From 4ad6ffec3da74cc7c9027f82e43cc8480dc3abc2 Mon Sep 17 00:00:00 2001 From: Robin Gareus Date: Wed, 17 Dec 2025 03:14:22 +0100 Subject: [PATCH] Fix crash at exit when route-groups are deleted by route drop ref ==1914112==ERROR: AddressSanitizer: heap-use-after-free on address 0x619000483688 at pc 0x7f5b10be03c5 bp 0x7fff55e36670 sp 0x7fff55e36668 READ of size 8 at 0x619000483688 thread T0 #0 0x7f5b10be03c4 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count(std::__weak_count<(__gnu_cxx::_Lock_policy)2> const&, std::nothrow_t) /usr/include/c++/10/bits/shared_ptr_base.h:911 #1 0x7f5b1190ecee in std::__shared_ptr::__shared_ptr(std::__weak_ptr const&, std::nothrow_t) /usr/include/c++/10/bits/shared_ptr_base.h:1382 #2 0x7f5b1190cc3e in std::shared_ptr::shared_ptr(std::weak_ptr const&, std::nothrow_t) /usr/include/c++/10/bits/shared_ptr.h:417 #3 0x7f5b1190aaae in std::weak_ptr::lock() const /usr/include/c++/10/bits/shared_ptr.h:749 #4 0x7f5b118fea7e in ARDOUR::RouteGroup::remove(std::shared_ptr) ../libs/ardour/route_group.cc:267 #5 0x7f5b118fde6e in ARDOUR::RouteGroup::remove_when_going_away(std::weak_ptr) ../libs/ardour/route_group.cc:223 #6 0x7f5b11912d3d in void std::__invoke_impl), ARDOUR::RouteGroup*&, std::weak_ptr&>(std::__invoke_memfun_deref, void (ARDOUR::RouteGroup::*&)(std::weak_ptr), ARDOUR::RouteGroup*&, std::weak_ptr&) /usr/include/c++/10/bits/invoke.h:73 #7 0x7f5b119128c8 in std::__invoke_result), ARDOUR::RouteGroup*&, std::weak_ptr&>::type std::__invoke), ARDOUR::RouteGroup*&, std::weak_ptr&>(void (ARDOUR::RouteGroup::*&)(std::weak_ptr), ARDOUR::RouteGroup*&, std::weak_ptr&) /usr/include/c++/10/bits/invoke.h:95 #8 0x7f5b119125bc in void std::_Bind))(std::weak_ptr)>::__call(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/10/functional:416 #9 0x7f5b11911fdc in void std::_Bind))(std::weak_ptr)>::operator()<, void>() /usr/include/c++/10/functional:499 #10 0x7f5b11910e79 in void std::__invoke_impl))(std::weak_ptr)>&>(std::__invoke_other, std::_Bind))(std::weak_ptr)>&) /usr/include/c++/10/bits/invoke.h:60 #11 0x7f5b1190f187 in std::enable_if))(std::weak_ptr)>&>, void>::type std::__invoke_r))(std::weak_ptr)>&>(std::_Bind))(std::weak_ptr)>&) /usr/include/c++/10/bits/invoke.h:110 #12 0x7f5b1190d26a in std::_Function_handler))(std::weak_ptr)> >::_M_invoke(std::_Any_data const&) /usr/include/c++/10/bits/std_function.h:291 #13 0x558120310619 in std::function::operator()() const /usr/include/c++/10/bits/std_function.h:622 #14 0x7f5b10bcb0d6 in PBD::SignalWithCombiner, void ()>::operator()() ../libs/pbd/pbd/signals.h:508 #15 0x7f5b10bc779b in PBD::Destructible::drop_references() ../libs/pbd/pbd/destructible.h:33 #16 0x7f5b1196700f in ARDOUR::Session::destroy() ../libs/ardour/session.cc:822 #17 0x7f5b11962f93 in ARDOUR::Session::~Session() ../libs/ardour/session.cc:581 #18 0x7f5b119639a9 in ARDOUR::Session::~Session() ../libs/ardour/session.cc:582 #19 0x558120305a92 in close_session ../luasession/luasession.cc:366 #20 0x55812031911c in luabridge::FuncTraits::call(void (*)(), luabridge::TypeListValues) ../libs/lua/LuaBridge/detail/FuncTraits.h:73 #21 0x5581203151eb in luabridge::CFunc::Call::f(lua_State*) ../libs/lua/LuaBridge/detail/CFunctions.h:244 #22 0x55812035701f in luaD_precall ../libs/lua/lua-5.3.5/ldo.c:434 #23 0x55812038f1bd in luaV_execute ../libs/lua/lua-5.3.5/lvm.c:1136 #24 0x5581203579a8 in luaD_call ../libs/lua/lua-5.3.5/ldo.c:499 #25 0x558120357a80 in luaD_callnoyield ../libs/lua/lua-5.3.5/ldo.c:509 #26 0x558120346f82 in f_call ../libs/lua/lua-5.3.5/lapi.c:943 #27 0x558120354e59 in luaD_rawrunprotected ../libs/lua/lua-5.3.5/ldo.c:142 #28 0x55812035924f in luaD_pcall ../libs/lua/lua-5.3.5/ldo.c:729 #29 0x558120347226 in lua_pcallk ../libs/lua/lua-5.3.5/lapi.c:969 #30 0x558120393ae9 in LuaState::do_command(std::__cxx11::basic_string, std::allocator >) ../libs/lua/luastate.cc:64 #31 0x558120306da8 in interactive_interpreter ../luasession/luasession.cc:514 #32 0x558120307b36 in main ../luasession/luasession.cc:641 #33 0x7f5b0e40dd79 in __libc_start_main ../csu/libc-start.c:308 #34 0x558120303179 in _start (/home/rgareus/src/ardour/build/luasession/luasession+0x7a179) 0x619000483688 is located 264 bytes inside of 952-byte region [0x619000483580,0x619000483938) freed by thread T0 here: #0 0x7f5b12cac467 in operator delete(void*, unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:172 #1 0x7f5b118fc486 in ARDOUR::RouteGroup::~RouteGroup() ../libs/ardour/route_group.cc:168 #2 0x7f5b11c1c34b in std::_Sp_counted_ptr::_M_dispose() /usr/include/c++/10/bits/shared_ptr_base.h:380 #3 0x55812031249a in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/10/bits/shared_ptr_base.h:158 #4 0x7f5b10bf9ac4 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::operator=(std::__shared_count<(__gnu_cxx::_Lock_policy)2> const&) /usr/include/c++/10/bits/shared_ptr_base.h:752 #5 0x7f5b11915cac in std::__shared_ptr::operator=(std::__shared_ptr const&) /usr/include/c++/10/bits/shared_ptr_base.h:1182 #6 0x7f5b11915cd6 in std::shared_ptr::operator=(std::shared_ptr const&) /usr/include/c++/10/bits/shared_ptr.h:358 #7 0x7f5b11915b75 in ARDOUR::RouteGroupMember::set_route_group(std::shared_ptr) ../libs/ardour/route_group_member.cc:36 #8 0x7f5b118fe9fe in ARDOUR::RouteGroup::remove(std::shared_ptr) ../libs/ardour/route_group.cc:265 #9 0x7f5b118fde6e in ARDOUR::RouteGroup::remove_when_going_away(std::weak_ptr) ../libs/ardour/route_group.cc:223 #10 0x7f5b11912d3d in void std::__invoke_impl), ARDOUR::RouteGroup*&, std::weak_ptr&>(std::__invoke_memfun_deref, void (ARDOUR::RouteGroup::*&)(std::weak_ptr), ARDOUR::RouteGroup*&, std::weak_ptr&) /usr/include/c++/10/bits/invoke.h:73 #11 0x7f5b119128c8 in std::__invoke_result), ARDOUR::RouteGroup*&, std::weak_ptr&>::type std::__invoke), ARDOUR::RouteGroup*&, std::weak_ptr&>(void (ARDOUR::RouteGroup::*&)(std::weak_ptr), ARDOUR::RouteGroup*&, std::weak_ptr&) /usr/include/c++/10/bits/invoke.h:95 #12 0x7f5b119125bc in void std::_Bind))(std::weak_ptr)>::__call(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/10/functional:416 #13 0x7f5b11911fdc in void std::_Bind))(std::weak_ptr)>::operator()<, void>() /usr/include/c++/10/functional:499 #14 0x7f5b11910e79 in void std::__invoke_impl))(std::weak_ptr)>&>(std::__invoke_other, std::_Bind))(std::weak_ptr)>&) /usr/include/c++/10/bits/invoke.h:60 #15 0x7f5b1190f187 in std::enable_if))(std::weak_ptr)>&>, void>::type std::__invoke_r))(std::weak_ptr)>&>(std::_Bind))(std::weak_ptr)>&) /usr/include/c++/10/bits/invoke.h:110 #16 0x7f5b1190d26a in std::_Function_handler))(std::weak_ptr)> >::_M_invoke(std::_Any_data const&) /usr/include/c++/10/bits/std_function.h:291 #17 0x558120310619 in std::function::operator()() const /usr/include/c++/10/bits/std_function.h:622 #18 0x7f5b10bcb0d6 in PBD::SignalWithCombiner, void ()>::operator()() ../libs/pbd/pbd/signals.h:508 #19 0x7f5b10bc779b in PBD::Destructible::drop_references() ../libs/pbd/pbd/destructible.h:33 #20 0x7f5b1196700f in ARDOUR::Session::destroy() ../libs/ardour/session.cc:822 #21 0x7f5b11962f93 in ARDOUR::Session::~Session() ../libs/ardour/session.cc:581 #22 0x7f5b119639a9 in ARDOUR::Session::~Session() ../libs/ardour/session.cc:582 #23 0x558120305a92 in close_session ../luasession/luasession.cc:366 #24 0x55812031911c in luabridge::FuncTraits::call(void (*)(), luabridge::TypeListValues) ../libs/lua/LuaBridge/detail/FuncTraits.h:73 #25 0x5581203151eb in luabridge::CFunc::Call::f(lua_State*) ../libs/lua/LuaBridge/detail/CFunctions.h:244 #26 0x55812035701f in luaD_precall ../libs/lua/lua-5.3.5/ldo.c:434 #27 0x55812038f1bd in luaV_execute ../libs/lua/lua-5.3.5/lvm.c:1136 #28 0x5581203579a8 in luaD_call ../libs/lua/lua-5.3.5/ldo.c:499 #29 0x558120357a80 in luaD_callnoyield ../libs/lua/lua-5.3.5/ldo.c:509 #30 0x558120346f82 in f_call ../libs/lua/lua-5.3.5/lapi.c:943 #31 0x558120354e59 in luaD_rawrunprotected ../libs/lua/lua-5.3.5/ldo.c:142 #32 0x55812035924f in luaD_pcall ../libs/lua/lua-5.3.5/ldo.c:729 #33 0x558120347226 in lua_pcallk ../libs/lua/lua-5.3.5/lapi.c:969 #34 0x558120393ae9 in LuaState::do_command(std::__cxx11::basic_string, std::allocator >) ../libs/lua/luastate.cc:64 #35 0x558120306da8 in interactive_interpreter ../luasession/luasession.cc:514 #36 0x558120307b36 in main ../luasession/luasession.cc:641 #37 0x7f5b0e40dd79 in __libc_start_main ../csu/libc-start.c:308 --- libs/ardour/session.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libs/ardour/session.cc b/libs/ardour/session.cc index 7cba822c41..40b374512f 100644 --- a/libs/ardour/session.cc +++ b/libs/ardour/session.cc @@ -749,9 +749,6 @@ Session::destroy () delete _butler; _butler = 0; - DEBUG_TRACE (DEBUG::Destruction, "delete route groups\n"); - _route_groups.clear (); - if (click_data != default_click) { delete [] click_data; } @@ -828,6 +825,9 @@ Session::destroy () } routes.flush (); + DEBUG_TRACE (DEBUG::Destruction, "delete route groups\n"); + _route_groups.clear (); + { DEBUG_TRACE (DEBUG::Destruction, "delete sources\n"); Glib::Threads::Mutex::Lock lm (source_lock);