1480963 - Intermittent non262/TypedObject/storageopaque.js | (args: "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so") [0.3 s]

Reporter

Description

•

6 years ago

treeherder

Filed by: apavel [at] mozilla.com

https://treeherder.mozilla.org/logviewer.html#?job_id=191884838&repo=mozilla-inbound

https://queue.taskcluster.net/v1/task/etK6qohZT9KwxNoATnm7kQ/runs/0/artifacts/public/logs/live_backing.log

[task 2018-08-03T16:07:07.703Z] TEST-PASS | non262/TypedObject/structtypeindexedfields.js | (args: "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so") [0.3 s]
[task 2018-08-03T16:07:07.703Z] {"action": "test_start", "jitflags": [], "pid": 20250, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "test": "non262/TypedObject/structtypeindexedfields.js", "thread": "main", "time": 1533312427.395463}
[task 2018-08-03T16:07:07.703Z] {"action": "test_end", "extra": {"jitflags": [], "pid": 20250, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so"}, "jitflags": [], "pid": 20250, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "status": "PASS", "test": "non262/TypedObject/structtypeindexedfields.js", "thread": "main", "time": 1533312427.703033}
[task 2018-08-03T16:07:07.707Z] ## non262/TypedObject/storageopaque.js: rc = -11, run time = 0.301804
[task 2018-08-03T16:07:07.707Z] 898356: 
[task 2018-08-03T16:07:07.707Z] TEST-UNEXPECTED-FAIL | non262/TypedObject/storageopaque.js | (args: "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so") [0.3 s]
[task 2018-08-03T16:07:07.708Z] {"action": "test_start", "jitflags": [], "pid": 20261, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "test": "non262/TypedObject/storageopaque.js", "thread": "main", "time": 1533312427.406015}
[task 2018-08-03T16:07:07.708Z] {"action": "test_end", "extra": {"jitflags": [], "pid": 20261, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so"}, "jitflags": [], "pid": 20261, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "status": "FAIL", "test": "non262/TypedObject/storageopaque.js", "thread": "main", "time": 1533312427.707819}
[task 2018-08-03T16:07:07.712Z] TEST-PASS | non262/TypedObject/simpleequiv.js | (args: "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so") [0.3 s]

[task 2018-08-03T16:17:24.804Z] TEST-PASS | test262/intl402/supportedLocalesOf-unicode-extensions-ignored.js | (args: "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so") [34.0 s]
[task 2018-08-03T16:17:24.804Z] {"action": "test_start", "jitflags": [], "pid": 16144, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "test": "test262/intl402/supportedLocalesOf-unicode-extensions-ignored.js", "thread": "main", "time": 1533313010.7666562}
[task 2018-08-03T16:17:24.804Z] {"action": "test_end", "extra": {"jitflags": [], "pid": 16144, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so"}, "jitflags": [], "pid": 16144, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "status": "PASS", "test": "test262/intl402/supportedLocalesOf-unicode-extensions-ignored.js", "thread": "main", "time": 1533313044.804496}
[task 2018-08-03T16:17:24.804Z] {"action": "suite_end", "pid": 926, "source": "jstests", "thread": "main", "time": 1533313044.80463}
[task 2018-08-03T16:17:24.864Z] Makefile:73: recipe for target 'check-jstests' failed
[task 2018-08-03T16:17:24.864Z] make[1]: *** [check-jstests] Error 1
[task 2018-08-03T16:17:24.864Z] make[1]: Leaving directory '/builds/worker/workspace/build/src/obj-spider/js/src'
[task 2018-08-03T16:17:24.865Z] Makefile:348: recipe for target 'check-jstests' failed
[task 2018-08-03T16:17:24.865Z] make: *** [check-jstests] Error 2
[task 2018-08-03T16:17:24.865Z] in directory /builds/worker/workspace/build/src/obj-spider, running ['/builds/worker/workspace/build/src/obj-spider/_virtualenvs/init/bin/python', '/builds/worker/workspace/build/src/testing/mozbase/mozcrash/mozcrash/mozcrash.py', '/tmp', '/builds/worker/workspace/build/src/obj-spider/dist/crashreporter-symbols']
[task 2018-08-03T16:17:24.936Z] mozcrash INFO | Copy/paste: /builds/worker/workspace/breakpad-tools/minidump_stackwalk /tmp/b36b51cc-e09a-46dd-aa26179b-af47f1a7.dmp /builds/worker/workspace/build/src/obj-spider/dist/crashreporter-symbols
[task 2018-08-03T16:17:25.831Z] mozcrash INFO | Saved minidump as /builds/worker/artifacts/b36b51cc-e09a-46dd-aa26179b-af47f1a7.dmp
[task 2018-08-03T16:17:25.831Z] PROCESS-CRASH | mozcrash.py | application crashed [@ js::NativeObject::hasAllFlags]
[task 2018-08-03T16:17:25.831Z] Crash dump filename: /tmp/b36b51cc-e09a-46dd-aa26179b-af47f1a7.dmp
[task 2018-08-03T16:17:25.831Z] Operating system: Linux
[task 2018-08-03T16:17:25.831Z]                   0.0.0 Linux 4.4.0-1014-aws #14taskcluster1-Ubuntu SMP Tue Apr 3 10:27:00 UTC 2018 x86_64
[task 2018-08-03T16:17:25.831Z] CPU: amd64
[task 2018-08-03T16:17:25.831Z]      family 6 model 85 stepping 3
[task 2018-08-03T16:17:25.831Z]      1 CPU
[task 2018-08-03T16:17:25.831Z] 
[task 2018-08-03T16:17:25.831Z] GPU: UNKNOWN
[task 2018-08-03T16:17:25.831Z] 
[task 2018-08-03T16:17:25.831Z] Crash reason:  SIGSEGV
[task 2018-08-03T16:17:25.831Z] Crash address: 0x0
[task 2018-08-03T16:17:25.831Z] Process uptime: not available
[task 2018-08-03T16:17:25.831Z] 
[task 2018-08-03T16:17:25.831Z] Thread 0 (crashed)
[task 2018-08-03T16:17:25.831Z]  0  js!js::NativeObject::hasAllFlags [Shape.h:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 906 + 0x0]
[task 2018-08-03T16:17:25.831Z]     rax = 0xbad0bad1f43e2060   rdx = 0x00007ffff43914f0
[task 2018-08-03T16:17:25.831Z]     rcx = 0x000000000223a1c0   rbx = 0x00007ffff43a3050
[task 2018-08-03T16:17:25.831Z]     rsi = 0x0000000000000009   rdi = 0x00007ffff4396200
[task 2018-08-03T16:17:25.831Z]     rbp = 0x00007fffffffb290   rsp = 0x00007fffffffb288
[task 2018-08-03T16:17:25.831Z]      r8 = 0x00007ffff57056c0    r9 = 0x0000000000004f25
[task 2018-08-03T16:17:25.831Z]     r10 = 0x001501ce1aa77060   r11 = 0x0000000000000206
[task 2018-08-03T16:17:25.831Z]     r12 = 0x0000000000000000   r13 = 0x00007fffffffb2e8
[task 2018-08-03T16:17:25.831Z]     r14 = 0x00007ffff43f5d80   r15 = 0x00007fffffffb430
[task 2018-08-03T16:17:25.831Z]     rip = 0x00000000004c1aec
[task 2018-08-03T16:17:25.831Z]     Found by: given as instruction pointer in context
[task 2018-08-03T16:17:25.831Z]  1  js!js::NativeObject::getDenseInitializedLength [NativeObject.h:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 808 + 0x5]
[task 2018-08-03T16:17:25.831Z]     rbx = 0x00007ffff43a3050   rbp = 0x00007fffffffb290
[task 2018-08-03T16:17:25.831Z]     rsp = 0x00007fffffffb290   r12 = 0x0000000000000000
[task 2018-08-03T16:17:25.831Z]     r13 = 0x00007fffffffb2e8   r14 = 0x00007ffff43f5d80
[task 2018-08-03T16:17:25.831Z]     r15 = 0x00007fffffffb430   rip = 0x00000000004c3d39
[task 2018-08-03T16:17:25.831Z]     Found by: call frame info
[task 2018-08-03T16:17:25.832Z]  2  js!visitReferences<(anonymous namespace)::MemoryTracingVisitor> [TypedObject.cpp:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 1040 + 0x8]
[task 2018-08-03T16:17:25.832Z]     rbx = 0x00007ffff43a3050   rbp = 0x00007fffffffb2d0
[task 2018-08-03T16:17:25.832Z]     rsp = 0x00007fffffffb2a0   r12 = 0x0000000000000000
[task 2018-08-03T16:17:25.832Z]     r13 = 0x00007fffffffb2e8   r14 = 0x00007ffff43f5d80
[task 2018-08-03T16:17:25.832Z]     r15 = 0x00007fffffffb430   rip = 0x00000000008e1c38
[task 2018-08-03T16:17:25.832Z]     Found by: call frame info
[task 2018-08-03T16:17:25.832Z]  3  js!js::InlineTypedObject::obj_trace [TypedObject.cpp:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 2878 + 0x5]
[task 2018-08-03T16:17:25.832Z]     rbx = 0x00007ffff43a3040   rbp = 0x00007fffffffb310
[task 2018-08-03T16:17:25.832Z]     rsp = 0x00007fffffffb2e0   r12 = 0x00007ffff43f5d80
[task 2018-08-03T16:17:25.832Z]     r13 = 0x00007fffffffb438   r14 = 0x00007fffffffb438
[task 2018-08-03T16:17:25.832Z]     r15 = 0x00007fffffffb430   rip = 0x00000000008e2216
[task 2018-08-03T16:17:25.832Z]     Found by: call frame info
[task 2018-08-03T16:17:25.832Z]  4  js!JSObject::traceChildren [Class.h:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 893 + 0x16]
[task 2018-08-03T16:17:25.832Z]     rbx = 0x0000000002246940   rbp = 0x00007fffffffb380
[task 2018-08-03T16:17:25.832Z]     rsp = 0x00007fffffffb320   r12 = 0x00007ffff43a3040
[task 2018-08-03T16:17:25.832Z]     r13 = 0x00007fffffffb438   r14 = 0x00007fffffffb438
[task 2018-08-03T16:17:25.832Z]     r15 = 0x00007fffffffb430   rip = 0x0000000000b9ad44
[task 2018-08-03T16:17:25.832Z]     Found by: call frame info
[task 2018-08-03T16:17:25.832Z]  5  js!UpdateArenaPointersTyped<JSObject> [GC.cpp:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 2569 + 0xb]
[task 2018-08-03T16:17:25.832Z]     rbx = 0x00007fffffffb390   rbp = 0x00007fffffffb3e0
[task 2018-08-03T16:17:25.832Z]     rsp = 0x00007fffffffb390   r12 = 0x00007ffff43a3040
[task 2018-08-03T16:17:25.832Z]     r13 = 0x00007fffffffb438   r14 = 0x00007fffffffb5d0
[task 2018-08-03T16:17:25.832Z]     r15 = 0x00007fffffffb430   rip = 0x0000000000f0e10e
[task 2018-08-03T16:17:25.832Z]     Found by: call frame info

André Bargull [:anba]

Assignee

Comment 1

•

6 years ago

The crash is caused by the changed in bug 1478503. Specifically the |isExtensible()| call in [1], which crashes because |shape()->base()| is a relocated pointer.

Jan, is it expected that |shape()->base()| of the array stored in |JS_DESCR_SLOT_STRUCT_FIELD_NAMES| can be a relocated pointer during |js::InlineTypedObject::obj_trace|? 

[1] https://searchfox.org/mozilla-central/rev/3fdc491e118c5cdfbaf6e2d52f3466d2b27ad1de/js/src/vm/NativeObject.h#544-545



Simplified test case, run with `JS_GC_ZEAL=IncrementalMultipleSlices` and `--no-threads` to avoid spawning multiple threads (typed objects related?).
---
var Objects = new TypedObject.StructType({f: TypedObject.Object});

for (var i = 0; i < 1000; ++i) {
    var objects = new Objects({f: 0});
}
---


Crash:
---
Thread 1 "mozjs-debug" received signal SIGSEGV, Segmentation fault.
0x00000000014347fd in js::Shape::hasAllObjectFlags (this=0x7ffff5ad2078, flags=js::BaseShape::NOT_EXTENSIBLE) at /home/andre/git/mozilla-central/js/src/vm/Shape.h:906
906             return (base()->flags & flags) == flags;
---


Crashes because |shape->base()| is relocated (0xbad0bad1):
---
(gdb) p base()
$1 = (js::BaseShape *) 0xbad0bad1f5aca0a0
---


Stack trace:
---
#0  0x00000000014347fd in js::Shape::hasAllObjectFlags(js::BaseShape::Flag) const (this=0x7ffff5ad2078, flags=js::BaseShape::NOT_EXTENSIBLE) at /home/andre/git/mozilla-central/js/src/vm/Shape.h:906 [0/39]
#1  0x0000000001434712 in js::NativeObject::hasAllFlags(js::BaseShape::Flag) const (this=(const js::NativeObject *) 0x7ffff5a8b040 Cannot access memory at address 0xbad0bad1f5aca0a8, flags=js::BaseShape::NOT_EXTENSIBLE) at /home/andre/git/mozilla-central/js/src/vm/NativeObject.h:801
#2  0x000000000142ff4a in js::NativeObject::isExtensible() const (this=(const js::NativeObject *) 0x7ffff5a8b040 Cannot access memory at address 0xbad0bad1f5aca0a8)
    at /home/andre/git/mozilla-central/js/src/vm/NativeObject.h:808
#3  0x000000000142eead in js::NativeObject::getDenseInitializedLength() const (this=(const js::NativeObject *) 0x7ffff5a8b040 Cannot access memory at address 0xbad0bad1f5aca0a8)
    at /home/andre/git/mozilla-central/js/src/vm/NativeObject.h:544
#4  0x0000000001b32474 in js::StructTypeDescr::fieldCount() const (this=(const js::StructTypeDescr *) 0x7ffff5aa17e0 [object StructType])
    at /home/andre/git/mozilla-central/js/src/builtin/TypedObject.cpp:1040
#5  0x0000000001b40465 in visitReferences<(anonymous namespace)::MemoryTracingVisitor>(js::TypeDescr&, unsigned char*, (anonymous namespace)::MemoryTracingVisitor&) (descr=(js::TypeDescr &) @0x7ffff5aa17e0 [object StructType], mem=0x7ffff5a8a050 "@\260\251\365\377\177", visitor=...) at /home/andre/git/mozilla-central/js/src/builtin/TypedObject.cpp:2743
#6  0x0000000001b36a17 in js::TypeDescr::traceInstances(JSTracer*, unsigned char*, unsigned long) (this=(js::TypeDescr *) 0x7ffff5aa17e0 [object StructType], trace=0x7fffffff8148, mem=0x7ffff5a8a050 "@\260\251\365\377\177", length=1) at /home/andre/git/mozilla-central/js/src/builtin/TypedObject.cpp:2878
#7  0x0000000001b394d8 in js::InlineTypedObject::obj_trace(JSTracer*, JSObject*) (trc=0x7fffffff8148, object=(JSObject *) 0x7ffff5a8a040 [object InlineOpaqueTypedObject])
    at /home/andre/git/mozilla-central/js/src/builtin/TypedObject.cpp:2129
#8  0x000000000160f15b in js::Class::doTrace(JSTracer*, JSObject*) const (this=0x27ac7f0 <js::InlineOpaqueTypedObject::class_>, trc=0x7fffffff8148, obj=(JSObject *) 0x7ffff5a8a040 [object InlineOpaqueTypedObject]) at /home/andre/git/mozilla-central/js/src/build-debug-master/dist/include/js/Class.h:893
#9  0x0000000001f5ba53 in JSObject::traceChildren(JSTracer*) (this=(JSObject *) 0x7ffff5a8a040 [object InlineOpaqueTypedObject], trc=0x7fffffff8148)
    at /home/andre/git/mozilla-central/js/src/vm/JSObject.cpp:3955
#10 0x000000000248c567 in UpdateCellPointers<JSObject>(js::gc::MovingTracer*, JSObject*) (trc=0x7fffffff8140, cell=(JSObject *) 0x7ffff5a8a040 [object InlineOpaqueTypedObject])
    at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2569
#11 0x00000000024b78a4 in UpdateArenaPointersTyped<JSObject>(js::gc::MovingTracer*, js::gc::Arena*) (trc=0x7fffffff8140, arena=0x7ffff5a8a000) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2577
#12 0x000000000248c1fc in UpdateArenaPointers(js::gc::MovingTracer*, js::gc::Arena*) (trc=0x7fffffff8140, arena=0x7ffff5a8a000) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2593
#13 0x000000000248c166 in js::gc::UpdatePointersTask::updateArenas() (this=0x7fffffff8598) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2715
#14 0x000000000248c45f in js::gc::UpdatePointersTask::run() (this=0x7fffffff8598) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2725
#15 0x000000000250d875 in js::GCParallelTaskHelper<js::gc::UpdatePointersTask>::runTaskTyped(js::GCParallelTask*) (task=0x7fffffff8598) at /home/andre/git/mozilla-central/js/src/gc/GCParallelTask.h:153
#16 0x0000000001f20b9b in js::GCParallelTask::runTask() (this=0x7fffffff8598) at /home/andre/git/mozilla-central/js/src/gc/GCParallelTask.h:130
#17 0x0000000001efb728 in js::GCParallelTask::runFromMainThread(JSRuntime*) (this=0x7fffffff8598, rt=0x7ffff5b19000) at /home/andre/git/mozilla-central/js/src/vm/HelperThreads.cpp:1577
#18 0x000000000248c835 in js::gc::GCRuntime::updateCellPointers(JS::Zone*, mozilla::EnumSet<js::gc::AllocKind>, unsigned long) (this=0x7ffff5b196d8, zone=0x7ffff57d7000, kinds=..., bgTaskCount=0)
    at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2801
#19 0x000000000248cc80 in js::gc::GCRuntime::updateAllCellPointers(js::gc::MovingTracer*, JS::Zone*) (this=0x7ffff5b196d8, trc=0x7fffffff8780, zone=0x7ffff57d7000)
    at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2885
#20 0x000000000248ce86 in js::gc::GCRuntime::updateZonePointersToRelocatedCells(JS::Zone*) (this=0x7ffff5b196d8, zone=0x7ffff57d7000) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2918
#21 0x000000000249c104 in js::gc::GCRuntime::compactPhase(JS::gcreason::Reason, js::SliceBudget&, js::gc::AutoGCSession&) (this=0x7ffff5b196d8, reason=JS::gcreason::DEBUG_GC, sliceBudget=..., session=...) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:6767
#22 0x000000000249e734 in js::gc::GCRuntime::incrementalCollectSlice(js::SliceBudget&, JS::gcreason::Reason, js::gc::AutoGCSession&) (this=0x7ffff5b196d8, budget=..., reason=JS::gcreason::DEBUG_GC, sessio
n=...) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:7272
#23 0x000000000249f8be in js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, JS::gcreason::Reason) (this=0x7ffff5b196d8, nonincrementalByAPI=false, budget=..., reason=JS::gcreason::DEBUG_GC)
    at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:7554
#24 0x00000000024a06f3 in js::gc::GCRuntime::collect(bool, js::SliceBudget, JS::gcreason::Reason) (this=0x7ffff5b196d8, nonincrementalByAPI=false, budget=..., reason=JS::gcreason::DEBUG_GC)
    at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:7728
#25 0x00000000024a3ffc in js::gc::GCRuntime::runDebugGC() (this=0x7ffff5b196d8) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:8296
...
---

Blocks: 1478503

Flags: needinfo?(jdemooij)

Jan de Mooij [:jandem]

Comment 2

•

6 years ago

Good find. The simplest fix is probably to remove the assertion in getDenseInitializedLength (it was just of the "we want to put this somewhere" kind anyway).

Not sure what's a good place for it... Maybe here:

https://searchfox.org/mozilla-central/rev/3fdc491e118c5cdfbaf6e2d52f3466d2b27ad1de/js/src/vm/JSObject.cpp#2741

That way when you call Object.preventExtensions(obj) and the object is non-extensible, we just check the invariant still holds, which doesn't seem totally unreasonable.

Flags: needinfo?(jdemooij)

André Bargull [:anba]

Assignee

Comment 3

•

6 years ago

Attached patch bug1480963.patch — Details — Splinter Review

Ended up adding the check into js::PreventExtensions and into its companion method js::IsExtensible.

Assignee: nobody → andrebargull

Status: NEW → ASSIGNED

Attachment #8997969 - Flags: review?(jdemooij)

Jan de Mooij [:jandem]

Comment 4

•

6 years ago

Comment on attachment 8997969 [details] [diff] [review]
bug1480963.patch

Review of attachment 8997969 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks!

Attachment #8997969 - Flags: review?(jdemooij) → review+

André Bargull [:anba]

Assignee

Comment 7

•

6 years ago

Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=495374cf2efd8f47ba02446e22fe0fac6d05c6b7

Keywords: checkin-needed

Pulsebot

Comment 8

•

6 years ago

Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/aef4c2ae8559
Remove initialized-length is equal to capacity check in getDenseInitializedLength. r=jandem

Keywords: checkin-needed

Andreea Pavel [:apavel]

Comment 9

•

6 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/aef4c2ae8559

Status: ASSIGNED → RESOLVED

Closed: 6 years ago

status-firefox63: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla63

Ryan VanderMeulen [:RyanVM]

Updated

•

6 years ago

status-firefox61: --- → unaffected

status-firefox62: --- → unaffected

status-firefox-esr52: --- → unaffected

status-firefox-esr60: --- → unaffected

Keywords: crash, regression

Comment hidden (Intermittent Failures Robot)

1 failures in 2579 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:
* mozilla-inbound: 1

Platform breakdown:
* linux64: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1480963&startday=2018-08-06&endday=2018-08-12&tree=all

Bugzilla

Quick Search

Intermittent non262/TypedObject/storageopaque.js | (args: "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so") [0.3 s]

Categories

(Core :: JavaScript Engine, defect, P5)

Tracking

()

People

(Reporter: intermittent-bug-filer, Assigned: anba)

References

Details

(Keywords: crash, intermittent-failure, regression)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Comment 7

Comment 8

Comment 9

Updated

Comment 10

Attachment

General

Description

File Name

Content Type