Bug 467297 - kwin_wayland crashes when adding sufficient many (horizontally tiled) tiles
Summary: kwin_wayland crashes when adding sufficient many (horizontally tiled) tiles
Status: REPORTED
Alias: None
Product: kwin
Classification: Plasma
Component: Custom Tiling (show other bugs)
Version: 5.27.2
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: KWin default assignee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-13 20:14 UTC by postix
Modified: 2023-03-13 21:41 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description postix 2023-03-13 20:14:47 UTC 
STEPS TO REPRODUCE
1. Open the tiling editor (Meta + T)
2. Keep tiling horizontally (10-20 times)
3. Try to interact with those tiles

OBSERVED RESULT

The system freezes and finally kwin_wayland crashes and recovers itself. All apps etc. are terminated however.
This issue can be reproduced always.

```
(gdb) bt full
#0  0x00007f2992088bc6 in QQuickItem::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at .moc/moc_qquickitem.cpp:931
        _t = <optimized out>
        _v = 0x7f293cebfef0
#1  0x00007f2992089953 in QQuickItem::qt_metacall(QMetaObject::Call, int, void**) (this=this@entry=0x55a0cdec2ba0, _c=_c@entry=QMetaObject::ReadProperty, _id=12, _a=_a@entry=0x7fff94314230) at .moc/moc_qquickitem.cpp:1048
#2  0x00007f295a395045 in QQuickLayout::qt_metacall(QMetaObject::Call, int, void**) (this=this@entry=0x55a0cdec2ba0, _c=_c@entry=QMetaObject::ReadProperty, _id=<optimized out>, _a=_a@entry=0x7fff94314230) at .moc/moc_qquicklayout_p.cpp:132
#3  0x00007f295a38de05 in QQuickGridLayoutBase::qt_metacall(QMetaObject::Call, int, void**) (this=this@entry=0x55a0cdec2ba0, _c=_c@entry=QMetaObject::ReadProperty, _id=<optimized out>, _a=_a@entry=0x7fff94314230) at .moc/moc_qquicklinearlayout_p.cpp:158
#4  0x00007f295a38dea5 in QQuickGridLayout::qt_metacall(QMetaObject::Call, int, void**) (this=0x55a0cdec2ba0, _c=QMetaObject::ReadProperty, _id=<optimized out>, _a=0x7fff94314230) at .moc/moc_qquicklinearlayout_p.cpp:394
#5  0x00007f2991b05b34 in QV4::QmlListWrapper::create(QV4::ExecutionEngine*, QObject*, int, int) (engine=0x55a0c7dce9e0, object=0x55a0cdec2ba0, propId=13, propType=1324) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/qml/qqmllistwrapper.cpp:80
        scope = {engine = 0x55a0c7dce9e0, mark = 0x7f293d0276d8}
        r = {ptr = 0x7f293d0276d8}
        args = {0x7f293cebfef0, 0x0}
#6  0x00007f29919b8499 in loadProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData const&) (v4=0x55a0c7dce9e0, object=0x55a0cdec2ba0, property=...) at ../../include/QtQml/5.15.8/QtQml/private/../../../../../../src/qml/qml/qqmlpropertydata_p.h:284
        scope = {engine = 0x55a0c7dce9e0, mark = 0x7f293d0276d8}
#7  0x00007f2991995ff6 in QV4::QObjectWrapper::lookupGetterImpl<QV4::QQmlContextWrapper::lookupScopeObjectProperty(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value*)::<lambda()> >
    (useOriginalProperty=true, revertLookup=..., object=<optimized out>, engine=0x55a0c7dce9e0, lookup=0x55a0c7dad1a0) at ../../include/QtQml/5.15.8/QtQml/private/../../../../../../src/qml/jsruntime/qv4qobjectwrapper_p.h:262
        o = <optimized out>
        This = <optimized out>
        qobj = <optimized out>
        ddata = <optimized out>
        property = <optimized out>
        scope = {engine = 0x55a0c7dce9e0, mark = 0x7f293d0276c8}
        qmlContext = {ptr = <optimized out>}
        scopeObject = <optimized out>
        revertLookup = {__l = <optimized out>, __engine = <optimized out>, __base = <optimized out>}
        obj = {ptr = <optimized out>}
#8  QV4::QQmlContextWrapper::lookupScopeObjectProperty(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value*) (l=0x55a0c7dad1a0, engine=0x55a0c7dce9e0, base=0x0) at /usr/src/debug/qtdeclarative-everywhere-src-5.15.8+kde22/src/qml/jsruntime/qv4qmlcontext.cpp:562
        scope = {engine = 0x55a0c7dce9e0, mark = 0x7f293d0276c8}
        qmlContext = {ptr = <optimized out>}
        scopeObject = <optimized out>
        revertLookup = {__l = <optimized out>, __engine = <optimized out>, __base = <optimized out>}
        obj = {ptr = <optimized out>}
#9  0x00007f2946459a27 in  ()
#10 0x0000000000000000 in  ()
```

```
 list
926             case 7: *reinterpret_cast< qreal*>(_v) = _t->width(); break;
927             case 8: *reinterpret_cast< qreal*>(_v) = _t->height(); break;
928             case 9: *reinterpret_cast< qreal*>(_v) = _t->opacity(); break;
929             case 10: *reinterpret_cast< bool*>(_v) = _t->isEnabled(); break;
930             case 11: *reinterpret_cast< bool*>(_v) = _t->isVisible(); break;
931             case 12: *reinterpret_cast< QQmlListProperty<QQuickItem>*>(_v) = _t->QQuickItem::d_func()->visibleChildren(); break;
932             case 13: *reinterpret_cast< QQmlListProperty<QQuickState>*>(_v) = _t->QQuickItem::d_func()->states(); break;
933             case 14: *reinterpret_cast< QQmlListProperty<QQuickTransition>*>(_v) = _t->QQuickItem::d_func()->transitions(); break;
934             case 15: *reinterpret_cast< QString*>(_v) = _t->state(); break;
935             case 16: *reinterpret_cast< QRectF*>(_v) = _t->childrenRect(); break;
```

EXPECTED RESULT
1. Cap the maximum number of tiles to some sane value :)
2. Don't crash


SOFTWARE/OS VERSIONS
Operating System: openSUSE Tumbleweed 20230312
KDE Plasma Version: 5.27.2
KDE Frameworks Version: 5.104.0
Qt Version: 5.15.8
Kernel Version: 6.2.2-1-default (64-bit)
Graphics Platform: Wayland
Graphics Processor: AMD Radeon RX 580 Series
Comment 1 postix 2023-03-13 20:17:54 UTC 
The stack trace is also always the same. Looks rather like a Qt bug?