Bug 490220

Summary:	Digikam crashes after a random duration during library scan
Product:	[Applications] digikam	Reporter:	Ashley <kdebugs>
Component:	Database-Scan	Assignee:	Digikam Developers <digikam-bugs-null>
Status:	RESOLVED FIXED
Severity:	crash	CC:	metzpinguin
Priority:	NOR
Version First Reported In:	8.3.0
Target Milestone:	---
Platform:	Microsoft Windows
OS:	Microsoft Windows
Latest Commit:		Version Fixed/Implemented In:	8.5.0
Sentry Crash Report:
Attachments:	WER crash report files

Description Ashley 2024-07-13 10:34:47 UTC

SUMMARY
Repeatable but random time to crash when attempting to scan a large library as part of a first scan.

STEPS TO REPRODUCE
1. Have a photo library of about 4,828,170 images & video (2.2TB on disk)
2. Add this library to digikam and let it do the first scan
3. Wait anything between 150 seconds to 3 hours and digikam eventually crashes (the duration of successful running is literally random, sometimes it'll crash out of the gate and sometimes it'll run for a good few hours)

OBSERVED RESULT
This is where it gets weird. Looking at the bug reporting page, I nabbed debugview and ran it in conjunction with digikam. So I know a few things:
1. Digikam is otherwise working fine scanning the library up until it crashes
2. **Digikam reports no errors into debugview when it crashes** (the log just... stops...)
3. Digikam does at least resume where it left off after the crash when you relaunch it

EXPECTED RESULT
Ideally not a crash!

SOFTWARE/OS VERSIONS
Windows: 10 Pro
KDE Plasma Version: (The about dialog doesn't list this?)
KDE Frameworks Version: 5.248.0
Qt Version: 6.6.1 (built against 6.6.1)
Build date: 2024-03-14 5:11 PM (target: RelWithDebInfo)
Revision: 9e9222fa4002acf2fcca6741b79260f01817eb30
Branch: HEAD

ADDITIONAL INFORMATION
Windows Event log reports this for the crash:
Faulting application name: digikam.exe, version: 8.3.0.0, time stamp: 0x65f328ef
Faulting module name: Qt6Core.dll, version: 6.6.1.0, time stamp: 0x658eeb00
Exception code: 0xc0000005
Fault offset: 0x00000000002be3b0
Faulting process id: 0x2fec
Faulting application start time: 0x01dad4d86d86c268
Faulting application path: C:\Program Files\digiKam\digikam.exe
Faulting module path: C:\Program Files\digiKam\Qt6Core.dll
Report Id: fe34bc80-ff75-4bbf-8c3a-ed32cafd79c0
Faulting package full name:
Faulting package-relative application ID:

Alas, I'll have to try collect a fresh WER dump, as the crash at 4am this morning (because this scan will take a long time!) has no WER files. Frustratingly.

Comment 1 Ashley 2024-07-13 13:41:41 UTC

Ok, so managed to snag the WER files, they're attached, but here's the debugger on the dmp file:


************* Preparing the environment for Debugger Extensions Gallery repositories **************
   ExtensionRepository : Implicit
   UseExperimentalFeatureForNugetShare : true
   AllowNugetExeUpdate : true
   NonInteractiveNuget : true
   AllowNugetMSCredentialProviderInstall : true
   AllowParallelInitializationOfLocalRepositories : true

   EnableRedirectToV8JsProvider : false

   -- Configuring repositories
      ----> Repository : LocalInstalled, Enabled: true
      ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.156 seconds
   ----> Repository : UserExtensions, Enabled: true, Packages count: 0
   ----> Repository : LocalInstalled, Enabled: true, Packages count: 29

Microsoft (R) Windows Debugger Version 10.0.26100.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\debug\WERBD8C.tmp.dmp]
User Mini Triage Dump File: Only registers, stack and portions of memory are available
--------------------------------
  The user dump currently examined is a triage dump. Consequently, only a subset of debugger
  functionality will be available. If needed, please collect a minidump or a heap dump.
      To create a mini user dump use the command: .dump /m <filename>
      To create a full user dump use the command: .dump /ma <filename>

  Triage dumps have certain values on the stack and in the register contexts overwritten with
  pattern 0xAAAAAAAA. If you see this value
      1. the original value was not NULL
      2. the original value was not a direct pointer to a loaded or unloaded image
      3. the original value did not point to an object whose VFT points to a loaded or
         unloaded image (indirect pointer)
      4. the original value did not point to the stack itself or any memory area added to
         the dump (TEB, PEB, memory for CLR stackwalk or exceptions, etc.)
      5. the original value was not a valid handle value
--------------------------------

Symbol search path is: srv*
Executable search path is: 
Windows 10 Version 19045 MP (16 procs) Free x64
Product: WinNt, suite: SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Debug session time: Sat Jul 13 12:10:06.000 2024 (UTC + 1:00)
System Uptime: not available
Process Uptime: 0 days 1:28:17.000
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
..............................................
Loading unloaded module list
.............................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(8c8.3dbc): Access violation - code c0000005 (first/second chance not available)
For analysis of this file, run !analyze -v
ntdll!NtWaitForMultipleObjects+0x14:
00007ff8`0b92e0b4 c3              ret
0:178> !analyze -v

*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** WARNING: Unable to verify timestamp for DImg_JPEG_Plugin.dll

PROCESS_NAME:  digikam.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

SYMBOL_NAME:  Qt6Core+2be3b0

MODULE_NAME: Qt6Core

IMAGE_NAME:  Qt6Core.dll

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_Qt6Core.dll!Unknown

FAILURE_ID_HASH:  {11f85110-02eb-30ad-d320-ae4675a7890a}

Followup:     MachineOwner
---------

*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


KEY_VALUES_STRING: 1

    Key  : AV.Fault
    Value: Read

    Key  : Analysis.CPU.mSec
    Value: 468

    Key  : Analysis.Elapsed.mSec
    Value: 514

    Key  : Analysis.IO.Other.Mb
    Value: 38

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 48

    Key  : Analysis.Init.CPU.mSec
    Value: 686

    Key  : Analysis.Init.Elapsed.mSec
    Value: 108833

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 129

    Key  : Failure.Bucket
    Value: INVALID_POINTER_READ_c0000005_Qt6Core.dll!Unknown

    Key  : Failure.Hash
    Value: {11f85110-02eb-30ad-d320-ae4675a7890a}

    Key  : Timeline.Process.Start.DeltaSec
    Value: 5297

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Version
    Value: 10.0.19041.1

    Key  : WER.Process.Version
    Value: 74.1.0.0


FILE_IN_CAB:  WERBD8C.tmp.dmp

NTGLOBALFLAG:  0

CONTEXT:  (.ecxr)
rax=002f3bb0002f4f5b rbx=000000ffe8c9efc0 rcx=0000020bab730000
rdx=000000ffe8c9efc0 rsi=000000ffe8c9e058 rdi=00000000ffffffff
rip=00007fffb9c9e3b0 rsp=000000ffe8c9d718 rbp=000000ffe8c9e050
 r8=0000000000000103  r9=0000000019930520 r10=000000ffe8c9d7d0
r11=00007ff801550000 r12=000000ffe8c9da30 r13=00000000ffffffff
r14=000000ffe8c9e098 r15=00007fff88f77c16
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
Qt6Core+0x2be3b0:
00007fff`b9c9e3b0 ffe0            jmp     rax {002f3bb0`002f4f5b}
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007fffb9c9e3b0 (Qt6Core+0x00000000002be3b0)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

PROCESS_NAME:  digikam.exe

READ_ADDRESS:  ffffffffffffffff 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

STACK_TEXT:  
000000ff`e8c9d718 00007fff`b9ac02b3     : aaaaaaaa`aaaaaaaa 00007ff8`0155350f aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : Qt6Core+0x2be3b0
000000ff`e8c9d720 aaaaaaaa`aaaaaaaa     : 00007ff8`0155350f aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa 000000ff`e8c9d840 : Qt6Core+0xe02b3
000000ff`e8c9d728 00007ff8`0155350f     : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa 000000ff`e8c9d840 00007ff8`015510ea : 0xaaaaaaaa`aaaaaaaa
000000ff`e8c9d730 00007ff8`01552d00     : 00007fff`88f6b064 000000ff`e8c9e980 000000ff`e8c9efc0 aaaaaaaa`aaaaaaaa : VCRUNTIME140_1!__vcrt_getptdbase+0x13
000000ff`e8c9d780 00007ff8`015521e9     : 000000ff`e8c9e740 000000ff`e8c9e050 00000000`00000000 000000ff`e8c9da00 : VCRUNTIME140_1!__FrameHandler4::FrameUnwindToState+0x288
000000ff`e8c9d8c0 00007ff8`0155237a     : 00007fff`88f66447 000000ff`e8c9e740 000000ff`e8c9dae0 aaaaaaaa`aaaaaaaa : VCRUNTIME140_1!__InternalCxxFrameHandler<__FrameHandler4>+0x139
000000ff`e8c9d960 00007ff8`01554159     : 00007fff`88f66447 000000ff`e8c9e740 000000ff`e8c9dae0 000000ff`e8c9e050 : VCRUNTIME140_1!__InternalCxxFrameHandlerWrapper<__FrameHandler4>+0x3e
000000ff`e8c9d9c0 00007fff`88f6b9e8     : 000000ff`e8c9e980 00007fff`88f77c00 000000ff`e8c9e740 000000ff`e8c9e980 : VCRUNTIME140_1!__CxxFrameHandler4+0xa9
000000ff`e8c9da30 000000ff`e8c9e980     : 00007fff`88f77c00 000000ff`e8c9e740 000000ff`e8c9e980 000000ff`e8c9e740 : DImg_JPEG_Plugin+0xb9e8
000000ff`e8c9da38 00007fff`88f77c00     : 000000ff`e8c9e740 000000ff`e8c9e980 000000ff`e8c9e740 00007ff8`0b9329af : 0x000000ff`e8c9e980
000000ff`e8c9da40 000000ff`e8c9e740     : 000000ff`e8c9e980 000000ff`e8c9e740 00007ff8`0b9329af aaaaaaaa`aaaaaaaa : DImg_JPEG_Plugin+0x17c00
000000ff`e8c9da48 000000ff`e8c9e980     : 000000ff`e8c9e740 00007ff8`0b9329af aaaaaaaa`aaaaaaaa 000000ff`e8c9dfe0 : 0x000000ff`e8c9e740
000000ff`e8c9da50 000000ff`e8c9e740     : 00007ff8`0b9329af aaaaaaaa`aaaaaaaa 000000ff`e8c9dfe0 aaaaaaaa`aaaaaaaa : 0x000000ff`e8c9e980
000000ff`e8c9da58 00007ff8`0b9329af     : aaaaaaaa`aaaaaaaa 000000ff`e8c9dfe0 aaaaaaaa`aaaaaaaa 000000ff`e8c9dae0 : 0x000000ff`e8c9e740
000000ff`e8c9da60 00007ff8`0b8c0939     : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa 00007fff`88f66c64 00007fff`88f7b3c0 : ntdll!RtlpExecuteHandlerForUnwind+0xf
000000ff`e8c9da90 00000000`00000000     : 000000ff`e8c9ec80 00007fff`c8c9d559 000000ff`e8c9ea80 0000020b`cc1788e0 : ntdll!RtlUnwindEx+0x339


SYMBOL_NAME:  Qt6Core+2be3b0

MODULE_NAME: Qt6Core

IMAGE_NAME:  Qt6Core.dll

STACK_COMMAND:  ~178s; .ecxr ; kb

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_Qt6Core.dll!Unknown

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

IMAGE_VERSION:  6.6.1.0

FAILURE_ID_HASH:  {11f85110-02eb-30ad-d320-ae4675a7890a}

Followup:     MachineOwner
---------

Comment 2 Ashley 2024-07-13 13:42:18 UTC

Created attachment 171634 [details]
WER crash report files

Comment 3 Maik Qualmann 2024-07-13 21:19:28 UTC

The Windows debugger log doesn't give much information. I see a message about our JPEG loader, it might crash if there is a broken JPEG image. We fixed the error handling under Windows in digiKam-8.4.0. Please test it with digiKam-8.4.0 from here:

https://files.kde.org/digikam/

Maik

Comment 4 Ashley 2024-07-14 10:08:36 UTC

8.4 seems to have resolved this for me, so your assessment of broken JPEG images must've been spot on. I'm happy for it to be marked as resolved (I'll let the team do that in case there's any extra things required to mark it as resolved!)

Comment 5 Maik Qualmann 2024-07-14 10:15:10 UTC

Thanks for the feedback. It doesn't necessarily have to be a "broken" JPEG image, Samsung uses a format that adds a short video after the image data for moving images. This also leads to an exception in libjpeg, which is now caught correctly.

Maik