Description of problem: simply start app from icon software Version-Release number of selected component: gnome-software-3.12.0-1.fc21 Additional info: reporter: libreport-2.2.0 backtrace_rating: 4 cmdline: /usr/bin/gnome-software --gapplication-service crash_function: gs_app_set_name executable: /usr/bin/gnome-software kernel: 3.13.7-200.fc20.x86_64 runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (10 frames) #6 gs_app_set_name at gs-app.c:635 #7 gs_plugin_refine_item at gs-plugin-appstream.c:551 #8 gs_plugin_refine_from_id at gs-plugin-appstream.c:667 #9 gs_plugin_refine at gs-plugin-appstream.c:735 #10 gs_plugin_loader_run_refine_plugin at gs-plugin-loader.c:187 #11 gs_plugin_loader_run_refine at gs-plugin-loader.c:248 #12 gs_plugin_loader_search_thread_cb at gs-plugin-loader.c:1561 #13 run_in_thread at gsimpleasyncresult.c:857 #14 io_job_thread at gioscheduler.c:85 #15 g_task_thread_pool_thread at gtask.c:1213
Created attachment 882686 [details] File: backtrace
Created attachment 882687 [details] File: cgroup
Created attachment 882688 [details] File: core_backtrace
Created attachment 882689 [details] File: dso_list
Created attachment 882690 [details] File: environ
Created attachment 882691 [details] File: limits
Created attachment 882692 [details] File: maps
Created attachment 882693 [details] File: open_fds
Created attachment 882694 [details] File: proc_pid_status
Created attachment 882695 [details] File: var_log_messages
*** Bug 1070550 has been marked as a duplicate of this bug. ***
Okay, so this is really odd. It's really a use-after-free, but I can't see the refcount issue here. Can you reproduce this reliably? Any other information about how you triggered the bug would be awesome.
I think it's likely a threading issue, two threads accessing the same GsApp and try to simultaneously free the memory: g_free (app->priv->name); app->priv->name = g_strdup (name);
Should be fixed in 3.13.92.