Memory corruption triggered when an update fails
I triggered this issue by running two tracker-miner-fs-3 instances in parallel on different buses. While that's not supported, the forthcoming 'database is locked' errors show a couple of double-free issues in our error handling codepaths.
See log at https://susepaste.org/72418586 for full Valgrind output.
There seem to be two issues:
==46025== Invalid free() / delete / delete[] / realloc()
==46025== at 0x483B9F5: free (vg_replace_malloc.c:538)
==46025== by 0x4967A4C: g_free (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x49806BF: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x48B1318: _translate_internal_error (tracker-error.c:97)
==46025== by 0x48C9F29: tracker_direct_connection_update_array_finish (tracker-direct.c:782)
==46025== by 0x48AD437: tracker_sparql_connection_update_array_finish (tracker-connection.c:445)
==46025== by 0x486FF73: tracker_sparql_buffer_update_array_cb (tracker-sparql-buffer.c:237)
==46025== by 0x4AEFE49: ??? (in /usr/lib64/libgio-2.0.so.0.6400.4)
==46025== by 0x4AEFE8C: ??? (in /usr/lib64/libgio-2.0.so.0.6400.4)
==46025== by 0x495D45A: ??? (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x496178E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x4961B17: ??? (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== Address 0x1a0419e0 is 0 bytes inside a block of size 16 free'd
==46025== at 0x483B9F5: free (vg_replace_malloc.c:538)
==46025== by 0x4967A4C: g_free (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x49806BF: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x5698004: tracker_data_update_buffer_flush (tracker-data-update.c:1149)
==46025== by 0x56BCEE3: translate_Update1 (tracker-sparql.c:3780)
==46025== by 0x56CB1C5: _call_rule_func (tracker-sparql.c:9136)
==46025== by 0x56B9E8A: translate_Update (tracker-sparql.c:2549)
==46025== by 0x56CB1C5: _call_rule_func (tracker-sparql.c:9136)
==46025== by 0x56CC014: tracker_sparql_execute_update (tracker-sparql.c:9458)
==46025== by 0x569B9DD: update_sparql (tracker-data-update.c:2635)
==46025== by 0x569BA88: tracker_data_update_sparql (tracker-data-update.c:2658)
==46025== by 0x48C8A3D: update_thread_func (tracker-direct.c:130)
==46025== Block was alloc'd at
==46025== at 0x483A809: malloc (vg_replace_malloc.c:307)
==46025== by 0x4967958: g_malloc (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x497FF21: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x494A3E6: g_error_new_valist (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x494A7DE: g_set_error (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x56A19E6: execute_stmt (tracker-db-interface-sqlite.c:2905)
==46025== by 0x56A34D8: tracker_db_statement_execute (tracker-db-interface-sqlite.c:3591)
==46025== by 0x5697611: tracker_data_resource_buffer_flush (tracker-data-update.c:925)
==46025== by 0x5697FE8: tracker_data_update_buffer_flush (tracker-data-update.c:1147)
==46025== by 0x56BCEE3: translate_Update1 (tracker-sparql.c:3780)
==46025== by 0x56CB1C5: _call_rule_func (tracker-sparql.c:9136)
==46025== by 0x56B9E8A: translate_Update (tracker-sparql.c:2549)
==46025==
and
==46025== Invalid read of size 4
==46025== at 0x486F81C: tracker_task_unref (tracker-task-pool.c:341)
==46025== by 0x492F50E: ??? (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x486FEAA: update_array_data_free (tracker-sparql-buffer.c:212)
==46025== by 0x487008A: tracker_sparql_buffer_update_array_cb (tracker-sparql-buffer.c:269)
==46025== by 0x4AEFE49: ??? (in /usr/lib64/libgio-2.0.so.0.6400.4)
==46025== by 0x4AEFE8C: ??? (in /usr/lib64/libgio-2.0.so.0.6400.4)
==46025== by 0x495D45A: ??? (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x496178E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x4961B17: ??? (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x4961E32: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x40E195: main (tracker-main.c:1116)
==46025== Address 0x1a256f58 is 24 bytes inside a block of size 32 free'd
==46025== at 0x483B9F5: free (vg_replace_malloc.c:538)
==46025== by 0x4967A4C: g_free (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x49806BF: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x486F87B: tracker_task_unref (tracker-task-pool.c:349)
==46025== by 0x492F584: ??? (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x4930C1B: g_ptr_array_remove_fast (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x486F498: tracker_task_pool_remove (tracker-task-pool.c:265)
==46025== by 0x486FE3F: remove_task_foreach (tracker-sparql-buffer.c:194)
==46025== by 0x493102A: g_ptr_array_foreach (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x486FE95: update_array_data_free (tracker-sparql-buffer.c:209)
==46025== by 0x487008A: tracker_sparql_buffer_update_array_cb (tracker-sparql-buffer.c:269)
==46025== by 0x4AEFE49: ??? (in /usr/lib64/libgio-2.0.so.0.6400.4)
==46025== Block was alloc'd at
==46025== at 0x483A809: malloc (vg_replace_malloc.c:307)
==46025== by 0x4967958: g_malloc (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x497FF21: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x498059D: g_slice_alloc0 (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x486F757: tracker_task_new (tracker-task-pool.c:318)
==46025== by 0x4870781: tracker_sparql_task_new_take_sparql_str (tracker-sparql-buffer.c:486)
==46025== by 0x4862D6D: push_task (tracker-miner-fs.c:1662)
==46025== by 0x48634BB: miner_handle_next_item (tracker-miner-fs.c:1855)
==46025== by 0x4863557: item_queue_handlers_cb (tracker-miner-fs.c:1882)
==46025== by 0x495D45A: ??? (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x496178E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025== by 0x4961B17: ??? (in /usr/lib64/libglib-2.0.so.0.6400.4)
==46025==