Happens on bot, and reproducible locally: run-webkit-tests js/dfg-create-inlined-arguments-in-closure-inline.html --repeat-each 1000 Thread 10 Crashed:: JSC Compilation Thread 0 com.apple.JavaScriptCore 0x000000010303e4b0 JSC::WriteBarrierBase<JSC::Structure>::get() const + 16 (WriteBarrier.h:92) 1 com.apple.JavaScriptCore 0x00000001030c968c JSC::ClosureCallStubRoutine::structure() const + 28 (ClosureCallStubRoutine.h:44) 2 com.apple.JavaScriptCore 0x00000001030cb827 JSC::CallLinkStatus::computeFor(JSC::ConcurrentJITLocker const&, JSC::CallLinkInfo&) + 151 (CallLinkStatus.cpp:156) 3 com.apple.JavaScriptCore 0x00000001030cb6bc JSC::CallLinkStatus::computeFor(JSC::CodeBlock*, unsigned int, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkInfo*, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkInfo*> > const&) + 396 (CallLinkStatus.cpp:136) 4 com.apple.JavaScriptCore 0x00000001030cbcc4 JSC::CallLinkStatus::computeFor(JSC::CodeBlock*, JSC::CodeOrigin, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkInfo*, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkInfo*> > const&, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkStatus, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkStatus> > const&) + 212 (CallLinkStatus.cpp:238) 5 com.apple.JavaScriptCore 0x0000000103189e79 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CodeSpecializationKind, unsigned int, int, int, int) + 441 (DFGByteCodeParser.cpp:1211)
<rdar://problem/16766362>
Please don't use the word "flaky". It is a cancer on the mind.
Please don't randomly remove relevant information from bug titles. If you can come up with a better way to describe the situation, let's discuss that on webkit-dev. I also don't agree with your negative characterization of "flakily crashes". "Flaky test" is a misleading concept, but "flakily crashing" is relevant factual information.