On Thu Jul 10 16:33:51 2025 +0000, Rémi Bernon wrote:
`mutex_sync_destroy` should release it already, and it's called when the last reference is released. The question might be why is the sync still referenced when the object isn't anymore?
The trouble is that mutex_destroy inherently assumes that the calling thread owns the sync object. Consider this flow:
1. There's a static HANDLE to a mutex 2. Thread A calls WaitForSingleObject on that mutex 3. Thread B closes the handle
That will hit mutex_destroy, which will call release_object on the mutex's sync object. And that will hit mutex_sync_destroy, which calls do_release with the current thread. However, since thread B doesn't own the mutex, do_release will hit the STATUS_MUTANT_NOT_OWNED case and do nothing. But release_object will continue and free the mutex_sync, even though it remains in the thread's list of mutexes.
See [this demo program](/uploads/c8f96dcfcf3315cd967cd420652ad596/test.c)
In light of that I'm actually unsure how my patch was fixing anything, since it ought to hit the same situation where `current` is not actually the owner of the mutex.
I'm not sure what the correct behavior is in this case. Probably mutex_destroy should just release the sync regardless of its owner? That seems to have been the old behavior.