Garbage collector can crash the QML Debugger

Code

import QtQuick 2.15
import QtQuick.Window 2.15

Window {
    id: root
    width: 640
    height: 480
    visible: true

    property int iteration: 0
    Component {
        id: comp
        MyLargeObject {
            // Note: Putting many many property bindings in the object will
            // help to auto-trigger the garbage collector sooner
            Component.onDestruction: console.log("Object destroyed")
        }
    }

    Timer {
        interval: 100
        repeat: true
        running: true
        onTriggered: {
            console.log("Iteration", ++iteration)
            comp.createObject()
        }
    }
}

Steps to reproduce

1. Build the attached project in Debug mode
2. Run the application through the QML Debugger (in Qt Creator, click "Debug" > "Start Debugging" > "Start Debugging of Startup Project")
3. Watch the console output and wait for the garbage collector to activate (you should see a bunch of "Object destroyed" messages in stdout within ~20 iterations)

If the garbage collector has activated multiple times but you still don't get a crash, try the following steps:

1. Drag the app window around by its title bar
2. Close the app window to quit
3. Restart the debugger and repeat the test

Outcomes

The steps above should trigger an assertion or a segfault. Sample messages from Qt 6.5.2:

ASSERT: "c->sender == q_ptr" in file C:\Users\qt\work\qt\qtbase\src\corelib\kernel\qobject.cpp, line 305 C:\Users\qt\work\qt\qtbase\src\corelib\kernel\qobject.cpp: 305

Exception at 0x7ffed2df7e60, code: 0xc0000005: read access violation at: 0xffffffffffffffff, flags=0x0 (first chance) in Qt6Qmld!QV4::Value::fromHeapObject

(While trying to create and simplify the reproducer, the exact crash toggled between the two)

Notes

• The same test doesn't trigger a crash if the QML Debugger is not attached
• The crash does not occur if the garbage collector doesn't delete the objects (for example, if we give the objects a parent: `comp.createObject(root)`)