Executing `MobileVRInterface.initialize` crashes Godot

[qarmin]

Godot version

4.0.beta.custom_build. d3fc9d9e4

System information

Ubuntu 22.10 - AMD RX 470, Gnome shell 43 X11

Issue description

When executing

extends Node
func _process(delta):
    var temp_variable4236 = MobileVRInterface.new()
    temp_variable4236.initialize()

Godot crashes:

ERROR: Trying to unreference a SafeRefCount which is already zero is wrong and a symptom of it being misused.
Upon a SafeRefCount reaching zero any object whose lifetime is tied to it, as well as the ref count itself, must be destroyed.
Moreover, to guarantee that, no multiple threads should be racing to do the final unreferencing to zero.
   at: _check_unref_sanity (./core/templates/safe_refcount.h:173)

================================================================
handle_crash: Program crashed with signal 4
Engine version: Godot Engine v4.0.beta.custom_build (d3fc9d9e416560d228a7914a82902118ce911a4d)
Dumping the backtrace. Please include this when reporting the bug on: https://github.com/godotengine/godot/issues
[1] /lib/x86_64-linux-gnu/libc.so.6(+0x3bcf0) [0x7f106f03bcf0] (??:0)
[2] RefCounted::unreference() (/home/runner/work/GodotBuilds/GodotBuilds/godot/./core/templates/safe_refcount.h:173)
[3] Ref<XRInterface>::unref() (/home/runner/work/GodotBuilds/GodotBuilds/godot/./core/object/ref_counted.h:220 (discriminator 1))
[4] Ref<XRInterface>::~Ref() (/home/runner/work/GodotBuilds/GodotBuilds/godot/./core/object/ref_counted.h:234)
[5] MobileVRInterface::uninitialize() (/home/runner/work/GodotBuilds/GodotBuilds/godot/modules/mobile_vr/mobile_vr_interface.cpp:365)
[6] MobileVRInterface::~MobileVRInterface() (/home/runner/work/GodotBuilds/GodotBuilds/godot/modules/mobile_vr/mobile_vr_interface.cpp:529)
[7] void memdelete<XRInterface>(XRInterface*) (/home/runner/work/GodotBuilds/GodotBuilds/godot/./core/os/memory.h:112)
[8] Ref<XRInterface>::unref() (/home/runner/work/GodotBuilds/GodotBuilds/godot/./core/object/ref_counted.h:223)
[9] Ref<XRInterface>::ref(Ref<XRInterface> const&) (/home/runner/work/GodotBuilds/GodotBuilds/godot/./core/object/ref_counted.h:67)
[10] Ref<XRInterface>::operator=(Ref<XRInterface> const&) (/home/runner/work/GodotBuilds/GodotBuilds/godot/./core/object/ref_counted.h:129)
[11] XRServer::set_primary_interface(Ref<XRInterface> const&) (/home/runner/work/GodotBuilds/GodotBuilds/godot/servers/xr_server.cpp:255)
[12] MobileVRInterface::initialize() (/home/runner/work/GodotBuilds/GodotBuilds/godot/modules/mobile_vr/mobile_vr_interface.cpp:344 (discriminator 2))
[13] void call_with_variant_args_ret_helper<__UnexistingClass, bool>(__UnexistingClass*, bool (__UnexistingClass::*)(), Variant const**, Variant&, Callable::CallError&, IndexSequence<>) (/home/runner/work/GodotBuilds/GodotBuilds/godot/./core/variant/binder_common.h:711 (discriminator 4))
[14] void call_with_variant_args_ret_dv<__UnexistingClass, bool>(__UnexistingClass*, bool (__UnexistingClass::*)(), Variant const**, int, Variant&, Callable::CallError&, Vector<Variant> const&) (/home/runner/work/GodotBuilds/GodotBuilds/godot/./core/variant/binder_common.h:525)
[15] MethodBindTR<bool>::call(Object*, Variant const**, int, Callable::CallError&) const (/home/runner/work/GodotBuilds/GodotBuilds/godot/./core/object/method_bind.h:465)
[16] Object::callp(StringName const&, Variant const**, int, Callable::CallError&) (/home/runner/work/GodotBuilds/GodotBuilds/godot/core/object/object.cpp:733 (discriminator 1))
[17] Variant::callp(StringName const&, Variant const**, int, Variant&, Callable::CallError&) (/home/runner/work/GodotBuilds/GodotBuilds/godot/core/variant/variant_call.cpp:1161)
[18] GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Callable::CallError&, GDScriptFunction::CallState*) (/home/runner/work/GodotBuilds/GodotBuilds/godot/modules/gdscript/gdscript_vm.cpp:1584)
[19] GDScriptInstance::callp(StringName const&, Variant const**, int, Callable::CallError&) (/home/runner/work/GodotBuilds/GodotBuilds/godot/modules/gdscript/gdscript.cpp:1847)
[20] bool Node::_gdvirtual__process_call<false>(double) (/home/runner/work/GodotBuilds/GodotBuilds/godot/scene/main/node.h:237 (discriminator 5))
[21] Node::_notification(int) (/home/runner/work/GodotBuilds/GodotBuilds/godot/scene/main/node.cpp:57)
[22] Node::_notificationv(int, bool) (/home/runner/work/GodotBuilds/GodotBuilds/godot/./scene/main/node.h:45 (discriminator 14))
[23] Object::notification(int, bool) (/home/runner/work/GodotBuilds/GodotBuilds/godot/core/object/object.cpp:792)
[24] SceneTree::_notify_group_pause(StringName const&, int) (/home/runner/work/GodotBuilds/GodotBuilds/godot/scene/main/scene_tree.cpp:874)
[25] SceneTree::process(double) (/home/runner/work/GodotBuilds/GodotBuilds/godot/scene/main/scene_tree.cpp:468)
[26] Main::iteration() (/home/runner/work/GodotBuilds/GodotBuilds/godot/main/main.cpp:3056)
[27] OS_LinuxBSD::run() (/home/runner/work/GodotBuilds/GodotBuilds/godot/platform/linuxbsd/os_linuxbsd.cpp:878)
[28] godot4(main+0x19f) [0x26f92d5] (/home/runner/work/GodotBuilds/GodotBuilds/godot/platform/linuxbsd/godot_linuxbsd.cpp:75)
[29] /lib/x86_64-linux-gnu/libc.so.6(+0x23510) [0x7f106f023510] (??:0)
[30] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x89) [0x7f106f0235c9] (??:0)
[31] godot4(_start+0x25) [0x26f9075] (??:?)
-- END OF BACKTRACE --
================================================================

This example was found by Godot fuzzer - Qarminer, so it is quite unlikelly that this code could be used in real project, but still this should be handled gracefully.

Memory leaks or asan backtraces are visibe when using Godot build with sanitizers support - https://github.com/qarmin/GodotBuilds/actions (linux -> linux-editor-sanitizers)

Steps to reproduce

Above

Minimal reproduction project

N/A

[pfertyk]

I think this is already fixed in master, could you please double-check?

[qarmin]

Still crashes with c3539b456