterPlugins(const std::vector<std:: cxx11::basic string<char> >&, bool)::<lambda()> > /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/include/tbb/task arena.h:216
#18 0x7f962a606cb3 in isolate<pxrInternal v0 24 pxrReserved ::PlugRegistry:: RegisterPlugins(const std::vector<std:: cxx11::basic string<char> >&, bool)::<lambda()> > /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/include/tbb/task arena.h:472
#19 0x7f962a606cb3 in WorkWithScopedParallelism<pxrInternal v0 24 pxrReserved ::PlugRegistry:: RegisterPlugins(const std::vector<std:: cxx11::basic string<char> >&, bool)::<lambda()> > /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/work/withScopedParallelism.h:106
#20 0x7f962a606cb3 in pxrInternal v0 24 pxrReserved ::PlugRegistry:: RegisterPlugins(std::vector<std:: cxx11::basic string<char, std::char traits<char>, std::allocator<char> >, std::allocator<std:: cxx11::basic string<char, std::char traits<char>, std::allocator<char> > > > const&, bool) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/registry.cpp:124
#21 0x7f962a60d09d in operator() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/registry.cpp:281
#22 0x7f962a60d09d in invoke impl<void, pxrInternal v0 24 pxrReserved ::PlugPlugin:: RegisterAllPlugins()::<lambda()> > /usr/include/c++/11/bits/invoke.h:61
#23 0x7f962a60d09d in invoke<pxrInternal v0 24 pxrReserved ::PlugPlugin:: RegisterAllPlugins()::<lambda()> > /usr/include/c++/11/bits/invoke.h:96
#24 0x7f962a60d09d in operator() /usr/include/c++/11/mutex:776
#25 0x7f962a60d09d in operator() /usr/include/c++/11/mutex:712
#26 0x7f962a60d09d in FUN /usr/include/c++/11/mutex:712
#27 0x7f96296c9ee7 in pthread once slow nptl/pthread once.c:116
==271750==ABORTINGroot@DESKTOP-7VTO277:/mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/bin# ./sdfdump /mnt/c/Users/HomePc/Downloads/one.usd
AddressSanitizerAddressSanitizer:DEADLYSIGNAL
=================================================================
:DEADLYSIGNAL
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Hair' to path '/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Pupil sbdv/ThumbToeNail sbdv.primvars:skel:jointIndices'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Render' to path '/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Pupil sbdv/ThumbToeNail sbdv.primvars:skel:jointIndices'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Standin' to path '/HumanFemale Group/SocksHuman/Geom/RSock/AnkleSock sbdv.primvars:displayColor'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'ButtonDownRenderMesh sbdv' to path '/.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Geom' to path '/HumanFemale Group/KidThinButtonDown/Face{rigComplexity=}RShoe/Body/HeelSeam sbdv.extent'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Render' to path '/HumanFemale Group/KidThinButtonDown/Face{rigComplexity=}RShoe/Sole/REye.subdivisionScheme'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Iris sbdv' to path '/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Iris sbdv/Geom/Body/Body sbdv/HumanFemale Anim Face Cheeks LCheek Puff.primvars:skel:geomBindTransform'.
AddressSanitizer:DEADLYSIGNAL
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'extent' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Iris sbdv/Geom/Face/Eyes/REye/Cornea sbdv.primvars:skel:jointWeights)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Pupil sbdv' to path '/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Iris sbdv/Geom/Body/Body sbdv/HumanFemale Anim Face Cheeks LCheek Puff.primvars:skel:geomBindTransform'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Standin' to path '/HumanFemale Group/HumanFemale{rigComplexity=reduced}HeadHair/BetaRight HairLayer/Standin/Shell sbdv/Iris sbdv.points'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexCounts' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Iris sbdv/Geom/Face/Eyes/REye/Cornea sbdv.primvars:skel:jointWeights)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Sclera sbdv' to path '/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Iris sbdv/Geom/Body/Body sbdv/HumanFemale Anim Face Cheeks LCheek Puff.primvars:skel:geomBindTransform'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexIndices' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Iris sbdv/Geom/Face/Eyes/REye/Cornea sbdv.primvars:skel:jointWeights)
==271764==ERROR: AddressSanitizer: SEGV on unknown address 0x7fb401c00409 (pc 0x7fb48c37eb2b bp 0x7fb4851b1930 sp 0x7fb4851b1670 T5)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'points' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Iris sbdv/Geom/Face/Eyes/REye/Cornea sbdv.primvars:skel:jointWeights)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:displayColor' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Iris sbdv/Geom/Face/Eyes/REye/Cornea sbdv.primvars:skel:jointWeights)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointIndices' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Iris sbdv/Geom/Face/Eyes/REye/Cornea sbdv.primvars:skel:jointWeights)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Body sbdv' to path '/HumanFemale Group/KidThinButtonDown{rigComplexity=}Body/Render/ShoeBody sbdv.faceVertexCounts'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointWeights' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Iris sbdv/Geom/Face/Eyes/REye/Cornea sbdv.primvars:skel:jointWeights)
==271764==The signal is caused by a WRITE memory access.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'visibility' to a prim path (/HumanFemale Group/HumanFemale/Geom/Body/Nails/RFingerNails/Iris sbdv/Geom/Face/Eyes/REye/Cornea sbdv.primvars:skel:jointWeights)
#0 0x7fb48c37eb2b in std:: atomic base<unsigned int>::fetch add(unsigned int, std::memory order) /usr/include/c++/11/bits/atomic base.h:618
#1 0x7fb48c37eb2b in pxrInternal v0 24 pxrReserved ::TfDelegatedCountIncrement(pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:742
#2 0x7fb48c37eb2b in pxrInternal v0 24 pxrReserved ::TfDelegatedCountPtr<pxrInternal v0 24 pxrReserved ::Sdf PathNode const>:: IncrementIfValid() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/tf/delegatedCountPtr.h:247
#3 0x7fb48c37eb2b in pxrInternal v0 24 pxrReserved ::TfDelegatedCountPtr<pxrInternal v0 24 pxrReserved ::Sdf PathNode const>::TfDelegatedCountPtr(pxrInternal v0 24 pxrReserved ::TfDelegatedCountIncrementTagType, pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/tf/delegatedCountPtr.h:116
#4 0x7fb48c37eb2b in pxrInternal v0 24 pxrReserved ::Sdf PrimPathNode::~Sdf PrimPathNode() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.cpp:752
#5 0x7fb48c2b1327 in pxrInternal v0 24 pxrReserved ::Sdf PathNode:: Destroy() const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:659
#6 0x7fb48c2b1327 in pxrInternal v0 24 pxrReserved ::TfDelegatedCountDecrement(pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:746
#7 0x7fb48c37f484 in pxrInternal v0 24 pxrReserved ::TfDelegatedCountPtr<pxrInternal v0 24 pxrReserved ::Sdf PathNode const>:: DecrementIfValid() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/tf/delegatedCountPtr.h:253
#8 0x7fb48c37f484 in pxrInternal v0 24 pxrReserved ::TfDelegatedCountPtr<pxrInternal v0 24 pxrReserved ::Sdf PathNode const>::~TfDelegatedCountPtr() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/tf/delegatedCountPtr.h:192
#9 0x7fb48c37f484 in pxrInternal v0 24 pxrReserved ::Sdf PrimPathNode::~Sdf PrimPathNode() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.cpp:752
#10 0x7fb48c2b1327 in pxrInternal v0 24 pxrReserved ::Sdf PathNode:: Destroy() const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:659
#11 0x7fb48c2b1327 in pxrInternal v0 24 pxrReserved ::TfDelegatedCountDecrement(pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:746
#12 0x7fb48c37f4e0 in pxrInternal v0 24 pxrReserved ::Sdf PrimPartPathNode::~Sdf PrimPartPathNode() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:324
#13 0x7fb48c37f4e0 in pxrInternal v0 24 pxrReserved ::Sdf PrimPathNode::~Sdf PrimPathNode() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.cpp:755
#14 0x556821bbf7c0 in pxrInternal v0 24 pxrReserved ::Sdf PathNode:: Destroy() const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:659
#15 0x556821bbf7c0 in pxrInternal v0 24 pxrReserved ::TfDelegatedCountDecrement(pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:746
#16 0x556821bbf7c0 in pxrInternal v0 24 pxrReserved ::Sdf PathNodeHandleImpl<pxrInternal v0 24 pxrReserved ::Sdf Pool<pxrInternal v0 24 pxrReserved ::Sdf PathPrimTag, 24u, 8u, 16384u>::Handle, true, pxrInternal v0 24 pxrReserved ::Sdf PathNode const>:: DecRef() const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.h:177
#17 0x556821bbf7c0 in pxrInternal v0 24 pxrReserved ::Sdf PathNodeHandleImpl<pxrInternal v0 24 pxrReserved ::Sdf Pool<pxrInternal v0 24 pxrReserved ::Sdf PathPrimTag, 24u, 8u, 16384u>::Handle, true, pxrInternal v0 24 pxrReserved ::Sdf PathNode const>::~Sdf PathNodeHandleImpl() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.h:97
#18 0x7fb4821c1463 in pxrInternal v0 24 pxrReserved ::Sdf PathNodeHandleImpl<pxrInternal v0 24 pxrReserved ::Sdf Pool<pxrInternal v0 24 pxrReserved ::Sdf PathPrimTag, 24u, 8u, 16384u>::Handle, true, pxrInternal v0 24 pxrReserved ::Sdf PathNode const>::operator=(pxrInternal v0 24 pxrReserved ::Sdf PathNodeHandleImpl<pxrInternal v0 24 pxrReserved ::Sdf Pool<pxrInternal v0 24 pxrReserved ::Sdf PathPrimTag, 24u, 8u, 16384u>::Handle, true, pxrInternal v0 24 pxrReserved ::Sdf PathNode const>&&) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.h:117
#19 0x7fb4821c1463 in pxrInternal v0 24 pxrReserved ::SdfPath::operator=(pxrInternal v0 24 pxrReserved ::SdfPath&&) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.h:273
#20 0x7fb4821c1463 in pxrInternal v0 24 pxrReserved ::Usd CrateFile::CrateFile:: BuildDecompressedPathsImpl(std::vector<unsigned int, std::allocator<unsigned int> > const&, std::vector<int, std::allocator<int> > const&, std::vector<int, std::allocator<int> > const&, unsigned long, pxrInternal v0 24 pxrReserved ::SdfPath, pxrInternal v0 24 pxrReserved ::WorkDispatcher&) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/usd/crateFile.cpp:3743
#21 0x7fb4821c9435 in operator() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/usd/crateFile.cpp:3775
#22 0x7fb4821c9435 in execute /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/work/dispatcher.h:170
#23 0x7fb48a639135 in tbb::internal::custom scheduler<tbb::internal::IntelSchedulerTraits>::process bypass loop(tbb::internal::context guard helper<false>&, tbb::task*, long) ../../src/tbb/custom scheduler.h:474
#24 0x7fb48a63a26c in tbb::internal::custom scheduler<tbb::internal::IntelSchedulerTraits>::local wait for all(tbb::task&, tbb::task*) ../../src/tbb/custom scheduler.h:636
#25 0x7fb48a6245d3 in tbb::internal::arena::process(tbb::internal::generic scheduler&) ../../src/tbb/arena.cpp:196
#26 0x7fb48a61b741 in tbb::internal::market::process(rml::job&) ../../src/tbb/market.cpp:667
#27 0x7fb48a60d889 in tbb::internal::rml::private worker::run() ../../src/tbb/private server.cpp:266
#28 0x7fb48a60e72a in tbb::internal::rml::private worker::thread routine(void*) ../../src/tbb/private server.cpp:219
#29 0x7fb48a0ecac2 in start thread nptl/pthread create.c:442
#30 0x7fb48a17e84f (/lib/x86 64-linux-gnu/libc.so.6+0x12684f)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /usr/include/c++/11/bits/atomic base.h:618 in std:: atomic base<unsigned int>::fetch add(unsigned int, std::memory order)
Thread T5 created by T1 here:
#0 0x7fb48c91e685 in interceptor pthread create ../../../../src/libsanitizer/asan/asan interceptors.cpp:216
#1 0x7fb48a60eff1 in rml::internal::thread monitor::launch(void* (*)(void*), void*, unsigned long) ../../src/tbb/../rml/server/thread monitor.h:218
#2 0x7fb48a60eff1 in tbb::internal::rml::private worker::wake or launch() ../../src/tbb/private server.cpp:297
#3 0x7fb48a60d303 in tbb::internal::rml::private server::wake some(int) ../../src/tbb/private server.cpp:395
#4 0x7fb48a60d722 in tbb::internal::rml::private server::propagate chain reaction() ../../src/tbb/private server.cpp:157
#5 0x7fb48a60d722 in tbb::internal::rml::private worker::run() ../../src/tbb/private server.cpp:257
#6 0x7fb48a60e72a in tbb::internal::rml::private worker::thread routine(void*) ../../src/tbb/private server.cpp:219
#7 0x7fb48a0ecac2 in start thread nptl/pthread create.c:442
Thread T1 created by T0 here:
#0 0x7fb48c91e685 in interceptor pthread create ../../../../src/libsanitizer/asan/asan interceptors.cpp:216
#1 0x7fb48a60eff1 in rml::internal::thread monitor::launch(void* (*)(void*), void*, unsigned long) ../../src/tbb/../rml/server/thread monitor.h:218
#2 0x7fb48a60eff1 in tbb::internal::rml::private worker::wake or launch() ../../src/tbb/private server.cpp:297
#3 0x7fb48a60d303 in tbb::internal::rml::private server::wake some(int) ../../src/tbb/private server.cpp:395
#4 0x7fb48a60d479 in tbb::internal::rml::private server::adjust job count estimate(int) ../../src/tbb/private server.cpp:406
#5 0x7fb48a61ef27 in tbb::internal::market::adjust demand(tbb::internal::arena&, int) ../../src/tbb/market.cpp:655
#6 0x7fb48a6377e0 in void tbb::internal::arena::advertise new work<(tbb::internal::arena::new work type)0>() ../../src/tbb/arena.h:548
#7 0x7fb48a6336e8 in tbb::internal::generic scheduler::local spawn(tbb::task*, tbb::task*&) ../../src/tbb/scheduler.cpp:716
#8 0x7fb48a633e36 in tbb::internal::generic scheduler::spawn(tbb::task&, tbb::task*&) ../../src/tbb/scheduler.cpp:742
#9 0x7fb48b4ac53b in tbb::interface5::internal::task base::spawn(tbb::task&) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/include/tbb/task.h:1125
#10 0x7fb48b4ac53b in Run<const pxrInternal v0 24 pxrReserved ::Plug ReadPlugInfo(const std::vector<std:: cxx11::basic string<char> >&, bool, const AddVisitedPathCallback&, const AddPluginCallback&, pxrInternal v0 24 pxrReserved ::Plug TaskArena*)::<lambda()>&> /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/work/dispatcher.h:99
#11 0x7fb48b4ac53b in Run<pxrInternal v0 24 pxrReserved ::Plug ReadPlugInfo(const std::vector<std:: cxx11::basic string<char> >&, bool, const AddVisitedPathCallback&, const AddPluginCallback&, pxrInternal v0 24 pxrReserved ::Plug TaskArena*)::<lambda()> > /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/info.cpp:462
#12 0x7fb48b4ac53b in Run<pxrInternal v0 24 pxrReserved ::Plug ReadPlugInfo(const std::vector<std:: cxx11::basic string<char> >&, bool, const AddVisitedPathCallback&, const AddPluginCallback&, pxrInternal v0 24 pxrReserved ::Plug TaskArena*)::<lambda()> > /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/info.cpp:495
#13 0x7fb48b4ac53b in pxrInternal v0 24 pxrReserved ::Plug ReadPlugInfo(std::vector<std:: cxx11::basic string<char, std::char traits<char>, std::allocator<char> >, std::allocator<std:: cxx11::basic string<char, std::char traits<char>, std::allocator<char> > > > const&, bool, std::function<bool (std:: cxx11::basic string<char, std::char traits<char>, std::allocator<char> > const&)> const&, std::function<void (pxrInternal v0 24 pxrReserved ::Plug RegistrationMetadata const&)> const&, pxrInternal v0 24 pxrReserved ::Plug TaskArena*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/info.cpp:716
#14 0x7fb48b54c2a6 in operator() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/registry.cpp:125
#15 0x7fb48b54c2a6 in operator() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/include/tbb/task arena.h:96
#16 0x7fb48a621d38 in tbb::interface7::internal::isolate within arena(tbb::interface7::internal::delegate base&, long) ../../src/tbb/arena.cpp:1199
#17 0x7fb48b54dcb3 in isolate impl<void, const pxrInternal v0 24 pxrReserved ::PlugRegistry:: RegisterPlugins(const std::vector<std:: cxx11::basic string<char> >&, bool)::<lambda()> > /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/include/tbb/task arena.h:216
#18 0x7fb48b54dcb3 in isolate<pxrInternal v0 24 pxrReserved ::PlugRegistry:: RegisterPlugins(const std::vector<std:: cxx11::basic string<char> >&, bool)::<lambda()> > /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/include/tbb/task arena.h:472
#19 0x7fb48b54dcb3 in WorkWithScopedParallelism<pxrInternal v0 24 pxrReserved ::PlugRegistry:: RegisterPlugins(const std::vector<std:: cxx11::basic string<char> >&, bool)::<lambda()> > /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/work/withScopedParallelism.h:106
#20 0x7fb48b54dcb3 in pxrInternal v0 24 pxrReserved ::PlugRegistry:: RegisterPlugins(std::vector<std:: cxx11::basic string<char, std::char traits<char>, std::allocator<char> >, std::allocator<std:: cxx11::basic string<char, std::char traits<char>, std::allocator<char> > > > const&, bool) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/registry.cpp:124
#21 0x7fb48b55409d in operator() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/plug/registry.cpp:281
#22 0x7fb48b55409d in invoke impl<void, pxrInternal v0 24 pxrReserved ::PlugPlugin:: RegisterAllPlugins()::<lambda()> > /usr/include/c++/11/bits/invoke.h:61
#23 0x7fb48b55409d in invoke<pxrInternal v0 24 pxrReserved ::PlugPlugin:: RegisterAllPlugins()::<lambda()> > /usr/include/c++/11/bits/invoke.h:96
#24 0x7fb48b55409d in operator() /usr/include/c++/11/mutex:776
#25 0x7fb48b55409d in operator() /usr/include/c++/11/mutex:712
#26 0x7fb48b55409d in FUN /usr/include/c++/11/mutex:712
#27 0x7fb48a0f1ee7 in pthread once slow nptl/pthread once.c:116
==271764==ABORTINGroot@DESKTOP-7VTO277:/mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/asan install/bin# ./usdtree /mnt/c/Users/HomePc/Downloads/one.usd
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'LFingerNails' to path '/HumanFemale Group/HumanFemale/Geom/Face/Geom/Hair/Layers/EyeHair/BrowL HairLayer/Standin/Shell sbdv.extent'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'LToeNails' to path '/HumanFemale Group/HumanFemale/Geom/Face/Geom/Hair/Layers/EyeHair/BrowL HairLayer/Standin/Shell sbdv.extent'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Hair' to path '/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.faceVertexIndices'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Standin' to path '/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.faceVertexIndices'.
AddressSanitizerAddressSanitizer:DEADLYSIGNAL
:DEADLYSIGNAL
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Geom' to path '/HumanFemale Group/KidThinLeggings/LEye/Iris sbdv/BetaRight HairLayer/Standin/Shell sbdv.extent'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'RFingerNails' to path '/HumanFemale Group/HumanFemale/Geom/Face/Geom/Hair/Layers/EyeHair/BrowL HairLayer/Standin/Shell sbdv.extent'.
=================================================================
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'BrowL HairLayer' to path '/EyeHair/Standin.extent'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'RToeNails' to path '/HumanFemale Group/HumanFemale/Geom/Face/Geom/Hair/Layers/EyeHair/BrowL HairLayer/Standin/Shell sbdv.extent'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Render' to path '/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.xformOpOrder'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Body' to path '/HumanFemale Group/KidThinLeggings/Geom.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'extent' to a prim path (/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.primvars:skel:geomBindTransform)
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Sole' to path '/HumanFemale Group/KidThinLeggings/Geom.primvars:skel:jointWeights'.
Warning (secondary thread): in AppendChild at line 824 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Cannot append child 'Geom' to path '/HumanFemale Group/KidThinLeggings/Geom/Render/ButtonDownRenderMesh sbdv/RShoe/HeelSeam sbdv/ShoeBody sbdv.primvars:skel:jointIndices'.
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexCounts' to a prim path (/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.primvars:skel:geomBindTransform)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'faceVertexIndices' to a prim path (/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.primvars:skel:geomBindTransform)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'points' to a prim path (/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.primvars:skel:geomBindTransform)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:displayColor' to a prim path (/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.primvars:skel:geomBindTransform)
AddressSanitizerWarning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:geomBindTransform' to a prim path (/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.primvars:skel:geomBindTransform)
:DEADLYSIGNAL
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointIndices' to a prim path (/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.primvars:skel:geomBindTransform)
AddressSanitizer:DEADLYSIGNAL
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'primvars:skel:jointWeights' to a prim path (/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.primvars:skel:geomBindTransform)
Warning (secondary thread): in AppendProperty at line 921 of /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.cpp -- Can only append a property 'subdivisionScheme' to a prim path (/HumanFemale Group/KidThinLeggings/LEye/Sclera sbdv.primvars:skel:geomBindTransform)
==271780==ERROR: AddressSanitizer: SEGV on unknown address 0x7fea02800109 (pc 0x7fea78e0db2b bp 0x7ffe818d03e0 sp 0x7ffe818d0120 T0)
==271780==The signal is caused by a WRITE memory access.
#0 0x7fea78e0db2b in std:: atomic base<unsigned int>::fetch add(unsigned int, std::memory order) /usr/include/c++/11/bits/atomic base.h:618
#1 0x7fea78e0db2b in pxrInternal v0 24 pxrReserved ::TfDelegatedCountIncrement(pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:742
#2 0x7fea78e0db2b in pxrInternal v0 24 pxrReserved ::TfDelegatedCountPtr<pxrInternal v0 24 pxrReserved ::Sdf PathNode const>:: IncrementIfValid() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/tf/delegatedCountPtr.h:247
#3 0x7fea78e0db2b in pxrInternal v0 24 pxrReserved ::TfDelegatedCountPtr<pxrInternal v0 24 pxrReserved ::Sdf PathNode const>::TfDelegatedCountPtr(pxrInternal v0 24 pxrReserved ::TfDelegatedCountIncrementTagType, pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/base/tf/delegatedCountPtr.h:116
#4 0x7fea78e0db2b in pxrInternal v0 24 pxrReserved ::Sdf PrimPathNode::~Sdf PrimPathNode() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.cpp:752
#5 0x564aa248fd20 in pxrInternal v0 24 pxrReserved ::Sdf PathNode:: Destroy() const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:659
#6 0x564aa248fd20 in pxrInternal v0 24 pxrReserved ::TfDelegatedCountDecrement(pxrInternal v0 24 pxrReserved ::Sdf PathNode const*) /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/pathNode.h:746
#7 0x564aa248fd20 in pxrInternal v0 24 pxrReserved ::Sdf PathNodeHandleImpl<pxrInternal v0 24 pxrReserved ::Sdf Pool<pxrInternal v0 24 pxrReserved ::Sdf PathPrimTag, 24u, 8u, 16384u>::Handle, true, pxrInternal v0 24 pxrReserved ::Sdf PathNode const>:: DecRef() const /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.h:177
#8 0x564aa248fd20 in pxrInternal v0 24 pxrReserved ::Sdf PathNodeHandleImpl<pxrInternal v0 24 pxrReserved ::Sdf Pool<pxrInternal v0 24 pxrReserved ::Sdf PathPrimTag, 24u, 8u, 16384u>::Handle, true, pxrInternal v0 24 pxrReserved ::Sdf PathNode const>::~Sdf PathNodeHandleImpl() /mnt/c/Users/HomePc/Fuzzing/linuxTarget/usd/OpenUSD/pxr/usd/sdf/path.h:97
AddressSanitizer:DEADLYSIGNAL
AddressSanitizer: nested bug in the same thread, aborting.PoC
- Upload all proof-of-concept file poc.usd.zip
- Put any additional instructions or explanation for executing the proof-of-concept here A crafted .usd file is attached, which triggers the vulnerability when loaded into any of the affected tools. This issue has been successfully reproduced in both Linux and macOS environments.
- Build the OpenUSD tools using the provided build instructions:
git clone https://github.com/PixarAnimationStudios/OpenUSD.git
python3 OpenUSD/build scripts/build usd.py ./install -j4 --no-python
cd ./install/bin
./sdfdump /path/to/poc.usd- Run one of the vulnerable tools (e.g.,
sdffilter) with the provided crafted.usdfile.
./sdffilter /path/to/crafted file.usdImpact
OpenUSD, managed by the Alliance for OpenUSD (AOUSD), is widely adopted by major organizations such as Apple, NVIDIA, Autodesk, and Pixar. It serves as a key standard in industries like film, animation, gaming, AR/VR, and simulation. Exploitation of this vulnerability could lead to severe consequences, including system compromise, unauthorized data access, and disruption of services relying on OpenUSD. Given its critical role in 3D content creation and its widespread use, this vulnerability poses a significant threat to system security and data integrity. Immediate action is required to patch the issue and prevent potential security breaches.
Credit
- Song Hyun Bae ( @bshyuunn )
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Usd-Core