STEPS TO REPRODUCE
1. Log into a Plasma 6 session (built from source from the commits immediately before the layer-shell porting)
2. Launch Firefox with Portal support enabled
3. Open a website with a "Choose file" button, like this bug report page
4. Click the button to show the portal-based file picker dialog
5. Choose a file and click OK in the dialog

OBSERVED RESULT
The file gets passes to the calling app, but xdg-desktop-portal-kde crashes. This is 100% reproducible for me.

EXPECTED RESULT
No crash

SOFTWARE/OS VERSIONS
Qt 6.4.3

ADDITIONAL INFORMATION
Crash backtrace:

#0  __GI___pthread_sigmask (how=1, newmask=<optimized out>, oldmask=0x0) at pthread_sigmask.c:43
Downloading source file /usr/src/debug/glibc-2.36-9.fc37.x86_64/nptl/pthread_sigmask.c
43        return (INTERNAL_SYSCALL_ERROR_P (result)                                                    
[Current thread is 1 (Thread 0x7f1661bafa80 (LWP 14047))]
(gdb) bt
#0  __GI___pthread_sigmask (how=1, newmask=<optimized out>, oldmask=0x0) at pthread_sigmask.c:43
#1  0x00007f166325fd1d in __GI___sigprocmask (how=<optimized out>, set=<optimized out>, 
    oset=<optimized out>) at ../sysdeps/unix/sysv/linux/sigprocmask.c:25
#2  0x00007f1663e45db8 in KCrash::setCrashHandler (handler=handler@entry=0x0)
    at /home/nate/kde/src/kcrash/src/kcrash.cpp:411
#3  0x00007f1663e4692d in KCrash::defaultCrashHandler (sig=11)
    at /home/nate/kde/src/kcrash/src/kcrash.cpp:615
#4  <signal handler called>
#5  0x00007f1667230a95 in wl_map_insert_at (map=map@entry=0x86fbc0, flags=flags@entry=1, i=33, 
    data=<optimized out>) at ../src/wayland-util.c:276
#6  0x00007f1667230bf3 in proxy_destroy (proxy=proxy@entry=0x9bc410) at ../src/wayland-client.c:510
#7  0x00007f1667232750 in wl_proxy_destroy_caller_locks (proxy=0x9bc410)
    at ../src/wayland-client.c:530
#8  wl_proxy_marshal_array_flags (proxy=proxy@entry=0x9bc410, opcode=opcode@entry=0, 
    interface=interface@entry=0x0, version=version@entry=4, flags=flags@entry=1, 
    args=args@entry=0x7ffce45a3b50) at ../src/wayland-client.c:868
#9  0x00007f1667233219 in wl_proxy_marshal_flags (proxy=0x9bc410, opcode=0, interface=0x0, version=4, 
    flags=1) at ../src/wayland-client.c:791
#10 0x00007f16672f4476 in wl_output_release (wl_output=0x9bc410)
    at /usr/include/wayland-client-protocol.h:5738
#11 KWayland::Client::WaylandPointer<wl_output, wl_output_release>::release (this=0x93bc50)
    at /home/nate/kde/src/kwayland/src/client/wayland_pointer_p.h:44
#12 KWayland::Client::Output::~Output (this=0x930970, __in_chrg=<optimized out>)
    at /home/nate/kde/src/kwayland/src/client/output.cpp:124
#13 0x00007f16672f4499 in KWayland::Client::Output::~Output (this=0x930970, __in_chrg=<optimized out>)
    at /home/nate/kde/src/kwayland/src/client/output.cpp:125
#14 0x00000000004bb9bb in QtSharedPointer::ExternalRefCountData::destroy (this=0x8df590)
    at /usr/include/qt6/QtCore/qsharedpointer_impl.h:114
#15 QSharedPointer<KWayland::Client::Output>::deref (dd=0x8df590)
    at /usr/include/qt6/QtCore/qsharedpointer_impl.h:445
#16 QSharedPointer<KWayland::Client::Output>::deref (dd=0x8df590)
    at /usr/include/qt6/QtCore/qsharedpointer_impl.h:441
#17 QSharedPointer<KWayland::Client::Output>::deref (this=0x9b0fa0)
    at /usr/include/qt6/QtCore/qsharedpointer_impl.h:440
#18 QSharedPointer<KWayland::Client::Output>::~QSharedPointer (this=0x9b0fa0, 
    __in_chrg=<optimized out>) at /usr/include/qt6/QtCore/qsharedpointer_impl.h:280
#19 ~<lambda> (this=0x9b0f90, __in_chrg=<optimized out>)
    at /home/nate/kde/src/xdg-desktop-portal-kde/src/waylandintegration.cpp:668
#20 QtPrivate::QFunctorSlotObject<WaylandIntegration::WaylandIntegrationPrivate::addOutput(quint32, quint32)::<lambda()>, 0, QtPrivate::List<>, void>::~QFunctorSlotObject (this=0x9b0f80, 
    __in_chrg=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:397
#21 QtPrivate::QFunctorSlotObject<WaylandIntegration::WaylandIntegrationPrivate::addOutput(quint32, quint32)::<lambda()>, 0, QtPrivate::List<>, void>::impl (which=0, r=<optimized out>, a=<optimized out>, 
    ret=<optimized out>, this_=0x9b0f80) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:405
#22 QtPrivate::QFunctorSlotObject<WaylandIntegration::WaylandIntegrationPrivate::addOutput(quint32, quint32)::<lambda()>, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized out>, this_=0x9b0f80, r=<optimized out>, a=<optimized out>, 
    ret=<optimized out>) at /usr/include/qt6/QtCore/qobjectdefs_impl.h:401
#23 0x00007f16639c5d2c in QtPrivate::QSlotObjectBase::destroyIfLastRef (this=0x9b0f80)
    at /usr/src/debug/qt6-qtbase-6.4.3-2.fc37.x86_64/src/corelib/kernel/qobjectdefs_impl.h:360
#24 QtPrivate::QSlotObjectBase::destroyIfLastRef (this=0x9b0f80)
    at /usr/src/debug/qt6-qtbase-6.4.3-2.fc37.x86_64/src/corelib/kernel/qobjectdefs_impl.h:359
#25 QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.4.3-2.fc37.x86_64/src/corelib/kernel/qobject.cpp:1086
#26 0x00000000004b7b6a in QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_globalWaylandIntegration>::~Holder (this=<optimized out>, __in_chrg=<optimized out>)
    at /usr/include/qt6/QtCore/qglobalstatic.h:43
#27 0x00007f16632620b5 in __run_exit_handlers (status=0, listp=0x7f16633f6840 <__exit_funcs>, 
    run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:113
#28 0x00007f1663262230 in __GI_exit (status=<optimized out>) at exit.c:143
#29 0x00007f166324a517 in __libc_start_call_main (main=main@entry=0x426300 <main(int, char**)>, 
    argc=argc@entry=1, argv=argv@entry=0x7ffce45a3f78) at ../sysdeps/nptl/libc_start_call_main.h:74
#30 0x00007f166324a5c9 in __libc_start_main_impl (main=0x426300 <main(int, char**)>, argc=1, 
    argv=0x7ffce45a3f78, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7ffce45a3f68) at ../csu/libc-start.c:381
#31 0x00000000004267b5 in _start ()