Bug 500263

Summary: Breeze style possibly make Wireshark crash on exit
Product: [Plasma] Breeze Reporter: BryanLiang <liangrui.ch>
Component: generalAssignee: Plasma Bugs List <plasma-bugs-null>
Status: RESOLVED DOWNSTREAM    
Severity: crash CC: kde, nate, oguilherme, uhhadd
Priority: NOR    
Version First Reported In: 6.3.0   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description BryanLiang 2025-02-17 14:51:50 UTC 
SUMMARY

Related bug link at Wireshark side: https://gitlab.com/wireshark/wireshark/-/issues/20370

I meet this bug about two weeks ago, however after I upgrade to Plasma 6.3.0. The crash still happens. I'm not sure if it is a bug in Breeze or Wireshark.

STEPS TO REPRODUCE
1. Launch Wireshark
2. Select an interface in the welcome screen.
3. Exit

OBSERVED RESULT
Wireshark crashed with SIGSEGV signal.

EXPECTED RESULT
Wireshark exit normally.


SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 6.3.0
KDE Frameworks Version: 6.10.0
Qt Version: 6.8.2
Kernel Version: 6.6.72-x64v3-xanmod1-1-lts (64-bit)
Graphics Platform: Wayland
Processors: 16 × AMD Ryzen 7 5800H with Radeon Graphics
Memory: 13.5 GiB of RAM
Graphics Processor: AMD Radeon Graphics


ADDITIONAL INFORMATION
Here is the stack trace of the core dump file two weeks ago: https://0x0.st/8NCD.txt

Here is the stack trace of the core dump today: https://0x0.st/8NC5.txt
Comment 1 David Redondo 2025-02-18 10:13:17 UTC 
I can reproduce with a similar trace.
Comment 2 David Redondo 2025-02-18 10:18:14 UTC 
=================================================================
==35110==ERROR: AddressSanitizer: heap-use-after-free on address 0x519000304390 at pc 0x7815afefb42e bp 0x7ffff8c0e140 sp 0x7ffff8c0d8e8
READ of size 280 at 0x519000304390 thread T0
    #0 0x7815afefb42d in memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
    #1 0x7815ae797f7e in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29
    #2 0x7815ae797f7e in QtPrivate::QPodArrayOps<QAbstractAnimation*>::copyAppend(QAbstractAnimation* const*, QAbstractAnimation* const*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:65
    #3 0x7815ae797f7e in QtPrivate::QPodArrayOps<QAbstractAnimation*>::copyAppend(QAbstractAnimation* const*, QAbstractAnimation* const*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:55
    #4 0x7815ae797f7e in QArrayDataPointer<QAbstractAnimation*>::reallocateAndGrow(QArrayData::GrowthPosition, long long, QArrayDataPointer<QAbstractAnimation*>*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:241
    #5 0x7815ae9a2676 in QArrayDataPointer<QAbstractAnimation*>::detach(QArrayDataPointer<QAbstractAnimation*>*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:145
    #6 0x7815ae9a2676 in QList<QAbstractAnimation*>::remove(long long, long long) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:815
    #7 0x7815ae9a2676 in QList<QAbstractAnimation*>::remove(long long, long long) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:807
    #8 0x7815ae9a2676 in QList<QAbstractAnimation*>::erase(QList<QAbstractAnimation*>::const_iterator, QList<QAbstractAnimation*>::const_iterator) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:910
    #9 0x7815ae9a2676 in QList<QAbstractAnimation*>::erase(QList<QAbstractAnimation*>::const_iterator) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:655
    #10 0x7815ae9a2676 in auto QtPrivate::sequential_erase_one<QList<QAbstractAnimation*>, QAbstractAnimation*>(QList<QAbstractAnimation*>&, QAbstractAnimation* const&) [clone .isra.0] /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qcontainertools_impl.h:393
    #11 0x7815ae76a556 in bool QList<QAbstractAnimation*>::removeOne<QAbstractAnimation*>(QAbstractAnimation* const&) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:613
    #12 0x7815ae76a556 in QAnimationTimer::unregisterAnimation(QAbstractAnimation*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:665
    #13 0x7815ae76d1d3 in QAbstractAnimationPrivate::setState(QAbstractAnimation::State) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:941
    #14 0x7815ae79822d in QPropertyAnimationPrivate::targetObjectDestroyed() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qpropertyanimation_p.h:42
    #15 0x7815ae79822d in operator() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qpropertyanimation.cpp:180
    #16 0x7815ae79822d in operator() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:141
    #17 0x7815ae79822d in call_internal<void, QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, QPropertyAnimation::setTargetObject(QObject*)::<lambda()> >::call(QPropertyAnimation::setTargetObject(QObject*)::<lambda()>&, void**)::<lambda()> > /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:65
    #18 0x7815ae79822d in call /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:140
    #19 0x7815ae79822d in call<QtPrivate::List<>, void> /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:362
    #20 0x7815ae79822d in impl /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:572
    #21 0x7815ae8763e8 in QtPrivate::QSlotObjectBase::call(QObject*, void**) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:486
    #22 0x7815ae8763e8 in void doActivate<false>(QObject*, int, void**) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:4115
    #23 0x7815ae8170d0 in QObject::destroyed(QObject*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/obj-x86_64-linux-gnu/src/corelib/kernel/moc_qobject.cpp:230
    #24 0x7815ae808179 in QObject::~QObject() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:1040
    #25 0x781586fa607c  (/usr/lib/x86_64-linux-gnu/qt6/plugins/styles/breeze6.so+0x2607c) (BuildId: 54739c10a5de8f33753034deb3165a9fc59d9c90)
    #26 0x7815ae80364b in QObject::event(QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:1403
    #27 0x7815afa01157 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qapplication.cpp:3296
    #28 0x7815ae8aef9f in QCoreApplication::notifyInternal2(QObject*, QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1172
    #29 0x7815ae8af9fc in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1946
    #30 0x7815ae9a4b1c in operator() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:403
    #31 0x7815ae9a4b1c in void (anonymous namespace)::terminate_on_exception<QThreadPrivate::finish()::{lambda()#1}>(QThreadPrivate::finish()::{lambda()#1}&&) [clone .isra.0] /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:311
    #32 0x7815ae7862eb in QThreadPrivate::finish() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:386
    #33 0x7815ae7862eb in destroy_current_thread_data /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:130
    #34 0x7815a5047381 in __cxa_finalize stdlib/cxa_finalize.c:82
    #35 0x7815ae64c3c6  (/lib/x86_64-linux-gnu/libQt6Core.so.6+0x24c3c6) (BuildId: 2f94ac32a582542c9bca8bdd418f681d97c29195)

0x519000304390 is located 16 bytes inside of 1024-byte region [0x519000304380,0x519000304780)
freed by thread T0 here:
    #0 0x7815afefc4d8 in free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
    #1 0x7815ae78d6a0 in QArrayDataPointer<QAbstractAnimation*>::~QArrayDataPointer() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:110
    #2 0x7815ae78d6a0 in QList<QAbstractAnimation*>::~QList() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:83
    #3 0x7815ae78d6a0 in QAnimationTimer::~QAnimationTimer() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:523
    #4 0x7815ae78d6a0 in QAnimationTimer::~QAnimationTimer() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:523
    #5 0x7815ae78d6a0 in std::default_delete<QAnimationTimer>::operator()(QAnimationTimer*) const /usr/include/c++/13/bits/unique_ptr.h:99
    #6 0x7815ae78d6a0 in std::unique_ptr<QAnimationTimer, std::default_delete<QAnimationTimer> >::~unique_ptr() /usr/include/c++/13/bits/unique_ptr.h:404
    #7 0x7815a504772e in __GI___call_tls_dtors stdlib/cxa_thread_atexit_impl.c:156
    #8 0x7815a5047b69 in __run_exit_handlers stdlib/exit.c:41
    #9 0x7815a5047bbd in __GI_exit stdlib/exit.c:138
    #10 0x5efa51fdef77  (/usr/bin/wireshark+0x2f9f77) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
    #11 0x5efa51e2aebb in main (/usr/bin/wireshark+0x145ebb) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
    #12 0x7815a502a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #13 0x7815a502a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #14 0x5efa51e2e454  (/usr/bin/wireshark+0x149454) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)

previously allocated by thread T0 here:
    #0 0x7815afefc778 in realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:85
    #1 0x7815ae7da8cb in QArrayData::reallocateUnaligned(QArrayData*, void*, long long, long long, QArrayData::AllocationOption) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydata.cpp:244
    #2 0x7815ae79811c in QTypedArrayData<QAbstractAnimation*>::reallocateUnaligned(QTypedArrayData<QAbstractAnimation*>*, QAbstractAnimation**, long long, QArrayData::AllocationOption) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydata.h:155
    #3 0x7815ae79811c in QtPrivate::QPodArrayOps<QAbstractAnimation*>::reallocate(long long, QArrayData::AllocationOption) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:275
    #4 0x7815ae79811c in QArrayDataPointer<QAbstractAnimation*>::reallocateAndGrow(QArrayData::GrowthPosition, long long, QArrayDataPointer<QAbstractAnimation*>*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:223
    #5 0x7815ae79b76f in QArrayDataPointer<QAbstractAnimation*>::detachAndGrow(QArrayData::GrowthPosition, long long, QAbstractAnimation* const**, QArrayDataPointer<QAbstractAnimation*>*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:209
    #6 0x7815ae79b76f in void QtPrivate::QPodArrayOps<QAbstractAnimation*>::emplace<QAbstractAnimation*&>(long long, QAbstractAnimation*&) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:177
    #7 0x7815ae76d250 in QAbstractAnimation*& QList<QAbstractAnimation*>::emplaceBack<QAbstractAnimation*&>(QAbstractAnimation*&) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:897
    #8 0x7815ae76d250 in QList<QAbstractAnimation*>::append(QAbstractAnimation*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:471
    #9 0x7815ae76d250 in QList<QAbstractAnimation*>::operator<<(QAbstractAnimation*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:724
    #10 0x7815ae76d250 in QAnimationTimer::registerAnimation(QAbstractAnimation*, bool) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:633
    #11 0x7815ae76d250 in QAbstractAnimationPrivate::setState(QAbstractAnimation::State) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:943
    #12 0x781586fb639e  (/usr/lib/x86_64-linux-gnu/qt6/plugins/styles/breeze6.so+0x3639e) (BuildId: 54739c10a5de8f33753034deb3165a9fc59d9c90)
    #13 0x781586fb5ee2  (/usr/lib/x86_64-linux-gnu/qt6/plugins/styles/breeze6.so+0x35ee2) (BuildId: 54739c10a5de8f33753034deb3165a9fc59d9c90)
    #14 0x7815ae8aec97 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1309
    #15 0x7815afa01147 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qapplication.cpp:3290
    #16 0x7815ae8aef9f in QCoreApplication::notifyInternal2(QObject*, QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1172
    #17 0x7815afa37297 in QWidgetPrivate::setEnabled_helper(bool) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qwidget.cpp:3433
    #18 0x7815afa3739c in QWidgetPrivate::setEnabled_helper(bool) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qwidget.cpp:3410
    #19 0x5efa520d9167  (/usr/bin/wireshark+0x3f4167) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
    #20 0x7815ae876963 in void doActivate<false>(QObject*, int, void**) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:4127
    #21 0x5efa51fcb4d5  (/usr/bin/wireshark+0x2e64d5) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
    #22 0x5efa51e2b664 in main (/usr/bin/wireshark+0x146664) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
    #23 0x7815a502a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #24 0x7815a502a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #25 0x5efa51e2e454  (/usr/bin/wireshark+0x149454) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
Comment 3 David Redondo 2025-02-18 10:55:33 UTC 
Better log 

==40575==ERROR: AddressSanitizer: heap-use-after-free on address 0x5190002fb790 at pc 0x78e440cfb42e bp 0x7fff04237560 sp 0x7fff04236d08
READ of size 280 at 0x5190002fb790 thread T0
    #0 0x78e440cfb42d in memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
    #1 0x78e43f597f7e in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29
    #2 0x78e43f597f7e in QtPrivate::QPodArrayOps<QAbstractAnimation*>::copyAppend(QAbstractAnimation* const*, QAbstractAnimation* const*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:65
    #3 0x78e43f597f7e in QtPrivate::QPodArrayOps<QAbstractAnimation*>::copyAppend(QAbstractAnimation* const*, QAbstractAnimation* const*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:55
    #4 0x78e43f597f7e in QArrayDataPointer<QAbstractAnimation*>::reallocateAndGrow(QArrayData::GrowthPosition, long long, QArrayDataPointer<QAbstractAnimation*>*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:241
    #5 0x78e43f7a2676 in QArrayDataPointer<QAbstractAnimation*>::detach(QArrayDataPointer<QAbstractAnimation*>*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:145
    #6 0x78e43f7a2676 in QList<QAbstractAnimation*>::remove(long long, long long) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:815
    #7 0x78e43f7a2676 in QList<QAbstractAnimation*>::remove(long long, long long) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:807
    #8 0x78e43f7a2676 in QList<QAbstractAnimation*>::erase(QList<QAbstractAnimation*>::const_iterator, QList<QAbstractAnimation*>::const_iterator) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:910
    #9 0x78e43f7a2676 in QList<QAbstractAnimation*>::erase(QList<QAbstractAnimation*>::const_iterator) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:655
    #10 0x78e43f7a2676 in auto QtPrivate::sequential_erase_one<QList<QAbstractAnimation*>, QAbstractAnimation*>(QList<QAbstractAnimation*>&, QAbstractAnimation* const&) [clone .isra.0] /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qcontainertools_impl.h:393
    #11 0x78e43f56a556 in bool QList<QAbstractAnimation*>::removeOne<QAbstractAnimation*>(QAbstractAnimation* const&) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:613
    #12 0x78e43f56a556 in QAnimationTimer::unregisterAnimation(QAbstractAnimation*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:665
    #13 0x78e43f56d1d3 in QAbstractAnimationPrivate::setState(QAbstractAnimation::State) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:941
    #14 0x78e43f59822d in QPropertyAnimationPrivate::targetObjectDestroyed() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qpropertyanimation_p.h:42
    #15 0x78e43f59822d in operator() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qpropertyanimation.cpp:180
    #16 0x78e43f59822d in operator() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:141
    #17 0x78e43f59822d in call_internal<void, QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, QPropertyAnimation::setTargetObject(QObject*)::<lambda()> >::call(QPropertyAnimation::setTargetObject(QObject*)::<lambda()>&, void**)::<lambda()> > /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:65
    #18 0x78e43f59822d in call /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:140
    #19 0x78e43f59822d in call<QtPrivate::List<>, void> /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:362
    #20 0x78e43f59822d in impl /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:572
    #21 0x78e43f6763e8 in QtPrivate::QSlotObjectBase::call(QObject*, void**) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:486
    #22 0x78e43f6763e8 in void doActivate<false>(QObject*, int, void**) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:4115
    #23 0x78e43f6170d0 in QObject::destroyed(QObject*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/obj-x86_64-linux-gnu/src/corelib/kernel/moc_qobject.cpp:230
    #24 0x78e43f608179 in QObject::~QObject() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:1040
    #25 0x78e441374a29 in Breeze::AnimationData::~AnimationData() (/home/david/kde/usr/lib/x86_64-linux-gnu/plugins/styles/breeze6.so+0x2ca29) (BuildId: 4c976fbbcc9776822024bf84f7e648965a76d7ce)
    #26 0x78e441374c8d in Breeze::GenericData::~GenericData() (/home/david/kde/usr/lib/x86_64-linux-gnu/plugins/styles/breeze6.so+0x2cc8d) (BuildId: 4c976fbbcc9776822024bf84f7e648965a76d7ce)
    #27 0x78e441374ceb in Breeze::WidgetStateData::~WidgetStateData() (/home/david/kde/usr/lib/x86_64-linux-gnu/plugins/styles/breeze6.so+0x2cceb) (BuildId: 4c976fbbcc9776822024bf84f7e648965a76d7ce)
    #28 0x78e441376d2b in Breeze::EnableData::~EnableData() (/home/david/kde/usr/lib/x86_64-linux-gnu/plugins/styles/breeze6.so+0x2ed2b) (BuildId: 4c976fbbcc9776822024bf84f7e648965a76d7ce)
    #29 0x78e441376d4b in Breeze::EnableData::~EnableData() (/home/david/kde/usr/lib/x86_64-linux-gnu/plugins/styles/breeze6.so+0x2ed4b) (BuildId: 4c976fbbcc9776822024bf84f7e648965a76d7ce)
    #30 0x78e43f60364b in QObject::event(QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:1403
    #31 0x78e440801157 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qapplication.cpp:3296
    #32 0x78e43f6aef9f in QCoreApplication::notifyInternal2(QObject*, QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1172
    #33 0x78e43f6af9fc in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1946
    #34 0x78e43f7a4b1c in operator() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:403
    #35 0x78e43f7a4b1c in void (anonymous namespace)::terminate_on_exception<QThreadPrivate::finish()::{lambda()#1}>(QThreadPrivate::finish()::{lambda()#1}&&) [clone .isra.0] /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:311
    #36 0x78e43f5862eb in QThreadPrivate::finish() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:386
    #37 0x78e43f5862eb in destroy_current_thread_data /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:130
    #38 0x78e435e47381 in __cxa_finalize stdlib/cxa_finalize.c:82
    #39 0x78e43f44c3c6  (/lib/x86_64-linux-gnu/libQt6Core.so.6+0x24c3c6) (BuildId: 2f94ac32a582542c9bca8bdd418f681d97c29195)

0x5190002fb790 is located 16 bytes inside of 1024-byte region [0x5190002fb780,0x5190002fbb80)
freed by thread T0 here:
    #0 0x78e440cfc4d8 in free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
    #1 0x78e43f58d6a0 in QArrayDataPointer<QAbstractAnimation*>::~QArrayDataPointer() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:110
    #2 0x78e43f58d6a0 in QList<QAbstractAnimation*>::~QList() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:83
    #3 0x78e43f58d6a0 in QAnimationTimer::~QAnimationTimer() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:523
    #4 0x78e43f58d6a0 in QAnimationTimer::~QAnimationTimer() /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:523
    #5 0x78e43f58d6a0 in std::default_delete<QAnimationTimer>::operator()(QAnimationTimer*) const /usr/include/c++/13/bits/unique_ptr.h:99
    #6 0x78e43f58d6a0 in std::unique_ptr<QAnimationTimer, std::default_delete<QAnimationTimer> >::~unique_ptr() /usr/include/c++/13/bits/unique_ptr.h:404
    #7 0x78e435e4772e in __GI___call_tls_dtors stdlib/cxa_thread_atexit_impl.c:156
    #8 0x78e435e47b69 in __run_exit_handlers stdlib/exit.c:41
    #9 0x78e435e47bbd in __GI_exit stdlib/exit.c:138
    #10 0x5e5c2d410f77  (/usr/bin/wireshark+0x2f9f77) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
    #11 0x5e5c2d25cebb in main (/usr/bin/wireshark+0x145ebb) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
    #12 0x78e435e2a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #13 0x78e435e2a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #14 0x5e5c2d260454  (/usr/bin/wireshark+0x149454) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)

previously allocated by thread T0 here:
    #0 0x78e440cfc778 in realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:85
    #1 0x78e43f5da8cb in QArrayData::reallocateUnaligned(QArrayData*, void*, long long, long long, QArrayData::AllocationOption) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydata.cpp:244
    #2 0x78e43f59811c in QTypedArrayData<QAbstractAnimation*>::reallocateUnaligned(QTypedArrayData<QAbstractAnimation*>*, QAbstractAnimation**, long long, QArrayData::AllocationOption) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydata.h:155
    #3 0x78e43f59811c in QtPrivate::QPodArrayOps<QAbstractAnimation*>::reallocate(long long, QArrayData::AllocationOption) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:275
    #4 0x78e43f59811c in QArrayDataPointer<QAbstractAnimation*>::reallocateAndGrow(QArrayData::GrowthPosition, long long, QArrayDataPointer<QAbstractAnimation*>*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:223
    #5 0x78e43f59b76f in QArrayDataPointer<QAbstractAnimation*>::detachAndGrow(QArrayData::GrowthPosition, long long, QAbstractAnimation* const**, QArrayDataPointer<QAbstractAnimation*>*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:209
    #6 0x78e43f59b76f in void QtPrivate::QPodArrayOps<QAbstractAnimation*>::emplace<QAbstractAnimation*&>(long long, QAbstractAnimation*&) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:177
    #7 0x78e43f56d250 in QAbstractAnimation*& QList<QAbstractAnimation*>::emplaceBack<QAbstractAnimation*&>(QAbstractAnimation*&) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:897
    #8 0x78e43f56d250 in QList<QAbstractAnimation*>::append(QAbstractAnimation*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:471
    #9 0x78e43f56d250 in QList<QAbstractAnimation*>::operator<<(QAbstractAnimation*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:724
    #10 0x78e43f56d250 in QAnimationTimer::registerAnimation(QAbstractAnimation*, bool) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:633
    #11 0x78e43f56d250 in QAbstractAnimationPrivate::setState(QAbstractAnimation::State) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:943
    #12 0x78e4413a5337 in Breeze::WidgetStateData::updateState(bool) /home/david/kde/src/breeze/kstyle/animations/breezewidgetstatedata.cpp:26
    #13 0x78e4413954ec in Breeze::EnableData::eventFilter(QObject*, QEvent*) /home/david/kde/src/breeze/kstyle/animations/breezeenabledata.cpp:23
    #14 0x78e43f6aec97 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1309
    #15 0x78e440801147 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qapplication.cpp:3290
    #16 0x78e43f6aef9f in QCoreApplication::notifyInternal2(QObject*, QEvent*) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1172
    #17 0x78e440837297 in QWidgetPrivate::setEnabled_helper(bool) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qwidget.cpp:3433
    #18 0x78e44083739c in QWidgetPrivate::setEnabled_helper(bool) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qwidget.cpp:3410
    #19 0x5e5c2d50b167  (/usr/bin/wireshark+0x3f4167) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
    #20 0x78e43f676963 in void doActivate<false>(QObject*, int, void**) /usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:4127
    #21 0x5e5c2d3fd4d5  (/usr/bin/wireshark+0x2e64d5) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
    #22 0x5e5c2d25d664 in main (/usr/bin/wireshark+0x146664) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
    #23 0x78e435e2a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #24 0x78e435e2a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #25 0x5e5c2d260454  (/usr/bin/wireshark+0x149454) (BuildId: e056c582a81d23f71fd661ea41522dabc667ccb8)
Comment 4 David Redondo 2025-02-18 14:54:11 UTC 
I would say this is a wireshark bug.  It calls exit() instead of letting main finish, this skips the QApplication destructor. 
The reason this crashes only on breeze is that it deleteLater the animation data of widgets. Destroying animation data accesses the static thread_local  animation timer. 
When doing exit() this thread local is destroyed then the thread exit handler called which processes DeferredDeleteEvents a final time. Destroying the animation object tries to access the deleted static animation timer. 

Minimal reproducer:

#include <QApplication>
#include <QPushButton>
int main(int argc, char**argv)
{
    QApplication app(argc, argv);
    auto window = new QWidget;
    auto button = new QPushButton(window);
    QObject::connect(button, &QPushButton::clicked, &QCoreApplication::quit);
    window->show();
    app.exec();
    delete window;
    exit(0);
}

Clicking on the button crashes. 
The warnings like QThreadStorage: Thread 0x5020000060d0 exited after QThreadStorage 10 destroyed when closing via window decoration have the same reason. 

Wireshark just needs to return normally from main and let the QAppliciation destructor run to fix this. 

(Sidenote exiting while the app is running seems to be fine, just exiting when exec has already returned seems to be weird dont do this territory)
Comment 5 David Redondo 2025-05-20 08:42:33 UTC 
*** Bug 504548 has been marked as a duplicate of this bug. ***