256328 2023-05-04 12:08:51 -0700 [bmalloc] Scavenger's Mutex can be used after release. 2023-05-11 12:09:20 -0700 1 1 1 Unclassified WebKit bmalloc WebKit Nightly Build Unspecified Unspecified NEW InRadar P2 Normal --- 1 basuke webkit-unassigned ggaren webkit-bug-importer ysuzuki oldest_to_newest 1952971 0 basuke 2023-05-04 12:08:51 -0700 Scavenger depends on the Mutex which is allocated by StaticPerProcess::s_mutex. While end of the process, Deallocator will call Scavenger::scavenge() if the object logs are full. At the same timing, StaticPreProcess's s_mutex can be also destructed. If the latter comes first, then Scavenger::scavenge() uses deallocated Mutex via Deallocator. 1952972 1 basuke 2023-05-04 12:17:17 -0700 It can be solved if StaticPerProcess is replaced with PerProcess 1952978 2 basuke 2023-05-04 12:41:20 -0700 Yusuke suggested other ideas: - defining StaticMutex - add [[clang::no_destroy]] 1952992 3 ysuzuki 2023-05-04 13:25:40 -0700 PerProcess use probably causes RAMification regression sunce it allocates new 16KB page and libpas using platforms were not allocating that page before (but still using StaticPerProcess). 1952995 4 ysuzuki 2023-05-04 13:34:25 -0700 So, probably StaticMutex is way to go, and this is correct since the issue relies on Mutex implementation (right now this problem is platform specific since Darwin and Linux are not having this issue since Mutex does not have destructors) 1954757 5 webkit-bug-importer 2023-05-11 12:09:20 -0700 <rdar://problem/109221272>