Bug 1426166

Summary: appstream-builder core dumps
Product: [Fedora] Fedora Reporter: clime
Component: libappstream-glibAssignee: Richard Hughes <rhughes>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: klember, rhughes
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-12 10:11:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Coredump of appstream-builder
none
reproducer.tar.gz none

Description clime 2017-02-23 11:01:26 UTC 
Created attachment 1256867 [details]
Coredump of appstream-builder

Hello, on COPR backend, we get many core-dumps by appstream builder. This is one of them.

return code -6 after invocation of: /usr/bin/timeout --kill-after=240 180 /usr/bin/appstream-builder --add-cache-id --max-threads=4 --temp-dir=/var/lib/copr/public_html/results/romanofski/gtfsschedule/fedora-25-x86_64/tmp --cache-dir=/var/lib/copr/public_html/results/romanofski/gtfsschedule/fedora-25-x86_64/cache --packages-dir=/var/lib/copr/public_html/results/romanofski/gtfsschedule/fedora-25-x86_64 --output-dir=/var/lib/copr/public_html/results/romanofski/gtfsschedule/fedora-25-x86_64/appdata --basename=appstream --include-failed --min-icon-size=48 --enable-hidpi --origin=romanofski/gtfsschedule

stdout: *** Error in `/usr/bin/appstream-builder': double free or corruption (out): 0x000055e80ccc0180 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x791fb)[0x7fa6c3fc01fb]
/lib64/libc.so.6(+0x8288a)[0x7fa6c3fc988a]
/lib64/libc.so.6(cfree+0x4c)[0x7fa6c3fcd2bc]
/lib64/libglib-2.0.so.0(g_free+0xe)[0x7fa6c4a436be]
/lib64/libglib-2.0.so.0(g_hash_table_unref+0x33)[0x7fa6c4a2cad3]
/lib64/libappstream-glib.so.8(+0x15593)[0x7fa6c80ec593]
/lib64/libgobject-2.0.so.0(g_object_unref+0x1a7)[0x7fa6c4d1b117]
/lib64/libglib-2.0.so.0(+0x381ea)[0x7fa6c4a2c1ea]
/lib64/libglib-2.0.so.0(g_hash_table_unref+0x7f)[0x7fa6c4a2cb1f]
/lib64/libappstream-glib.so.8(+0x32442)[0x7fa6c8109442]
/lib64/libgobject-2.0.so.0(g_object_unref+0x1a7)[0x7fa6c4d1b117]
/lib64/libappstream-builder.so.8(+0x73b4)[0x7fa6c7ec93b4]
/lib64/libgobject-2.0.so.0(g_object_unref+0x1a7)[0x7fa6c4d1b117]
/usr/bin/appstream-builder(main+0x93f)[0x55e80c8aa12f]
/lib64/libc.so.6(__libc_start_main+0xf1)[0x7fa6c3f67401]
/usr/bin/appstream-builder(_start+0x2a)[0x55e80c8aa8ca]

The whole error is attached. It would be great if this gets sorted out.

Package versions:

Name        : libappstream-glib
Version     : 0.6.8
Release     : 2.fc25

Name        : libappstream-glib-builder
Version     : 0.6.8
Release     : 2.fc25

Not sure if this is actually bug in libappstream-glib-builder or in libappstream-glib.
Comment 1 clime 2017-04-18 08:55:55 UTC 
Created attachment 1272256 [details]
reproducer.tar.gz
Comment 2 clime 2017-04-18 09:17:04 UTC 
Still a problem with version 0.6.12-1. Here is output of coredumpctl when a segmentation fault happened when run on the data in reproducer.tar.gz. coredump is attached.

clime@coprbox ~/appstream-builder-testing $ coredumpctl dump > dump
           PID: 15060 (appstream-build)
           UID: 1000 (clime)
           GID: 1000 (clime)
        Signal: 11 (SEGV)
     Timestamp: Tue 2017-04-18 11:12:07 CEST (2min 26s ago)
  Command Line: /usr/bin/appstream-builder --add-cache-id --max-threads=4 --temp-dir=reproducer-data/tmp --cache-dir=reproducer-data/cache --packages-dir=reproducer --output-dir=reproducer-data/appdata --basename=appstream --include-failed --min-icon-size=48 --enable-hidpi --origin=orpiske/orp-tools-testing
    Executable: /usr/bin/appstream-builder
 Control Group: /user.slice/user-1000.slice/session-2.scope
          Unit: session-2.scope
         Slice: user-1000.slice
       Session: 2
     Owner UID: 1000 (clime)
       Boot ID: 23abaab67d7a48cba55ed126044dac52
    Machine ID: 9679efdf5f3640a5a8ce07269a65fc4f
      Hostname: coprbox.den
      Coredump: /var/lib/systemd/coredump/core.appstream-build.1000.23abaab67d7a48cba55ed126044dac52.15060.1492506727000000000000.lz4
       Message: Process 15060 (appstream-build) of user 1000 dumped core.
                
                Stack trace of thread 15060:
                #0  0x00007f604ed451f7 as_format_get_kind (libappstream-glib.so.8)
                #1  0x00007f604ed55185 as_store_add_app (libappstream-glib.so.8)
                #2  0x00007f604eb1337c asb_context_add_app_ignore (libappstream-builder.so.8)
                #3  0x00007f604eb1374c asb_context_process (libappstream-builder.so.8)
                #4  0x000055e37ce1537d main (appstream-builder)
                #5  0x00007f604abac401 __libc_start_main (libc.so.6)
                #6  0x000055e37ce158ca _start (appstream-builder)
                
                Stack trace of thread 15062:
                #0  0x00007f604ac8dbf9 syscall (libc.so.6)
                #1  0x00007f604b6c89df g_cond_wait (libglib-2.0.so.0)
                #2  0x00007f604b65790b g_async_queue_pop_intern_unlocked (libglib-2.0.so.0)
                #3  0x00007f604b6ab6dd g_thread_pool_thread_proxy (libglib-2.0.so.0)
                #4  0x00007f604b6aab93 g_thread_proxy (libglib-2.0.so.0)
                #5  0x00007f604af596ca start_thread (libpthread.so.0)
                #6  0x00007f604ac93f7f __clone (libc.so.6)
                
                Stack trace of thread 15063:
                #0  0x00007f604ac8dbf9 syscall (libc.so.6)
                #1  0x00007f604b6c89df g_cond_wait (libglib-2.0.so.0)
                #2  0x00007f604b65790b g_async_queue_pop_intern_unlocked (libglib-2.0.so.0)
                #3  0x00007f604b6ab6dd g_thread_pool_thread_proxy (libglib-2.0.so.0)
                #4  0x00007f604b6aab93 g_thread_proxy (libglib-2.0.so.0)
                #5  0x00007f604af596ca start_thread (libpthread.so.0)
                #6  0x00007f604ac93f7f __clone (libc.so.6)
                
                Stack trace of thread 15064:
                #0  0x00007f604ac8dbf9 syscall (libc.so.6)
                #1  0x00007f604b6c89df g_cond_wait (libglib-2.0.so.0)
                #2  0x00007f604b65790b g_async_queue_pop_intern_unlocked (libglib-2.0.so.0)
                #3  0x00007f604b6ab6dd g_thread_pool_thread_proxy (libglib-2.0.so.0)
                #4  0x00007f604b6aab93 g_thread_proxy (libglib-2.0.so.0)
                #5  0x00007f604af596ca start_thread (libpthread.so.0)
                #6  0x00007f604ac93f7f __clone (libc.so.6)
                
                Stack trace of thread 15061:
                #0  0x00007f604ac8dbf9 syscall (libc.so.6)
                #1  0x00007f604b6c89df g_cond_wait (libglib-2.0.so.0)
                #2  0x00007f604b65790b g_async_queue_pop_intern_unlocked (libglib-2.0.so.0)
                #3  0x00007f604b6ab6dd g_thread_pool_thread_proxy (libglib-2.0.so.0)
                #4  0x00007f604b6aab93 g_thread_proxy (libglib-2.0.so.0)
                #5  0x00007f604af596ca start_thread (libpthread.so.0)
                #6  0x00007f604ac93f7f __clone (libc.so.6)
More than one entry matches, ignoring rest.
Comment 3 clime 2017-04-18 09:21:28 UTC 
Actually, I cannot attach the core dump file because it's very large. It's now to be downloaded here http://clime.cz/coredump-appstream-build

Also, I am sorry for not very nice bug reports here. I probably should have packed the coredumpctl output to a file.
Comment 4 clime 2017-04-18 09:28:37 UTC 
I get occassional crashes even with this simple command: 

$ while true; do /usr/bin/appstream-builder --add-cache-id --temp-dir=reproducer-data/tmp --cache-dir=reproducer-data/cache --packages-dir=reproducer --output-dir=reproducer-data/appdata --basename=appstream; done

Output is:

(appstream-builder:25826): As-WARNING **: no format specified in */package/*/*/litestomp.i686/*

(appstream-builder:25826): As-WARNING **: no format specified in */package/*/*/litestomp.i686/*
Segmentation fault (core dumped)

but when I remove --add-cache-id option, the problem seems to dissappear.

So the issue is probably related to `--add-cache-id`.
Comment 5 Richard Hughes 2017-05-08 10:28:19 UTC 
I'll do some more debugging on this today, but I don't think you want to be using --add-cache-id on COPR anyway IMHO.
Comment 6 clime 2017-05-15 12:08:12 UTC 
Please, can you briefly explain what `--add-cache-id` does or where I can find more info about it? More specifically, what is component 'cache ID' good for in the appstream data?

Thank you!
Comment 7 Richard Hughes 2017-05-16 07:37:36 UTC 
(In reply to clime from comment #6)
> Please, can you briefly explain what `--add-cache-id` does

Sure! The CacheID was used to recover partial result using previous AppStream files, the idea being that you could run appstream-builder on a folder of rpms and it would only extract and build the ones changed compared to yesterday, and then merge it back into the AppStream file. This was designed so it could be possible to run the job on koji after every build, rather than doing it on a different server once per day. Mapping the component ID to the filename then became required, hence adding the cache-id (the rpm filename) to the metadata. Unfortunately, the results when using the partial update were not always the same as doing a fresh run (some components depend on other components) and it was decided that actually it wasn't so important to get the process running on koji, so even I'm not using cache-id anymore when running appstream-builder on the whole of Fedora, on all branches. The other reason for it not running on fedora infra is that we mirror the screenshots (for privacy) which would require koji to download random PNGs from the internet, which was a no-go.

I'm probably going to remove the --cache-id mode from git soon, as it's confusing people and introducing subtle bugs.
Comment 8 Fedora End Of Life 2017-11-16 18:30:37 UTC 
This message is a reminder that Fedora 25 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 25. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '25'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 25 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged  change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
Comment 9 Fedora End Of Life 2017-12-12 10:11:20 UTC 
Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.