199295 2019-06-27 15:49:37 -0700 sanitizeStackForVMImpl writes below stack pointer, triggers huge warning spam from valgrind 2020-03-20 17:02:23 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build PC Linux RESOLVED FIXED InRadar P2 Critical --- 204997 1 mcatanzaro ysuzuki bugs-noreply cgarcia ews-watchlist federicosantamorena guijemont keith_miller mark.lam mcatanzaro mcrha msaboff saam tzagallo webkit-bug-importer xan.lopez ysuzuki oldest_to_newest 1548644 0 mcatanzaro 2019-06-27 15:49:37 -0700 I don't understand it, but valgrind has found memory corruption. Normally this results in impossible to debug crashes with backtraces pointing to innocent code, so this is bad. ==125284== Thread 1: ==125284== Invalid write of size 8 ==125284== at 0x9A775ED: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x923FF5A: JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::{lambda()#1}::operator()() const (LocalAllocatorInlines.h:39) ==125284== by 0x9CE237D: allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::<lambda()> > (FreeListInlines.h:46) ==125284== by 0x9CE237D: allocate (LocalAllocatorInlines.h:37) ==125284== by 0x9CE237D: allocate (AllocatorInlines.h:35) ==125284== by 0x9CE237D: allocateNonVirtual (IsoSubspaceInlines.h:34) ==125284== by 0x9CE237D: tryAllocateCellHelper<JSC::FunctionPrototype> (JSCellInlines.h:173) ==125284== by 0x9CE237D: allocateCell<JSC::FunctionPrototype> (JSCellInlines.h:187) ==125284== by 0x9CE237D: create (FunctionPrototype.h:33) ==125284== by 0x9CE237D: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:460) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== by 0x91F7469: jsc_context_new (JSCContext.cpp:583) ==125284== by 0x686B494: getOrCreateContext (WebKitJavascriptResultPrivate.h:44) ==125284== by 0x686B494: _WebKitJavascriptResult (WebKitJavascriptResult.cpp:31) ==125284== by 0x686B494: webkitJavascriptResultCreate(WebCore::SerializedScriptValue&) (WebKitJavascriptResult.cpp:45) ==125284== Address 0x1ffeffcf08 is on thread 1's stack ==125284== 496 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775F7: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x923FF5A: JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::{lambda()#1}::operator()() const (LocalAllocatorInlines.h:39) ==125284== by 0x9CE237D: allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::<lambda()> > (FreeListInlines.h:46) ==125284== by 0x9CE237D: allocate (LocalAllocatorInlines.h:37) ==125284== by 0x9CE237D: allocate (AllocatorInlines.h:35) ==125284== by 0x9CE237D: allocateNonVirtual (IsoSubspaceInlines.h:34) ==125284== by 0x9CE237D: tryAllocateCellHelper<JSC::FunctionPrototype> (JSCellInlines.h:173) ==125284== by 0x9CE237D: allocateCell<JSC::FunctionPrototype> (JSCellInlines.h:187) ==125284== by 0x9CE237D: create (FunctionPrototype.h:33) ==125284== by 0x9CE237D: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:460) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== by 0x91F7469: jsc_context_new (JSCContext.cpp:583) ==125284== by 0x686B494: getOrCreateContext (WebKitJavascriptResultPrivate.h:44) ==125284== by 0x686B494: _WebKitJavascriptResult (WebKitJavascriptResult.cpp:31) ==125284== by 0x686B494: webkitJavascriptResultCreate(WebCore::SerializedScriptValue&) (WebKitJavascriptResult.cpp:45) ==125284== Address 0x1ffeffcf18 is on thread 1's stack ==125284== 480 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775ED: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x98D248F: JSC::CompleteSubspace::tryAllocateSlow(JSC::VM&, unsigned long, JSC::GCDeferralContext*) (CompleteSubspace.cpp:128) ==125284== by 0x98D2698: JSC::CompleteSubspace::allocateSlow(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) (CompleteSubspace.cpp:117) ==125284== by 0x9CE2275: allocateNonVirtual (CompleteSubspaceInlines.h:37) ==125284== by 0x9CE2275: tryAllocateCellHelper<JSC::JSGlobalLexicalEnvironment> (JSCellInlines.h:173) ==125284== by 0x9CE2275: allocateCell<JSC::JSGlobalLexicalEnvironment> (JSCellInlines.h:187) ==125284== by 0x9CE2275: create (JSGlobalLexicalEnvironment.h:42) ==125284== by 0x9CE2275: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:463) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== by 0x91F7469: jsc_context_new (JSCContext.cpp:583) ==125284== Address 0x1ffeffce78 is on thread 1's stack ==125284== 544 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775F7: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x98D248F: JSC::CompleteSubspace::tryAllocateSlow(JSC::VM&, unsigned long, JSC::GCDeferralContext*) (CompleteSubspace.cpp:128) ==125284== by 0x98D2698: JSC::CompleteSubspace::allocateSlow(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) (CompleteSubspace.cpp:117) ==125284== by 0x9CE2275: allocateNonVirtual (CompleteSubspaceInlines.h:37) ==125284== by 0x9CE2275: tryAllocateCellHelper<JSC::JSGlobalLexicalEnvironment> (JSCellInlines.h:173) ==125284== by 0x9CE2275: allocateCell<JSC::JSGlobalLexicalEnvironment> (JSCellInlines.h:187) ==125284== by 0x9CE2275: create (JSGlobalLexicalEnvironment.h:42) ==125284== by 0x9CE2275: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:463) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== by 0x91F7469: jsc_context_new (JSCContext.cpp:583) ==125284== Address 0x1ffeffce88 is on thread 1's stack ==125284== 528 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775ED: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x9CAEEF9: operator() (LocalAllocatorInlines.h:39) ==125284== by 0x9CAEEF9: allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::<lambda()> > (FreeListInlines.h:46) ==125284== by 0x9CAEEF9: allocate (LocalAllocatorInlines.h:37) ==125284== by 0x9CAEEF9: allocate (AllocatorInlines.h:35) ==125284== by 0x9CAEEF9: allocateNonVirtual (IsoSubspaceInlines.h:34) ==125284== by 0x9CAEEF9: tryAllocateCellHelper<JSC::JSFunction> (JSCellInlines.h:173) ==125284== by 0x9CAEEF9: void* JSC::allocateCell<JSC::JSFunction>(JSC::Heap&, unsigned long) (JSCellInlines.h:187) ==125284== by 0x9CAC29F: JSC::JSFunction::create(JSC::VM&, JSC::JSGlobalObject*, int, WTF::String const&, JSC::NativeFunction, JSC::Intrinsic, JSC::NativeFunction, JSC::DOMJIT::Signature const*) (JSFunction.cpp:99) ==125284== by 0x9C5478E: JSC::FunctionPrototype::addFunctionProperties(JSC::VM&, JSC::JSGlobalObject*, JSC::JSFunction**, JSC::JSFunction**, JSC::JSFunction**) (FunctionPrototype.cpp:62) ==125284== by 0x9CD8EB9: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:500) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== Address 0x1ffeffcec8 is on thread 1's stack ==125284== 368 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775F7: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x9CAEEF9: operator() (LocalAllocatorInlines.h:39) ==125284== by 0x9CAEEF9: allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::<lambda()> > (FreeListInlines.h:46) ==125284== by 0x9CAEEF9: allocate (LocalAllocatorInlines.h:37) ==125284== by 0x9CAEEF9: allocate (AllocatorInlines.h:35) ==125284== by 0x9CAEEF9: allocateNonVirtual (IsoSubspaceInlines.h:34) ==125284== by 0x9CAEEF9: tryAllocateCellHelper<JSC::JSFunction> (JSCellInlines.h:173) ==125284== by 0x9CAEEF9: void* JSC::allocateCell<JSC::JSFunction>(JSC::Heap&, unsigned long) (JSCellInlines.h:187) ==125284== by 0x9CAC29F: JSC::JSFunction::create(JSC::VM&, JSC::JSGlobalObject*, int, WTF::String const&, JSC::NativeFunction, JSC::Intrinsic, JSC::NativeFunction, JSC::DOMJIT::Signature const*) (JSFunction.cpp:99) ==125284== by 0x9C5478E: JSC::FunctionPrototype::addFunctionProperties(JSC::VM&, JSC::JSGlobalObject*, JSC::JSFunction**, JSC::JSFunction**, JSC::JSFunction**) (FunctionPrototype.cpp:62) ==125284== by 0x9CD8EB9: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:500) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== Address 0x1ffeffced8 is on thread 1's stack ==125284== 352 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775ED: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x942E9F3: operator() (LocalAllocatorInlines.h:39) ==125284== by 0x942E9F3: allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::<lambda()> > (FreeListInlines.h:46) ==125284== by 0x942E9F3: allocate (LocalAllocatorInlines.h:37) ==125284== by 0x942E9F3: allocate (AllocatorInlines.h:35) ==125284== by 0x942E9F3: allocateNonVirtual (IsoSubspaceInlines.h:34) ==125284== by 0x942E9F3: tryAllocateCellHelper<JSC::FunctionExecutable> (JSCellInlines.h:173) ==125284== by 0x942E9F3: allocateCell<JSC::FunctionExecutable> (JSCellInlines.h:187) ==125284== by 0x942E9F3: create (FunctionExecutable.h:53) ==125284== by 0x942E9F3: JSC::UnlinkedFunctionExecutable::link(JSC::VM&, JSC::ScriptExecutable*, JSC::SourceCode const&, WTF::Optional<int>, JSC::Intrinsic) (UnlinkedFunctionExecutable.cpp:181) ==125284== by 0x9221920: JSC::functionPrototypeApplyCodeGenerator(JSC::VM&) (JSCBuiltins.cpp:1522) ==125284== by 0x9C547BD: JSC::FunctionPrototype::addFunctionProperties(JSC::VM&, JSC::JSGlobalObject*, JSC::JSFunction**, JSC::JSFunction**, JSC::JSFunction**) (FunctionPrototype.cpp:65) ==125284== by 0x9CD8EB9: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:500) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== Address 0x1ffeffcdf8 is on thread 1's stack ==125284== 416 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775F7: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x942E9F3: operator() (LocalAllocatorInlines.h:39) ==125284== by 0x942E9F3: allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::<lambda()> > (FreeListInlines.h:46) ==125284== by 0x942E9F3: allocate (LocalAllocatorInlines.h:37) ==125284== by 0x942E9F3: allocate (AllocatorInlines.h:35) ==125284== by 0x942E9F3: allocateNonVirtual (IsoSubspaceInlines.h:34) ==125284== by 0x942E9F3: tryAllocateCellHelper<JSC::FunctionExecutable> (JSCellInlines.h:173) ==125284== by 0x942E9F3: allocateCell<JSC::FunctionExecutable> (JSCellInlines.h:187) ==125284== by 0x942E9F3: create (FunctionExecutable.h:53) ==125284== by 0x942E9F3: JSC::UnlinkedFunctionExecutable::link(JSC::VM&, JSC::ScriptExecutable*, JSC::SourceCode const&, WTF::Optional<int>, JSC::Intrinsic) (UnlinkedFunctionExecutable.cpp:181) ==125284== by 0x9221920: JSC::functionPrototypeApplyCodeGenerator(JSC::VM&) (JSCBuiltins.cpp:1522) ==125284== by 0x9C547BD: JSC::FunctionPrototype::addFunctionProperties(JSC::VM&, JSC::JSGlobalObject*, JSC::JSFunction**, JSC::JSFunction**, JSC::JSFunction**) (FunctionPrototype.cpp:65) ==125284== by 0x9CD8EB9: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:500) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== Address 0x1ffeffce08 is on thread 1's stack ==125284== 400 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775ED: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x98D248F: JSC::CompleteSubspace::tryAllocateSlow(JSC::VM&, unsigned long, JSC::GCDeferralContext*) (CompleteSubspace.cpp:128) ==125284== by 0x98D2698: JSC::CompleteSubspace::allocateSlow(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) (CompleteSubspace.cpp:117) ==125284== by 0x9D7DDB8: allocateNonVirtual (CompleteSubspaceInlines.h:37) ==125284== by 0x9D7DDB8: tryAllocateCellHelper<JSC::ObjectPrototype> (JSCellInlines.h:173) ==125284== by 0x9D7DDB8: allocateCell<JSC::ObjectPrototype> (JSCellInlines.h:187) ==125284== by 0x9D7DDB8: JSC::ObjectPrototype::create(JSC::VM&, JSC::JSGlobalObject*, JSC::Structure*) (ObjectPrototype.cpp:75) ==125284== by 0x9CD932A: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:537) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== Address 0x1ffeffce58 is on thread 1's stack ==125284== 512 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775F7: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x98D248F: JSC::CompleteSubspace::tryAllocateSlow(JSC::VM&, unsigned long, JSC::GCDeferralContext*) (CompleteSubspace.cpp:128) ==125284== by 0x98D2698: JSC::CompleteSubspace::allocateSlow(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) (CompleteSubspace.cpp:117) ==125284== by 0x9D7DDB8: allocateNonVirtual (CompleteSubspaceInlines.h:37) ==125284== by 0x9D7DDB8: tryAllocateCellHelper<JSC::ObjectPrototype> (JSCellInlines.h:173) ==125284== by 0x9D7DDB8: allocateCell<JSC::ObjectPrototype> (JSCellInlines.h:187) ==125284== by 0x9D7DDB8: JSC::ObjectPrototype::create(JSC::VM&, JSC::JSGlobalObject*, JSC::Structure*) (ObjectPrototype.cpp:75) ==125284== by 0x9CD932A: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:537) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== Address 0x1ffeffce68 is on thread 1's stack ==125284== 496 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775ED: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x9E03C76: operator() (LocalAllocatorInlines.h:39) ==125284== by 0x9E03C76: allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::<lambda()> > (FreeListInlines.h:46) ==125284== by 0x9E03C76: allocate (LocalAllocatorInlines.h:37) ==125284== by 0x9E03C76: allocate (AllocatorInlines.h:35) ==125284== by 0x9E03C76: allocateNonVirtual (IsoSubspaceInlines.h:34) ==125284== by 0x9E03C76: tryAllocateCellHelper<JSC::StructureRareData> (JSCellInlines.h:173) ==125284== by 0x9E03C76: allocateCell<JSC::StructureRareData> (JSCellInlines.h:187) ==125284== by 0x9E03C76: JSC::StructureRareData::create(JSC::VM&, JSC::Structure*) (StructureRareData.cpp:48) ==125284== by 0x9E03CB6: JSC::Structure::allocateRareData(JSC::VM&) (Structure.cpp:839) ==125284== by 0x9E08797: JSC::Structure::ensurePropertyReplacementWatchpointSet(JSC::VM&, int) (Structure.cpp:854) ==125284== by 0x94157A7: JSC::PropertyCondition::isWatchableWhenValid(JSC::Structure*, JSC::PropertyCondition::WatchabilityEffort) const (PropertyCondition.cpp:323) ==125284== by 0x9CC4F23: JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::JSObject*, JSC::Identifier const&)#73}::operator()(JSC::JSObject*, JSC::Identifier const&) const [clone .isra.0] (JSGlobalObject.cpp:1119) ==125284== by 0x9CE07ED: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:1126) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== Address 0x1ffeffcd78 is on thread 1's stack ==125284== 512 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775F7: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x9E03C76: operator() (LocalAllocatorInlines.h:39) ==125284== by 0x9E03C76: allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::<lambda()> > (FreeListInlines.h:46) ==125284== by 0x9E03C76: allocate (LocalAllocatorInlines.h:37) ==125284== by 0x9E03C76: allocate (AllocatorInlines.h:35) ==125284== by 0x9E03C76: allocateNonVirtual (IsoSubspaceInlines.h:34) ==125284== by 0x9E03C76: tryAllocateCellHelper<JSC::StructureRareData> (JSCellInlines.h:173) ==125284== by 0x9E03C76: allocateCell<JSC::StructureRareData> (JSCellInlines.h:187) ==125284== by 0x9E03C76: JSC::StructureRareData::create(JSC::VM&, JSC::Structure*) (StructureRareData.cpp:48) ==125284== by 0x9E03CB6: JSC::Structure::allocateRareData(JSC::VM&) (Structure.cpp:839) ==125284== by 0x9E08797: JSC::Structure::ensurePropertyReplacementWatchpointSet(JSC::VM&, int) (Structure.cpp:854) ==125284== by 0x94157A7: JSC::PropertyCondition::isWatchableWhenValid(JSC::Structure*, JSC::PropertyCondition::WatchabilityEffort) const (PropertyCondition.cpp:323) ==125284== by 0x9CC4F23: JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::JSObject*, JSC::Identifier const&)#73}::operator()(JSC::JSObject*, JSC::Identifier const&) const [clone .isra.0] (JSGlobalObject.cpp:1119) ==125284== by 0x9CE07ED: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:1126) ==125284== by 0x9CE3C45: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2113) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== Address 0x1ffeffcd88 is on thread 1's stack ==125284== 496 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775ED: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x9CE3E53: operator() (LocalAllocatorInlines.h:39) ==125284== by 0x9CE3E53: allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::<lambda()> > (FreeListInlines.h:46) ==125284== by 0x9CE3E53: allocate (LocalAllocatorInlines.h:37) ==125284== by 0x9CE3E53: allocate (AllocatorInlines.h:35) ==125284== by 0x9CE3E53: allocateNonVirtual (IsoSubspaceInlines.h:34) ==125284== by 0x9CE3E53: tryAllocateCellHelper<JSC::Structure> (JSCellInlines.h:173) ==125284== by 0x9CE3E53: allocateCell<JSC::Structure> (JSCellInlines.h:187) ==125284== by 0x9CE3E53: create (Structure.h:798) ==125284== by 0x9CE3E53: createStructure (JSNonDestructibleProxy.h:69) ==125284== by 0x9CE3E53: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2114) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== by 0x91F7469: jsc_context_new (JSCContext.cpp:583) ==125284== by 0x686B494: getOrCreateContext (WebKitJavascriptResultPrivate.h:44) ==125284== by 0x686B494: _WebKitJavascriptResult (WebKitJavascriptResult.cpp:31) ==125284== by 0x686B494: webkitJavascriptResultCreate(WebCore::SerializedScriptValue&) (WebKitJavascriptResult.cpp:45) ==125284== by 0x68888EC: webkitWebViewRunJavaScriptCallback(API::SerializedScriptValue*, WebCore::ExceptionDetails const&, _GTask*) (WebKitWebView.cpp:3428) ==125284== by 0x67CE617: operator() (Function.h:79) ==125284== by 0x67CE617: performCallbackWithReturnValue (GenericCallback.h:109) ==125284== by 0x67CE617: performCallbackWithReturnValue (GenericCallback.h:101) ==125284== by 0x67CE617: WebKit::WebPageProxy::scriptValueCallback(IPC::DataReference const&, bool, WebCore::ExceptionDetails const&, WebKit::CallbackID) (WebPageProxy.cpp:6531) ==125284== Address 0x1ffeffcf48 is on thread 1's stack ==125284== 5008 bytes below stack pointer ==125284== ==125284== Invalid write of size 8 ==125284== at 0x9A775F7: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==125284== by 0x9CE3E53: operator() (LocalAllocatorInlines.h:39) ==125284== by 0x9CE3E53: allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::<lambda()> > (FreeListInlines.h:46) ==125284== by 0x9CE3E53: allocate (LocalAllocatorInlines.h:37) ==125284== by 0x9CE3E53: allocate (AllocatorInlines.h:35) ==125284== by 0x9CE3E53: allocateNonVirtual (IsoSubspaceInlines.h:34) ==125284== by 0x9CE3E53: tryAllocateCellHelper<JSC::Structure> (JSCellInlines.h:173) ==125284== by 0x9CE3E53: allocateCell<JSC::Structure> (JSCellInlines.h:187) ==125284== by 0x9CE3E53: create (Structure.h:798) ==125284== by 0x9CE3E53: createStructure (JSNonDestructibleProxy.h:69) ==125284== by 0x9CE3E53: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2114) ==125284== by 0x92346E8: create (JSAPIGlobalObject.h:44) ==125284== by 0x92346E8: JSGlobalContextCreateInGroup (JSContextRef.cpp:141) ==125284== by 0x91F6E31: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==125284== by 0x91FA14E: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==125284== by 0x56DEC73: g_object_new_internal (gobject.c:1867) ==125284== by 0x56DF135: g_object_new_with_properties (gobject.c:1995) ==125284== by 0x56DE6D6: g_object_new (gobject.c:1667) ==125284== by 0x91F7469: jsc_context_new (JSCContext.cpp:583) ==125284== by 0x686B494: getOrCreateContext (WebKitJavascriptResultPrivate.h:44) ==125284== by 0x686B494: _WebKitJavascriptResult (WebKitJavascriptResult.cpp:31) ==125284== by 0x686B494: webkitJavascriptResultCreate(WebCore::SerializedScriptValue&) (WebKitJavascriptResult.cpp:45) ==125284== by 0x68888EC: webkitWebViewRunJavaScriptCallback(API::SerializedScriptValue*, WebCore::ExceptionDetails const&, _GTask*) (WebKitWebView.cpp:3428) ==125284== by 0x67CE617: operator() (Function.h:79) ==125284== by 0x67CE617: performCallbackWithReturnValue (GenericCallback.h:109) ==125284== by 0x67CE617: performCallbackWithReturnValue (GenericCallback.h:101) ==125284== by 0x67CE617: WebKit::WebPageProxy::scriptValueCallback(IPC::DataReference const&, bool, WebCore::ExceptionDetails const&, WebKit::CallbackID) (WebPageProxy.cpp:6531) ==125284== Address 0x1ffeffcf58 is on thread 1's stack ==125284== 4992 bytes below stack pointer 1548658 1 mcatanzaro 2019-06-27 16:09:19 -0700 My suspicion is maybe something wrong in jscContextSetVirtualMachine, but I don't see the problem so I don't really know. 1553882 2 cgarcia 2019-07-18 05:28:00 -0700 I'm getting similar errors when running jsc c api tests with valgrind, so I don't think this is specific to the glib api (nor even to GTK and WPE) 1553885 3 cgarcia 2019-07-18 05:36:57 -0700 ==12053== Invalid write of size 8 ==12053== at 0x53ED29C: ??? (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x4C7A3AA: JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::{lambda()#1}::operator()() const (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x55FDD76: JSC::JSFunction::create(JSC::VM&, JSC::JSGlobalObject*, int, WTF::String const&, JSC::NativeFunction, JSC::Intrinsic, JSC::NativeFunction, JSC::DOMJIT::Signature const*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x55AA06E: JSC::FunctionPrototype::addFunctionProperties(JSC::VM&, JSC::JSGlobalObject*, JSC::JSFunction**, JSC::JSFunction**, JSC::JSFunction**) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x561E183: JSC::JSGlobalObject::init(JSC::VM&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5626B2D: JSC::JSGlobalObject::finishCreation(JSC::VM&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x4C82895: JSGlobalContextCreateInGroup (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x117FC8: WTF::Detail::CallableWrapper<testCAPIViaCpp::{lambda()#11}, void>::call() (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/bin/testapi) ==12053== by 0x58E3DCA: WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x593F008: WTF::wtfThreadEntryPoint(void*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x7B0DFA2: start_thread (pthread_create.c:486) ==12053== by 0x84934CE: clone (clone.S:95) ==12053== Address 0xbe029c8 is on thread 7's stack ==12053== 368 bytes below stack pointer ==12053== ==12053== Invalid write of size 8 ==12053== at 0x53ED29C: ??? (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x4E624B3: JSC::UnlinkedFunctionExecutable::link(JSC::VM&, JSC::ScriptExecutable*, JSC::SourceCode const&, WTF::Optional<int>, JSC::Intrinsic) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x4C6F54F: JSC::functionPrototypeApplyCodeGenerator(JSC::VM&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x55AA09D: JSC::FunctionPrototype::addFunctionProperties(JSC::VM&, JSC::JSGlobalObject*, JSC::JSFunction**, JSC::JSFunction**, JSC::JSFunction**) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x561E183: JSC::JSGlobalObject::init(JSC::VM&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5626B2D: JSC::JSGlobalObject::finishCreation(JSC::VM&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x4C82895: JSGlobalContextCreateInGroup (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x117FC8: WTF::Detail::CallableWrapper<testCAPIViaCpp::{lambda()#11}, void>::call() (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/bin/testapi) ==12053== by 0x58E3DCA: WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x593F008: WTF::wtfThreadEntryPoint(void*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x7B0DFA2: start_thread (pthread_create.c:486) ==12053== by 0x84934CE: clone (clone.S:95) ==12053== Address 0xbe02918 is on thread 7's stack ==12053== 416 bytes below stack pointer ==12053== ==12053== Invalid write of size 8 ==12053== at 0x53ED29C: ??? (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x526A88F: JSC::CompleteSubspace::tryAllocateSlow(JSC::VM&, unsigned long, JSC::GCDeferralContext*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x526AAF8: JSC::CompleteSubspace::allocateSlow(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x56BBAE0: JSC::ObjectPrototype::create(JSC::VM&, JSC::JSGlobalObject*, JSC::Structure*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x561E507: JSC::JSGlobalObject::init(JSC::VM&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5626B2D: JSC::JSGlobalObject::finishCreation(JSC::VM&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x4C82895: JSGlobalContextCreateInGroup (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x117FC8: WTF::Detail::CallableWrapper<testCAPIViaCpp::{lambda()#11}, void>::call() (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/bin/testapi) ==12053== by 0x58E3DCA: WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x593F008: WTF::wtfThreadEntryPoint(void*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x7B0DFA2: start_thread (pthread_create.c:486) ==12053== by 0x84934CE: clone (clone.S:95) ==12053== Address 0xbe02968 is on thread 7's stack ==12053== 496 bytes below stack pointer ==12053== ==12053== Invalid write of size 8 ==12053== at 0x53ED29C: ??? (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5734C7E: JSC::StructureRareData::create(JSC::VM&, JSC::Structure*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5734CC6: JSC::Structure::allocateRareData(JSC::VM&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5738787: JSC::Structure::ensurePropertyReplacementWatchpointSet(JSC::VM&, int) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x4E484A2: JSC::PropertyCondition::isWatchableWhenValid(JSC::Structure*, JSC::PropertyCondition::WatchabilityEffort) const (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x560FF72: JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::JSObject*, JSC::Identifier const&)#72}::operator()(JSC::JSObject*, JSC::Identifier const&) const [clone .isra.226] (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5624B62: JSC::JSGlobalObject::init(JSC::VM&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5626B2D: JSC::JSGlobalObject::finishCreation(JSC::VM&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x4C82895: JSGlobalContextCreateInGroup (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x117FC8: WTF::Detail::CallableWrapper<testCAPIViaCpp::{lambda()#11}, void>::call() (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/bin/testapi) ==12053== by 0x58E3DCA: WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x593F008: WTF::wtfThreadEntryPoint(void*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== Address 0x4ecff858 is on thread 12's stack ==12053== 656 bytes below stack pointer ==12053== ==12053== Invalid write of size 8 ==12053== at 0x53ED29C: ??? (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x4C7A3AA: JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::{lambda()#1}::operator()() const (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5715351: void* JSC::allocateCell<JSC::ProgramCodeBlock>(JSC::Heap&, unsigned long) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x57113CB: JSC::ScriptExecutable::newCodeBlockFor(JSC::CodeSpecializationKind, JSC::JSFunction*, JSC::JSScope*, JSC::Exception*&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5714436: JSC::ScriptExecutable::prepareForExecutionImpl(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5331B57: JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x55737CC: JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x5573957: JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x4C76CC6: JSEvaluateScriptInternal (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x4C76F5A: JSEvaluateScript (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1) ==12053== by 0x11882A: WTF::SharedTaskFunctor<void (TestAPI&), testCAPIViaCpp::{lambda(TestAPI&)#2}>::run(TestAPI&) (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/bin/testapi) ==12053== by 0x11810E: WTF::Detail::CallableWrapper<testCAPIViaCpp::{lambda()#11}, void>::call() (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/bin/testapi) ==12053== Address 0x4ecffca8 is on thread 12's stack ==12053== 656 bytes below stack pointer ==12053== 1553928 4 mcatanzaro 2019-07-18 09:27:23 -0700 (In reply to Carlos Garcia Campos from comment #2) > I'm getting similar errors when running jsc c api tests with valgrind, so I > don't think this is specific to the glib api (nor even to GTK and WPE) Thanks. What command do you use to use run-javascriptcore-tests under valgrind? 1553931 5 cgarcia 2019-07-18 09:34:37 -0700 I just run testapi from bin dir under valgrind 1554167 6 cgarcia 2019-07-19 02:03:38 -0700 It seems to be sanitizeStackForVMImpl what makes valgrind complain. 1554208 7 mcatanzaro 2019-07-19 08:19:17 -0700 Oh dear, from LowLevelInterpreter.asm? This is beyond me.... Last change was r229481 "[Re-landing] Prepare LLInt code to support pointer profiling." I don't remember the last time I tried valgrind but I suppose it could have been that long.... 1556388 8 federicosantamorena 2019-07-27 08:18:24 -0700 I can confirm, I have the same exact problem. using the standard webkit2gtk-4.0 on Fedora causes this problem when running some Javascript scripts with version 2.24.3-1.fc30 webkit_web_view_run_javascript( webview, "var variable_name = {}", null, null, null ); will corrupt memory 1567352 9 mcatanzaro 2019-09-03 04:44:18 -0700 I think this isn't receiving the attention it needs from JSC devs. Stack corruption is serious and this occurs every time JSGlobalContext is created. 1571522 10 cgarcia 2019-09-17 07:19:10 -0700 I don't know much about asm, but if I understand the code correctly, it zeroes the stack from VM::m_lastStackTop to sp. It shouldn't change the m_lastStackTop, right? for some reason it's changing it, sometimes with values outside the stack bounds, which is what causes the valgrind errors. 1624262 11 ysuzuki 2020-02-29 02:29:38 -0800 sanitizeStackForVMImpl is a bit low-level function which clears unused stack spaces to make conservative GC work well. I think this is false-positive reports from valgrind. 1624280 12 mcatanzaro 2020-02-29 08:21:11 -0800 Hm, I'm not sure what to do about it. We don't have a valgrind suppression file, and don't really want to add one because nobody ever actually uses those when debugging or reporting bugs. Ideally, WebKit would not do anything that triggers complaints from valgrind. This is currently the only false-positive reported by valgrind that's directly WebKit's fault. We also have bug #146729, where we write uninitialized memory as part of WebKit IPC, which is harmless but clearly something to be fixed, so not a false-positive. Also, we have some issues with dependencies in bug #204997. 1625708 13 mcrha 2020-03-04 12:49:43 -0800 I thought this had been introduced with r227617, aka bug #181559, but I can reproduce it (on the WebKitWebProcess side) also with r227616. I'm not sure whether this information is good for anything. 1631443 14 mcatanzaro 2020-03-18 17:29:33 -0700 Here's what it looks like with --track-origins: ==449866== Invalid write of size 8 ==449866== at 0x9F56DCB: ??? (in /home/mcatanzaro/Projects/GNOME/install/lib/libjavascriptcoregtk-4.0.so.18.17.0) ==449866== by 0xA0CB298: operator() (LocalAllocatorInlines.h:39) ==449866== by 0xA0CB298: allocate<JSC::LocalAllocator::allocate(JSC::Heap&, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::<lambda()> > (FreeListInlines.h:46) ==449866== by 0xA0CB298: allocate (LocalAllocatorInlines.h:37) ==449866== by 0xA0CB298: allocate (AllocatorInlines.h:35) ==449866== by 0xA0CB298: allocateNonVirtual (IsoSubspaceInlines.h:34) ==449866== by 0xA0CB298: tryAllocateCellHelper<JSC::ArrayPrototype> (JSCellInlines.h:163) ==449866== by 0xA0CB298: allocateCell<JSC::ArrayPrototype> (JSCellInlines.h:177) ==449866== by 0xA0CB298: JSC::ArrayPrototype::create(JSC::VM&, JSC::JSGlobalObject*, JSC::Structure*) (ArrayPrototype.cpp:72) ==449866== by 0xA1D0CA2: JSC::JSGlobalObject::init(JSC::VM&) (JSGlobalObject.cpp:703) ==449866== by 0xA1D78E8: JSC::JSGlobalObject::finishCreation(JSC::VM&) (JSGlobalObject.cpp:2144) ==449866== by 0x96DE09D: create (JSAPIGlobalObject.h:51) ==449866== by 0x96DE09D: JSGlobalContextCreateInGroup (JSContextRef.cpp:143) ==449866== by 0x967E901: jscContextSetVirtualMachine(_JSCContext*, WTF::GRefPtr<_JSCVirtualMachine>&&) (JSCContext.cpp:107) ==449866== by 0x9681DEE: jscContextConstructed(_GObject*) (JSCContext.cpp:153) ==449866== by 0x53C25F5: g_object_new_internal (gobject.c:1867) ==449866== by 0x53C3B04: g_object_new_with_properties (gobject.c:1995) ==449866== by 0x53C46B0: g_object_new (gobject.c:1667) ==449866== by 0x967EF29: jsc_context_new (JSCContext.cpp:596) ==449866== by 0x6974F54: getOrCreateContext (WebKitJavascriptResultPrivate.h:44) ==449866== by 0x6974F54: _WebKitJavascriptResult (WebKitJavascriptResult.cpp:31) ==449866== by 0x6974F54: webkitJavascriptResultCreate(WebCore::SerializedScriptValue&) (WebKitJavascriptResult.cpp:45) ==449866== Address 0x1ffeffdb68 is on thread 1's stack ==449866== 464 bytes below stack pointer So, I know the stack grows down, and therefore this shouldn't be causing any harm because the zeroed memory should not be used by any current stack frame. That said: valgrind spam like this makes it impractical to debug serious memory safety problems and detect actual security bugs, so we need to avoid triggering this warning somehow. And valgrind suppressions are not an OK answer; nobody ever uses those. Does JSC *really* need to write below the stack pointer? When did we start doing this? (Early last year? The warnings did not occur before last year.) Ideally we would stay within our own stack frame and not trigger a spam of serious-looking warnings like this. It's seriously weird.... 1631445 15 mcatanzaro 2020-03-18 17:36:30 -0700 My first thought was that sanitizeStackForVMImpl could use alloca() as a workaround, because that should be basically zero-cost, right? But alloca() really just moves the stack pointer. I don't understand llint asm (or any asm) but I guess adjusting sp should probably suffice to avoid the warnings... right? 1631537 16 ysuzuki 2020-03-18 21:30:16 -0700 I think the easiest solution to suppress this is just changing sp in sanitizeStackForVMImpl. 1631540 17 393948 ysuzuki 2020-03-18 21:33:12 -0700 Created attachment 393948 Patch 1631543 18 393950 ysuzuki 2020-03-18 22:15:08 -0700 Created attachment 393950 Patch 1631552 19 393950 mark.lam 2020-03-18 23:35:37 -0700 Comment on attachment 393950 Patch r=me 1631614 20 mcrha 2020-03-19 05:30:38 -0700 I gave the patch a try and it seems to fix it, valgrind is happy with it. My smoke (unit) tests (not exhausting, but using javascript a lot at least) didn't show any failure, nor regression, too. 1631662 21 mcatanzaro 2020-03-19 08:58:20 -0700 Thanks a bunch, Yusuke. :) 1631732 22 393950 msaboff 2020-03-19 10:56:04 -0700 Comment on attachment 393950 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393950&action=review > Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1427 > + move sp, zeroValue > + storep zeroValue, VM::m_lastStackTop[vm] Let's storep sp directly and eliminate the move sp, zeroValue. > Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1428 > + move sp, vm Let's rename "vm" to be something like vmOrStartSP? 1631748 23 393950 ysuzuki 2020-03-19 11:21:36 -0700 Comment on attachment 393950 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393950&action=review >> Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1427 >> + storep zeroValue, VM::m_lastStackTop[vm] > > Let's storep sp directly and eliminate the move sp, zeroValue. It seems that ARM64 assembler is not happy with this https://ews-build.webkit.org/#/builders/22/builds/13248... >> Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1428 >> + move sp, vm > > Let's rename "vm" to be something like vmOrStartSP? Sounds nice, fixed. 1631755 24 ysuzuki 2020-03-19 11:29:07 -0700 Committed r258717: <https://trac.webkit.org/changeset/258717> 1631756 25 webkit-bug-importer 2020-03-19 11:31:20 -0700 <rdar://problem/60642800> 1631762 26 ysuzuki 2020-03-19 11:41:24 -0700 Committed r258719: <https://trac.webkit.org/changeset/258719> 1632377 27 mcatanzaro 2020-03-20 17:02:23 -0700 I can confirm it's fixed for me too. Thanks! 393948 2020-03-18 21:33:12 -0700 2020-03-18 22:15:06 -0700 Patch bug-199295-20200318213311.patch text/plain 1914 ysuzuki U3VidmVyc2lvbiBSZXZpc2lvbjogMjU4Njc5CmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCAy Nzc2ZThkYzMxYjZmYTAyZTY3MWZjYjYxNzBlNjU1MzA0YWI4N2QyLi4zZjdiM2NhMWQyN2FkMDQz ODk1ODk0Y2ZlZmU5NmFjMWY0M2I4YzVmIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxNSBAQAorMjAyMC0wMy0xOCAgWXVzdWtlIFN1enVraSAgPHlzdXp1a2lAYXBwbGUuY29t PgorCisgICAgICAgIHNhbml0aXplU3RhY2tGb3JWTUltcGwgd3JpdGVzIGJlbG93IHN0YWNrIHBv aW50ZXIsIHRyaWdnZXJzIGh1Z2Ugd2FybmluZyBzcGFtIGZyb20gdmFsZ3JpbmQKKyAgICAgICAg aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5OTI5NQorCisgICAgICAg IFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIER1cmluZyBzYW5pdGl6ZVN0 YWNrRm9yVk1JbXBsLCB3ZSBzaG91bGQgbm90IGFjY2VzcyB0byB0aGUgcmVnaW9uIGJleW9uZCB0 aGUgc3RhY2stcG9pbnRlci4KKyAgICAgICAgVGhpcyBwYXRjaCBjaGFuZ2VzIHN0YWNrLXBvaW50 ZXIgd2hpbGUgc2FuaXRpemVTdGFja0ZvclZNSW1wbCBpcyB6ZXJvLWZpbGxpbmcgdGhlIG9sZCBz dGFjayByZWdpb24uCisKKyAgICAgICAgKiBsbGludC9Mb3dMZXZlbEludGVycHJldGVyLmFzbToK KwogMjAyMC0wMy0xOCAgWXVzdWtlIFN1enVraSAgPHlzdXp1a2lAYXBwbGUuY29tPgogCiAgICAg ICAgIEFkZCBhIHdheSB0byBtYXJrIGEgcmVqZWN0ZWQgcHJvbWlzZSBhcyBoYW5kbGVkCmRpZmYg LS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvbGxpbnQvTG93TGV2ZWxJbnRlcnByZXRlci5h c20gYi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvbGxpbnQvTG93TGV2ZWxJbnRlcnByZXRlci5hc20K aW5kZXggMTAyOTU1NDIxODk2Mjk1MGQzZDhjMDdlMmYxMDg1N2Q3M2UzYWYwMC4uODQ3YjM2MDQ4 NGU5ODJlYThjYmQ3ZWE5YjA2MzQ3ZmI2N2QyNzJmYSAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFT Y3JpcHRDb3JlL2xsaW50L0xvd0xldmVsSW50ZXJwcmV0ZXIuYXNtCisrKyBiL1NvdXJjZS9KYXZh U2NyaXB0Q29yZS9sbGludC9Mb3dMZXZlbEludGVycHJldGVyLmFzbQpAQCAtMTQyMywxNyArMTQy MywyMCBAQCBpZiBub3QgKENfTE9PUCBvciBDX0xPT1BfV0lOKQogICAgICAgICBjb25zdCB6ZXJv VmFsdWUgPSBhMgogICAgIAogICAgICAgICBsb2FkcCBWTTo6bV9sYXN0U3RhY2tUb3Bbdm1dLCBh ZGRyZXNzCisgICAgICAgIHN0b3JlcCBzcCwgVk06Om1fbGFzdFN0YWNrVG9wW3ZtXQorICAgICAg ICBtb3ZlIHNwLCB2bQorCiAgICAgICAgIGJwYmVxIHNwLCBhZGRyZXNzLCAuemVyb0ZpbGxEb25l Ci0gICAgCisgICAgICAgIG1vdmUgYWRkcmVzcywgc3AKKwogICAgICAgICBtb3ZlIDAsIHplcm9W YWx1ZQogICAgIC56ZXJvRmlsbExvb3A6CiAgICAgICAgIHN0b3JlcCB6ZXJvVmFsdWUsIFthZGRy ZXNzXQogICAgICAgICBhZGRwIFB0clNpemUsIGFkZHJlc3MKLSAgICAgICAgYnBhIHNwLCBhZGRy ZXNzLCAuemVyb0ZpbGxMb29wCisgICAgICAgIGJwYSB2bSwgYWRkcmVzcywgLnplcm9GaWxsTG9v cAogCiAgICAgLnplcm9GaWxsRG9uZToKLSAgICAgICAgbW92ZSBzcCwgYWRkcmVzcwotICAgICAg ICBzdG9yZXAgYWRkcmVzcywgVk06Om1fbGFzdFN0YWNrVG9wW3ZtXQorICAgICAgICBtb3ZlIHZt LCBzcAogICAgICAgICByZXQKICAgICAKICAgICAjIFZNRW50cnlSZWNvcmQqIHZtRW50cnlSZWNv cmQoY29uc3QgRW50cnlGcmFtZSogZW50cnlGcmFtZSkK 393950 2020-03-18 22:15:08 -0700 2020-03-18 23:35:37 -0700 Patch bug-199295-20200318221507.patch text/plain 1949 ysuzuki U3VidmVyc2lvbiBSZXZpc2lvbjogMjU4Njc5CmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCAy Nzc2ZThkYzMxYjZmYTAyZTY3MWZjYjYxNzBlNjU1MzA0YWI4N2QyLi4zZjdiM2NhMWQyN2FkMDQz ODk1ODk0Y2ZlZmU5NmFjMWY0M2I4YzVmIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxNSBAQAorMjAyMC0wMy0xOCAgWXVzdWtlIFN1enVraSAgPHlzdXp1a2lAYXBwbGUuY29t PgorCisgICAgICAgIHNhbml0aXplU3RhY2tGb3JWTUltcGwgd3JpdGVzIGJlbG93IHN0YWNrIHBv aW50ZXIsIHRyaWdnZXJzIGh1Z2Ugd2FybmluZyBzcGFtIGZyb20gdmFsZ3JpbmQKKyAgICAgICAg aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5OTI5NQorCisgICAgICAg IFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIER1cmluZyBzYW5pdGl6ZVN0 YWNrRm9yVk1JbXBsLCB3ZSBzaG91bGQgbm90IGFjY2VzcyB0byB0aGUgcmVnaW9uIGJleW9uZCB0 aGUgc3RhY2stcG9pbnRlci4KKyAgICAgICAgVGhpcyBwYXRjaCBjaGFuZ2VzIHN0YWNrLXBvaW50 ZXIgd2hpbGUgc2FuaXRpemVTdGFja0ZvclZNSW1wbCBpcyB6ZXJvLWZpbGxpbmcgdGhlIG9sZCBz dGFjayByZWdpb24uCisKKyAgICAgICAgKiBsbGludC9Mb3dMZXZlbEludGVycHJldGVyLmFzbToK KwogMjAyMC0wMy0xOCAgWXVzdWtlIFN1enVraSAgPHlzdXp1a2lAYXBwbGUuY29tPgogCiAgICAg ICAgIEFkZCBhIHdheSB0byBtYXJrIGEgcmVqZWN0ZWQgcHJvbWlzZSBhcyBoYW5kbGVkCmRpZmYg LS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvbGxpbnQvTG93TGV2ZWxJbnRlcnByZXRlci5h c20gYi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvbGxpbnQvTG93TGV2ZWxJbnRlcnByZXRlci5hc20K aW5kZXggMTAyOTU1NDIxODk2Mjk1MGQzZDhjMDdlMmYxMDg1N2Q3M2UzYWYwMC4uODFmYjI1MDlh MzgwZDE5NjBhYzAwOWYyZjYzMDUzZmFkYjA2NTY5NSAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFT Y3JpcHRDb3JlL2xsaW50L0xvd0xldmVsSW50ZXJwcmV0ZXIuYXNtCisrKyBiL1NvdXJjZS9KYXZh U2NyaXB0Q29yZS9sbGludC9Mb3dMZXZlbEludGVycHJldGVyLmFzbQpAQCAtMTQyMywxNyArMTQy MywyMSBAQCBpZiBub3QgKENfTE9PUCBvciBDX0xPT1BfV0lOKQogICAgICAgICBjb25zdCB6ZXJv VmFsdWUgPSBhMgogICAgIAogICAgICAgICBsb2FkcCBWTTo6bV9sYXN0U3RhY2tUb3Bbdm1dLCBh ZGRyZXNzCisgICAgICAgIG1vdmUgc3AsIHplcm9WYWx1ZQorICAgICAgICBzdG9yZXAgemVyb1Zh bHVlLCBWTTo6bV9sYXN0U3RhY2tUb3Bbdm1dCisgICAgICAgIG1vdmUgc3AsIHZtCisKICAgICAg ICAgYnBiZXEgc3AsIGFkZHJlc3MsIC56ZXJvRmlsbERvbmUKLSAgICAKKyAgICAgICAgbW92ZSBh ZGRyZXNzLCBzcAorCiAgICAgICAgIG1vdmUgMCwgemVyb1ZhbHVlCiAgICAgLnplcm9GaWxsTG9v cDoKICAgICAgICAgc3RvcmVwIHplcm9WYWx1ZSwgW2FkZHJlc3NdCiAgICAgICAgIGFkZHAgUHRy U2l6ZSwgYWRkcmVzcwotICAgICAgICBicGEgc3AsIGFkZHJlc3MsIC56ZXJvRmlsbExvb3AKKyAg ICAgICAgYnBhIHZtLCBhZGRyZXNzLCAuemVyb0ZpbGxMb29wCiAKICAgICAuemVyb0ZpbGxEb25l OgotICAgICAgICBtb3ZlIHNwLCBhZGRyZXNzCi0gICAgICAgIHN0b3JlcCBhZGRyZXNzLCBWTTo6 bV9sYXN0U3RhY2tUb3Bbdm1dCisgICAgICAgIG1vdmUgdm0sIHNwCiAgICAgICAgIHJldAogICAg IAogICAgICMgVk1FbnRyeVJlY29yZCogdm1FbnRyeVJlY29yZChjb25zdCBFbnRyeUZyYW1lKiBl bnRyeUZyYW1lKQo=