I noticed this while working on T5836: Kleopatra: Optionally, delete private key locally after moving a key to a smartcard, but the crash is independent of my local changes. The crash may not be reproducible with a release build because the runtime aborts the process, e.g. with "malloc(): unaligned tcache chunk detected".
The root cause is "use after delete". It occurs with the KeyToCardCommand which is started by the lambda of an action of the context menu in the subkey dialog. This context menu is deleted when it's hidden. KeyToCardCommand's start opens a message box which triggers the hiding (and thus deletion) of the menu. When the message box is closed,
KeyToCardCommand's start returns to the deleted context menu.