Created attachment 242957 [details] Crash log showing SIGSEGV coming from JIT code. On iPhone 6 or 6 Plus, and only on iPhone 6 or 6 Plus, (iOS 8.1.1, Safari/600.1.4) attempting to play the games found at http://target.com/play will result in a crash due to a SIGSEGV coming from JIT code. The easiest way to reproduce this is to visit http://target.com/play and play the games in the following order: - Arctic Catch - Snowball Fight - Hot Cocoa After playing several rounds of each, in that order, return to the world map via the menu, and wait several seconds. The game will crash, resulting in a stack trace similar to the one attached. I know that this is not related to the audio subsystem, as removing it entirely did not result in a fix (it uses several new Function() calls, leading me initially to believe I could "fix" the problem in that way), but other than that I'm sadly at a loss. Let me know if you have any other questions. Thanks!
<rdar://problem/19194371>
At one point we could reproduce this crash on internal builds about a month ago. Using an internal release build or a personal debug build of current WebKit (change set r181007 <http://trac.webkit.org/changeset/181007>), I was unable to reproduce this problem on either a iPhone 6 or iPhone 6+. I suspect that we fixed the issue with another bug repair.