[Webkit-unassigned] [Bug 156340] New: REGRESSION: Speedometer/Full.htm started to crash

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=156340

            Bug ID: 156340
           Summary: REGRESSION: Speedometer/Full.htm started to crash
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ossy at webkit.org
                CC: benjamin at webkit.org, fpizlo at apple.com,
                    keith_miller at apple.com, sbarati at apple.com

Speedometer/Full.htm started to crash between r199126 and r199135:
- https://build.webkit.org/builders/Apple%20El%20Capitan%20Release%20WK2%20%28Perf%29/builds/1650
- https://build.webkit.org/builders/Apple%20Yosemite%20Release%20WK2%20%28Perf%29/builds/4674
- https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/8315

only EFL bot provides crash log:
Running Speedometer/Full.html (151 of 151)
error: Speedometer/Full.html
1   0x7f1c3b2ace58
2   0x7f1c38e3c2f0
3   0x7f1c33f81780 JSC::JSArray::tryCreateUninitialized(JSC::VM&, JSC::Structure*, unsigned int)
4   0x7f1c34073713 JSC::arrayProtoPrivateFuncConcatMemcpy(JSC::ExecState*)
5   0x7f1be39ff0c8

It seems it is a bug in JSC somewhere.

JSC changes in this interval:
- https://trac.webkit.org/changeset/199128
- https://trac.webkit.org/changeset/199129
- https://trac.webkit.org/changeset/199132

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160407/b6ded9a0/attachment.html>