Bug 497163

Summary: Crash when viewing thumbnails
Product: [Applications] kphotoalbum Reporter: Stanislav <stankarpikov>
Component: generalAssignee: KPhotoAlbum Bugs <kpabugs>
Status: REPORTED ---    
Severity: crash CC: johannes, tl
Priority: NOR Keywords: drkonqi
Version: 5.12.0   
Target Milestone: ---   
Platform: Kubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Stanislav 2024-12-07 14:10:29 UTC
Application: kphotoalbum (5.12.0)

Qt Version: 5.15.13
Frameworks Version: 5.115.0
Operating System: Linux 6.8.0-49-generic x86_64
Windowing System: X11
Distribution: Ubuntu 24.04.1 LTS
DrKonqi: 5.27.11 [KCrashBackend]

-- Information about the crash:
It crashes after some time when I scroll through the thumbnails. It happens every time I use the program with my database after 5-10 minutes of scrolling, but doesn't depend on specific position or images that are shown.

The crash can be reproduced sometimes.

-- Backtrace:
Application: KPhotoAlbum (kphotoalbum), signal: Segmentation fault

[KCrash Handler]
#4  0x00005b16e28f82bb in ??? ()
#5  0x00005b16e28f854e in ??? ()
#6  0x00005b16e28f69ba in ??? ()
#7  0x00007ebd87d12e16 in ??? () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007ebd87d12dbf in ??? () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#9  0x00005b16e28781fb in ??? ()
#10 0x00007ebd87d12e16 in ??? () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#11 0x00007ebd87c3cb28 in QProcess::finished(int, QProcess::ExitStatus) () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x00007ebd87c428a3 in ??? () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007ebd87c429ed in ??? () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x00007ebd87d12dbf in ??? () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007ebd87d1654d in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#16 0x00007ebd87d16dcb in QSocketNotifier::event(QEvent*) () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007ebd8896bd45 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#18 0x00007ebd87cd8118 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#19 0x00007ebd87d35e9d in ??? () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007ebd861145b5 in ??? () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007ebd86173717 in ??? () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007ebd86113a53 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007ebd87d35279 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00007ebd87cd6a7b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x00007ebd87cdf3e8 in QCoreApplication::exec() () at /lib/x86_64-linux-gnu/libQt5Core.so.5
#26 0x00005b16e27c81b2 in ??? ()
#27 0x00007ebd8722a1ca in __libc_start_call_main (main=main@entry=0x5b16e27c5d20, argc=argc@entry=1, argv=argv@entry=0x7ffdef188568) at ../sysdeps/nptl/libc_start_call_main.h:58
#28 0x00007ebd8722a28b in __libc_start_main_impl (main=0x5b16e27c5d20, argc=1, argv=0x7ffdef188568, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffdef188558) at ../csu/libc-start.c:360
#29 0x00005b16e27c8f25 in ??? ()
[Inferior 1 (process 7397) detached]

The reporter indicates this bug may be a duplicate of or related to bug 247685.

Reported using DrKonqi
Comment 1 Tobias Leupold 2024-12-07 14:41:16 UTC
Thanks for your report!

I can't see any hint where this crash happens in that backtrace … could you compile a build with debugging symbols and run it an a debugger (gdb)? If it crashes there, the backtrace should be more informative.

Apart from that, I would propose is to try if it happens with git master (which links against Qt 6).
Comment 2 Johannes Zarl-Zierl 2024-12-23 14:26:43 UTC
Hi Stanislav!

Does the .videoThumbnails directory inside your image directory contain empty files, by any chance?

Cheers,
  Johannes
Comment 3 Stanislav 2024-12-23 16:31:39 UTC
(In reply to Johannes Zarl-Zierl from comment #2)
> Hi Stanislav!
> 
> Does the .videoThumbnails directory inside your image directory contain
> empty files, by any chance?
> 
> Cheers,
>   Johannes

Hi Johannes and Tobias,
Thank you for the reply!
I tried to reproduce the bug in the debugger using the main branch (Qt 6), but so far I haven't got reliable results. I got one C++ exception and one crash (see below), but then I could not reproduce the crash and thought it was because the thumbnail indexing was finished. Then I renamed the thumbnails directory to start from scratch. However, several times the process was terminated by the OOM killer due to excessive RAM taken by the spawned ffmpeg processes (I don't know for sure, unfortunately, I haven't analysed this issue), I'm running this on a VM with 8 GB of RAM:

Ubuntu 24.10 (Kubuntu)
Linux kubuntu-virtualbox 6.11.0-13-generic #14-Ubuntu SMP PREEMPT_DYNAMIC Sat Nov 30 23:51:51 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

commit 42704b7389e4fe85bd4249d6813ee5735941e57c (HEAD -> master, origin/master, origin/HEAD)
Author: l10n daemon script <scripty@kde.org>
Date:   Thu Dec 12 01:30:26 2024 +0000

    GIT_SILENT Sync po/docbooks with svn

-------------------------------------------------------------------------------------------------

1. Segmentation fault (the 2017_0101_000005_085A.MOV file is not empty and was shown perfectly fine next time I run the program)

Thread 1 "kphotoalbum" received signal SIGSEGV, Segmentation fault.
0x00005555558022c0 in BackgroundJobs::HandleVideoThumbnailRequestJob::sendResult (this=0x5555b94d86e0, image=...) at /home/kubuntu/kphotoalbum/BackgroundJobs/HandleVideoThumbnailRequestJob.cpp:75
75          m_request->client()->pixmapLoaded(m_request, image);

(gdb) bt 10
#0  0x00005555558022c0 in BackgroundJobs::HandleVideoThumbnailRequestJob::sendResult (this=0x5555b94d86e0, image=...) at /home/kubuntu/kphotoalbum/BackgroundJobs/HandleVideoThumbnailRequestJob.cpp:75
#1  0x000055555580263d in BackgroundJobs::HandleVideoThumbnailRequestJob::frameLoaded (this=0x5555b94d86e0, image=...) at /home/kubuntu/kphotoalbum/BackgroundJobs/HandleVideoThumbnailRequestJob.cpp:63
#2  0x0000555555802755 in BackgroundJobs::HandleVideoThumbnailRequestJob::qt_static_metacall (_o=0x5555b94d86e0, _c=<optimised out>, _id=<optimised out>, _a=<optimised out>)
    at /home/kubuntu/kphotoalbum/build/kphotoalbum_autogen/include/moc_HandleVideoThumbnailRequestJob.cpp:112
#3  0x00007ffff59ba914 in doActivate<false> (sender=0x5555b97ddb60, signal_index=3, argv=0x7fffffffd000) at /usr/src/qt6-base-6.6.2+dfsg-12/src/corelib/kernel/qobject.cpp:4051
#4  0x00005555556fbdcc in ImageManager::ExtractOneVideoFrame::result (this=0x5555b97ddb60, _t1=...) at /home/kubuntu/kphotoalbum/build/kphotoalbum_autogen/include/moc_ExtractOneVideoFrame.cpp:188
#5  ImageManager::ExtractOneVideoFrame::frameFetched (this=0x5555b97ddb60) at /home/kubuntu/kphotoalbum/ImageManager/ExtractOneVideoFrame.cpp:83
#6  0x00007ffff59ba5c4 in QtPrivate::QSlotObjectBase::call (this=<optimised out>, r=0x5555b97ddb60, a=0x7fffffffd150, this=<optimised out>, r=<optimised out>, a=<optimised out>)
    at /usr/src/qt6-base-6.6.2+dfsg-12/src/corelib/kernel/qobjectdefs_impl.h:433
#7  doActivate<false> (sender=0x5555b9818080, signal_index=10, argv=0x7fffffffd150) at /usr/src/qt6-base-6.6.2+dfsg-12/src/corelib/kernel/qobject.cpp:4039
#8  0x00007ffff5b02688 in QProcess::finished (this=<optimised out>, _t1=<optimised out>, _t2=<optimised out>) at /usr/src/qt6-base-6.6.2+dfsg-12/obj-x86_64-linux-gnu/src/corelib/Core_autogen/include/moc_qprocess.cpp:502
#9  0x00007ffff59ba914 in doActivate<false> (sender=0x5555bba80900, signal_index=3, argv=0x7fffffffd270) at /usr/src/qt6-base-6.6.2+dfsg-12/src/corelib/kernel/qobject.cpp:4051
(More stack frames follow...)

(gdb) info args
this = 0x5555b94d86e0
image = {<QPaintDevice> = {_vptr.QPaintDevice = 0x5555558a7970 <vtable for QImage@Qt_6+16>, painters = 0}, static staticMetaObject = {d = {superdata = {direct = 0x0},
      stringdata = 0x7ffff644d940 <(anonymous namespace)::qt_meta_stringdata_CLASSQImageENDCLASS>, data = 0x7ffff644d7c0 <qt_meta_data_CLASSQImageENDCLASS>, static_metacall = 0x0, relatedMetaObjects = 0x0,
      metaTypes = 0x7ffff65548c0 <qt_incomplete_metaTypeArray<(anonymous namespace)::qt_meta_stringdata_CLASSQImageENDCLASS_t, QtPrivate::TypeAndForceComplete<QImage::Format, std::integral_constant<bool, true> >, QtPrivate::TypeAndForceComplete<QImage, std::integral_constant<bool, true> > >>, extradata = 0x0}}, d = 0x5555b990b600}
(gdb) print m_request
$1 = (ImageManager::ImageRequest *) 0x5555ba97cfd0

(gdb) print *m_request
$2 = {_vptr.ImageRequest = 0x5555558a6b70 <vtable for ImageManager::ImageRequest+16>, m_type = ImageManager::ImageRequest::RequestType::ImageRequest, m_fileName = {m_relativePath = {d = {d = 0x555563bc67f0,
        ptr = 0x555563bc6800 u"To review files/HTC backup/Full/vcamera.dod/video.dod/2017_0101_000005_085A.MOV", size = 79}}, m_absoluteFilePath = {d = {d = 0x555563bc68b0,
        ptr = 0x555563bc68c0 u"/media/kubuntu/T7/To review files/HTC backup/Full/vcamera.dod/video.dod/2017_0101_000005_085A.MOV", size = 97}}, m_isNull = false}, m_width = 1024, m_height = 768, m_client = 0x5555b7691a30, m_angle = 0,
  m_fullSize = {wd = -1, ht = -1}, m_priority = ImageManager::ViewerPreload, m_loadedOK = true, m_dontUpScale = false, m_isThumbnailRequest = false, m_imageIsPreRotated = false}


-------------------------------------------------------------------------------------------------

2. C++ Exception for an empty file:

libstdc++.so.6!__cxa_throw (Unknown Source:0)
libraw.so.23![Unknown/Just-In-Time compiled code] (Unknown Source:0)
libraw.so.23!LibRaw::open_datastream(LibRaw_abstract_datastream*) (Unknown Source:0)
kimg_raw.so![Unknown/Just-In-Time compiled code] (Unknown Source:0)
libQt6Gui.so.6!QImageReader::imageFormat(QIODevice*) (Unknown Source:0)
libQt6Gui.so.6!QImageReader::imageFormat(QString const&) (Unknown Source:0)
Utilities::isJPEG(const DB::FileName & fileName) (/home/kubuntu/kphotoalbum/Utilities/FastJpeg.cpp:188)
ImageManager::ImageLoaderThread::loadImage(ImageManager::ImageLoaderThread * const this, ImageManager::ImageRequest * request, bool & ok) (/home/kubuntu/kphotoalbum/ImageManager/ImageLoaderThread.cpp:82)
ImageManager::ImageLoaderThread::run(ImageManager::ImageLoaderThread * const this) (/home/kubuntu/kphotoalbum/ImageManager/ImageLoaderThread.cpp:60)
libQt6Core.so.6![Unknown/Just-In-Time compiled code] (Unknown Source:0)
libc.so.6!start_thread(void * arg) (pthread_create.c:447)
libc.so.6!__GI___clone3() (clone3.S:78)

#0  0x00007ffff54bb35a in __cxa_throw () at /lib/x86_64-linux-gnu/libstdc++.so.6
#1  0x00007fffe430505a in ??? () at /lib/x86_64-linux-gnu/libraw.so.23
#2  0x00007fffe438a514 in LibRaw::open_datastream(LibRaw_abstract_datastream*) () at /lib/x86_64-linux-gnu/libraw.so.23
#3  0x00007fffeca259b4 in ??? () at /usr/lib/x86_64-linux-gnu/qt6/plugins/imageformats/kimg_raw.so
#4  0x00007fffeca25d24 in ??? () at /usr/lib/x86_64-linux-gnu/qt6/plugins/imageformats/kimg_raw.so
#5  0x00007ffff5f74d5c in ??? () at /lib/x86_64-linux-gnu/libQt6Gui.so.6
#6  0x00007ffff5f773a0 in QImageReader::imageFormat(QIODevice*) () at /lib/x86_64-linux-gnu/libQt6Gui.so.6
#7  0x00007ffff5f774ab in QImageReader::imageFormat(QString const&) () at /lib/x86_64-linux-gnu/libQt6Gui.so.6
#8  0x00005555558e3307 in Utilities::isJPEG (fileName=...) at /home/kubuntu/kphotoalbum/Utilities/FastJpeg.cpp:188
#9  0x000055555574d91c in ImageManager::ImageLoaderThread::loadImage (this=0x5555b7144670, request=0x7fffe0006420, ok=@0x7fffce1ff7df: false) at /home/kubuntu/kphotoalbum/ImageManager/ImageLoaderThread.cpp:82
#10 0x000055555574d6a8 in ImageManager::ImageLoaderThread::run (this=0x5555b7144670) at /home/kubuntu/kphotoalbum/ImageManager/ImageLoaderThread.cpp:60
#11 0x00007ffff5ab5834 in ??? () at /lib/x86_64-linux-gnu/libQt6Core.so.6
#12 0x00007ffff50a1e2e in start_thread (arg=<optimised out>) at ./nptl/pthread_create.c:447
#13 0x00007ffff5133a4c in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

-exec print fileName
$1 = (const DB::FileName &) @0x7fffce1ff760: {m_relativePath = {d = {d = 0x55556a72b1e0, ptr = 0x55556a72b1f0 u"To review files/HTC backup/Full/Slack/IMG_20171117_191122.jpg", size = 61}, static _empty = 0 u'\000'}, m_absoluteFilePath = {d = {d = 0x55556a72b280, ptr = 0x55556a72b290 u"/media/kubuntu/T7/To review files/HTC backup/Full/Slack/IMG_20171117_191122.jpg", size = 79}, static _empty = 0 u'\000'}, m_isNull = false}

$ stat IMG_20171117_191122.jpg
  File: IMG_20171117_191122.jpg
  Size: 0               Blocks: 0          IO Block: 131072 regular empty file
Device: 8,17    Inode: 3558241     Links: 1
Access: (0755/-rwxr-xr-x)  Uid: ( 1000/ kubuntu)   Gid: ( 1000/ kubuntu)
Access: 2024-12-13 13:26:58.000000000 +0000
Modify: 2017-11-17 16:11:22.000000000 +0000
Change: 2017-11-17 16:11:22.000000000 +0000
 Birth: 2023-06-14 17:43:29.010000000 +0100

$ file IMG_20171117_191122.jpg
IMG_20171117_191122.jpg: empty

-------------------------------------------------------------------------------------------------

3. OOM Killer dmesg log

Dec 13 17:17:23 kubuntu-virtualbox kernel: Tasks state (memory values in pages):
Dec 13 17:17:23 kubuntu-virtualbox kernel: [  pid  ]   uid  tgid total_vm      rss rss_anon rss_file rss_shmem pgtables_bytes swapents oom_score_adj name
[...other lines omitted]
Dec 13 17:17:23 kubuntu-virtualbox kernel: [  32893]  1000 32893   191297    67431    67302      129         0   929792        0           200 gdb
Dec 13 17:17:23 kubuntu-virtualbox kernel: [  32916]  1000 32916   875180   504573   499724      783      4066  4845568        0           200 kphotoalbum
Dec 13 17:17:23 kubuntu-virtualbox kernel: [  33194]     0 33194   119161     1592     1306      286         0   266240        0             0 fwupd
Dec 13 17:17:23 kubuntu-virtualbox kernel: [  59488]  1000 59488   787532   433595   433103      492         0  4382720        0           200 ffmpeg
Dec 13 17:17:23 kubuntu-virtualbox kernel: [  59531]  1000 59531   652165   378273   377419      854         0  3870720        0           200 ffmpeg
Dec 13 17:17:23 kubuntu-virtualbox kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/user.slice/user-1000.slice/user@1000.service/app.slice/app-code@269c1bf1a3e843ee914e3bab80c1c>
Dec 13 17:17:23 kubuntu-virtualbox kernel: Out of memory: Killed process 32916 (kphotoalbum) total-vm:3500720kB, anon-rss:1998896kB, file-rss:3132kB, shmem-rss:16264kB, UID:1000 pgtables:4732kB oom_score_adj:200

Regards,
Stanislav
Comment 4 Stanislav 2024-12-23 17:00:24 UTC
(In reply to Johannes Zarl-Zierl from comment #2)

> Does the .videoThumbnails directory inside your image directory contain
> empty files, by any chance?

Also checked the .videoThumbnails directory and yes, it contains a lot of empty files.
Comment 5 Johannes Zarl-Zierl 2024-12-23 23:37:22 UTC
Git commit 4142c89856681fe3e71dbcdf166df7775c12e5ce by Johannes Zarl-Zierl.
Committed on 23/12/2024 at 23:36.
Pushed by johanneszarl into branch 'master'.

Make Utilities::isJPEG save to call with null filenames.

M  +6    -4    Utilities/FastJpeg.cpp

https://invent.kde.org/graphics/kphotoalbum/-/commit/4142c89856681fe3e71dbcdf166df7775c12e5ce
Comment 6 Johannes Zarl-Zierl 2024-12-24 00:00:32 UTC
Hi Stanislav,

Thanks for your quick response! These backtraces are much more useful. From first glance this should not be the same issue as with bug #497831.

Backtrace 2) could be the same as in your initial report. On closer inspection, this seems to be a crash inside QImageReader::imageFormat(). Apparently one of the Qt image IO plugins tries if the file can be read by libraw and libraw crashes on the empty file.

Backtrace 1) is more puzzling to me. Judging by the values of the local variables, a nullpointer exception seems implausible. Maybe a use-after-free...

I'll have to think about both of these.

Regarding the OOM killer: I think that we never considered this situation. I'll track this as its own bug...

Cheers,
 Johannes
Comment 7 Johannes Zarl-Zierl 2024-12-24 00:07:00 UTC
I've created bug #497848 to track the OOM killer issue...