Details
P1: Critical Description
QtWebEngineCore::UserScriptControllerHost::WebContentsObserverHelper::RenderViewHostChanged() dereferences its first argument (oldHost) at the start of the function, but oldHost appears to be a nullptr, leading to a null pointer dereference and crash.
The relevant part of the backtrace is as follows. I think oldHost is explicitly set to nullptr in frame 2:
#0 QtWebEngineCore::UserScriptControllerHost::WebContentsObserverHelper::RenderViewHostChanged (this=0x2aaacd5c710, oldHost=0x0, newHost=0x2aaacd49790) at /var/tmp/portage/dev-qt/qtwebengine-5.6.1/work/qtwebengine-opensource-src-5.6.1/src/core/user_script_controller_host.cpp:81
#1 0x000003fff425d577 in content::WebContentsImpl::NotifyViewSwapped (this=0x2aaacd45ba0, old_host=0x0, new_host=0x2aaacd49790) at /var/tmp/portage/dev-qt/qtwebengine-5.6.1/work/qtwebengine-opensource-src-5.6.1/src/3rdparty/chromium/content/browser/web_contents/web_contents_impl.cc:3510
#2 0x000003fff41677b1 in content::RenderFrameHostManager::Navigate (this=this@entry=0x2aaacd46840, dest_url=..., frame_entry=..., entry=...) at /var/tmp/portage/dev-qt/qtwebengine-5.6.1/work/qtwebengine-opensource-src-5.6.1/src/3rdparty/chromium/content/browser/frame_host/render_frame_host_manager.cc:301
#3 0x000003fff4345957 in content::NavigatorImpl::NavigateToEntry (this=0x2aaac6dd0b0, frame_tree_node=<optimized out>, frame_entry=..., entry=..., reload_type=<optimized out>, is_same_document_history_load=<optimized out>) at /var/tmp/portage/dev-qt/qtwebengine-5.6.1/work/qtwebengine-opensource-src-5.6.1/src/3rdparty/chromium/content/browser/frame_host/navigator_impl.cc:281
#4 0x000003fff414c4e5 in content::NavigationControllerImpl::NavigateToPendingEntryInternal (this=this@entry=0x2aaacd45c30, reload_type=reload_type@entry=content::NavigationController::NO_RELOAD) at /var/tmp/portage/dev-qt/qtwebengine-5.6.1/work/qtwebengine-opensource-src-5.6.1/src/3rdparty/chromium/content/browser/frame_host/navigation_controller_impl.cc:1762
#5 0x000003fff414c722 in content::NavigationControllerImpl::NavigateToPendingEntry (this=this@entry=0x2aaacd45c30, reload_type=reload_type@entry=content::NavigationController::NO_RELOAD) at /var/tmp/portage/dev-qt/qtwebengine-5.6.1/work/qtwebengine-opensource-src-5.6.1/src/3rdparty/chromium/content/browser/frame_host/navigation_controller_impl.cc:1728
#6 0x000003fff414ccf6 in content::NavigationControllerImpl::LoadEntry (this=this@entry=0x2aaacd45c30, entry=...) at /var/tmp/portage/dev-qt/qtwebengine-5.6.1/work/qtwebengine-opensource-src-5.6.1/src/3rdparty/chromium/content/browser/frame_host/navigation_controller_impl.cc:429
#7 0x000003fff414cfc9 in content::NavigationControllerImpl::LoadURLWithParams (this=0x2aaacd45c30, params=...) at /var/tmp/portage/dev-qt/qtwebengine-5.6.1/work/qtwebengine-opensource-src-5.6.1/src/3rdparty/chromium/content/browser/frame_host/navigation_controller_impl.cc:803
#8 0x000003fff36faff7 in QtWebEngineCore::WebContentsAdapter::setContent (this=<optimized out>, data=..., mimeType=..., baseUrl=...) at /var/tmp/portage/dev-qt/qtwebengine-5.6.1/work/qtwebengine-opensource-src-5.6.1/src/core/web_contents_adapter.cpp:489
#9 0x000003fff7f8eb04 in QWebEnginePage::setContent (this=this@entry=0x2aaac6dce70, data=..., mimeType=..., baseUrl=...) at api/qwebenginepage.cpp:1234
#10 0x000003fff7f8eb64 in QWebEnginePage::setHtml (this=0x2aaac6dce70, html=..., baseUrl=...) at api/qwebenginepage.cpp:1228
#11 0x000003fff7f9b824 in QWebEngineView::setHtml (this=<optimized out>, html=..., baseUrl=...) at api/qwebengineview.cpp:163