Executing FramebufferCacheRD.get_cache_multipass function crashes Godot (headless)

[qarmin]

Tested versions

4.3 be56cab

System information

Ubuntu 22.04 CI

Issue description

When executing (this code was automatically minimized, so it is possible, that an even more "minimal" project can be created)

extends Node
func _process(delta):
	for i in get_children():
		i.queue_free()
	var temp_variable193 = ClassDB.instantiate("FramebufferCacheRD")
	temp_variable193.get_cache_multipass(Array([Array([]), Array([]), 71, 95, Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), 76, Array([]), Array([]), Array([]), Array([]), Array([]), Array([])]), Array([Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), 88, Array([]), 8, Array([]), Array([])]), 25)

Godot crashes:

Godot Engine v4.3.beta.custom_build - https://godotengine.org
Time set to: 0 seconds.
Loaded settings:
modules/gdscript/gdscript_vm.cpp:726:13: runtime error: store to misaligned address 0x621000153774 for type '<unknown> *', which requires 8 byte alignment
0x621000153774: note: pointer points here
  04 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  16 00 00 00 10 00 00 01  15 00 00 00 06 00 00 00
              ^ 
'add_to_tree' with value 'true'
modules/gdscript/gdscript_vm.cpp:733:42: runtime error: load of misaligned address 0x621000153774 for type '<unknown> *', which requires 8 byte alignment
0x621000153774: note: pointer points here
  04 00 00 00 6a c4 18 bd  88 55 00 00 00 00 00 00  16 00 00 00 10 00 00 01  15 00 00 00 06 00 00 00
              ^ 
'use_parent_methods' with value 'true'
'delay_removing_added_nodes_to_next_frame' with value 'true'
'maximum_executed_functions_on_object' with value '3'
######################## Ending test ########################
ERROR: unsupported format character
   at: vformat (./core/variant/variant.h:860)
ERROR: Method/function failed.
   at: assign (core/variant/array.cpp:238)
ERROR: Unable to convert array index 0 from 'Array' to 'RID'.
   at: assign (core/variant/array.cpp:261)
servers/rendering/renderer_rd/framebuffer_cache_rd.h:168:49: runtime error: member call on null pointer of type 'struct RenderingDevice'
servers/rendering/renderer_rd/framebuffer_cache_rd.h:168:49: runtime error: member access within null pointer of type 'struct RenderingDevice'
================================================================
handle_crash: Program crashed with signal 11
Engine version: Godot Engine v4.3.beta.custom_build
Dumping the backtrace. Please include this when reporting the bug to the project developer.
[1] ./godot.linuxbsd.editor.dev.x86_64.san(+0x4043af21) [0x5588a029ff21] (/home/runner/work/Qarminer/Qarminer/godot/platform/linuxbsd/crash_handler_linuxbsd.cpp:61)
[2] /lib/x86_64-linux-gnu/libc.so.6(+0x42520) [0x7f22cda42520] (??:0)
[3] FramebufferCacheRD::_allocate_from_data(unsigned int, unsigned int, unsigned int, Vector<RID> const&, Vector<RenderingDevice::FramebufferPass> const&) (/home/runner/work/Qarminer/Qarminer/godot/servers/rendering/renderer_rd/framebuffer_cache_rd.h:168)
[4] FramebufferCacheRD::get_cache_multipass(Vector<RID> const&, Vector<RenderingDevice::FramebufferPass> const&, unsigned int) (/home/runner/work/Qarminer/Qarminer/godot/servers/rendering/renderer_rd/framebuffer_cache_rd.h:305)
[5] FramebufferCacheRD::get_cache_multipass_array(TypedArray<RID> const&, TypedArray<RDFramebufferPass> const&, unsigned int) (/home/runner/work/Qarminer/Qarminer/godot/servers/rendering/renderer_rd/framebuffer_cache_rd.cpp:75)
[6] void call_with_variant_args_static_ret<RID, TypedArray<RID> const&, TypedArray<RDFramebufferPass> const&, unsigned int, 0ul, 1ul, 2ul>(RID (*)(TypedArray<RID> const&, TypedArray<RDFramebufferPass> const&, unsigned int), Variant const**, Variant&, Callable::CallError&, IndexSequence<0ul, 1ul, 2ul>) (/home/runner/work/Qarminer/Qarminer/godot/./core/variant/binder_common.h:767)
[7] void call_with_variant_args_static_ret_dv<RID, TypedArray<RID> const&, TypedArray<RDFramebufferPass> const&, unsigned int>(RID (*)(TypedArray<RID> const&, TypedArray<RDFramebufferPass> const&, unsigned int), Variant const**, int, Variant&, Callable::CallError&, Vector<Variant> const&) (/home/runner/work/Qarminer/Qarminer/godot/./core/variant/binder_common.h:961)
[8] MethodBindTRS<RID, TypedArray<RID> const&, TypedArray<RDFramebufferPass> const&, unsigned int>::call(Object*, Variant const**, int, Callable::CallError&) const (/home/runner/work/Qarminer/Qarminer/godot/./core/object/method_bind.h:767)
[9] Object::callp(StringName const&, Variant const**, int, Callable::CallError&) (/home/runner/work/Qarminer/Qarminer/godot/core/object/object.cpp:841)
[10] Variant::callp(StringName const&, Variant const**, int, Variant&, Callable::CallError&) (/home/runner/work/Qarminer/Qarminer/godot/core/variant/variant_call.cpp:1211)
[11] GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Callable::CallError&, GDScriptFunction::CallState*) (/home/runner/work/Qarminer/Qarminer/godot/modules/gdscript/gdscript_vm.cpp:1768)
[12] GDScriptInstance::callp(StringName const&, Variant const**, int, Callable::CallError&) (/home/runner/work/Qarminer/Qarminer/godot/modules/gdscript/gdscript.cpp:2050)
[13] bool Node::_gdvirtual__process_call<false>(double) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/node.h:351 (discriminator 1))
[14] Node::_notification(int) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/node.cpp:56)
[15] Node::_notificationv(int, bool) (/home/runner/work/Qarminer/Qarminer/godot/./scene/main/node.h:50 (discriminator 14))
[16] Object::notification(int, bool) (/home/runner/work/Qarminer/Qarminer/godot/core/object/object.cpp:906)
[17] SceneTree::_process_group(SceneTree::ProcessGroup*, bool) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/scene_tree.cpp:962)
[18] SceneTree::_process(bool) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/scene_tree.cpp:1034 (discriminator 2))
[19] SceneTree::process(double) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/scene_tree.cpp:528)
[20] Main::iteration() (/home/runner/work/Qarminer/Qarminer/godot/main/main.cpp:4056)
[21] OS_LinuxBSD::run() (/home/runner/work/Qarminer/Qarminer/godot/platform/linuxbsd/os_linuxbsd.cpp:962)
[22] ./godot.linuxbsd.editor.dev.x86_64.san(main+0x4c7) [0x5588a029f8c0] (/home/runner/work/Qarminer/Qarminer/godot/platform/linuxbsd/godot_linuxbsd.cpp:85)
[23] /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7f22cda29d90] (??:0)
[24] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7f22cda29e40] (??:0)
[25] ./godot.linuxbsd.editor.dev.x86_64.san(_start+0x25) [0x5588a029f335] (??:?)
-- END OF BACKTRACE --
================================================================
Aborted (core dumped)

This example was found by Godot fuzzer - Qarminer, so it is quite unlikelly that this code could be used in real project, but still this should be handled gracefully.

Memory leaks or asan backtraces are visible when using Godot build with sanitizers support - https://github.com/qarmin/GodotBuilds/actions (linux -> linux-editor-sanitizers)

Steps to reproduce

Above

Minimal reproduction project (MRP)

Above