Open beicause opened 1 month ago
Actaully, this issue isn't reproducible in minimal project in product build. Only c# theme can be reproducible in minimal project with use_asan
build.
However, in my personal game project it's alway reproducible in most attempts, even in product build. And my workaround just partially fixes this issue, which still happends in use_asan
build rarely, but doesn't happend in product build.
Tested versions
master branch 4.3.dev.
System information
Linux Mint 21.3 (Virginia) - X11 - Vulkan (Mobile) - integrated AMD Unknown (RADV RENOIR) () - AMD Ryzen 7 4800U with Radeon Graphics (16 Threads)
Issue description
When game is closed, there are two heap-use-after-free errors reported by AddressSanitizer that slows down the quiting and prevents shutdown benchmark.
0x6180001acf88 is located 776 bytes inside of 784-byte region [0x6180001acc80,0x6180001acf90) freed by thread T0 here:
0 0x7f18960d5537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
previously allocated by thread T0 here:
0 0x7f18960d5887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
Thread T26 created by T0 here:
0 0x7f1896079685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
SUMMARY: AddressSanitizer: heap-use-after-free servers/audio/effects/audio_stream_generator.cpp:38 in AudioStreamGenerator::get_mix_rate() const Shadow bytes around the buggy address: 0x0c308002d9a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c308002d9b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c308002d9c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c308002d9d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c308002d9e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c308002d9f0: fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c308002da00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c308002da10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c308002da20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c308002da30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c308002da40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==110126==ABORTING
================================================================= ==191560==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b00069c478 at pc 0x561c682783e3 bp 0x7ffe493c2060 sp 0x7ffe493c2050 READ of size 8 at 0x60b00069c478 thread T0
0 0x561c682783e2 in CSharpLanguage::_instance_binding_reference_callback(void, void, unsigned char) modules/mono/csharp_script.cpp:1244
0x60b00069c478 is located 104 bytes inside of 112-byte region [0x60b00069c410,0x60b00069c480) freed by thread T0 here:
0 0x7ffabbff6537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
previously allocated by thread T0 here:
0 0x7ffabbff6887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
SUMMARY: AddressSanitizer: heap-use-after-free modules/mono/csharp_script.cpp:1244 in CSharpLanguage::_instance_binding_reference_callback(void, void, unsigned char) Shadow bytes around the buggy address: 0x0c16800cb830: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa 0x0c16800cb840: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa 0x0c16800cb850: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd 0x0c16800cb860: fd fd fd fd fa fa fa fa fa fa fa fa fd fd fd fd 0x0c16800cb870: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa =>0x0c16800cb880: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd[fd] 0x0c16800cb890: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c16800cb8a0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fd fd 0x0c16800cb8b0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa 0x0c16800cb8c0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x0c16800cb8d0: fd fd fa fa fa fa fa fa fa fa fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==191560==ABORTING
Steps to reproduce
For 1, add a
AudioStreamPlayer
withAudioStreamGenerator
to scene and setautoplay
to true, or call play() in script.For 2, set the following c# theme to a Control in script:
Minimal reproduction project (MRP)
N/A