Created attachment 329509 [details] Crash log Here is a crashlog pulled from one of the bots: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0027fb6d JSC::IndexingHeader::vectorLength() const + 13 (IndexingHeader.h:56) 1 com.apple.JavaScriptCore 0x0027fadf JSC::Butterfly::vectorLength() const + 31 (Butterfly.h:122) 2 com.apple.JavaScriptCore 0x0027f8a7 JSC::Butterfly::computeIndexingMask() const + 23 (Butterfly.h:127) 3 com.apple.JavaScriptCore 0x0028a4d7 JSC::JSObject::nukeStructureAndSetButterfly(JSC::VM&, JSC::Structure*, JSC::Butterfly*) + 103 (JSObject.h:1286) 4 com.apple.JavaScriptCore 0x00289552 bool JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)1>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&) + 2370 (JSObjectInlines.h:318) 5 com.apple.JavaScriptCore 0x00288174 JSC::JSObject::putDirect(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int) + 420 (JSObject.h:1507) 6 com.apple.JavaScriptCore 0x00fdccfe JSC::JSFunction::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 910 (JSFunction.cpp:393) 7 com.apple.JavaScriptCore 0x002b3984 JSC::JSObject::getNonIndexPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 580 (JSObjectInlines.h:146) 8 com.apple.JavaScriptCore 0x002b322a JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 282 (JSObject.h:1432) 9 com.apple.JavaScriptCore 0x002a1c8d JSC::JSObject::get(JSC::ExecState*, JSC::PropertyName) const + 301 (JSObject.h:1456) 10 com.apple.JavaScriptCore 0x00fe7b95 JSC::JSFunction::prototypeForConstruction(JSC::VM&, JSC::ExecState*) + 181 (JSFunction.cpp:143) 11 com.apple.JavaScriptCore 0x00fe7d25 JSC::JSFunction::allocateAndInitializeRareData(JSC::ExecState*, unsigned long) + 165 (JSFunction.cpp:155) 12 com.apple.JavaScriptCore 0x007f4815 JSC::JSFunction::rareData(JSC::ExecState*, unsigned int) + 85 (JSFunction.h:129) 13 com.apple.JavaScriptCore 0x007f44e6 operationCreateThis + 246 (DFGOperations.cpp:245) 14 ??? 0x0350554a 0 + 55596362 15 ??? 0x03502faf 0 + 55586735 16 ??? 0x035022e1 0 + 55583457 17 ??? 0x0350e818 0 + 55633944 18 com.apple.JavaScriptCore 0x00249a57 llint_entry + 23421 (LowLevelInterpreter.asm:789) 19 com.apple.JavaScriptCore 0x00243d24 vmEntryToJavaScript + 292 (LowLevelInterpreter.asm:524) 20 com.apple.JavaScriptCore 0x00c86528 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 408 (JITCode.cpp:81) 21 com.apple.JavaScriptCore 0x00c2227a JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) + 6426 (Interpreter.cpp:941) 22 com.apple.JavaScriptCore 0x00f03562 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 626 (Completion.cpp:103) 23 jsc 0x000f7b91 runWithOptions(GlobalObject*, CommandLine&) + 2561 (jsc.cpp:2275) 24 jsc 0x000ccd9c jscmain(int, char**)::$_3::operator()(JSC::VM&, GlobalObject*) const + 44 (jsc.cpp:2678) 25 jsc 0x000b353f int runJSC<jscmain(int, char**)::$_3>(CommandLine, bool, jscmain(int, char**)::$_3 const&) + 1231 (jsc.cpp:2580) 26 jsc 0x000b1d00 jscmain(int, char**) + 192 (jsc.cpp:2675) 27 jsc 0x000b1c27 main + 55 (jsc.cpp:2107) 28 libdyld.dylib 0xa75536e1 start + 1

This is probably related to https://trac.webkit.org/changeset/225913

It looks like this was fixed by https://trac.webkit.org/changeset/226000/webkit. Closing.

<rdar://problem/36119376>