Running the following minimal reproducer against QtWebKit 5.0.2 causes infinite recursion in JSC::Bindings::convertValueToQVariant. int main(int argc, char *argv[]) { QApplication app(argc, argv); QWebPage page; page.mainFrame()->evaluateJavaScript( "One = function (other) { this.other = other; };" "Two = function () { };" "Two.prototype.breakage = function () {" " var one = new One(this);" " this.x = [one];" " return one;" "};" "new Two().breakage();" ); return 0; } The stack trace from gdb looks like this: #0 JSC::JSObject::getOwnNonIndexPropertyNames (object=0x7fffd018ff40, exec=0x7fffd022f388, propertyNames=..., mode= JSC::ExcludeDontEnumProperties) at runtime/JSObject.cpp:1514 #1 0x00007ffff70e63f5 in JSC::JSObject::getOwnPropertyNames (object=0x7fffd018ff40, exec=0x7fffd022f388, propertyNames= ..., mode=JSC::ExcludeDontEnumProperties) at runtime/JSObject.cpp:1510 #2 0x00007ffff70dd152 in JSC::JSObject::getPropertyNames (object=<optimized out>, exec=0x7fffd022f388, propertyNames=..., mode=JSC::ExcludeDontEnumProperties) at runtime/JSObject.cpp:1437 #3 0x00007ffff6e72d41 in JSObjectCopyPropertyNames (ctx=0x7fffd022f388, object=0x7fffd018ff40) at API/JSObjectRef.cpp:510 #4 0x00007ffff60137a5 in JSC::Bindings::convertValueToQVariant () from /lib64/libQt5WebKit.so.5 #5 0x00007ffff6013877 in JSC::Bindings::convertValueToQVariant () from /lib64/libQt5WebKit.so.5 #6 0x00007ffff6014327 in JSC::Bindings::convertValueToQVariant () from /lib64/libQt5WebKit.so.5 #7 0x00007ffff6016cfb in JSC::Bindings::convertToList<QVariant> () from /lib64/libQt5WebKit.so.5 #8 0x00007ffff60131d4 in JSC::Bindings::convertValueToQVariant () from /lib64/libQt5WebKit.so.5 #9 0x00007ffff6013877 in JSC::Bindings::convertValueToQVariant () from /lib64/libQt5WebKit.so.5 #10 0x00007ffff6013877 in JSC::Bindings::convertValueToQVariant () from /lib64/libQt5WebKit.so.5 #11 0x00007ffff6014327 in JSC::Bindings::convertValueToQVariant () from /lib64/libQt5WebKit.so.5 #12 0x00007ffff6016cfb in JSC::Bindings::convertToList<QVariant> () from /lib64/libQt5WebKit.so.5 [...] #37962 0x00007ffff6016cfb in JSC::Bindings::convertToList<QVariant> () from /lib64/libQt5WebKit.so.5 #37963 0x00007ffff60131d4 in JSC::Bindings::convertValueToQVariant () from /lib64/libQt5WebKit.so.5 #37964 0x00007ffff6013877 in JSC::Bindings::convertValueToQVariant () from /lib64/libQt5WebKit.so.5 #37965 0x00007ffff6013877 in JSC::Bindings::convertValueToQVariant () from /lib64/libQt5WebKit.so.5 #37966 0x00007ffff6014327 in JSC::Bindings::convertValueToQVariant () from /lib64/libQt5WebKit.so.5 #37967 0x00007ffff5ddbfa0 in QWebFrameAdapter::evaluateJavaScript () from /lib64/libQt5WebKit.so.5 #37968 0x00007ffff7bbbf3d in QWebFrame::evaluateJavaScript () from /lib64/libQt5WebKitWidgets.so.5 #37969 0x0000000000400aa7 in main (argc=1, argv=<optimized out>) at test.cpp:18 The actual code that triggered this was Jasmine used by the PhantomJS test suite. It sets up a cyclic relationship between its Env and Suite objects through an array property, like the minimal reproducer above. As a wild guess (I don't understand WebKit very well) this seems like it could be related to bug 104135.