From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ruby-core-bounces@ruby-lang.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=3.0 tests=AWL,BAYES_00,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,
	UNPARSEABLE_RELAY shortcircuit=no autolearn=ham autolearn_force=no
	version=3.4.2
Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75])
	by dcvr.yhbt.net (Postfix) with ESMTP id 5744E1F9FD
	for <normalperson@yhbt.net>; Thu, 11 Mar 2021 00:57:12 +0000 (UTC)
Received: from neon.ruby-lang.org (localhost [IPv6:::1])
	by neon.ruby-lang.org (Postfix) with ESMTP id 3265F1209CD;
	Thu, 11 Mar 2021 09:56:12 +0900 (JST)
Received: from o1678948x4.outbound-mail.sendgrid.net
 (o1678948x4.outbound-mail.sendgrid.net [167.89.48.4])
 by neon.ruby-lang.org (Postfix) with ESMTPS id 613DA1209C2
 for <ruby-core@ruby-lang.org>; Thu, 11 Mar 2021 09:56:10 +0900 (JST)
Received: by filterdrecv-p3iad2-canary-7b5b569945-9m95x with SMTP id
 filterdrecv-p3iad2-canary-7b5b569945-9m95x-18-60496AE0-39
 2021-03-11 00:57:04.566455438 +0000 UTC m=+2513556.760666783
Received: from herokuapp.com (unknown) by ismtpd0172p1iad2.sendgrid.net (SG)
 with ESMTP id sJ5iH50LSR-ZR9OkyOnRjQ for <ruby-core@ruby-lang.org>;
 Thu, 11 Mar 2021 00:57:04.552 +0000 (UTC)
Date: Thu, 11 Mar 2021 00:57:04 +0000 (UTC)
From: nobu@ruby-lang.org
Message-ID: <redmine.journal-90875.20210311005704.24727@ruby-lang.org>
References: <redmine.issue-15852.20190515210528.24727@ruby-lang.org>
Mime-Version: 1.0
X-Redmine-MailingListIntegration-Message-Ids: 78853
X-Redmine-Project: ruby-master
X-Redmine-Issue-Tracker: Bug
X-Redmine-Issue-Id: 15852
X-Redmine-Issue-Author: test35965@gmail.com
X-Redmine-Sender: nobu
X-Mailer: Redmine
X-Redmine-Host: bugs.ruby-lang.org
X-Redmine-Site: Ruby Issue Tracking System
X-Auto-Response-Suppress: All
Auto-Submitted: auto-generated
X-SG-EID: =?us-ascii?Q?q8Dly+pU2+3ektTtZVXgZtbJPXwqo7p86jCsvYTW4BwWe08BZ0icXRoTyJGboP?=
 =?us-ascii?Q?KIRfpvMdBExH9i8ZiZmX9qxfH5xzUotxiUGBvB9?=
 =?us-ascii?Q?hGlmTCk63gp+ntI68eNjB7UeG6cCRuSi3Bc+xvM?=
 =?us-ascii?Q?TQ+5oShr3hReELogFVHRCO5vlNmk7caiSeIUsRR?=
 =?us-ascii?Q?w2tgqbur3CisPzKmloe9wDBIRmHW+2FTH74YUzX?=
 =?us-ascii?Q?nu4CYo3U=2FAhPPv+rk=3D?=
To: ruby-core@ruby-lang.org
X-Entity-ID: b/2+PoftWZ6GuOu3b0IycA==
X-ML-Name: ruby-core
X-Mail-Count: 102818
Subject: [ruby-core:102818] [Ruby master Bug#15852]
 APPLICATION_VERIFIER_LOCKS_LOCK_IN_FREED_HEAP on exiting ruby
X-BeenThere: ruby-core@ruby-lang.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Ruby developers <ruby-core@ruby-lang.org>
List-Id: Ruby developers <ruby-core.ruby-lang.org>
List-Unsubscribe: <https://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
List-Post: <mailto:ruby-core@ruby-lang.org>
List-Help: <mailto:ruby-core-request@ruby-lang.org?subject=help>
List-Subscribe: <https://lists.ruby-lang.org/cgi-bin/mailman/listinfo/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ruby-core-bounces@ruby-lang.org
Sender: "ruby-core" <ruby-core-bounces@ruby-lang.org>

Issue #15852 has been updated by nobu (Nobuyoshi Nakada).

Backport changed from 2.4: UNKNOWN, 2.5: UNKNOWN, 2.6: UNKNOWN to 2.6: REQUIRED, 2.7: REQUIRED, 3.0: REQUIRED

`vm->waitpid_lock` and `vm->workqueue_lock` seem never deleted.
`rb_native_mutex_destroy` on them are disabled by `if (0)` in `rb_vm_gvl_destroy()`, and that function is not called from anywhere too.
I have no idea why these calls are disabled.

----------------------------------------
Bug #15852: APPLICATION_VERIFIER_LOCKS_LOCK_IN_FREED_HEAP on exiting ruby
https://bugs.ruby-lang.org/issues/15852#change-90875

* Author: test35965@gmail.com (Alexander Riccio)
* Status: Closed
* Priority: Normal
* ruby -v: ruby 2.6.3p62 (2019-04-16 revision 67580) [x64-mingw32]
* Backport: 2.6: REQUIRED, 2.7: REQUIRED, 3.0: REQUIRED
----------------------------------------
Ruby appears to be freeing some critical section in ruby_vm_destruct before deleting the critical section. Critical Section objects must be deleted with DeleteCriticalSection (https://docs.microsoft.com/en-us/windows/desktop/api/synchapi/nf-synchapi-deletecriticalsection) before freeing the owning memory.

I can't tell exactly what critical section is being freed - I'm new to ruby, don't know how the VM works, and haven't built it locally - so I can't help you guys there yet.

The clean stack trace is:

```
0:000> kc
 # Call Site
00 vrfcore!VerifierStopMessageEx
01 vfbasics!AVrfpFreeMemLockChecks
02 vfbasics!AVrfpFreeMemNotify
03 vfbasics!AVrfpRtlFreeHeap
04 msvcrt!free
05 vfbasics!AVrfp_free
06 x64_msvcrt_ruby260!ruby_xfree
07 x64_msvcrt_ruby260!ruby_vm_destruct
08 x64_msvcrt_ruby260!ruby_cleanup
09 x64_msvcrt_ruby260!ruby_run_node
0a image00000000_00400000
0b image00000000_00400000
0c image00000000_00400000
0d KERNEL32!BaseThreadInitThunk
0e ntdll!RtlUserThreadStart
```


I'm running `C:\Ruby26-x64\bin\ruby.exe  -x "C:\Ruby26-x64\bin\irb.cmd" `, with Application Verifier lock verification enabled. Application Verifier is the Windows SDK dynamic analysis tool, and it can be enabled by anybody who's installed the SDK. Add ruby.exe to the list of applications in Application Verifier and then run irb from inside windbg. Leak analysis should be enabled by default.

I've attached the full debug log in Windbg.

---Files--------------------------------
ruby_freeing_active_critsec.TXT (17.2 KB)


-- 
https://bugs.ruby-lang.org/