QWaylandViewPrivate::markSurfaceAsDestroyed() emits the surfaceDestroyed() signal after dereferencing the current buffer. This means that the buffer may be deleted before the compositor has a chance to call setBufferLocked. This causes an invalid memory read (and potential crash) in the close animation of the qwindow-compositor example.

Note that this is harder to reproduce after https://codereview.qt-project.org/#/c/224283/ since textures aren't deleted immediately.