Looks like something easy. Patch forthcoming.
https://build-safari.apple.com/results/Trunk%20Gala%20Debug%20Stress%20GC%20WK1%20Tests/r208750_89043%20(4374)/results.html In particular: Thread 27 Crashed:: WTF::AutomaticThread 0 com.apple.JavaScriptCore 0x000000010ff1ec27 WTFCrash + 39 1 com.apple.JavaScriptCore 0x000000010f706ff9 JSC::Heap::markToFixpoint(double)::$_2::operator()() const + 137 2 com.apple.JavaScriptCore 0x000000010f7070d3 JSC::Heap::markToFixpoint(double)::$_3::operator()(WTF::MonotonicTime) const + 67 3 com.apple.JavaScriptCore 0x000000010f706806 JSC::Heap::markToFixpoint(double) + 3590 4 com.apple.JavaScriptCore 0x000000010f7096e6 JSC::Heap::collectInThread() + 950 5 com.apple.JavaScriptCore 0x000000010f7120d9 JSC::Heap::Thread::work() + 25 6 com.apple.JavaScriptCore 0x000000010ff845b3 WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0::operator()() const + 579 7 com.apple.JavaScriptCore 0x000000010ff8435d void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0&>(WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0&&&) + 45 8 com.apple.JavaScriptCore 0x000000010ff8414c std::__1::__function::__func<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0, std::__1::allocator<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0>, void ()>::operator()() + 44 9 com.apple.JavaScriptCore 0x000000010f4ac51a std::__1::function<void ()>::operator()() const + 26 10 com.apple.JavaScriptCore 0x000000010ff96fee WTF::threadEntryPoint(void*) + 158 11 com.apple.JavaScriptCore 0x000000010ff98a91 WTF::wtfThreadEntryPoint(void*) + 289 12 libsystem_pthread.dylib 0x00000001262e399d _pthread_body + 131 13 libsystem_pthread.dylib 0x00000001262e391a _pthread_start + 168 14 libsystem_pthread.dylib 0x00000001262e1351 thread_start + 13
This might fix it: https://trac.webkit.org/changeset/208763