Bug 513744

Summary: Segmentation Fault when drag n dropping under Wayland
Product: [Applications] konsole Reporter: firewalker <firew4lker>
Component: generalAssignee: Konsole Bugs <konsole-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: crash CC: elijaharagonmorgan, kdedev, nicolas.fella
Priority: NOR Keywords: wayland-only
Version First Reported In: 25.12.0   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report: https://crash-reports.kde.org/organizations/kde/issues/334437/events/8711303d5f3241bb8e43c4f015bdd5ff/
Attachments: Backtrace

Description firewalker 2025-12-23 14:08:35 UTC 
When Drag & Drop menu is enabled under wayland, konsole will SegFault when a file or directory is dropped.


STEPS TO REPRODUCE
1. Untick "Disable drag & drop menu for files & URLs" under profile, Mouse.
2. Drag & Drop a directory from Dolphin to konsole.

OBSERVED RESULT
konsole exits with Segmentation Fault.

EXPECTED RESULT
Konsole should show a menu with various options.

Operating System: Arch Linux 
KDE Plasma Version: 6.5.4
KDE Frameworks Version: 6.21.0
Qt Version: 6.10.1
Kernel Version: 6.18.1-arch1-2 (64-bit)
Graphics Platform: Wayland
Processors: 12 × AMD Ryzen 5 PRO 4650U with Radeon Graphics
Memory: 32 GiB of RAM (30,6 GiB usable)
Graphics Processor: AMD Radeon Graphics
Manufacturer: LENOVO
Product Name: 20UD0010GM
System Version: ThinkPad T14 Gen 1

ADDITIONAL INFORMATION
https://bbs.archlinux.org/viewtopic.php?id=311096

konsole fails when trying to call a function from kio

kio/src/kio-6.21.0/src/widgets/dropjob.cpp
 
DropJob *KIO::drop(const QDropEvent *dropEvent, const QUrl &destUrl, JobFlags flags)
{
    return DropJobPrivate::newJob(dropEvent, destUrl, KIO::DropJobDefaultFlags, flags);
}

Under X11 konsole works as expected. Tested in 3 completely different system. Last test done using KDE Neon live usb. It always fails.
Comment 1 TraceyC 2025-12-23 20:53:21 UTC 
Thanks for the crash report. As the message at the top of the summary says, if something crashed, we need a backtrace of it so we can figure out what's going on. Can you please attach a backtrace of the crash using the coredumpctl command-line program, as detailed in https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports#Retrieving_a_backtrace_using_coredumpctl ?

Thanks.
Comment 2 firewalker 2025-12-23 22:00:27 UTC 
Created attachment 187919 [details]
Backtrace

Backtrace generate with coredumpctl.
Comment 3 TraceyC 2025-12-24 00:24:31 UTC 
Thank you for the backtrace. I'm able to reproduce the crash on konsole and Dolphin built from git-master.

More complete backtrace:


Thread 1 (Thread 0x7fd9743bfbc0 (LWP 307598)):
[KCrash Handler]
#6  0x00005603226daad0 in ??? ()
#7  0x00007fd97c376c08 in hasSameSourceId (mimeData=<optimized out>) at /usr/include/qt6/QtCore/qarraydatapointer.h:452
#8  KUrlMimeData::urlsFromMimeData (mimeData=mimeData@entry=0x560321588600, decodeOptions=..., decodeOptions@entry=..., metaData=0x560322152858) at /home/tracey/kde/src/kcoreaddons/src/lib/io/kurlmimedata.cpp:177
#9  0x00007fd97d9d3fac in KIO::DropJobPrivate::DropJobPrivate (this=0x5603221527f0, dropEvent=0x7ffdc78830d0, destUrl=..., dropjobFlags=..., flags=...) at /home/tracey/kde/src/kio/src/widgets/dropjob.cpp:89
#10 0x00007fd97d9ceeee in KIO::DropJobPrivate::newJob (dropEvent=0x7ffdc78830d0, destUrl=..., dropjobFlags=..., flags=...) at /home/tracey/kde/src/kio/src/widgets/dropjob.cpp:165
#11 KIO::drop (dropEvent=dropEvent@entry=0x7ffdc78830d0, destUrl=..., flags=flags@entry=...) at /home/tracey/kde/src/kio/src/widgets/dropjob.cpp:772
#12 0x00007fd97e773137 in Konsole::TerminalDisplay::dropEvent (this=<optimized out>, event=0x7ffdc78830d0) at /home/tracey/kde/src/konsole/src/terminalDisplay/TerminalDisplay.cpp:3052
#13 0x00007fd97c6a95eb in QWidget::event (this=0x560321588600, event=0x7ffdc7882b60) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/widgets/kernel/qwidget.cpp:9206
#14 0x00007fd97c640bf0 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x560321847f10, e=0x7ffdc78830d0) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/widgets/kernel/qapplication.cpp:3305
#15 0x00007fd97c64369d in QApplication::notify (this=<optimized out>, receiver=0x560321847f10, e=0x7ffdc78830d0) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/widgets/kernel/qapplication.cpp:3067
#16 0x00007fd97b4e17e7 in QCoreApplication::notifyInternal2 (receiver=0x560321847f10, event=0x7ffdc78830d0) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qcoreapplication.cpp:1109
#17 QCoreApplication::forwardEvent (receiver=0x560321847f10, event=0x7ffdc78830d0, originatingEvent=<optimized out>) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qcoreapplication.cpp:1124
#18 0x00007fd97c6c8fdf in QWidgetWindow::handleDropEvent (this=<optimized out>, event=0x7ffdc7883550) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/widgets/kernel/qwidgetwindow.cpp:1064
#19 0x00007fd97c6c59ea in QWidgetWindow::event (this=0x560321588600, event=0x7ffdc7882b60) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/widgets/kernel/qwidgetwindow.cpp:335
#20 0x00007fd97c640bf0 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5603214092c0, e=0x7ffdc7883550) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/widgets/kernel/qapplication.cpp:3305
#21 0x00007fd97c641f72 in QApplication::notify (this=<optimized out>, receiver=0x5603214092c0, e=0x7ffdc7883550) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/widgets/kernel/qapplication.cpp:2700
#22 0x00007fd97b4e24e4 in QCoreApplication::notifyInternal2 (receiver=0x5603214092c0, event=0x7ffdc7883550) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qcoreapplication.cpp:1109
#23 QCoreApplication::sendEvent (receiver=0x5603214092c0, event=0x7ffdc7883550) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qcoreapplication.cpp:1549
#24 0x00007fd97bcb56c5 in QGuiApplicationPrivate::processDrop (w=0x5603214092c0, dropData=0x560321588600, p=<optimized out>, supportedActions=..., buttons=..., modifiers=...) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/gui/kernel/qguiapplication.cpp:3576
#25 0x00007fd97bd32242 in QWindowSystemInterface::handleDrop (window=<optimized out>, dropData=<optimized out>, p=..., supportedActions=..., buttons=..., modifiers=...) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/gui/kernel/qwindowsysteminterface.cpp:861
#26 0x00007fd9773e5fff in QtWaylandClient::QWaylandDataDevice::data_device_drop (this=0x56032116d030) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/plugins/platforms/wayland/qwaylanddatadevice.cpp:199
#27 0x00007fd974fd5052 in ffi_call_unix64 () at ../src/x86/unix64.S:104
#28 0x00007fd974fd3c01 in ffi_call_int (cif=cif@entry=0x7ffdc7883860, fn=fn@entry=0x7fd9773d1080 <QtWayland::wl_data_device::handle_drop(void*, wl_data_device*)>, rvalue=<optimized out>, rvalue@entry=0x0, avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:673
#29 0x00007fd974fd42dd in ffi_call (cif=cif@entry=0x7ffdc7883860, fn=0x7fd9773d1080 <QtWayland::wl_data_device::handle_drop(void*, wl_data_device*)>, rvalue=rvalue@entry=0x0, avalue=avalue@entry=0x7ffdc7883930) at ../src/x86/ffi64.c:710
#30 0x00007fd97a9936e8 in wl_closure_invoke (closure=0x7fd9600040a0, flags=1, target=<optimized out>, opcode=4, data=<optimized out>) at ../../src/wayland/src/connection.c:1243
#31 0x00007fd97a98f0ac in dispatch_event (display=display@entry=0x5603210d22b0, queue=queue@entry=0x5603210d23a8) at ../../src/wayland/src/wayland-client.c:1725
#32 0x00007fd97a99037b in dispatch_queue (display=0x5603210d22b0, queue=0x5603210d23a8) at ../../src/wayland/src/wayland-client.c:1871
#33 wl_display_dispatch_queue_pending (display=0x5603210d22b0, queue=0x5603210d23a8) at ../../src/wayland/src/wayland-client.c:2236
#34 0x00007fd977389063 in QtWaylandClient::EventThread::dispatchQueuePending (this=0x56032116dc60) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/plugins/platforms/wayland/qwaylanddisplay.cpp:230
#35 QtWaylandClient::EventThread::readAndDispatchEvents (this=0x56032116dc60) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/plugins/platforms/wayland/qwaylanddisplay.cpp:115
#36 0x00007fd977388fd1 in QtWaylandClient::QWaylandDisplay::flushRequests (this=<optimized out>) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/plugins/platforms/wayland/qwaylanddisplay.cpp:522
#37 0x00007fd97b53e927 in QObject::event (this=0x56032115c7a0, e=0x7fd960002230) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qobject.cpp:1413
#38 0x00007fd97c640bf0 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x56032115c7a0, e=0x7fd960002230) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/widgets/kernel/qapplication.cpp:3305
#39 0x00007fd97c641f72 in QApplication::notify (this=<optimized out>, receiver=0x56032115c7a0, e=0x7fd960002230) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/widgets/kernel/qapplication.cpp:2700
#40 0x00007fd97b4e2e54 in QCoreApplication::notifyInternal2 (receiver=0x56032115c7a0, event=<optimized out>) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qcoreapplication.cpp:1109
#41 QCoreApplication::sendEvent (receiver=0x56032115c7a0, event=<optimized out>) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qcoreapplication.cpp:1549
#42 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5603210f2c90) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qcoreapplication.cpp:1904
#43 0x00007fd97b80fd5f in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qcoreapplication.cpp:1757
#44 postEventSourceDispatch (s=0x560321156d70) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qeventdispatcher_glib.cpp:246
#45 0x00007fd9758dfb9e in g_main_dispatch (context=0x7fd968000f60) at ../glib/gmain.c:3565
#46 0x00007fd9758e0c08 in g_main_context_dispatch_unlocked (context=0x7fd968000f60) at ../glib/gmain.c:4425
#47 g_main_context_iterate_unlocked (context=context@entry=0x7fd968000f60, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4490
#48 0x00007fd9758e0cf8 in g_main_context_iteration (context=0x7fd968000f60, may_block=1) at ../glib/gmain.c:4556
#49 0x00007fd97b80f50e in QEventDispatcherGlib::processEvents (this=0x5603211d33e0, flags=...) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qeventdispatcher_glib.cpp:399
#50 0x00007fd97b4ed436 in QEventLoop::processEvents (this=0x7ffdc7884050, flags=...) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qeventloop.cpp:104
#51 QEventLoop::exec (this=0x7ffdc7884050, flags=...) at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qeventloop.cpp:186
#52 0x00007fd97b4e2099 in QCoreApplication::exec () at /home/build/YPKG/root/qt6-base/build/qtbase-everywhere-src-6.10.1/src/corelib/kernel/qcoreapplication.cpp:1452
#53 0x000056030e880f51 in main (argc=<optimized out>, argv=<optimized out>) at /home/tracey/kde/src/konsole/src/main.cpp:288
Comment 4 elijaharagonmorgan 2025-12-24 10:43:15 UTC 
pls could someone provide a video or instruction to reach the 'diable drag and drop menu ...'
i cannot find it
Comment 5 firewalker 2025-12-24 10:54:15 UTC 
It is under profile editing. Mouse -> Miscellaneous.

https://i.imgur.com/FILbctb.png
Comment 6 Nicolas Fella 2026-01-02 16:33:16 UTC 
==37018==ERROR: AddressSanitizer: heap-use-after-free on address 0x7bfd5261e5e8 at pc 0x7f9d5a64c2a2 bp 0x7ffc28d50580 sp 0x7ffc28d50578
READ of size 8 at 0x7bfd5261e5e8 thread T0
    #0 0x7f9d5a64c2a1 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::get() const /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:112
    #1 0x7f9d5a64c2a1 in decltype (({parm#1}.get)()) qGetPtrHelper<QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > >(QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >&) /home/nico/workspace/qt6-dev/qtbase/src/corelib/global/qtclasshelpermacros.h:137
    #2 0x7f9d5a64c2a1 in QObject::d_func() /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.h:110
    #3 0x7f9d5a64c2a1 in QObjectPrivate::get(QObject*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject_p.h:160
    #4 0x7f9d5a64c2a1 in QtSharedPointer::ExternalRefCountData::getAndRef(QObject const*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qsharedpointer.cpp:1470
    #5 0x7f9d618a3137 in QWeakPointer<QObject const>::QWeakPointer<QMimeData const, true>(QMimeData const*, bool) /home/nico/kde-qtdev/usr/include/QtCore/qsharedpointer_impl.h:781
    #6 0x7f9d618a29a3 in QPointer<QMimeData const>::QPointer<void>(QMimeData const*) /home/nico/kde-qtdev/usr/include/QtCore/qpointer.h:37
    #7 0x7f9d61907035 in KIO::DropJobPrivate::DropJobPrivate(QDropEvent const*, QUrl const&, QFlags<KIO::DropJobFlag>, QFlags<KIO::JobFlag>) /home/nico/kde-qtdev/src/kio/src/widgets/dropjob.cpp:88
    #8 0x7f9d61907c75 in KIO::DropJobPrivate::newJob(QDropEvent const*, QUrl const&, QFlags<KIO::DropJobFlag>, QFlags<KIO::JobFlag>) /home/nico/kde-qtdev/src/kio/src/widgets/dropjob.cpp:165
    #9 0x7f9d6190147d in KIO::drop(QDropEvent const*, QUrl const&, QFlags<KIO::JobFlag>) /home/nico/kde-qtdev/src/kio/src/widgets/dropjob.cpp:772
    #10 0x7f9d64166df9 in Konsole::TerminalDisplay::dropEvent(QDropEvent*) /home/nico/kde-qtdev/src/konsole/src/terminalDisplay/TerminalDisplay.cpp:3052
    #11 0x7f9d5d7f35e2 in QWidget::event(QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qwidget.cpp:9234
    #12 0x7f9d64164a4f in Konsole::TerminalDisplay::event(QEvent*) /home/nico/kde-qtdev/src/konsole/src/terminalDisplay/TerminalDisplay.cpp:2923
    #13 0x7f9d5d68fff2 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3276
    #14 0x7f9d5d6a7b9e in QApplication::notify(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3038
    #15 0x7f9d5a1e6d25 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1109
    #16 0x7f9d5a1e6ec3 in QCoreApplication::forwardEvent(QObject*, QEvent*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1124
    #17 0x7f9d5d849916 in QWidgetWindow::handleDropEvent(QDropEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qwidgetwindow.cpp:1064
    #18 0x7f9d5d84c146 in QWidgetWindow::event(QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qwidgetwindow.cpp:335
    #19 0x7f9d5d68fff2 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3276
    #20 0x7f9d5d6acae5 in QApplication::notify(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3226
    #21 0x7f9d5a1e6d25 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1109
    #22 0x7f9d5a1e6f10 in QCoreApplication::sendEvent(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1549
    #23 0x7f9d5bcb35d7 in QGuiApplicationPrivate::processDrop(QWindow*, QMimeData const*, QPoint const&, QFlags<Qt::DropAction>, QFlags<Qt::MouseButton>, QFlags<Qt::KeyboardModifier>) /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qguiapplication.cpp:3576
    #24 0x7f9d5be18852 in QWindowSystemInterface::handleDrop(QWindow*, QMimeData const*, QPoint const&, QFlags<Qt::DropAction>, QFlags<Qt::MouseButton>, QFlags<Qt::KeyboardModifier>) /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:861
    #25 0x7f9d5461e795 in QtWaylandClient::QWaylandDataDevice::data_device_drop() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddatadevice.cpp:199
    #26 0x7f9d545e1689 in QtWayland::wl_data_device::handle_drop(void*, wl_data_device*) /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwayland-wayland.cpp:984
    #27 0x7f9d5b7fbc91 in ffi_call_unix64 ../src/x86/unix64.S:104
    #28 0x7f9d5b7f8a25 in ffi_call_int ../src/x86/ffi64.c:676
    #29 0x7f9d5b7fb2ad in ffi_call ../src/x86/ffi64.c:713
    #30 0x7f9d629b9377 in wl_closure_invoke ../../src/wayland/src/connection.c:1243
    #31 0x7f9d629b501b in dispatch_event ../../src/wayland/src/wayland-client.c:1725
    #32 0x7f9d629b626a in dispatch_queue ../../src/wayland/src/wayland-client.c:1871
    #33 0x7f9d629b626a in wl_display_dispatch_queue_pending ../../src/wayland/src/wayland-client.c:2236
    #34 0x7f9d544fbc3c in QtWaylandClient::EventThread::dispatchQueuePending() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddisplay.cpp:230
    #35 0x7f9d5450028b in QtWaylandClient::EventThread::readAndDispatchEvents() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddisplay.cpp:115
    #36 0x7f9d544e8268 in QtWaylandClient::QWaylandDisplay::flushRequests() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddisplay.cpp:526
    #37 0x7f9d5450d846 in QtPrivate::FunctorCall<std::integer_sequence<unsigned long>, QtPrivate::List<>, void, void (QtWaylandClient::QWaylandDisplay::*)()>::call(void (QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*, void**)::{lambda()#1}::operator()() const /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:127
    #38 0x7f9d5450f872 in void QtPrivate::FunctorCallBase::call_internal<void, QtPrivate::FunctorCall<std::integer_sequence<unsigned long>, QtPrivate::List<>, void, void (QtWaylandClient::QWaylandDisplay::*)()>::call(void (QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*, void**)::{lambda()#1}>(void**, QtPrivate::FunctorCall<std::integer_sequence<unsigned long>, QtPrivate::List<>, void, void (QtWaylandClient::QWaylandDisplay::*)()>::call(void (QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*, void**)::{lambda()#1}&&) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:65
    #39 0x7f9d5450f872 in QtPrivate::FunctorCall<std::integer_sequence<unsigned long>, QtPrivate::List<>, void, void (QtWaylandClient::QWaylandDisplay::*)()>::call(void (QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*, void**) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:126
    #40 0x7f9d5450f96a in void QtPrivate::FunctionPointer<void (QtWaylandClient::QWaylandDisplay::*)()>::call<QtPrivate::List<>, void>(void (QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*, void**) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:174
    #41 0x7f9d5450f96a in QtPrivate::QCallableObject<void (QtWaylandClient::QWaylandDisplay::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:545
    #42 0x7f9d5a2f0545 in QtPrivate::QSlotObjectBase::call(QObject*, void**) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:461
    #43 0x7f9d5a2f0545 in QMetaCallEvent::placeMetaCall(QObject*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:546
    #44 0x7f9d5a303445 in QObject::event(QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:1479
    #45 0x7f9d5d68fff2 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3276
    #46 0x7f9d5d6acae5 in QApplication::notify(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3226
    #47 0x7f9d5a1e6d25 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1109
    #48 0x7f9d5a1e6f10 in QCoreApplication::sendEvent(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1549
    #49 0x7f9d5a1e92cb in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1904
    #50 0x7f9d5a1e95fd in QCoreApplication::sendPostedEvents(QObject*, int) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1757
    #51 0x7f9d5ab1edcd in postEventSourceDispatch /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246
    #52 0x7f9d55f06b35 in g_main_dispatch ../glib/gmain.c:3565
    #53 0x7f9d55f06b35 in g_main_context_dispatch_unlocked ../glib/gmain.c:4425
    #54 0x7f9d55f09a27 in g_main_context_iterate_unlocked ../glib/gmain.c:4490
    #55 0x7f9d55f0a26b in g_main_context_iteration ../glib/gmain.c:4556
    #56 0x7f9d5ab1d1bd in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:399
    #57 0x7f9d5ccd4ac7 in QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:90
    #58 0x7f9d5a207aa7 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:104
    #59 0x7f9d5a2090a2 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:186
    #60 0x7f9d5a1f15ce in QCoreApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1452
    #61 0x7f9d5bc81b81 in QGuiApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qguiapplication.cpp:1977
    #62 0x7f9d5d68cc40 in QApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:2546
    #63 0x000000408079 in main /home/nico/kde-qtdev/src/konsole/src/main.cpp:288
    #64 0x7f9d5962b2fa in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #65 0x7f9d5962b3ca in __libc_start_main_impl ../csu/libc-start.c:360
    #66 0x000000405884 in _start ../sysdeps/x86_64/start.S:115

0x7bfd5261e5e8 is located 8 bytes inside of 56-byte region [0x7bfd5261e5e0,0x7bfd5261e618)
freed by thread T0 here:
    #0 0x7f9d6492369b in operator delete(void*, unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:155
    #1 0x7f9d546269d1 in QtWaylandClient::QWaylandMimeData::~QWaylandMimeData() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddataoffer.cpp:158
    #2 0x7f9d544e34c9 in QScopedPointerDeleter<QtWaylandClient::QWaylandMimeData>::cleanup(QtWaylandClient::QWaylandMimeData*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:24
    #3 0x7f9d544e34c9 in QScopedPointer<QtWaylandClient::QWaylandMimeData, QScopedPointerDeleter<QtWaylandClient::QWaylandMimeData> >::~QScopedPointer() /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:81
    #4 0x7f9d54624273 in QtWaylandClient::QWaylandDataOffer::~QWaylandDataOffer() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddataoffer.cpp:99
    #5 0x7f9d546242d2 in QtWaylandClient::QWaylandDataOffer::~QWaylandDataOffer() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddataoffer.cpp:99
    #6 0x7f9d5462236e in QScopedPointerDeleter<QtWaylandClient::QWaylandDataOffer>::cleanup(QtWaylandClient::QWaylandDataOffer*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:24
    #7 0x7f9d5462236e in QScopedPointer<QtWaylandClient::QWaylandDataOffer, QScopedPointerDeleter<QtWaylandClient::QWaylandDataOffer> >::reset(QtWaylandClient::QWaylandDataOffer*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:125
    #8 0x7f9d5461f7a6 in QtWaylandClient::QWaylandDataDevice::data_device_leave() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddatadevice.cpp:256
    #9 0x7f9d545e15f1 in QtWayland::wl_data_device::handle_leave(void*, wl_data_device*) /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwayland-wayland.cpp:954
    #10 0x7f9d5b7fbc91 in ffi_call_unix64 ../src/x86/unix64.S:104

previously allocated by thread T0 here:
    #0 0x7f9d6492273b in operator new(unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:86
    #1 0x7f9d5462419a in QtWaylandClient::QWaylandDataOffer::QWaylandDataOffer(QtWaylandClient::QWaylandDisplay*, wl_data_offer*) /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddataoffer.cpp:92
    #2 0x7f9d5461d4bb in QtWaylandClient::QWaylandDataDevice::data_device_data_offer(wl_data_offer*) /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddatadevice.cpp:179
    #3 0x7f9d545e1552 in QtWayland::wl_data_device::handle_data_offer(void*, wl_data_device*, wl_data_offer*) /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwayland-wayland.cpp:919
    #4 0x7f9d5b7fbc91 in ffi_call_unix64 ../src/x86/unix64.S:104

SUMMARY: AddressSanitizer: heap-use-after-free /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:112 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::get() const
Shadow bytes around the buggy address:
  0x7bfd5261e300: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x7bfd5261e380: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
  0x7bfd5261e400: fd fd fd fd fd fd fd fd fa fa fa fa 00 00 00 00
  0x7bfd5261e480: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x7bfd5261e500: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa
=>0x7bfd5261e580: fd fd fd fd fd fd fd fd fa fa fa fa fd[fd]fd fd
  0x7bfd5261e600: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x7bfd5261e680: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
  0x7bfd5261e700: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
  0x7bfd5261e780: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x7bfd5261e800: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==37018==ABORTING
Comment 7 TraceyC 2026-02-06 21:24:42 UTC 
I found an older bug with the same backtrace, so I'll merge this report in with that one. Fortunately, it looks like this is fixed in Konsole / KIO built from git-master

*** This bug has been marked as a duplicate of bug 509854 ***