+++ This bug was initially created as a clone of Bug #1665411 +++

Follow-up to bug 1665411. It seems that my change there largely mitigated the problem on older versions of macOS but did not fix it. Filing this to fix the remaining issues.

The severity field is not set for this bug.
:glandium, could you have a look please?

For more information, please visit auto_nag documentation.

On the one hand this is S1-kind-of-bad but on other hand the volume isn't huge, so maybe S2?

Repeating my last comment from bug 1654335 for public consumption:

I spent some time poring over these crashes again and there's something that suddenly jumped out: there are no crashes happening on macOS 11 under any of the signatures in the linked bugs. The only crash report I could find for macOS 11 has a different stack and isn't an UAF so it's unrelated.

So this is very, very likely to be a bug in macOS 10.15 and older. Either in the POSIX thread library where mutexes are implemented or in the kernel-level mutexes. Given that the memory allocator is involved - because we're allocating/deallocating objects on the spot where we crash - it might be worth mentioning that the locks we use there pass different options to the macOS kernel compared to the pthread mutexes; so it might as well be a bug in how those two types of kernel-level mutexes interact.

Moving to Memory Allocator.

I'm going over the remaining crashes and it seems that indeed bug 1784018 fixed them. The last few UAF-like crashes we have on file happened on versions prior to landing that patch, after that there are no more. Once we close bug 1689981 (which is sec so requires a bit of extra work) we can close this as fixed.

Since the bug is closed, the stalled keyword is now meaningless.
For more information, please visit auto_nag documentation.