Fix potential deadlock in TimeSource::destroy_clock_sub

PavelGuzenfeld · PavelGuzenfeld · commit bba75863697b · 2026-03-21T22:36:16.000+02:00
destroy_clock_sub() held clock_sub_lock_ while calling clock_executor_thread_.join(). If the executor thread's callback tried to access state protected by clock_sub_lock_ before exiting, this would deadlock: main thread waits for executor thread to finish, executor thread waits for main thread to release the lock. Fix by moving the thread, executor, and callback group into local variables under the lock, then releasing the lock before joining. This ensures the executor thread can complete its final callback without contending on clock_sub_lock_. Fixes #2962 Signed-off-by: Pavel Guzenfeld <pavelguzenfeld@gmail.com>
diff --git a/rclcpp/src/rclcpp/time_source.cpp b/rclcpp/src/rclcpp/time_source.cpp
@@ -409,14 +409,31 @@ class TimeSource::NodeState final
   // Destroy the subscription for the clock topic
   void destroy_clock_sub()
   {
-    std::lock_guard<std::mutex> guard(clock_sub_lock_);
-    if (clock_executor_thread_.joinable()) {
-      cancel_clock_executor_promise_.set_value();
-      clock_executor_->cancel();
-      clock_executor_thread_.join();
-      clock_executor_->remove_callback_group(clock_callback_group_);
+    std::thread thread_to_join;
+    std::shared_ptr<rclcpp::executors::SingleThreadedExecutor> executor_to_clean;
+    rclcpp::CallbackGroup::SharedPtr callback_group_to_remove;
+
+    {
+      std::lock_guard<std::mutex> guard(clock_sub_lock_);
+      if (clock_executor_thread_.joinable()) {
+        cancel_clock_executor_promise_.set_value();
+        clock_executor_->cancel();
+        // Move thread and executor out of lock scope to avoid holding
+        // clock_sub_lock_ while joining. The executor thread's callbacks
+        // may access state protected by clock_sub_lock_, which would
+        // deadlock if we held it during join().
+        thread_to_join = std::move(clock_executor_thread_);
+        executor_to_clean = clock_executor_;
+        callback_group_to_remove = clock_callback_group_;
+      }
+      clock_subscription_.reset();
+    }
+
+    // Join and clean up outside the lock
+    if (thread_to_join.joinable()) {
+      thread_to_join.join();
+      executor_to_clean->remove_callback_group(callback_group_to_remove);
     }
-    clock_subscription_.reset();
   }
 
   // Parameter Event subscription
