Race condition under gs_plugin_icons_load_cached()
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1939583
Version-Release number of selected component: gnome-software-40~beta-2.fc34
Core was generated by `/usr/bin/gnome-software --gapplication-service'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
49 return ret;
[Current thread is 1 (Thread 0x7f5850f8c640 (LWP 112738))]
Thread 1 (Thread 0x7f5850f8c640 (LWP 112738)):
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
set = {__val = {0, 140017292325648, 140017292325904, 140015933849616, 94421195855872, 0, 140017292325904, 140017292325648, 140016537829408, 32, 94421196140832, 0, 0, 0, 0, 0}}
pid = <optimized out>
tid = <optimized out>
#1 0x00007f587506f8a4 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x70, sa_sigaction = 0x70}, sa_mask = {__val = {140017897660246, 3762334556058454340, 12834526016797510912, 140017343826144, 140017292326368, 50, 50, 51, 140017343826144, 140017292326016, 140017897601952, 94424783486976, 140017343826144, 140017343826144, 140017343826144, 140017343826144}}, sa_flags = 1409976594, sa_restorer = 0x7f58540a8944}
sigs = {__val = {32, 12834526016797510912, 56, 112, 69, 140017343826128, 140017343135776, 140017343826240, 112, 140017897655225, 11, 140017343135776, 140017343826144, 51, 51, 140017343826128}}
#2 0x00007f58750c8cd7 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f58751d97fc "%s\n") at ../sysdeps/posix/libc_fatal.c:155
ap = {{gp_offset = 24, fp_offset = 32600, overflow_arg_area = 0x7f5850f8b5f0, reg_save_area = 0x7f5850f8b580}}
fd = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
#3 0x00007f58750d094c in malloc_printerr (str=str@entry=0x7f58751dbc48 "double free or corruption (fasttop)") at malloc.c:5626
#4 0x00007f58750d1e73 in _int_free (av=0x7f5858000020, p=0x7f585806d350, have_lock=0) at malloc.c:4496
idx = 1
old = <optimized out>
old2 = <optimized out>
size = <optimized out>
fb = 0x7f5858000038
nextchunk = <optimized out>
nextsize = <optimized out>
nextinuse = <optimized out>
prevsize = <optimized out>
bck = <optimized out>
fwd = <optimized out>
__PRETTY_FUNCTION__ = "_int_free"
#5 0x00007f58750d5a48 in __GI___libc_free (mem=mem@entry=0x7f585806d360) at malloc.c:3309
ar_ptr = <optimized out>
p = 0x7f585806d350
hook = <optimized out>
err = 11
#6 0x00007f58760ad16d in g_free (mem=0x7f585806d360) at ../glib/gmem.c:199
#7 0x00007f58763fc821 in as_icon_set_filename (icon=icon@entry=0x7f58341d1a60, filename=filename@entry=0x7f58540a88e0 "/usr/share/app-info/icons/fedora/64x64/datovka.png") at ../src/as-icon.c:253
priv = 0x7f58341d1a30
#8 0x00007f5861186c66 in gs_plugin_icons_load_cached (plugin=0x55e025e331a0, error=0x7f5850f8b730, icon=0x7f58341d1a60) at ../plugins/core/gs-plugin-icons.c:292
full_fname = 0x7f58540a88e0 "/usr/share/app-info/icons/fedora/64x64/datovka.png"
fname = <optimized out>
icon_fname = <optimized out>
icon = 0x7f58341d1a60
pixbuf = 0x0
error_local = 0x0
icons = 0x7f584860a980
i = 0
app = 0x7f5849cae2d0
i = 0
#9 refine_app (cancellable=<optimized out>, error=<optimized out>, flags=GS_PLUGIN_REFINE_FLAGS_DEFAULT, app=0x7f5849cae2d0, plugin=<optimized out>) at ../plugins/core/gs-plugin-icons.c:339
icon = 0x7f58341d1a60
pixbuf = 0x0
error_local = 0x0
icons = 0x7f584860a980
i = 0
app = 0x7f5849cae2d0
i = 0
#10 gs_plugin_refine (cancellable=<optimized out>, error=<optimized out>, flags=<optimized out>, list=<optimized out>, plugin=<optimized out>) at ../plugins/core/gs-plugin-icons.c:376
app = 0x7f5849cae2d0
i = 0
#11 gs_plugin_refine (plugin=plugin@entry=0x55e025e331a0, list=list@entry=0x55e025df61c0, flags=flags@entry=10486784, cancellable=cancellable@entry=0x7f584803ede0, error=error@entry=0x7f5850f8b7e8) at ../plugins/core/gs-plugin-icons.c:364
#12 0x000055e024c00c5d in gs_plugin_loader_call_vfunc (helper=0x7f58240c94c0, plugin=0x55e025e331a0, app=0x0, list=0x55e025df61c0, refine_flags=10486784, cancellable=0x7f584803ede0, error=0x7f5850f8ba28) at ../lib/gs-plugin-loader.c:567
plugin_func = 0x7f5861186a00 <gs_plugin_refine>
plugin_loader = 0x55e025e4e0b0
action = GS_PLUGIN_ACTION_REFINE
ret = 1
func = 0x7f5861186a00 <gs_plugin_refine>
error_local = 0x0
timer = 0x7f5824043560
begin_time_nsec = 14387597643701
__func__ = "gs_plugin_loader_call_vfunc"
#13 0x000055e024c00d53 in gs_plugin_loader_run_refine_filter (helper=0x7f58240c94c0, list=0x55e025df61c0, refine_flags=GS_PLUGIN_REFINE_FLAGS_DEFAULT, cancellable=0x7f584803ede0, error=0x7f5850f8ba28) at ../lib/gs-plugin-loader.c:831
plugin = 0x55e025e331a0
app_list = 0x0
i = 27
plugin_loader = 0x55e025e4e0b0
#14 0x000055e024c01179 in gs_plugin_loader_run_refine_internal (helper=0x7f58240c94c0, list=0x55e025df61c0, cancellable=0x7f584803ede0, error=0x7f5850f8ba28) at ../lib/gs-plugin-loader.c:873
#15 0x000055e024c017fe in gs_plugin_loader_run_refine (helper=0x7f58580b7580, list=0x55e025df61c0, cancellable=0x7f584803ede0, error=0x7f5850f8ba28) at ../lib/gs-plugin-loader.c:1011
ret = <optimized out>
freeze_list = <optimized out>
helper2 = 0x7f58240c94c0
plugin_job = 0x7f58587183e0
#16 0x000055e024c04413 in gs_plugin_loader_process_thread_cb (task=0x55e025bf60e0, object=<optimized out>, task_data=0x7f58580b7580, cancellable=0x7f584803ede0) at ../lib/gs-plugin-loader.c:3319
error = 0x0
helper = 0x7f58580b7580
dedupe_flags = <optimized out>
list = 0x55e025df61c0
action = GS_PLUGIN_ACTION_SEARCH
plugin_loader = 0x55e025e4e0b0
filter_flags = <optimized out>
refine_flags = <optimized out>
add_to_pending_array = <optimized out>
max_results = <optimized out>
sort_func = <optimized out>
context = 0x7f582404fa50
pusher = 0x7f582404fa50
begin_time_nsec = 14387386158381
#17 0x00007f587629708f in g_task_thread_pool_thread (thread_data=0x55e025bf60e0, pool_data=<optimized out>) at ../gio/gtask.c:1430
task = 0x55e025bf60e0
#18 0x00007f58760d9bd4 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:354
task = 0x55e025bf60e0
pool = <optimized out>
#19 0x00007f58760d6ce2 in g_thread_proxy (data=0x7f584842aea0) at ../glib/gthread.c:826
thread = 0x7f584842aea0
__func__ = "g_thread_proxy"
#20 0x00007f5875221269 in start_thread (arg=0x7f5850f8c640) at pthread_create.c:473
ret = <optimized out>
pd = 0x7f5850f8c640
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140017292330560, -8262667540629594591, 140735302975486, 140735302975487, 0, 140017292330560, 8351285967958531617, 8351347037332004385}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = 0
#21 0x00007f5875149653 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Thread 7 (Thread 0x7f586326e640 (LWP 112629)):
#0 0x00007f587513a484 in __libc_open64 (file=file@entry=0x7f58581bb640 "/usr/share/app-info/icons/fedora/64x64/datovka.png", oflag=0) at ../sysdeps/unix/sysv/linux/open64.c:48
sc_ret = 35
sc_cancel_oldtype = 0
mode = 0
#1 0x00007f58750cb436 in __GI__IO_file_open (fp=fp@entry=0x7f5858004ce0, filename=filename@entry=0x7f58581bb640 "/usr/share/app-info/icons/fedora/64x64/datovka.png", posix_mode=<optimized out>, prot=prot@entry=438, read_write=8, is32not64=<optimized out>) at fileops.c:189
fdesc = <optimized out>
#2 0x00007f58750cb60b in _IO_new_file_fopen (fp=fp@entry=0x7f5858004ce0, filename=filename@entry=0x7f58581bb640 "/usr/share/app-info/icons/fedora/64x64/datovka.png", mode=<optimized out>, mode@entry=0x7f58755f5469 "rb", is32not64=is32not64@entry=1) at fileops.c:281
oflags = <optimized out>
omode = <optimized out>
read_write = <optimized out>
i = 1
result = <optimized out>
cs = <optimized out>
last_recognized = 0x7f58755f546a "b"
__PRETTY_FUNCTION__ = "_IO_new_file_fopen"
#3 0x00007f58750bef7d in __fopen_internal (filename=filename@entry=0x7f58581bb640 "/usr/share/app-info/icons/fedora/64x64/datovka.png", mode=mode@entry=0x7f58755f5469 "rb", is32=is32@entry=1) at iofopen.c:75
new_f = 0x7f5858004ce0
#4 0x00007f58750bf00e in _IO_new_fopen (filename=filename@entry=0x7f58581bb640 "/usr/share/app-info/icons/fedora/64x64/datovka.png", mode=mode@entry=0x7f58755f5469 "rb") at iofopen.c:86
#5 0x00007f58755e816f in gdk_pixbuf_new_from_file_at_scale (filename=filename@entry=0x7f58581bb640 "/usr/share/app-info/icons/fedora/64x64/datovka.png", width=64, height=height@entry=64, preserve_aspect_ratio=preserve_aspect_ratio@entry=1, error=error@entry=0x7f586326d730) at ../gdk-pixbuf/gdk-pixbuf-io.c:1380
loader = <optimized out>
pixbuf = <optimized out>
buffer = '\000' <repeats 44024 times>...
length = <optimized out>
f = <optimized out>
info = {width = 0, height = 0, preserve_aspect_ratio = 0}
animation = <optimized out>
iter = <optimized out>
has_frame = <optimized out>
__func__ = "gdk_pixbuf_new_from_file_at_scale"
#6 0x00007f58755e8431 in gdk_pixbuf_new_from_file_at_size (filename=filename@entry=0x7f58581bb640 "/usr/share/app-info/icons/fedora/64x64/datovka.png", width=<optimized out>, height=height@entry=64, error=error@entry=0x7f586326d730) at ../gdk-pixbuf/gdk-pixbuf-io.c:1239
#7 0x00007f5861186ca2 in gs_plugin_icons_load_cached (plugin=0x55e025e331a0, error=0x7f586326d730, icon=0x7f58341d1a60) at ../plugins/core/gs-plugin-icons.c:296
fname = 0x7f58581bb640 "/usr/share/app-info/icons/fedora/64x64/datovka.png"
icon_fname = <optimized out>
icon = 0x7f58341d1a60
pixbuf = 0x0
error_local = 0x0
icons = 0x7f584860a980
i = 0
app = 0x7f5849cae2d0
i = 0
#8 refine_app (cancellable=<optimized out>, error=<optimized out>, flags=GS_PLUGIN_REFINE_FLAGS_DEFAULT, app=0x7f5849cae2d0, plugin=<optimized out>) at ../plugins/core/gs-plugin-icons.c:339
icon = 0x7f58341d1a60
pixbuf = 0x0
error_local = 0x0
icons = 0x7f584860a980
i = 0
app = 0x7f5849cae2d0
i = 0
#9 gs_plugin_refine (cancellable=<optimized out>, error=<optimized out>, flags=<optimized out>, list=<optimized out>, plugin=<optimized out>) at ../plugins/core/gs-plugin-icons.c:376
app = 0x7f5849cae2d0
i = 0
#10 gs_plugin_refine (plugin=plugin@entry=0x55e025e331a0, list=list@entry=0x55e025bfea00, flags=flags@entry=10486784, cancellable=cancellable@entry=0x7f58482068a0, error=error@entry=0x7f586326d7e8) at ../plugins/core/gs-plugin-icons.c:364
#11 0x000055e024c00c5d in gs_plugin_loader_call_vfunc (helper=0x7f58240ca520, plugin=0x55e025e331a0, app=0x0, list=0x55e025bfea00, refine_flags=10486784, cancellable=0x7f58482068a0, error=0x7f586326da28) at ../lib/gs-plugin-loader.c:567
plugin_func = 0x7f5861186a00 <gs_plugin_refine>
plugin_loader = 0x55e025e4e0b0
action = GS_PLUGIN_ACTION_REFINE
ret = 1
func = 0x7f5861186a00 <gs_plugin_refine>
error_local = 0x0
timer = 0x7f5858006270
begin_time_nsec = 14387597676574
__func__ = "gs_plugin_loader_call_vfunc"
#12 0x000055e024c00d53 in gs_plugin_loader_run_refine_filter (helper=0x7f58240ca520, list=0x55e025bfea00, refine_flags=GS_PLUGIN_REFINE_FLAGS_DEFAULT, cancellable=0x7f58482068a0, error=0x7f586326da28) at ../lib/gs-plugin-loader.c:831
plugin = 0x55e025e331a0
app_list = 0x0
i = 27
plugin_loader = 0x55e025e4e0b0
#13 0x000055e024c01179 in gs_plugin_loader_run_refine_internal (helper=0x7f58240ca520, list=0x55e025bfea00, cancellable=0x7f58482068a0, error=0x7f586326da28) at ../lib/gs-plugin-loader.c:873
#14 0x000055e024c017fe in gs_plugin_loader_run_refine (helper=0x7f58240d3a40, list=0x55e025bfea00, cancellable=0x7f58482068a0, error=0x7f586326da28) at ../lib/gs-plugin-loader.c:1011
ret = <optimized out>
freeze_list = <optimized out>
helper2 = 0x7f58240ca520
plugin_job = 0x55e0261586f0
#15 0x000055e024c04413 in gs_plugin_loader_process_thread_cb (task=0x55e0260e4810, object=<optimized out>, task_data=0x7f58240d3a40, cancellable=0x7f58482068a0) at ../lib/gs-plugin-loader.c:3319
error = 0x0
helper = 0x7f58240d3a40
dedupe_flags = <optimized out>
list = 0x55e025bfea00
action = GS_PLUGIN_ACTION_SEARCH
plugin_loader = 0x55e025e4e0b0
filter_flags = <optimized out>
refine_flags = <optimized out>
add_to_pending_array = <optimized out>
max_results = <optimized out>
sort_func = <optimized out>
context = 0x7f58587a9f40
pusher = 0x7f58587a9f40
begin_time_nsec = 14387203809256
#16 0x00007f587629708f in g_task_thread_pool_thread (thread_data=0x55e0260e4810, pool_data=<optimized out>) at ../gio/gtask.c:1430
task = 0x55e0260e4810
#17 0x00007f58760d9bd4 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:354
task = 0x55e0260e4810
pool = <optimized out>
#18 0x00007f58760d6ce2 in g_thread_proxy (data=0x7f58587b0460) at ../glib/gthread.c:826
thread = 0x7f58587b0460
__func__ = "g_thread_proxy"
#19 0x00007f5875221269 in start_thread (arg=0x7f586326e640) at pthread_create.c:473
ret = <optimized out>
pd = 0x7f586326e640
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140017597343296, -8262667540629594591, 140735302975486, 140735302975487, 0, 140017597343296, 8351325087594405409, 8351347037332004385}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = 0
#20 0x00007f5875149653 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
I skipped the boring threads and left only two, which work with the same app
instance, competing whom will update the icon.