If you have Epiphany with Seed extension support, one way to trigger a crash is to enable the following extension, then restart Epiphany. extension = { attach_tab: function (window, embed) { embed.get_web_view().execute_script(''); } } The actual crash doesn't happen inside the attach_tab handler, but instead during a subsequent call to webkit_web_view_execute_script: ASSERTION FAILED: exec->globalData().identifierTable == currentIdentifierTable() (JavaScriptCore/runtime/Completion.cpp:52 JSC::Completion JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, const JSC::SourceCode&, JSC::JSValue)) Program received signal SIGSEGV, Segmentation fault. 0x016612bd in JSC::evaluate (exec=0x8c3144c, scopeChain=..., source=..., thisValue=...) at JavaScriptCore/runtime/Completion.cpp:52 (gdb) bt #0 0x016612bd in JSC::evaluate (exec=0x8c3144c, scopeChain=..., source=..., thisValue=...) at JavaScriptCore/runtime/Completion.cpp:52 #1 0x00f4ae2f in WebCore::ScriptController::evaluateInWorld (this=0x87de6b4, sourceCode=..., world=0x8c30674) at WebCore/bindings/js/ScriptController.cpp:126 #2 0x00f4affa in WebCore::ScriptController::evaluate (this=0x87de6b4, sourceCode=...) at WebCore/bindings/js/ScriptController.cpp:152 #3 0x00f63dfd in WebCore::ScriptController::executeScript (this=0x87de6b4, sourceCode=...) at WebCore/bindings/ScriptControllerBase.cpp:56 #4 0x00f63d39 in WebCore::ScriptController::executeScript (this=0x87de6b4, script=..., forceUserGesture=true) at WebCore/bindings/ScriptControllerBase.cpp:45 #5 0x01571891 in webkit_web_view_execute_script (webView=0x8c23018, script=0x810164c "var node = document.getElementById('epiphanyWebKitFloatingStatusBar');if (node) node.parentNode.removeChild(node);") at WebKit/gtk/webkit/webkitwebview.cpp:3275 #6 0x0807cd7d in ephy_window_link_message_cb (web_view=0x8c23018, spec=0x89740e0, window=0x87c8020) at ephy-window.c:2689 #7 0x00577dd7 in g_cclosure_marshal_VOID__PARAM (closure=0x8c46a40, return_value=0x0, n_param_values=2, param_values=0x8c1def0, invocation_hint=0xbfffcb7c, marshal_data=0x0) at gmarshal.c:531 #8 0x0055f126 in g_closure_invoke (closure=0x8c46a40, return_value=0x0, n_param_values=2, param_values=0x8c1def0, invocation_hint=0xbfffcb7c) at gclosure.c:767 #9 0x00576cdb in signal_emit_unlocked_R (node=0x812cb88, detail=3679, instance=0x8c23018, emission_return=0x0, instance_and_params=0x8c1def0) at gsignal.c:3243 #10 0x00576026 in g_signal_emit_valist (instance=0x8c23018, signal_id=1, detail=3679, var_args=0xbfffcd70 "ЫY") at gsignal.c:2976 #11 0x00576312 in g_signal_emit (instance=0x8c23018, signal_id=1, detail=3679) at gsignal.c:3033 #12 0x00561eae in g_object_dispatch_properties_changed (object=0x8c23018, n_pspecs=5, pspecs=0xbfffcdc4) at gobject.c:801 #13 0x00560d36 in g_object_notify_dispatcher (object=0x8c23018, n_pspecs=5, pspecs=0xbfffcdc4) at gobject.c:328 #14 0x00560863 in g_object_notify_queue_thaw (object=0x8c23018, nqueue=0x8e94a00) at gobjectnotifyqueue.c:120 #15 0x00562360 in g_object_thaw_notify (object=0x8c23018) at gobject.c:918 #16 0x080cd22b in ephy_web_view_location_changed (view=0x8c23018, location=0x8c37f48 "about:blank") at ephy-web-view.c:2669 #17 0x080bc9cd in load_status_changed_cb (view=0x8c23018, spec=0x8975290, embed=0x891cc08) at ephy-embed.c:215 #18 0x00577dd7 in g_cclosure_marshal_VOID__PARAM (closure=0x8c2fb68, return_value=0x0, n_param_values=2, param_values=0x8c1de78, invocation_hint=0xbfffcfec, marshal_data=0x0) at gmarshal.c:531 #19 0x0055f126 in g_closure_invoke (closure=0x8c2fb68, return_value=0x0, n_param_values=2, param_values=0x8c1de78, invocation_hint=0xbfffcfec) at gclosure.c:767 #20 0x00576cdb in signal_emit_unlocked_R (node=0x812cb88, detail=3667, instance=0x8c23018, emission_return=0x0, instance_and_params=0x8c1de78) at gsignal.c:3243 #21 0x00576026 in g_signal_emit_valist (instance=0x8c23018, signal_id=1, detail=3667, var_args=0xbfffd1e0 "ЫY") at gsignal.c:2976 #22 0x00576312 in g_signal_emit (instance=0x8c23018, signal_id=1, detail=3667) at gsignal.c:3033 #23 0x00561eae in g_object_dispatch_properties_changed (object=0x8c23018, n_pspecs=1, pspecs=0xbfffd234) at gobject.c:801 #24 0x00560d36 in g_object_notify_dispatcher (object=0x8c23018, n_pspecs=1, pspecs=0xbfffd234) at gobject.c:328 #25 0x00560863 in g_object_notify_queue_thaw (object=0x8c23018, nqueue=0x8e82c80) at gobjectnotifyqueue.c:120 #26 0x00562218 in g_object_notify (object=0x8c23018, property_name=0x1b5a0f3 "load-status") at gobject.c:888 #27 0x0154d3c0 in WebKit::notifyStatus (frame=0x8c1cf20, loadStatus=WEBKIT_LOAD_COMMITTED) at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:107 #28 0x01550171 in WebKit::FrameLoaderClient::dispatchDidCommitLoad (this=0x87de2f8) at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:771 #29 0x01251fa9 in WebCore::FrameLoader::dispatchDidCommitLoad (this=0x87de3f4) at WebCore/loader/FrameLoader.cpp:4008 #30 0x012441c2 in WebCore::FrameLoader::receivedFirstData (this=0x87de3f4) at WebCore/loader/FrameLoader.cpp:759 #31 0x012474b6 in WebCore::FrameLoader::setEncoding (this=0x87de3f4, name=..., userChosen=false) at WebCore/loader/FrameLoader.cpp:1480 #32 0x01550852 in WebKit::FrameLoaderClient::finishedLoading (this=0x87de2f8, documentLoader=0x8e83c00) at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:866 #33 0x0124d440 in WebCore::FrameLoader::finishedLoadingDocument (this=0x87de3f4, loader=0x8e83c00) at WebCore/loader/FrameLoader.cpp:2809 #34 0x0122fd05 in WebCore::DocumentLoader::finishedLoading (this=0x8e83c00) at WebCore/loader/DocumentLoader.cpp:267 #35 0x0124d1b8 in WebCore::FrameLoader::finishedLoading (this=0x87de3f4) at WebCore/loader/FrameLoader.cpp:2749 #36 0x0125d416 in WebCore::MainResourceLoader::didFinishLoading (this=0x8e85400) at WebCore/loader/MainResourceLoader.cpp:424 #37 0x0125cbd5 in WebCore::MainResourceLoader::continueAfterContentPolicy (this=0x8e85400, contentPolicy=PolicyUse, r=...) at WebCore/loader/MainResourceLoader.cpp:267 #38 0x0125ccec in WebCore::MainResourceLoader::continueAfterContentPolicy (this=0x8e85400, policy=PolicyUse) at WebCore/loader/MainResourceLoader.cpp:281 #39 0x0125cc28 in WebCore::MainResourceLoader::callContinueAfterContentPolicy (argument=0x8e85400, policy=PolicyUse) at WebCore/loader/MainResourceLoader.cpp:273 #40 0x0125fbc3 in WebCore::PolicyCallback::call (this=0xbfffd69c, action=PolicyUse) at WebCore/loader/PolicyCallback.cpp:112 #41 0x012607f0 in WebCore::PolicyChecker::continueAfterContentPolicy (this=0x87de3fc, policy=PolicyUse) at WebCore/loader/PolicyChecker.cpp:187 #42 0x01562bd1 in webkit_web_policy_decision_use (decision=0x8c4ab60) at WebKit/gtk/webkit/webkitwebpolicydecision.cpp:89 #43 0x0154e199 in WebKit::FrameLoaderClient::dispatchDecidePolicyForMIMEType (this=0x87de2f8, policyFunction=(void (WebCore::PolicyChecker::*)(WebCore::PolicyChecker *, WebCore::PolicyAction)) 0x12607a0 <WebCore::PolicyChecker::continueAfterContentPolicy(WebCore::PolicyAction)>, mimeType=..., resourceRequest=...) at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:320 #44 0x012603a9 in WebCore::PolicyChecker::checkContentPolicy (this=0x87de3fc, MIMEType=..., function=0x125cc04 <WebCore::MainResourceLoader::callContinueAfterContentPolicy(void*, WebCore::PolicyAction)>, argument=0x8e85400) at WebCore/loader/PolicyChecker.cpp:104 #45 0x0125d12d in WebCore::MainResourceLoader::didReceiveResponse (this=0x8e85400, r=...) at WebCore/loader/MainResourceLoader.cpp:372 #46 0x0125d653 in WebCore::MainResourceLoader::handleEmptyLoad (this=0x8e85400, url=..., forURLScheme=false) at WebCore/loader/MainResourceLoader.cpp:457 #47 0x0125dad3 in WebCore::MainResourceLoader::loadNow (this=0x8e85400, r=...) at WebCore/loader/MainResourceLoader.cpp:518 #48 0x0125dc69 in WebCore::MainResourceLoader::load (this=0x8e85400, r=..., substituteData=...) at WebCore/loader/MainResourceLoader.cpp:544 #49 0x012318a3 in WebCore::DocumentLoader::startLoadingMainResource (this=0x8e83c00, identifier=1) at WebCore/loader/DocumentLoader.cpp:727 #50 0x0124e031 in WebCore::FrameLoader::continueLoadAfterWillSubmitForm (this=0x87de3f4) at WebCore/loader/FrameLoader.cpp:3033 #51 0x0124fbe3 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (this=0x87de3f4, formState=..., shouldContinue=true) at WebCore/loader/FrameLoader.cpp:3508 #52 0x0124f802 in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0x87de3f4, request=..., formState=..., shouldContinue=true) at WebCore/loader/FrameLoader.cpp:3439 #53 0x0125f9e5 in WebCore::PolicyCallback::call (this=0xbfffddf8, shouldContinue=true) at WebCore/loader/PolicyCallback.cpp:101 #54 0x012606b3 in WebCore::PolicyChecker::continueAfterNavigationPolicy (this=0x87de3fc, policy=PolicyUse) at WebCore/loader/PolicyChecker.cpp:160 #55 0x01562bd1 in webkit_web_policy_decision_use (decision=0x8c4aac0) at WebKit/gtk/webkit/webkitwebpolicydecision.cpp:89 #56 0x0154e845 in WebKit::FrameLoaderClient::dispatchDecidePolicyForNavigationAction (this=0x87de2f8, policyFunction=(void (WebCore::PolicyChecker::*)(WebCore::PolicyChecker *, WebCore::PolicyAction)) 0x126051e <WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction)>, action=..., resourceRequest=...) at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:435 #57 0x012601f1 in WebCore::PolicyChecker::checkNavigationPolicy (this=0x87de3fc, request=..., loader=0x8e83c00, formState=..., function=0x124f7b0 <WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>, argument=0x87de3f4) at WebCore/loader/PolicyChecker.cpp:88 #58 0x0124a747 in WebCore::FrameLoader::loadWithDocumentLoader (this=0x87de3f4, loader=0x8e83c00, type=FrameLoadTypeStandard, prpFormState=...) at WebCore/loader/FrameLoader.cpp:2083 #59 0x0124a302 in WebCore::FrameLoader::load (this=0x87de3f4, newDocumentLoader=0x8e83c00) at WebCore/loader/FrameLoader.cpp:2037 #60 0x01249e0e in WebCore::FrameLoader::load (this=0x87de3f4, request=..., substituteData=..., lockHistory=false) at WebCore/loader/FrameLoader.cpp:1978 #61 0x01249c6c in WebCore::FrameLoader::load (this=0x87de3f4, request=..., lockHistory=false) at WebCore/loader/FrameLoader.cpp:1965 #62 0x0155cd9b in webkit_web_frame_load_uri (frame=0x8c1cf20, uri=0x8e93fa8 "about:blank") at WebKit/gtk/webkit/webkitwebframe.cpp:534 #63 0x01570df8 in webkit_web_view_load_uri (webView=0x8c23018, uri=0x8e93fa8 "about:blank") at WebKit/gtk/webkit/webkitwebview.cpp:3089 #64 0x01570bba in webkit_web_view_open (webView=0x8c23018, uri=0x8e93fa8 "about:blank") at WebKit/gtk/webkit/webkitwebview.cpp:3049 #65 0x080cc37f in ephy_web_view_load_url (view=0x8c23018, url=0x8e845d8 "about:blank") at ephy-web-view.c:2136 #66 0x080742f6 in load_homepage (embed=0x891cc08) at ephy-shell.c:400 #67 0x0807469d in ephy_shell_new_tab_full (shell=0x8160c38, parent_window=0x0, previous_embed=0x0, request=0x0, flags=1025, chrome=15, is_popup=0, user_time=602202) at ephy-shell.c:519 #68 0x080718bf in session_command_dispatch (session=0x8155400) at ephy-session.c:710 #69 0x00cc9b47 in g_idle_dispatch (source=0x875bad8, callback=0x8071753 <session_command_dispatch>, user_data=0x8155400) at gmain.c:4065 #70 0x00cc6070 in g_main_dispatch (context=0x8145138) at gmain.c:1960 #71 0x00cc7368 in g_main_context_dispatch (context=0x8145138) at gmain.c:2513 #72 0x00cc77b8 in g_main_context_iterate (context=0x8145138, block=1, dispatch=1, self=0x811bee0) at gmain.c:2591 #73 0x00cc7f22 in g_main_loop_run (loop=0x8708548) at gmain.c:2799 #74 0x01fe3f86 in IA__gtk_main () at gtkmain.c:1219 #75 0x0806e92a in main (argc=1, argv=0xbffff894) at ephy-main.c:739 The assertion failed because exec->globalData().identifierTable has a sensible value, but currentIdentifierTable() returned NULL. Many (all?) JavaScriptCore APIs begin with the code: ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); On the construction of the entry shim, the value of currentIdentifierTable() is stored, and setCurrentIdentifierTable(globalData->identifierTable) is called. On its destruction, the initial value of currentIdentifierTable() is restored. I think something analogous is needed for webkit_web_view_execute_script. However, we cannot use the above code directly because the function is not passed a JSContextRef `ctx' parameter.