Saw this on regression tests: http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r167322%20(17192)/webgl/1.0.2/conformance/ogles/GL/equal/equal_001_to_008-crash-log.txt Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010bbe43d2 WTF::RefCountedArray<JSC::UnlinkedInstruction>::~RefCountedArray() + 50 (RefCountedArray.h:109) 1 com.apple.JavaScriptCore 0x000000010bbe4395 WTF::RefCountedArray<JSC::UnlinkedInstruction>::~RefCountedArray() + 21 (RefCountedArray.h:113) 2 com.apple.JavaScriptCore 0x000000010bbe434e JSC::UnlinkedInstructionStream::~UnlinkedInstructionStream() + 46 (UnlinkedInstructionStream.h:35) 3 com.apple.JavaScriptCore 0x000000010bbe42e5 JSC::UnlinkedInstructionStream::~UnlinkedInstructionStream() + 21 (UnlinkedInstructionStream.h:35) 4 com.apple.JavaScriptCore 0x000000010c238754 JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock() + 340 (memory:2488) 5 com.apple.JavaScriptCore 0x000000010c23a1f5 JSC::UnlinkedFunctionCodeBlock::~UnlinkedFunctionCodeBlock() + 21 (UnlinkedCodeBlock.h:698) 6 com.apple.JavaScriptCore 0x000000010c2392f5 JSC::UnlinkedFunctionCodeBlock::~UnlinkedFunctionCodeBlock() + 21 (UnlinkedCodeBlock.h:698) 7 com.apple.JavaScriptCore 0x000000010c236a3d JSC::UnlinkedFunctionCodeBlock::destroy(JSC::JSCell*) + 29 (UnlinkedCodeBlock.cpp:437) 8 com.apple.JavaScriptCore 0x000000010c0c213d JSC::MarkedBlock::callDestructor(JSC::JSCell*) + 61 (MarkedBlock.cpp:64) 9 com.apple.JavaScriptCore 0x000000010c0c2518 JSC::MarkedBlock::FreeList JSC::MarkedBlock::specializedSweep<(JSC::MarkedBlock::BlockState)3, (JSC::MarkedBlock::SweepMode)0, (JSC::MarkedBlock::DestructorType)1>() + 216 (MarkedBlock.cpp:78) 10 com.apple.JavaScriptCore 0x000000010c0c0ede JSC::MarkedBlock::FreeList JSC::MarkedBlock::sweepHelper<(JSC::MarkedBlock::DestructorType)1>(JSC::MarkedBlock::SweepMode) + 302 (MarkedBlock.cpp:139) This doesn't happen often - these WebGL tests are quite flaky, but I couldn't find this specific crash happen before.