Closed
Bug 1480963
Opened 6 years ago
Closed 6 years ago
Intermittent non262/TypedObject/storageopaque.js | (args: "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so") [0.3 s]
Categories
(Core :: JavaScript Engine, defect, P5)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla63
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox-esr60 | --- | unaffected |
| firefox61 | --- | unaffected |
| firefox62 | --- | unaffected |
| firefox63 | --- | fixed |
People
(Reporter: intermittent-bug-filer, Assigned: anba)
References
Details
(Keywords: crash, intermittent-failure, regression)
Attachments
(1 file)
|
4.28 KB,
patch
|
jandem
:
review+
|
Details | Diff | Splinter Review |
Filed by: apavel [at] mozilla.com
https://treeherder.mozilla.org/logviewer.html#?job_id=191884838&repo=mozilla-inbound
https://queue.taskcluster.net/v1/task/etK6qohZT9KwxNoATnm7kQ/runs/0/artifacts/public/logs/live_backing.log
[task 2018-08-03T16:07:07.703Z] TEST-PASS | non262/TypedObject/structtypeindexedfields.js | (args: "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so") [0.3 s]
[task 2018-08-03T16:07:07.703Z] {"action": "test_start", "jitflags": [], "pid": 20250, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "test": "non262/TypedObject/structtypeindexedfields.js", "thread": "main", "time": 1533312427.395463}
[task 2018-08-03T16:07:07.703Z] {"action": "test_end", "extra": {"jitflags": [], "pid": 20250, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so"}, "jitflags": [], "pid": 20250, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "status": "PASS", "test": "non262/TypedObject/structtypeindexedfields.js", "thread": "main", "time": 1533312427.703033}
[task 2018-08-03T16:07:07.707Z] ## non262/TypedObject/storageopaque.js: rc = -11, run time = 0.301804
[task 2018-08-03T16:07:07.707Z] 898356:
[task 2018-08-03T16:07:07.707Z] TEST-UNEXPECTED-FAIL | non262/TypedObject/storageopaque.js | (args: "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so") [0.3 s]
[task 2018-08-03T16:07:07.708Z] {"action": "test_start", "jitflags": [], "pid": 20261, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "test": "non262/TypedObject/storageopaque.js", "thread": "main", "time": 1533312427.406015}
[task 2018-08-03T16:07:07.708Z] {"action": "test_end", "extra": {"jitflags": [], "pid": 20261, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so"}, "jitflags": [], "pid": 20261, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "status": "FAIL", "test": "non262/TypedObject/storageopaque.js", "thread": "main", "time": 1533312427.707819}
[task 2018-08-03T16:07:07.712Z] TEST-PASS | non262/TypedObject/simpleequiv.js | (args: "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so") [0.3 s]
[task 2018-08-03T16:17:24.804Z] TEST-PASS | test262/intl402/supportedLocalesOf-unicode-extensions-ignored.js | (args: "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so") [34.0 s]
[task 2018-08-03T16:17:24.804Z] {"action": "test_start", "jitflags": [], "pid": 16144, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "test": "test262/intl402/supportedLocalesOf-unicode-extensions-ignored.js", "thread": "main", "time": 1533313010.7666562}
[task 2018-08-03T16:17:24.804Z] {"action": "test_end", "extra": {"jitflags": [], "pid": 16144, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so"}, "jitflags": [], "pid": 16144, "shell_args": "--dll /builds/worker/workspace/breakpad-tools/libbreakpadinjector.so", "source": "jstests", "status": "PASS", "test": "test262/intl402/supportedLocalesOf-unicode-extensions-ignored.js", "thread": "main", "time": 1533313044.804496}
[task 2018-08-03T16:17:24.804Z] {"action": "suite_end", "pid": 926, "source": "jstests", "thread": "main", "time": 1533313044.80463}
[task 2018-08-03T16:17:24.864Z] Makefile:73: recipe for target 'check-jstests' failed
[task 2018-08-03T16:17:24.864Z] make[1]: *** [check-jstests] Error 1
[task 2018-08-03T16:17:24.864Z] make[1]: Leaving directory '/builds/worker/workspace/build/src/obj-spider/js/src'
[task 2018-08-03T16:17:24.865Z] Makefile:348: recipe for target 'check-jstests' failed
[task 2018-08-03T16:17:24.865Z] make: *** [check-jstests] Error 2
[task 2018-08-03T16:17:24.865Z] in directory /builds/worker/workspace/build/src/obj-spider, running ['/builds/worker/workspace/build/src/obj-spider/_virtualenvs/init/bin/python', '/builds/worker/workspace/build/src/testing/mozbase/mozcrash/mozcrash/mozcrash.py', '/tmp', '/builds/worker/workspace/build/src/obj-spider/dist/crashreporter-symbols']
[task 2018-08-03T16:17:24.936Z] mozcrash INFO | Copy/paste: /builds/worker/workspace/breakpad-tools/minidump_stackwalk /tmp/b36b51cc-e09a-46dd-aa26179b-af47f1a7.dmp /builds/worker/workspace/build/src/obj-spider/dist/crashreporter-symbols
[task 2018-08-03T16:17:25.831Z] mozcrash INFO | Saved minidump as /builds/worker/artifacts/b36b51cc-e09a-46dd-aa26179b-af47f1a7.dmp
[task 2018-08-03T16:17:25.831Z] PROCESS-CRASH | mozcrash.py | application crashed [@ js::NativeObject::hasAllFlags]
[task 2018-08-03T16:17:25.831Z] Crash dump filename: /tmp/b36b51cc-e09a-46dd-aa26179b-af47f1a7.dmp
[task 2018-08-03T16:17:25.831Z] Operating system: Linux
[task 2018-08-03T16:17:25.831Z] 0.0.0 Linux 4.4.0-1014-aws #14taskcluster1-Ubuntu SMP Tue Apr 3 10:27:00 UTC 2018 x86_64
[task 2018-08-03T16:17:25.831Z] CPU: amd64
[task 2018-08-03T16:17:25.831Z] family 6 model 85 stepping 3
[task 2018-08-03T16:17:25.831Z] 1 CPU
[task 2018-08-03T16:17:25.831Z]
[task 2018-08-03T16:17:25.831Z] GPU: UNKNOWN
[task 2018-08-03T16:17:25.831Z]
[task 2018-08-03T16:17:25.831Z] Crash reason: SIGSEGV
[task 2018-08-03T16:17:25.831Z] Crash address: 0x0
[task 2018-08-03T16:17:25.831Z] Process uptime: not available
[task 2018-08-03T16:17:25.831Z]
[task 2018-08-03T16:17:25.831Z] Thread 0 (crashed)
[task 2018-08-03T16:17:25.831Z] 0 js!js::NativeObject::hasAllFlags [Shape.h:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 906 + 0x0]
[task 2018-08-03T16:17:25.831Z] rax = 0xbad0bad1f43e2060 rdx = 0x00007ffff43914f0
[task 2018-08-03T16:17:25.831Z] rcx = 0x000000000223a1c0 rbx = 0x00007ffff43a3050
[task 2018-08-03T16:17:25.831Z] rsi = 0x0000000000000009 rdi = 0x00007ffff4396200
[task 2018-08-03T16:17:25.831Z] rbp = 0x00007fffffffb290 rsp = 0x00007fffffffb288
[task 2018-08-03T16:17:25.831Z] r8 = 0x00007ffff57056c0 r9 = 0x0000000000004f25
[task 2018-08-03T16:17:25.831Z] r10 = 0x001501ce1aa77060 r11 = 0x0000000000000206
[task 2018-08-03T16:17:25.831Z] r12 = 0x0000000000000000 r13 = 0x00007fffffffb2e8
[task 2018-08-03T16:17:25.831Z] r14 = 0x00007ffff43f5d80 r15 = 0x00007fffffffb430
[task 2018-08-03T16:17:25.831Z] rip = 0x00000000004c1aec
[task 2018-08-03T16:17:25.831Z] Found by: given as instruction pointer in context
[task 2018-08-03T16:17:25.831Z] 1 js!js::NativeObject::getDenseInitializedLength [NativeObject.h:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 808 + 0x5]
[task 2018-08-03T16:17:25.831Z] rbx = 0x00007ffff43a3050 rbp = 0x00007fffffffb290
[task 2018-08-03T16:17:25.831Z] rsp = 0x00007fffffffb290 r12 = 0x0000000000000000
[task 2018-08-03T16:17:25.831Z] r13 = 0x00007fffffffb2e8 r14 = 0x00007ffff43f5d80
[task 2018-08-03T16:17:25.831Z] r15 = 0x00007fffffffb430 rip = 0x00000000004c3d39
[task 2018-08-03T16:17:25.831Z] Found by: call frame info
[task 2018-08-03T16:17:25.832Z] 2 js!visitReferences<(anonymous namespace)::MemoryTracingVisitor> [TypedObject.cpp:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 1040 + 0x8]
[task 2018-08-03T16:17:25.832Z] rbx = 0x00007ffff43a3050 rbp = 0x00007fffffffb2d0
[task 2018-08-03T16:17:25.832Z] rsp = 0x00007fffffffb2a0 r12 = 0x0000000000000000
[task 2018-08-03T16:17:25.832Z] r13 = 0x00007fffffffb2e8 r14 = 0x00007ffff43f5d80
[task 2018-08-03T16:17:25.832Z] r15 = 0x00007fffffffb430 rip = 0x00000000008e1c38
[task 2018-08-03T16:17:25.832Z] Found by: call frame info
[task 2018-08-03T16:17:25.832Z] 3 js!js::InlineTypedObject::obj_trace [TypedObject.cpp:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 2878 + 0x5]
[task 2018-08-03T16:17:25.832Z] rbx = 0x00007ffff43a3040 rbp = 0x00007fffffffb310
[task 2018-08-03T16:17:25.832Z] rsp = 0x00007fffffffb2e0 r12 = 0x00007ffff43f5d80
[task 2018-08-03T16:17:25.832Z] r13 = 0x00007fffffffb438 r14 = 0x00007fffffffb438
[task 2018-08-03T16:17:25.832Z] r15 = 0x00007fffffffb430 rip = 0x00000000008e2216
[task 2018-08-03T16:17:25.832Z] Found by: call frame info
[task 2018-08-03T16:17:25.832Z] 4 js!JSObject::traceChildren [Class.h:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 893 + 0x16]
[task 2018-08-03T16:17:25.832Z] rbx = 0x0000000002246940 rbp = 0x00007fffffffb380
[task 2018-08-03T16:17:25.832Z] rsp = 0x00007fffffffb320 r12 = 0x00007ffff43a3040
[task 2018-08-03T16:17:25.832Z] r13 = 0x00007fffffffb438 r14 = 0x00007fffffffb438
[task 2018-08-03T16:17:25.832Z] r15 = 0x00007fffffffb430 rip = 0x0000000000b9ad44
[task 2018-08-03T16:17:25.832Z] Found by: call frame info
[task 2018-08-03T16:17:25.832Z] 5 js!UpdateArenaPointersTyped<JSObject> [GC.cpp:c543368b25a6bc3380ddb207e290a7dfdfcc8be1 : 2569 + 0xb]
[task 2018-08-03T16:17:25.832Z] rbx = 0x00007fffffffb390 rbp = 0x00007fffffffb3e0
[task 2018-08-03T16:17:25.832Z] rsp = 0x00007fffffffb390 r12 = 0x00007ffff43a3040
[task 2018-08-03T16:17:25.832Z] r13 = 0x00007fffffffb438 r14 = 0x00007fffffffb5d0
[task 2018-08-03T16:17:25.832Z] r15 = 0x00007fffffffb430 rip = 0x0000000000f0e10e
[task 2018-08-03T16:17:25.832Z] Found by: call frame info
|
Assignee | |
Comment 1•6 years ago
|
||
The crash is caused by the changed in bug 1478503. Specifically the |isExtensible()| call in [1], which crashes because |shape()->base()| is a relocated pointer.
Jan, is it expected that |shape()->base()| of the array stored in |JS_DESCR_SLOT_STRUCT_FIELD_NAMES| can be a relocated pointer during |js::InlineTypedObject::obj_trace|?
[1] https://searchfox.org/mozilla-central/rev/3fdc491e118c5cdfbaf6e2d52f3466d2b27ad1de/js/src/vm/NativeObject.h#544-545
Simplified test case, run with `JS_GC_ZEAL=IncrementalMultipleSlices` and `--no-threads` to avoid spawning multiple threads (typed objects related?).
---
var Objects = new TypedObject.StructType({f: TypedObject.Object});
for (var i = 0; i < 1000; ++i) {
var objects = new Objects({f: 0});
}
---
Crash:
---
Thread 1 "mozjs-debug" received signal SIGSEGV, Segmentation fault.
0x00000000014347fd in js::Shape::hasAllObjectFlags (this=0x7ffff5ad2078, flags=js::BaseShape::NOT_EXTENSIBLE) at /home/andre/git/mozilla-central/js/src/vm/Shape.h:906
906 return (base()->flags & flags) == flags;
---
Crashes because |shape->base()| is relocated (0xbad0bad1):
---
(gdb) p base()
$1 = (js::BaseShape *) 0xbad0bad1f5aca0a0
---
Stack trace:
---
#0 0x00000000014347fd in js::Shape::hasAllObjectFlags(js::BaseShape::Flag) const (this=0x7ffff5ad2078, flags=js::BaseShape::NOT_EXTENSIBLE) at /home/andre/git/mozilla-central/js/src/vm/Shape.h:906 [0/39]
#1 0x0000000001434712 in js::NativeObject::hasAllFlags(js::BaseShape::Flag) const (this=(const js::NativeObject *) 0x7ffff5a8b040 Cannot access memory at address 0xbad0bad1f5aca0a8, flags=js::BaseShape::NOT_EXTENSIBLE) at /home/andre/git/mozilla-central/js/src/vm/NativeObject.h:801
#2 0x000000000142ff4a in js::NativeObject::isExtensible() const (this=(const js::NativeObject *) 0x7ffff5a8b040 Cannot access memory at address 0xbad0bad1f5aca0a8)
at /home/andre/git/mozilla-central/js/src/vm/NativeObject.h:808
#3 0x000000000142eead in js::NativeObject::getDenseInitializedLength() const (this=(const js::NativeObject *) 0x7ffff5a8b040 Cannot access memory at address 0xbad0bad1f5aca0a8)
at /home/andre/git/mozilla-central/js/src/vm/NativeObject.h:544
#4 0x0000000001b32474 in js::StructTypeDescr::fieldCount() const (this=(const js::StructTypeDescr *) 0x7ffff5aa17e0 [object StructType])
at /home/andre/git/mozilla-central/js/src/builtin/TypedObject.cpp:1040
#5 0x0000000001b40465 in visitReferences<(anonymous namespace)::MemoryTracingVisitor>(js::TypeDescr&, unsigned char*, (anonymous namespace)::MemoryTracingVisitor&) (descr=(js::TypeDescr &) @0x7ffff5aa17e0 [object StructType], mem=0x7ffff5a8a050 "@\260\251\365\377\177", visitor=...) at /home/andre/git/mozilla-central/js/src/builtin/TypedObject.cpp:2743
#6 0x0000000001b36a17 in js::TypeDescr::traceInstances(JSTracer*, unsigned char*, unsigned long) (this=(js::TypeDescr *) 0x7ffff5aa17e0 [object StructType], trace=0x7fffffff8148, mem=0x7ffff5a8a050 "@\260\251\365\377\177", length=1) at /home/andre/git/mozilla-central/js/src/builtin/TypedObject.cpp:2878
#7 0x0000000001b394d8 in js::InlineTypedObject::obj_trace(JSTracer*, JSObject*) (trc=0x7fffffff8148, object=(JSObject *) 0x7ffff5a8a040 [object InlineOpaqueTypedObject])
at /home/andre/git/mozilla-central/js/src/builtin/TypedObject.cpp:2129
#8 0x000000000160f15b in js::Class::doTrace(JSTracer*, JSObject*) const (this=0x27ac7f0 <js::InlineOpaqueTypedObject::class_>, trc=0x7fffffff8148, obj=(JSObject *) 0x7ffff5a8a040 [object InlineOpaqueTypedObject]) at /home/andre/git/mozilla-central/js/src/build-debug-master/dist/include/js/Class.h:893
#9 0x0000000001f5ba53 in JSObject::traceChildren(JSTracer*) (this=(JSObject *) 0x7ffff5a8a040 [object InlineOpaqueTypedObject], trc=0x7fffffff8148)
at /home/andre/git/mozilla-central/js/src/vm/JSObject.cpp:3955
#10 0x000000000248c567 in UpdateCellPointers<JSObject>(js::gc::MovingTracer*, JSObject*) (trc=0x7fffffff8140, cell=(JSObject *) 0x7ffff5a8a040 [object InlineOpaqueTypedObject])
at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2569
#11 0x00000000024b78a4 in UpdateArenaPointersTyped<JSObject>(js::gc::MovingTracer*, js::gc::Arena*) (trc=0x7fffffff8140, arena=0x7ffff5a8a000) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2577
#12 0x000000000248c1fc in UpdateArenaPointers(js::gc::MovingTracer*, js::gc::Arena*) (trc=0x7fffffff8140, arena=0x7ffff5a8a000) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2593
#13 0x000000000248c166 in js::gc::UpdatePointersTask::updateArenas() (this=0x7fffffff8598) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2715
#14 0x000000000248c45f in js::gc::UpdatePointersTask::run() (this=0x7fffffff8598) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2725
#15 0x000000000250d875 in js::GCParallelTaskHelper<js::gc::UpdatePointersTask>::runTaskTyped(js::GCParallelTask*) (task=0x7fffffff8598) at /home/andre/git/mozilla-central/js/src/gc/GCParallelTask.h:153
#16 0x0000000001f20b9b in js::GCParallelTask::runTask() (this=0x7fffffff8598) at /home/andre/git/mozilla-central/js/src/gc/GCParallelTask.h:130
#17 0x0000000001efb728 in js::GCParallelTask::runFromMainThread(JSRuntime*) (this=0x7fffffff8598, rt=0x7ffff5b19000) at /home/andre/git/mozilla-central/js/src/vm/HelperThreads.cpp:1577
#18 0x000000000248c835 in js::gc::GCRuntime::updateCellPointers(JS::Zone*, mozilla::EnumSet<js::gc::AllocKind>, unsigned long) (this=0x7ffff5b196d8, zone=0x7ffff57d7000, kinds=..., bgTaskCount=0)
at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2801
#19 0x000000000248cc80 in js::gc::GCRuntime::updateAllCellPointers(js::gc::MovingTracer*, JS::Zone*) (this=0x7ffff5b196d8, trc=0x7fffffff8780, zone=0x7ffff57d7000)
at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2885
#20 0x000000000248ce86 in js::gc::GCRuntime::updateZonePointersToRelocatedCells(JS::Zone*) (this=0x7ffff5b196d8, zone=0x7ffff57d7000) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:2918
#21 0x000000000249c104 in js::gc::GCRuntime::compactPhase(JS::gcreason::Reason, js::SliceBudget&, js::gc::AutoGCSession&) (this=0x7ffff5b196d8, reason=JS::gcreason::DEBUG_GC, sliceBudget=..., session=...) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:6767
#22 0x000000000249e734 in js::gc::GCRuntime::incrementalCollectSlice(js::SliceBudget&, JS::gcreason::Reason, js::gc::AutoGCSession&) (this=0x7ffff5b196d8, budget=..., reason=JS::gcreason::DEBUG_GC, sessio
n=...) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:7272
#23 0x000000000249f8be in js::gc::GCRuntime::gcCycle(bool, js::SliceBudget&, JS::gcreason::Reason) (this=0x7ffff5b196d8, nonincrementalByAPI=false, budget=..., reason=JS::gcreason::DEBUG_GC)
at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:7554
#24 0x00000000024a06f3 in js::gc::GCRuntime::collect(bool, js::SliceBudget, JS::gcreason::Reason) (this=0x7ffff5b196d8, nonincrementalByAPI=false, budget=..., reason=JS::gcreason::DEBUG_GC)
at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:7728
#25 0x00000000024a3ffc in js::gc::GCRuntime::runDebugGC() (this=0x7ffff5b196d8) at /home/andre/git/mozilla-central/js/src/gc/GC.cpp:8296
...
---
Blocks: 1478503
Flags: needinfo?(jdemooij)
|
||
Comment 2•6 years ago
|
||
Good find. The simplest fix is probably to remove the assertion in getDenseInitializedLength (it was just of the "we want to put this somewhere" kind anyway).
Not sure what's a good place for it... Maybe here:
https://searchfox.org/mozilla-central/rev/3fdc491e118c5cdfbaf6e2d52f3466d2b27ad1de/js/src/vm/JSObject.cpp#2741
That way when you call Object.preventExtensions(obj) and the object is non-extensible, we just check the invariant still holds, which doesn't seem totally unreasonable.
Flags: needinfo?(jdemooij)
|
|
Assignee | |
Comment 3•6 years ago
|
||
Ended up adding the check into js::PreventExtensions and into its companion method js::IsExtensible.
Assignee: nobody → andrebargull
Status: NEW → ASSIGNED
Attachment #8997969 -
Flags: review?(jdemooij)
|
|
||
Comment 4•6 years ago
|
||
Comment on attachment 8997969 [details] [diff] [review]
bug1480963.patch
Review of attachment 8997969 [details] [diff] [review]:
-----------------------------------------------------------------
Thanks!
Attachment #8997969 -
Flags: review?(jdemooij) → review+
|
|
Assignee | |
Comment 7•6 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=495374cf2efd8f47ba02446e22fe0fac6d05c6b7
Keywords: checkin-needed
Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/aef4c2ae8559
Remove initialized-length is equal to capacity check in getDenseInitializedLength. r=jandem
Keywords: checkin-needed
|
||
Comment 9•6 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
|
||
Updated•6 years ago
|
status-firefox61:
--- → unaffected
status-firefox62:
--- → unaffected
status-firefox-esr52:
--- → unaffected
status-firefox-esr60:
--- → unaffected
Keywords: crash,
regression
| Comment hidden (Intermittent Failures Robot) |
You need to log in
before you can comment on or make changes to this bug.
Description
•