Bug 1638767

Summary: gnome software crash involving gs_plugin_add_category_apps in libgs_plugin_desktop-categories.so
Product: [Fedora] Fedora Reporter: Matt Fagnani <matt.fagnani>
Component: gnome-softwareAssignee: Richard Hughes <rhughes>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 29CC: klember, rhughes
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: gnome-software-3.30.3-1.fc29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-21 15:47:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
journalctl output from when gnome software started to its crash none

Description Matt Fagnani 2018-10-12 12:18:25 UTC 
Created attachment 1493292 [details]
journalctl output from when gnome software started to its crash

Description of problem:
I started gnome software 3.30.2-1 to test the appstream-0.12.2-2.fc29 appstream-data-29-7.fc29 update https://bodhi.fedoraproject.org/updates/FEDORA-2018-3e4ee09428  After about a minute on the main screen, and gnome software crashed. I clicked on the second of the five dots which is likely not related to the crash. I installed the gnome-software, glibc, glib2 debug packages. I ran coredumpctl debug which gave the following output.

PID: 5989 (gnome-software)
           UID: 1000 (matt)
           GID: 1000 (matt)
        Signal: 11 (SEGV)
     Timestamp: Fri 2018-10-12 06:43:24 EDT (51min ago)
  Command Line: /usr/bin/gnome-software
    Executable: /usr/bin/gnome-software
 Control Group: /user.slice/user-1000.slice/session-2.scope
          Unit: session-2.scope
         Slice: user-1000.slice
       Session: 2
     Owner UID: 1000 (matt)
       Boot ID: 45bf2e8a8f99491ea41d44a42f1e9ebb
    Machine ID: 68c534516091436b931b8f2dd87b8100
      Hostname: dimension
       Storage: /var/lib/systemd/coredump/core.gnome-software.1000.45bf2e8a8f99491ea41d44a42f1e9ebb.5989.1539341004000000.lz4
       Message: Process 5989 (gnome-software) of user 1000 dumped core.
                
                Stack trace of thread 6227:
                #0  0x00000000b4604713 gs_plugin_add_category_apps (libgs_plugin_desktop-categories.so)
                #1  0x00000000004957db n/a (gnome-software)
                #2  0x0000000000495aab n/a (gnome-software)
                #3  0x0000000000496d00 n/a (gnome-software)
                #4  0x00000000b7afceb6 n/a (libgio-2.0.so.0)
                #5  0x00000000b7cdae15 n/a (libglib-2.0.so.0)
                #6  0x00000000b7cda37f n/a (libglib-2.0.so.0)
                #7  0x00000000b6c375de start_thread (libpthread.so.0)
                #8  0x00000000b6b7372a __clone (libc.so.6)
                
                Stack trace of thread 5990:
                #0  0x00000000b7ee0d41 __kernel_vsyscall (linux-gate.so.1)
                #1  0x00000000b6b69853 __GI___poll (libc.so.6)
                #2  0x00000000b7cc0254 g_poll (libglib-2.0.so.0)
                #3  0x00000000b7cb0913 n/a (libglib-2.0.so.0)
                #4  0x00000000b7cb0a5b g_main_context_iteration (libglib-2.0.so.0)
                #5  0x00000000b7cb0ab0 n/a (libglib-2.0.so.0)
                #6  0x00000000b7cda37f n/a (libglib-2.0.so.0)
                #7  0x00000000b6c375de start_thread (libpthread.so.0)
                #8  0x00000000b6b7372a __clone (libc.so.6)
                
                Stack trace of thread 5991:
                #0  0x00000000b7ee0d41 __kernel_vsyscall (linux-gate.so.1)
                #1  0x00000000b6b69853 __GI___poll (libc.so.6)
                #2  0x00000000b7cc0254 g_poll (libglib-2.0.so.0)
                #3  0x00000000b7cb0913 n/a (libglib-2.0.so.0)
                #4  0x00000000b7cb0d51 g_main_loop_run (libglib-2.0.so.0)
                #5  0x00000000b7b41189 n/a (libgio-2.0.so.0)
                #6  0x00000000b7cda37f n/a (libglib-2.0.so.0)
                #7  0x00000000b6c375de start_thread (libpthread.so.0)
                #8  0x00000000b6b7372a __clone (libc.so.6)
                
                Stack trace of thread 5992:
                #0  0x00000000b7ee0d41 __kernel_vsyscall (linux-gate.so.1)
                #1  0x00000000b6b69853 __GI___poll (libc.so.6)
                #2  0x00000000b7cc0254 g_poll (libglib-2.0.so.0)
                #3  0x00000000b7cb0913 n/a (libglib-2.0.so.0)
                #4  0x00000000b7cb0a5b g_main_context_iteration (libglib-2.0.so.0)
                #5  0x00000000b46222e3 n/a (libdconfsettings.so)
                #6  0x00000000b7cda37f n/a (libglib-2.0.so.0)
                #7  0x00000000b6c375de start_thread (libpthread.so.0)
                #8  0x00000000b6b7372a __clone (libc.so.6)
                
                Stack trace of thread 6087:
                #0  0x00000000b7ee0d41 __kernel_vsyscall (linux-gate.so.1)
                #1  0x00000000b6b69853 __GI___poll (libc.so.6)
                #2  0x00000000b7cc0254 g_poll (libglib-2.0.so.0)
                #3  0x00000000b7cb0913 n/a (libglib-2.0.so.0)
                #4  0x00000000b7cb0d51 g_main_loop_run (libglib-2.0.so.0)
                #5  0x00000000b6d22d73 pk_client_search_files (libpackagekit-glib2.so.18)
                #6  0x00000000b2dc1a62 gs_plugin_refine (libgs_plugin_packagekit-refine.so)
                #7  0x0000000000495a17 n/a (gnome-software)
                #8  0x0000000000495dd9 n/a (gnome-software)
                #9  0x0000000000496135 n/a (gnome-software)
                #10 0x0000000000496737 n/a (gnome-software)
                #11 0x0000000000496f66 n/a (gnome-software)
                #12 0x00000000b7afceb6 n/a (libgio-2.0.so.0)
                #13 0x00000000b7cdae15 n/a (libglib-2.0.so.0)
                #14 0x00000000b7cda37f n/a (libglib-2.0.so.0)
                #15 0x00000000b6c375de start_thread (libpthread.so.0)
                #16 0x00000000b6b7372a __clone (libc.so.6)
                
                Stack trace of thread 5989:
                #0  0x00000000b75b09a4 n/a (libgtk-3.so.0)
                #1  0x00000000b743082b n/a (libgtk-3.so.0)
                #2  0x00000000b7325326 n/a (libgtk-3.so.0)
                #3  0x00000000b731ff22 gtk_builder_extend_with_template (libgtk-3.so.0)
                #4  0x00000000b75b118f gtk_widget_init_template (libgtk-3.so.0)
                #5  0x000000000046e249 n/a (gnome-software)
                #6  0x00000000b7dd3e10 g_type_create_instance (libgobject-2.0.so.0)
                #7  0x00000000b7db29de n/a (libgobject-2.0.so.0)
                #8  0x00000000b7db40ec g_object_new_with_properties (libgobject-2.0.so.0)
                #9  0x00000000b7db4aa7 g_object_new (libgobject-2.0.so.0)
                #10 0x000000000046ef14 gs_summary_tile_new (gnome-software)
                #11 0x0000000000440d41 gs_category_page_set_category (gnome-software)
                #12 0x000000000046b2da gs_shell_change_mode (gnome-software)
                #13 0x000000000046c731 gs_shell_show_category (gnome-software)
                #14 0x0000000000459b43 n/a (gnome-software)
                #15 0x00000000b7dad34c n/a (libgobject-2.0.so.0)
                #16 0x00000000b7dc9a6e g_signal_emit_valist (libgobject-2.0.so.0)
                #17 0x00000000b7dca0e9 g_signal_emit (libgobject-2.0.so.0)
                #18 0x00000000b7328b0d gtk_button_clicked (libgtk-3.so.0)
                #19 0x00000000b7328bad n/a (libgtk-3.so.0)
                #20 0x00000000b7328c1a n/a (libgtk-3.so.0)
                #21 0x00000000b7dad34c n/a (libgobject-2.0.so.0)
                #22 0x00000000b7dc9a6e g_signal_emit_valist (libgobject-2.0.so.0)
                #23 0x00000000b7dca0e9 g_signal_emit (libgobject-2.0.so.0)
                #24 0x00000000b7326e9f n/a (libgtk-3.so.0)
                #25 0x00000000b68adf1e ffi_call_SYSV (libffi.so.6)
                #26 0x00000000b68ad94e ffi_call (libffi.so.6)
                #27 0x00000000b7dadf4f g_cclosure_marshal_generic_va (libgobject-2.0.so.0)
                #28 0x00000000b7dad34c n/a (libgobject-2.0.so.0)
                #29 0x00000000b7dc9a6e g_signal_emit_valist (libgobject-2.0.so.0)
                #30 0x00000000b7dca0e9 g_signal_emit (libgobject-2.0.so.0)
                #31 0x00000000b73fbe89 n/a (libgtk-3.so.0)
                #32 0x00000000b7db01e9 g_cclosure_marshal_VOID__BOXEDv (libgobject-2.0.so.0)
                #33 0x00000000b7dad34c n/a (libgobject-2.0.so.0)
                #34 0x00000000b7dc9a6e g_signal_emit_valist (libgobject-2.0.so.0)
                #35 0x00000000b7dca0e9 g_signal_emit (libgobject-2.0.so.0)
                #36 0x00000000b73f8c89 n/a (libgtk-3.so.0)
                #37 0x00000000b73fa3f9 n/a (libgtk-3.so.0)
                #38 0x00000000b73fd778 n/a (libgtk-3.so.0)
                #39 0x00000000b73c1e4f gtk_event_controller_handle_event (libgtk-3.so.0)
                #40 0x00000000b759cdde n/a (libgtk-3.so.0)
                #41 0x00000000b75f844c n/a (libgtk-3.so.0)
                #42 0x00000000b7dad34c n/a (libgobject-2.0.so.0)
                #43 0x00000000b7dc96d4 g_signal_emit_valist (libgobject-2.0.so.0)
                #44 0x00000000b7dca0e9 g_signal_emit (libgobject-2.0.so.0)
                #45 0x00000000b759f3cf n/a (libgtk-3.so.0)
                #46 0x00000000b7447d50 n/a (libgtk-3.so.0)
                #47 0x00000000b744a2ca gtk_main_do_event (libgtk-3.so.0)
                #48 0x00000000b711eb9b n/a (libgdk-3.so.0)
                #49 0x00000000b715363b n/a (libgdk-3.so.0)
                #50 0x00000000b7cb05c5 g_main_context_dispatch (libglib-2.0.so.0)
                #51 0x00000000b7cb09a9 n/a (libglib-2.0.so.0)
                #52 0x00000000b7cb0a5b g_main_context_iteration (libglib-2.0.so.0)
                #53 0x00000000b7b118b3 g_application_run (libgio-2.0.so.0)
                #54 0x000000000042fcd6 main (gnome-software)
                #55 0x00000000b6aa1c09 __libc_start_main (libc.so.6)
                #56 0x000000000042fd9c _start (gnome-software)

...
Core was generated by `/usr/bin/gnome-software'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0xb4604713 in gs_plugin_add_category_apps (plugin=0xdb57d0, category=0x0, 
    list=0x16a0150, cancellable=0x1723550, error=0xaeffef50)
    at ../plugins/core/gs-plugin-desktop-categories.c:100
100             if (desktop_groups->len > 0)
[Current thread is 1 (Thread 0xaefffb40 (LWP 6227))]
...

(gdb) bt
#0  0xb4604713 in gs_plugin_add_category_apps
    (plugin=0xdb57d0 [GsPlugin], category=0x0, list=0x16a0150 [GsAppList], cancellable=0x1723550 [GCancellable], error=0xaeffef50)
    at ../plugins/core/gs-plugin-desktop-categories.c:100
#1  0x004957db in gs_plugin_loader_call_vfunc
    (helper=<optimized out>, plugin=0xdb57d0 [GsPlugin], app=<optimized out>, list=<optimized out>, refine_flags=<optimized out>, cancellable=<optimized out>, error=<optimized out>) at ../lib/gs-plugin-loader.c:681
#2  0x00495aab in gs_plugin_loader_run_results (helper=0x1556e90, 
    helper@entry=0x16a0150, cancellable=0x1723550 [GCancellable], 
    cancellable@entry=0xdf8888 [GsPluginLoader], error=error@entry=0xaefff014)
    at ../lib/gs-plugin-loader.c:1119
#3  0x00496d00 in gs_plugin_loader_process_thread_cb
    (task=0x2a33e60 [GTask], object=0xdf8888, task_data=0x1556e90, cancellable=0x1723550 [GCancellable]) at ../lib/gs-plugin-loader.c:3112
#4  0xb7afceb6 in g_task_thread_pool_thread (thread_data=0x2a33e60, pool_data=0x0)
    at gtask.c:1331
#5  0xb7cdae15 in g_thread_pool_thread_proxy (data=0xcdbe00) at gthreadpool.c:307
#6  0xb7cda37f in g_thread_proxy (data=0x1517b50) at gthread.c:784
#7  0xb6c375de in start_thread (arg=<optimized out>) at pthread_create.c:486
#8  0xb6b7372a in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:108

The journal messages before the crash showed that fwupd and boltd were started by dbus at the request of gnome-software. Two selinux denials involving boltd 
occurred including mounton tmpfs and send_msg with fwupd though they might be unrelated as I've seen them before. The messages right before the crash involve packagekit running transactions which are more likely related:
...
Oct 12 06:42:24 dimension PackageKit[6005]: resolve transaction /26399_eaeaedba from uid 1000 finished with success after 25485ms
Oct 12 06:42:24 dimension PackageKit[6005]: resolve transaction /26400_cdacebeb from uid 1000 finished with success after 191ms
Oct 12 06:42:24 dimension PackageKit[6005]: resolve transaction /26401_bdccdcdd from uid 1000 finished with success after 71ms
Oct 12 06:42:24 dimension PackageKit[6005]: resolve transaction /26402_cbdacdcc from uid 1000 finished with success after 88ms
Oct 12 06:42:24 dimension PackageKit[6005]: resolve transaction /26403_cecaebad from uid 1000 finished with success after 97ms
Oct 12 06:42:25 dimension PackageKit[6005]: resolve transaction /26404_eadedecd from uid 1000 finished with success after 1002ms
Oct 12 06:42:28 dimension PackageKit[6005]: get-updates transaction /26405_acebaaca from uid 1000 finished with cancelled-priority after 2821ms
Oct 12 06:42:29 dimension PackageKit[6005]: search-file transaction /26406_cacbbcda from uid 1000 finished with success after 771ms
Oct 12 06:42:29 dimension PackageKit[6005]: search-file transaction /26407_cdaddded from uid 1000 finished with success after 163ms
Oct 12 06:42:30 dimension PackageKit[6005]: search-file transaction /26408_edeeeacd from uid 1000 finished with success after 398ms
Oct 12 06:42:30 dimension PackageKit[6005]: search-file transaction /26409_cdadeacb from uid 1000 finished with success after 415ms
Oct 12 06:42:31 dimension PackageKit[6005]: search-file transaction /26410_aeebdade from uid 1000 finished with success after 348ms
Oct 12 06:42:31 dimension PackageKit[6005]: search-file transaction /26411_adcbaeea from uid 1000 finished with success after 266ms
Oct 12 06:42:32 dimension PackageKit[6005]: search-file transaction /26412_bedeebac from uid 1000 finished with success after 291ms
Oct 12 06:42:32 dimension PackageKit[6005]: search-file transaction /26413_bcdabaee from uid 1000 finished with success after 359ms
Oct 12 06:42:33 dimension PackageKit[6005]: search-file transaction /26414_deeccebc from uid 1000 finished with success after 357ms
Oct 12 06:43:12 dimension kernel: pool[6227]: segfault at 4 ip b4604713 sp aeffeed0 error 4 in libgs_plugin_desktop-categories.so[b4604000+1000]
Oct 12 06:43:24 dimension kernel: Code: 00 00 00 00 8d 76 00 f3 0f 1e fb 55 57 56 53 e8 73 fc ff ff 81 c3 83 48 00 00 83 ec 28 8b 74 24 40 56 e8 10 fb ff ff 83 c4 10 <8b> 48 04 85 c9 74 16 83 c4 1c b8 01 00 00 00 5b 5e 5f 5d c3 8d b4 
Oct 12 06:43:12 dimension audit[5989]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=5989 comm="pool" exe="/usr/bin/gnome-software" sig=11 res=1
Oct 12 06:43:24 dimension systemd[1]: Created slice system-systemd\x2dcoredump.slice.
Oct 12 06:43:24 dimension systemd[1]: Started Process Core Dump (PID 6228/UID 0).
Oct 12 06:43:24 dimension audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@0-6228-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

I'll attach the journalctl output from when gnome-software started to its crash.
I can provide more information if it would help.

Version-Release number of selected component (if applicable):
gnome-software-0:3.30.2-1.fc29.i686
glib2-0:2.58.1-1.fc29.i686
glibc-0:2.28-9.fc29.i686

How reproducible:
This crash occurred one of two times I started gnome software. I got a different crash the second time which I will report in a second entry.

Steps to Reproduce:
1. update to appstream-0.12.2-2.fc29 appstream-data-29-7.fc29
2. start gnome software
3. 

Actual results:
gnome software crashed

Expected results:
gnome software doesn't crash

Additional info:
Comment 1 Matt Fagnani 2018-10-13 13:57:58 UTC 
I reproduced crashes with the same traces several times by clicking on the Audio & Video, Communication & News, Productivity categories and More... buttons to the right of Recommended Productivity Applications and Recommended Audio & Video Applications. The trace shows that gs_plugin_add_category_apps has the argument category=0x0 which I take to mean a null pointer or empty category list. The crash is at ../plugins/core/gs-plugin-desktop-categories.c:100
100             if (desktop_groups->len > 0)

gs-plugin-desktop-categories.c at https://github.com/GNOME/gnome-software/blob/master/plugins/core/gs-plugin-desktop-categories.c shows the following in the area of the crash

gs_plugin_add_category_apps (GsPlugin *plugin,
			     GsCategory *category,
			     GsAppList *list,
			     GCancellable *cancellable,
			     GError **error)
{
	GPtrArray *desktop_groups;
	GsCategory *parent;
	const GsDesktopData *msdata;
	guint i, j, k;

	/* already set */
	desktop_groups = gs_category_get_desktop_groups (category);
	if (desktop_groups->len > 0)
              return TRUE;
...

When desktop_groups = gs_category_get_desktop_groups (category) is run with category = 0x0, this might lead to a null value for desktop_groups. The segmentation fault shown by gdb might be due to a null pointer dereference in desktop_groups->len or something similar. Checking if category is not null before running the lines involving it might avoid the crash.
Comment 2 Matt Fagnani 2018-10-14 02:39:57 UTC 
The full traces have desktop_groups = 0x0 so desktop_groups->len might have been a null pointer dereference which led to the segmentation fault.

(gdb) bt full
#0  0xb4604713 in gs_plugin_add_category_apps
    (plugin=0xdb57d0 [GsPlugin], category=0x0, list=0x16a0150 [GsAppList], cancellable=0x1723550 [GCancellable], error=0xaeffef50)
    at ../plugins/core/gs-plugin-desktop-categories.c:100
        desktop_groups = 0x0
        parent = <optimized out>
        msdata = <optimized out>
        i = <optimized out>
        j = <optimized out>
        k = <optimized out>
#1  0x004957db in gs_plugin_loader_call_vfunc
    (helper=<optimized out>, plugin=0xdb57d0 [GsPlugin], app=<optimized out>, list=<optimized out>, refine_flags=<optimized out>, cancellable=<optimized out>, error=<optimized out>) at ../lib/gs-plugin-loader.c:681
        plugin_func = <optimized out>
        action = <optimized out>
        ret = 1
        func = <optimized out>
        error_local = 0x0
        timer = <optimized out>
#2  0x00495aab in gs_plugin_loader_run_results (helper=0x1556e90, 
    helper@entry=0x16a0150, cancellable=0x1723550 [GCancellable], 
    cancellable@entry=0xdf8888 [GsPluginLoader], error=error@entry=0xaefff014)
    at ../lib/gs-plugin-loader.c:1119
        plugin = 0xdb57d0 [GsPlugin]
        i = 0
        priv = 0xdf8828
--Type <RET> for more, q to quit, c to continue without paging--c
#3  0x00496d00 in gs_plugin_loader_process_thread_cb (task=0x2a33e60 [GTask], object=0xdf8888, task_data=0x1556e90, cancellable=0x1723550 [GCancellable]) at ../lib/gs-plugin-loader.c:3112
        error = 0x0
        helper = 0x1723550
        list = 0x528208
        action = <optimized out>
        plugin_loader = 0xce6884
        priv = 0xce689f
        filter_flags = <optimized out>
        refine_flags = <optimized out>
        add_to_pending_array = 0
#4  0xb7afceb6 in g_task_thread_pool_thread (thread_data=0x2a33e60, pool_data=0x0) at gtask.c:1331
        task = 0x2a33e60 [GTask]
#5  0xb7cdae15 in g_thread_pool_thread_proxy (data=0xcdbe00) at gthreadpool.c:307
        task = 0x2a33e60
        pool = 0xcdbe00
#6  0xb7cda37f in g_thread_proxy (data=0x1517b50) at gthread.c:784
        thread = 0x1517b50
        __func__ = "g_thread_proxy"
#7  0xb6c375de in start_thread (arg=<optimized out>) at pthread_create.c:486
        ret = <optimized out>
        pd = <optimized out>
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1228607488, -1358955712, -1228607488, -1358958168, -1365515652, -678350260}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
#8  0xb6b7372a in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:108
Comment 3 Matt Fagnani 2018-10-14 02:55:56 UTC 
This crash still occurred after I downgraded to appstream-data-29-6 so it is unrelated to the update to appstream-data-29-7.
Comment 4 Matt Fagnani 2018-10-18 16:53:40 UTC 
In order to try the test build as suggested in #1638784, I ran sudo dnf upgrade https://kojipkgs.fedoraproject.org//work/tasks/4354/30304354/gnome-software-3.30.2-1.fc29.mr125.i686.rpm https://kojipkgs.fedoraproject.org//work/tasks/4354/30304354/gnome-software-debuginfo-3.30.2-1.fc29.mr125.i686.rpm https://kojipkgs.fedoraproject.org//work/tasks/4354/30304354/gnome-software-debugsource-3.30.2-1.fc29.mr125.i686.rpm

The crashes I noted above when clicking on the categories and more... didn't occur with the test build. When I clicked on the Audio & Video and Productivity categories or more... buttons on the main screen, those screens showed up correctly. I clicked on Communication & News, Graphics & Photography, and Add-ons, but those screens were not loaded.

To test the 3.30.3-1 update, I ran sudo dnf upgrade https://kojipkgs.fedoraproject.org//packages/gnome-software/3.30.3/1.fc29/i686/gnome-software-3.30.3-1.fc29.i686.rpm https://kojipkgs.fedoraproject.org//packages/gnome-software/3.30.3/1.fc29/i686/gnome-software-debuginfo-3.30.3-1.fc29.i686.rpm https://kojipkgs.fedoraproject.org//packages/gnome-software/3.30.3/1.fc29/i686/gnome-software-debugsource-3.30.3-1.fc29.i686.rpm

3.30.3 first showed "No application data found" and a pop-up box stating that it needed to be restarted to use new plugins which I did. Clicking on all of the categories and the more... button showed those screens correctly. I didn't get any crashes of 3.30.3. Thanks for your help and the updates.
Comment 5 Fedora Update System 2018-10-18 18:01:12 UTC 
gnome-software-3.30.3-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-447d45de07
Comment 6 Fedora Update System 2018-10-20 19:23:15 UTC 
gnome-software-3.30.3-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-447d45de07
Comment 7 Fedora Update System 2018-10-21 15:47:21 UTC 
gnome-software-3.30.3-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.