Bug 1051727

Summary: [abrt] NetworkManager-pptp: state_changed_cb(): nm-pptp-service killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Christopher Meng <i>
Component: NetworkManager-pptpAssignee: Rashid Khan <rkhan>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: danw, dcbw, lkundrak, rkhan
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/80fd35fa7056a84a4c270ce321a6435d03379bdd
Whiteboard: abrt_hash:c1916210cb65d01abe645cb5296d900131b18cd7
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-21 10:23:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Christopher Meng 2014-01-11 04:28:30 UTC 
Version-Release number of selected component:
NetworkManager-pptp-0.9.8.2-3.fc21

Additional info:
reporter:       libreport-2.1.10
backtrace_rating: 4
cmdline:        /usr/libexec/nm-pptp-service
crash_function: state_changed_cb
executable:     /usr/libexec/nm-pptp-service
kernel:         3.13.0-0.rc7.git0.2.fc21.i686+PAE
runlevel:       N 5
type:           CCpp
uid:            0

Truncated backtrace:
Thread no. 1 (5 frames)
 #1 state_changed_cb at nm-pptp-service.c:1236
 #2 g_cclosure_marshal_VOID__UINT at gmarshal.c:446
 #7 nm_vpn_plugin_set_state at nm-vpn-plugin.c:182
 #8 nm_vpn_plugin_disconnect at nm-vpn-plugin.c:231
 #9 dispose at nm-vpn-plugin.c:862
Comment 1 Christopher Meng 2014-01-11 04:28:37 UTC 
Created attachment 848480 [details]
File: backtrace
Comment 2 Christopher Meng 2014-01-11 04:28:40 UTC 
Created attachment 848481 [details]
File: cgroup
Comment 3 Christopher Meng 2014-01-11 04:28:42 UTC 
Created attachment 848482 [details]
File: core_backtrace
Comment 4 Christopher Meng 2014-01-11 04:28:45 UTC 
Created attachment 848483 [details]
File: dso_list
Comment 5 Christopher Meng 2014-01-11 04:28:48 UTC 
Created attachment 848484 [details]
File: environ
Comment 6 Christopher Meng 2014-01-11 04:28:50 UTC 
Created attachment 848485 [details]
File: exploitable
Comment 7 Christopher Meng 2014-01-11 04:28:52 UTC 
Created attachment 848486 [details]
File: limits
Comment 8 Christopher Meng 2014-01-11 04:28:54 UTC 
Created attachment 848487 [details]
File: maps
Comment 9 Christopher Meng 2014-01-11 04:28:57 UTC 
Created attachment 848488 [details]
File: open_fds
Comment 10 Christopher Meng 2014-01-11 04:28:59 UTC 
Created attachment 848489 [details]
File: proc_pid_status
Comment 11 Christopher Meng 2014-01-11 04:29:19 UTC 
Created attachment 848490 [details]
File: var_log_messages
Comment 12 Jirka Klimes 2014-05-16 11:12:17 UTC 
if (priv->connection) {
    g_object_unref (priv->connection)
...

The object was probably incorrect due to unrefing it in dispose() without clearing the pointer.

A fix is available in upstream branch jk/pptp-dispose-fix.
Comment 13 Dan Winship 2014-05-16 14:04:41 UTC 
yup, patch looks right
Comment 14 Dan Williams 2014-05-16 14:58:48 UTC 
Looks good to me.
Comment 15 Jirka Klimes 2014-05-19 08:43:06 UTC 
Committed to upstream master:
bfcd972 core: clear objects in dispose() else we could crash later (rh #1051727)
Comment 16 Jaroslav Reznik 2015-03-03 17:11:13 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22