Bug 1646345

Summary: tracker-miner-fs killed by SIGABRT when connected from remote machine with XDMCP
Product: Red Hat Enterprise Linux 7 Reporter: jigar <jraising>
Component: trackerAssignee: Carlos Garnacho <cgarnach>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.5CC: cww, mclasen, tpelka, yuokada
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: tracker-1.10.5-7.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-31 19:39:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1727111    
Attachments:
Description Flags
Log from valgrind while reproducing the bug under RHEL 7.6 none

Description jigar 2018-11-05 12:33:38 UTC 
Description of problem: tracker-miner-fs is killed by SIGABRT . This problem occurs every time this system is connected by remote Windows machine using XDMCP.

Version-Release number of selected component (if applicable): tracker-1.10.5-6.el7

How reproducible: Always at Customer's end

Backtrace :

Core was generated by `/usr/libexec/tracker-miner-fs'.
Program terminated with signal 6, Aborted.
#0  0x00007fbac10f0207 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x00007fbac10f0207 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007fbac10f18f8 in __GI_abort () at abort.c:90
#2  0x00007fbac1132cc7 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fbac1244cf8 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:196
#3  0x00007fbac113b429 in malloc_printerr (ar_ptr=0x7fbac1480760 <main_arena>, ptr=<optimized out>, str=0x7fbac1244e00 "double free or corruption (out)", 
    action=3) at malloc.c:5025
#4  _int_free (av=0x7fbac1480760 <main_arena>, p=<optimized out>, have_lock=0) at malloc.c:3847
#5  0x00007fbac19f500e in g_free (mem=mem@entry=0xd7e7b0) at gmem.c:189
#6  0x00007fbac19fe55d in g_pattern_match (pspec=<optimized out>, string_length=<optimized out>, string=<optimized out>, string_reversed=<optimized out>)
    at gpattern.c:214
#7  0x00007fbac68f777b in tracker_indexing_tree_file_matches_filter (tree=tree@entry=0xbd08d0, type=type@entry=TRACKER_FILTER_FILE, 
    file=file@entry=0xd5c0c0) at tracker-indexing-tree.c:780
#8  0x00007fbac68f77c3 in indexing_tree_file_is_filtered (tree=tree@entry=0xbd08d0, filter=TRACKER_FILTER_FILE, file=file@entry=0xd5c0c0)
    at tracker-indexing-tree.c:808
#9  0x00007fbac68f7d3c in tracker_indexing_tree_file_is_indexable (tree=0xbd08d0, file=0xd5c0c0, file_type=<optimized out>) at tracker-indexing-tree.c:877
#10 0x00007fbabf109dcc in ffi_call_unix64 () at ../src/x86/unix64.S:76
#11 0x00007fbabf1096f5 in ffi_call (cif=cif@entry=0x7ffe22913030, fn=<optimized out>, rvalue=0x7ffe22912fa0, avalue=avalue@entry=0x7ffe22912f40)
    at ../src/x86/ffi64.c:522
#12 0x00007fbac1ed7218 in g_cclosure_marshal_generic (closure=0xd25e80, return_gvalue=0x7ffe22913180, n_param_values=<optimized out>, 
    param_values=<optimized out>, invocation_hint=<optimized out>, marshal_data=0x0) at gclosure.c:1490
#13 0x00007fbac1ed69d8 in g_closure_invoke (closure=0xd25e80, return_value=return_value@entry=0x7ffe22913180, n_param_values=2, 
    param_values=param_values@entry=0x7ffe22913230, invocation_hint=invocation_hint@entry=0x7ffe229131d0) at gclosure.c:804
#14 0x00007fbac1ee907d in signal_emit_unlocked_R (node=node@entry=0xd25b00, detail=detail@entry=0, instance=instance@entry=0xcb1310, 
    emission_return=emission_return@entry=0x7ffe229132e0, instance_and_params=instance_and_params@entry=0x7ffe22913230) at gsignal.c:3635
#15 0x00007fbac1ef0ddc in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, 
    var_args=var_args@entry=0x7ffe229133c0) at gsignal.c:3401
#16 0x00007fbac1ef13df in g_signal_emit (instance=instance@entry=0xcb1310, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
#17 0x00007fbac690183d in check_file (info=0xd66980, info=0xd66980, file=0xd5c0c0, crawler=0xcb1310) at tracker-crawler.c:378
#18 process_func (data=data@entry=0xcb1310) at tracker-crawler.c:650
#19 0x00007fbac19ec4e7 in g_idle_dispatch (source=0xd7e710, callback=0x7fbac69016d0 <process_func>, user_data=0xcb1310) at gmain.c:5502
#20 0x00007fbac19ef8f9 in g_main_dispatch (context=0xb99800) at gmain.c:3146
#21 g_main_context_dispatch (context=context@entry=0xb99800) at gmain.c:3811
#22 0x00007fbac19efc58 in g_main_context_iterate (context=0xb99800, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3884
#23 0x00007fbac19eff2a in g_main_loop_run (loop=0xba4f50) at gmain.c:4080
#24 0x0000000000409c3a in main (argc=1, argv=0x7ffe229137d8) at tracker-main.c:827

Actual results: tracker-miner-fs is killed by SIGABRT


Expected results: tracker-miner-fs should not be killed


Additional info: Looks like a memory leak issue based on following valgrind HEAP summary :

****************************************************************************

There definitely is a memory leak here :

==10820== LEAK SUMMARY:
==10820==    definitely lost: 392 bytes in 7 blocks
==10820==    indirectly lost: 560 bytes in 21 blocks
==10820==      possibly lost: 323,484 bytes in 281 blocks
==10820==    still reachable: 1,331,477 bytes in 19,620 blocks
==10820==                       of which reachable via heuristic:
==10820==                         length64           : 524,344 bytes in 6,137 blocks
==10820==                         newarray           : 1,984 bytes in 44 blocks
==10820==         suppressed: 0 bytes in 0 blocks
==10820==
==10820== For counts of detected and suppressed errors, rerun with: -v
==10820== ERROR SUMMARY: 54 errors from 42 contexts (suppressed: 0 from 0)

****************************************************************************
Comment 5 Pavlin Georgiev 2019-09-20 09:09:37 UTC 
Created attachment 1617101 [details]
Log from valgrind while reproducing the bug under RHEL 7.6

TEST SETUP 1
Distro: RHEL 7.6
Component version: tracker-1.10.5-6.el7


TEST PROCEDURE 1
1. Create a file with invalid UTF-8 name:
    # touch ~/aaa$'\363'
    
2. Stop the indexing from tracker:
    # tracker daemon --terminate
    
3. Install a tool for checking memory leaks and corruption:
    # yum install -y valgrind
    
4. Start valgrind:
    # valgrind /usr/libexec/tracker-miner-fs
    
5. Open another terminal.
6. Trigger the memory corruption:
    # touch ~/bbb$'\363'
Comment 6 Pavlin Georgiev 2019-09-20 09:10:48 UTC 
TEST SETUP 2
Distro: RHEL-7.8-20190912.3
Component version: tracker-1.10.5-8.el7


TEST PROCEDURE 2
Repeat TEST PROCEDURE 1 (comment #5).


RESULT 2
The bug does NOT appear.
Comment 7 Pavlin Georgiev 2019-09-20 09:11:43 UTC 
OUTCOME
Upgrading component: tracker
    from: 1.10.5-6.el7
      to: 1.10.5-8.el7
has fixed the bug.
Comment 9 errata-xmlrpc 2020-03-31 19:39:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1021