I'm getting the same with both arch kmymoney and kmymoney built from git here. (Both using archlinux libalkimia 8.1.1-1 from archlinux package). I thought it was a flaw in my .kmy file, but a few days old backup has the same problem. I suspect a bug in libalkimia since the backtrace points at that.

kmymoney: malloc.c:2617: sysmalloc: Assertion `(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed.

Thread 1 "kmymoney" received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44            return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
(gdb) up
#1  0x00007ffff585f3d3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
78        return __pthread_kill_implementation (threadid, signo, 0);
(gdb) up
#2  0x00007ffff580f838 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
26        int ret = __pthread_kill (__pthread_self (), sig);
(gdb) up
#3  0x00007ffff57f9535 in __GI_abort () at abort.c:79
79            raise (SIGABRT);
(gdb) up
#4  0x00007ffff586928d in __malloc_assert (
    assertion=assertion@entry=0x7ffff5994628 "(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)", file=file@entry=0x7ffff598f27e "malloc.c", line=line@entry=2617, function=function@entry=0x7ffff5994e98 <__PRETTY_FUNCTION__.8> "sysmalloc") at malloc.c:307
307       abort ();
(gdb) up
#5  0x00007ffff586bc62 in sysmalloc (nb=nb@entry=112, av=av@entry=0x7ffff59cfbc0 <main_arena>) at malloc.c:2617
2617      assert ((old_top == initial_top (av) && old_size == 0) ||
(gdb) up
#6  0x00007ffff586ca5a in _int_malloc (av=av@entry=0x7ffff59cfbc0 <main_arena>, bytes=bytes@entry=104) at malloc.c:4407
4407              void *p = sysmalloc (nb, av);
(gdb) up
#7  0x00007ffff586d358 in __GI___libc_malloc (bytes=bytes@entry=104) at malloc.c:3329
3329      victim = _int_malloc (ar_ptr, bytes);
(gdb) up
#8  0x00007ffff5b8e37d in operator new (sz=sz@entry=104) at /usr/src/debug/gcc/libstdc++-v3/libsupc++/new_op.cc:50
50      /usr/src/debug/gcc/libstdc++-v3/libsupc++/new_op.cc: Directory not empty.
(gdb) up
#9  0x00007ffff731ac4b in QDomElementPrivate::setAttribute (newValue=..., aname=..., this=0x55555d10f020) at dom/qdom.cpp:3960
3960            n = new QDomAttrPrivate(ownerDocument(), this, aname);
(gdb) list
3955
3956    void QDomElementPrivate::setAttribute(const QString& aname, const QString& newValue)
3957    {
3958        QDomNodePrivate* n = m_attr->namedItem(aname);
3959        if (!n) {
3960            n = new QDomAttrPrivate(ownerDocument(), this, aname);
3961            n->setNodeValue(newValue);
3962
3963            // Referencing is done by the map, so we set the reference counter back
3964            // to 0 here. This is ok since we created the QDomAttrPrivate.


Seems like an assertion in new -> malloc here. Not sure why though...

Here's the backtrace when using locally built master branch from git:

Thread 1 "kmymoney" received signal SIGSEGV, Segmentation fault.
0x00007ffff57735b0 in _int_malloc (av=av@entry=0x7ffff58d6bc0 <main_arena>, bytes=bytes@entry=48) at malloc.c:3937
3937                          bck->fd = bin;
(gdb) bt
#0  0x00007ffff57735b0 in _int_malloc (av=av@entry=0x7ffff58d6bc0 <main_arena>, bytes=bytes@entry=48) at malloc.c:3937
#1  0x00007ffff5774358 in __GI___libc_malloc (bytes=bytes@entry=48) at malloc.c:3329
#2  0x00007ffff5a9337d in operator new(unsigned long) (sz=sz@entry=48) at /usr/src/debug/gcc/libstdc++-v3/libsupc++/new_op.cc:50
#3  0x00007ffff5e3ec43 in QHashData::detach_helper(void (*)(QHashData::Node*, void*), void (*)(QHashData::Node*), int, int)
     (this=<optimized out>, node_duplicate=node_duplicate@entry=0x7ffff5679c50 <QHash<QString, QDomNodePrivate*>::duplicateNode(QHashData::Node*, void*)>, node_delete=node_delete@entry=0x7ffff5679920 <QHash<QString, QDomNodePrivate*>::deleteNode2(QHashData::Node*)>, nodeSize=nodeSize@entry=32, nodeAlign=nodeAlign@entry=8) at tools/qhash.cpp:503
#4  0x00007ffff567b760 in QHash<QString, QDomNodePrivate*>::detach_helper() (this=this@entry=0x55555891c198) at ../../include/QtCore/../../src/corelib/tools/qhash.h:631
#5  0x00007ffff567b927 in QHash<QString, QDomNodePrivate*>::detach() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qhash.h:291
#6  QMultiHash<QString, QDomNodePrivate*>::insert(QString const&, QDomNodePrivate* const&) (this=0x55555891c198, akey=..., avalue=@0x7fffffffcee8: 0x55555e32ea00)
    at ../../include/QtCore/../../src/corelib/tools/qhash.h:1124
#7  0x00007ffff566ee11 in QDomNamedNodeMapPrivate::setNamedItem(QDomNodePrivate*) (this=0x55555891c190, arg=<optimized out>) at dom/qdom.cpp:2611
#8  0x00007fff8ab7ddb8 in MyMoneyXmlContentHandler::writeKeyValueContainer(MyMoneyKeyValueContainer const&, QDomDocument&, QDomElement&) (container=<optimized out>, document=..., parent=...)
    at /home/jeremy/data/devel/kde/src/extragear/office/kmymoney/kmymoney/plugins/xml/mymoneystoragexml.cpp:531
#9  0x00007fff8ab896f9 in MyMoneyXmlContentHandler::writeAccount(MyMoneyAccount const&, QDomDocument&, QDomElement&) (account=..., document=..., parent=...)
    at /home/jeremy/data/devel/kde/src/extragear/office/kmymoney/kmymoney/plugins/xml/mymoneystoragexml.cpp:874
#10 0x00007fff8ab89e2c in MyMoneyStorageXML::writeAccount(QDomElement&, MyMoneyAccount const&) (p=<optimized out>, account=..., this=0x55555836a510)
    at /home/jeremy/data/devel/kde/src/extragear/office/kmymoney/kmymoney/plugins/xml/mymoneystoragexml.cpp:1841
#11 MyMoneyStorageXML::writeAccounts(QDomElement&) (this=0x55555836a510, accounts=...) at /home/jeremy/data/devel/kde/src/extragear/office/kmymoney/kmymoney/plugins/xml/mymoneystoragexml.cpp:1835
#12 0x00007fff8ab81f03 in MyMoneyStorageXML::writeFile(QIODevice*, MyMoneyFile*) (this=this@entry=0x55555836a510, qf=qf@entry=0x5555564a8040, file=<optimized out>)
    at /home/jeremy/data/devel/kde/src/extragear/office/kmymoney/kmymoney/plugins/xml/mymoneystoragexml.cpp:1619
#13 0x00007fff8ab78947 in XMLStorage::saveToLocalFile(QString const&, IMyMoneyOperationsFormat*, bool, QString const&)

Since it's in new/malloc in all cases, I'm wondering if this upgrade to glibc on the 14th here broke things:

[2022-05-14T09:40:34-0600] [ALPM] upgraded glibc (2.35-4 -> 2.35-5)

Hmm, going back to an earlier glibc changes the assertion, but it's still an assertion inside new() operator:
This is from going back to glibc 2.35-3 arch package. Looking into the stdc++ library instead now.

malloc(): unaligned tcache chunk detected

Thread 1 "kmymoney" received signal SIGABRT, Aborted.
0x00007ffff576834c in __pthread_kill_implementation () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff576834c in __pthread_kill_implementation () at /usr/lib/libc.so.6
#1  0x00007ffff571b4b8 in raise () at /usr/lib/libc.so.6
#2  0x00007ffff5705534 in abort () at /usr/lib/libc.so.6
#3  0x00007ffff575c397 in __libc_message () at /usr/lib/libc.so.6
#4  0x00007ffff577233c in  () at /usr/lib/libc.so.6
#5  0x00007ffff57768cc in  () at /usr/lib/libc.so.6
#6  0x00007ffff5a9237d in operator new(unsigned long) (sz=sz@entry=8) at /usr/src/debug/gcc/libstdc++-v3/libsupc++/new_op.cc:50
#7  0x00007ffff7a5d218 in MyMoneyKeyValueContainer::MyMoneyKeyValueContainer(MyMoneyKeyValueContainer const&) (this=this@entry=0x55555df15e50, other=...)
    at /home/jeremy/data/devel/kde/src/extragear/office/kmymoney/kmymoney/mymoney/mymoneykeyvaluecontainer.cpp:29
#8  0x00007ffff7a68455 in MyMoneyTransaction::MyMoneyTransaction(MyMoneyTransaction const&) (this=this@entry=0x55555df15e40, other=...)
    at /home/jeremy/data/devel/kde/src/extragear/office/kmymoney/kmymoney/mymoney/mymoneytransaction.cpp:44
#9  0x00007ffff7aecbc8 in QList<MyMoneyTransaction>::node_construct(QList<MyMoneyTransaction>::Node*, MyMoneyTransaction const&) (this=0x7fffffffd0e0, t=..., n=0x55555df158a8)
    at /usr/include/qt/QtCore/qlist.h:465
#10 QList<MyMoneyTransaction>::append(MyMoneyTransaction const&) (this=this@entry=0x7fffffffd0e0, t=...) at /usr/include/qt/QtCore/qlist.h:634
#11 0x00007ffff7ae4425 in JournalModel::transactionList(QList<MyMoneyTransaction>&, MyMoneyTransactionFilter&) const (this=0x555555c36880, list=..., filter=...)
    at /usr/include/qt/QtCore/qsharedpointer_impl.h:301
#12 0x00007ffff7a28de0 in MyMoneyFile::transactionList(QList<MyMoneyTransaction>&, MyMoneyTransactionFilter&) const (this=<optimized out>, list=..., filter=...)
    at /home/jeremy/data/devel/kde/src/extragear/office/kmymoney/kmymoney/mymoney/mymoneyfile.cpp:2031
#13 0x00007fff8ab8a528 in MyMoneyStorageXML::writeTransactions(QDomElement&) (this=0x555558c05ba0, transactions=...)
    at /home/jeremy/data/devel/kde/src/extragear/office/kmymoney/kmymoney/plugins/xml/mymoneystoragexml.cpp:1851
#14 0x00007fff8ab7ef60 in MyMoneyStorageXML::writeFile(QIODevice*, MyMoneyFile*) (this=this@entry=0x555558c05ba0, qf=qf@entry=0x55555df03a00, file=<optimized out>)
    at /home/jeremy/data/devel/kde/src/extragear/office/kmymoney/kmymoney/plugins/xml/mymoneystoragexml.cpp:1623
#15 0x00007fff8ab75947 in XMLStorage::saveToLocalFile(QString const&, IMyMoneyOperationsFormat*, bool, QString const&)
     (this=0x5555562394f0, localFile=..., pWriter=0x555558c05ba0, plaintext=<optimized out>, keyList=...) at /home/jeremy/data/devel/kde/src/extragear/office/kmymoney/kmymoney/plugins/xml/xmlstorage.cpp:512

Today's testing is pointing to libalkimia. So I got that from git, built it and kmm crashes in the same way with it as it does with latest libalkimia from arch packages.

More interestingly I also get this segfault when I run make test in alkimia/build

Application: alkquoteitemtest (alkquoteitemtest), signal: Aborted

[KCrash Handler]
#4  0x00007f3c3848c36c in  () at /usr/lib/libc.so.6
#5  0x00007f3c3843c838 in raise () at /usr/lib/libc.so.6
#6  0x00007f3c38426535 in abort () at /usr/lib/libc.so.6
#7  0x00007f3c3848045e in  () at /usr/lib/libc.so.6
#8  0x00007f3c384960cc in  () at /usr/lib/libc.so.6
#9  0x00007f3c3849804a in  () at /usr/lib/libc.so.6
#10 0x00007f3c3849a8f3 in free () at /usr/lib/libc.so.6
#11 0x00007f3c42a3acd6 in __gmp_doprnt () at /usr/lib/libgmp.so.10
#12 0x00007f3c42a3c62d in __gmp_vasprintf () at /usr/lib/libgmp.so.10
#13 0x00007f3c42a3a2c5 in __gmp_asprintf () at /usr/lib/libgmp.so.10
#14 0x00007f3c42b13a22 in mpqToString(mpq_class const&) (val=...) at /home/jeremy/data/devel/kde/src/extragear/office/alkimia/src/alkvalue.cpp:39
#15 0x00007f3c42b14dec in AlkValue::toString() const (this=0x564bbd6af3d0) at /home/jeremy/data/devel/kde/src/extragear/office/alkimia/src/alkvalue.cpp:239
#16 0x0000564bbcba2da2 in operator<<(QDBusArgument&, AlkQuoteItem const&) (argument=..., item=...) at /home/jeremy/data/devel/kde/src/extragear/office/alkimia/src/alkquoteitem.cpp:192
#17 0x0000564bbcba0bb8 in AlkQuoteItemTest::qDbusArgument() (this=0x7fff3f6a0e60) at /home/jeremy/data/devel/kde/src/extragear/office/alkimia/autotests/alkquoteitemtest.cpp:160
#18 0x0000564bbcb9c86d in AlkQuoteItemTest::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0x7fff3f6a0e60, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0x7fff3f6a07b0) at /home/jeremy/data/devel/kde/src/extragear/office/alkimia/build/autotests/alkquoteitemtest_autogen/EWIEGA46WW/moc_alkquoteitemtest.cpp:93
#19 0x00007f3c38be74fe in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const () at /usr/lib/libQt5Core.so.5
#20 0x00007f3c42a75a5c in QTest::qRun() () at /usr/lib/libQt5Test.so.5
#21 0x00007f3c42a76c31 in QTest::qExec(QObject*, int, char**) () at /usr/lib/libQt5Test.so.5
#22 0x0000564bbcb9f130 in main(int, char**) (argc=1, argv=0x7fff3f6a0fa8) at /home/jeremy/data/devel/kde/src/extragear/office/alkimia/autotests/alkquoteitemtest.cpp:14
[Inferior 1 (process 1112390) detached]

Which looks like the same backtrace. AlkValue::toString() in some of the others from kmm itself. Seeing if I can find the cause in alkimia.

Ok, spent too long debugging and trying to get alkvaluetest to pass. Then at one point noticed the freefunc from mp_get_memory_functions() in alkvalue.cpp was the same as gnutls_free_zero So I checked pacman.log and yep, recently upgraded from gnutls 3.7.4-3 to 3.7.5. Downgraded back to 3.7.4-3 and alkvaluetest passes now... Seems something in gnutls arch package (or upstream in 3.7.5) broke alkimia. Will look into what could have caused that tomorrow. In the mean time downgrading gnutls seems to get kmm running again. Saving now working here, phew.

Problem found. It's because gnutls 3.7.5 is doing this:

commit 41c9c845a342359327403431050d3458246896af
Author: Tobias Heider <tobias.heider@canonical.com>
Date:   Mon Mar 14 16:17:28 2022 +0100

    Use custom allocators for GMP to make sure temporary secrets
    from cryptographic operations in nettle are deleted safely.
    
    Signed-off-by: Tobias Heider <tobias.heider@canonical.com>

Which sets the realloc and free functions, but not the malloc one...

Downgraded gnutls to 3.7.4-3 and confirm that save function is working again! Impressed by your persistence and knowledge, thanks

same problem: https://bugs.kde.org/show_bug.cgi?id=453857

happens with HCBI download  as well.

*** This bug has been marked as a duplicate of bug 453857 ***

Really nice find. Thanks for also following up in the GnuTLS Repo https://gitlab.com/gnutls/gnutls/-/issues/1367.

*** Bug 454475 has been marked as a duplicate of this bug. ***

*** Bug 454477 has been marked as a duplicate of this bug. ***

*** Bug 454494 has been marked as a duplicate of this bug. ***

*** Bug 454529 has been marked as a duplicate of this bug. ***

Solved, updated gnutls 3.7.5-1 to 3.7.5-2 on EndeavourOS

*** Bug 454557 has been marked as a duplicate of this bug. ***

*** Bug 454824 has been marked as a duplicate of this bug. ***

*** Bug 455072 has been marked as a duplicate of this bug. ***