Bug 710996

Summary: Network manager has crashed when wifi connects to a WPA2/PEAP/MSCHAPv2 network
Product: [Fedora] Fedora Reporter: kurik
Component: kde-plasma-networkmanagementAssignee: Rex Dieter <rdieter>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: collura, dcbw, kevin, ltinkl, rdieter
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-06-30 18:58:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Backtrace from 2011-06-15 none

Description kurik 2011-06-06 07:02:15 UTC 
Description of problem:
Network manager has crashed when wifi connects to a WPA2/PEAP/MSCHAPv2 network and plasma got restarted

Version-Release number of selected component (if applicable):
# rpm -qa | grep -i networkmanage
kde-plasma-networkmanagement-pptp-0.9-0.47.20110323.fc15.x86_64
NetworkManager-pptp-0.8.999-1.fc15.x86_64
NetworkManager-vpnc-0.8.999-2.fc15.x86_64
kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.x86_64
NetworkManager-glib-0.8.9997-1.git20110531.fc15.x86_64
NetworkManager-openvpn-0.8.999-1.fc15.x86_64
kde-plasma-networkmanagement-libs-0.9-0.47.20110323.fc15.x86_64
kde-plasma-networkmanagement-vpnc-0.9-0.47.20110323.fc15.x86_64
kde-plasma-networkmanagement-debuginfo-0.9-0.47.20110323.fc15.x86_64
kde-plasma-networkmanagement-openvpn-0.9-0.47.20110323.fc15.x86_64
NetworkManager-0.8.9997-1.git20110531.fc15.x86_64

How reproducible:
I can reproduce the issue regularly.

Steps to Reproduce:
1. Open "Edit network connection" dialog box and configure a network connection to a WiFi with the following parameters:
* Security: WPA/WPA2
* Authentication: PEAP
* Inner Authentication: MSCHAPv2
2.Press the "OK" button and plasma will crash and get restarts.

I do not observe this behavior when connecting to different WiFi networks (such
as WEP encrypted, or using different Authentication i.e. WPA2/Personal).

  
Actual results:
Crash

Expected results:
Working WiFi network

Additional info:
The bug has been originally reported to KDE community: https://bugs.kde.org/show_bug.cgi?id=274826

I am using Lenovo T410s laptop with built in WiFi:
# lspci -v -s 03:00.0
03:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8191SEvB
Wireless LAN Controller (rev 10)
        Subsystem: Realtek Semiconductor Co., Ltd. Device e020
        Flags: bus master, fast devsel, latency 0, IRQ 17
        I/O ports at 2000 [size=256]
        Memory at f2400000 (32-bit, non-prefetchable) [size=16K]
        Capabilities: [40] Power Management version 3                           
        Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+              
        Capabilities: [70] Express Legacy Endpoint, MSI 00                      
        Capabilities: [100] Advanced Error Reporting                            
        Capabilities: [140] Virtual Channel                                     
        Capabilities: [160] Device Serial Number 88-55-22-fe-ff-4c-e0-00        
        Kernel driver in use: rtl819xSE                                         
        Kernel modules: r8192se_pci

-- Backtrace:
Application: Plasma Desktop Shell (plasma-desktop), signal: Segmentation fault
82    T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[KCrash Handler]
#6  0x00007f2bd17ca1a5 in NMPopup::updateHasWireless (this=0x1d86260) at
/usr/src/debug/networkmanagement-0.9/applet/nmpopup.cpp:536
#7  0x00007f2bd17ca937 in NMPopup::networkingEnabledToggled (this=0x1d86260,
checked=false) at /usr/src/debug/networkmanagement-0.9/applet/nmpopup.cpp:512
#8  0x00007f2bd17c3ed4 in NMPopup::qt_metacall (this=0x1d86260,
_c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fffcd787190) at
/usr/src/debug/networkmanagement-0.9/x86_64-redhat-linux-gnu/applet/moc_nmpopup.cpp:107
#9  0x0000003718b6ceca in QMetaObject::activate (sender=0x1e5da50, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x7fffcd787190) at
kernel/qobject.cpp:3278
#10 0x00000034e49ddddf in Plasma::CheckBox::toggled (this=<optimized out>,
_t1=false) at
/usr/src/debug/kdelibs-4.6.3/x86_64-redhat-linux-gnu/plasma/checkbox.moc:145
#11 0x00000034e49dde49 in Plasma::CheckBox::qt_metacall (this=0x1e5da50,
_c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7fffcd787550) at
/usr/src/debug/kdelibs-4.6.3/x86_64-redhat-linux-gnu/plasma/checkbox.moc:96
#12 0x0000003718b6ceca in QMetaObject::activate (sender=0x1e5dba0, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x7fffcd787550) at
kernel/qobject.cpp:3278
#13 0x000000371ca18d02 in QAbstractButton::toggled (this=<optimized out>,
_t1=false) at .moc/release-shared/moc_qabstractbutton.cpp:213
#14 0x000000371c76426e in QAbstractButton::setChecked (this=0x1e5dba0,
checked=false) at widgets/qabstractbutton.cpp:766
#15 0x00007f2bd17ca526 in NMPopup::managerNetworkingEnabledChanged
(this=0x1d86260, enabled=false) at
/usr/src/debug/networkmanagement-0.9/applet/nmpopup.cpp:590
#16 0x00007f2bd17c3ef4 in NMPopup::qt_metacall (this=0x1d86260,
_c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fffcd7876e0) at
/usr/src/debug/networkmanagement-0.9/x86_64-redhat-linux-gnu/applet/moc_nmpopup.cpp:108
#17 0x0000003718b6ceca in QMetaObject::activate (sender=0x1d200c0, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x7fffcd7876e0) at
kernel/qobject.cpp:3278
#18 0x0000003727c1aeb2 in
Solid::Control::NetworkManager::Notifier::networkingEnabledChanged
(this=<optimized out>, _t1=false) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/libs/solid/control/networkmanager.moc:138
#19 0x0000003727c1af64 in Solid::Control::NetworkManager::Notifier::qt_metacall
(this=0x1d200c0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>,
_a=0x7fffcd787820) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/libs/solid/control/networkmanager.moc:90
#20 0x0000003727c1b3d0 in Solid::Control::NetworkManagerPrivate::qt_metacall
(this=0x1d200c0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>,
_a=0x7fffcd787820) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/libs/solid/control/networkmanager_p.moc:76
#21 0x0000003718b6ceca in QMetaObject::activate (sender=0x1dfb570, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x7fffcd787820) at
kernel/qobject.cpp:3278
#22 0x00007f2bd0caf48f in NMNetworkManager::networkingEnabledChanged
(this=<optimized out>, _t1=false) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/solid/networkmanager-0.7/manager.moc:111
#23 0x00007f2bd0cb1fde in NMNetworkManager::propertiesChanged (this=0x1dfb570,
properties=<optimized out>) at
/usr/src/debug/kdebase-workspace-4.6.3/solid/networkmanager-0.7/manager.cpp:281
#24 0x00007f2bd0cb2b01 in NMNetworkManager::qt_metacall (this=0x1dfb570,
_c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fffcd787c00) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/solid/networkmanager-0.7/manager.moc:98
#25 0x0000003718b6ceca in QMetaObject::activate (sender=0x1df9690, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x7fffcd787c00) at
kernel/qobject.cpp:3278
#26 0x00007f2bd0cbc3f5 in
OrgFreedesktopNetworkManagerInterface::PropertiesChanged (this=<optimized out>,
_t1=<optimized out>) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/solid/networkmanager-0.7/nm-manager-clientinterface.moc:175
#27 0x00007f2bd0cbcc24 in OrgFreedesktopNetworkManagerInterface::qt_metacall
(this=0x1df9690, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fffcd788000) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/solid/networkmanager-0.7/nm-manager-clientinterface.moc:107
#28 0x00000037194205eb in QDBusConnectionPrivate::deliverCall (this=0x15b1010,
object=0x1df9690, msg=..., metaTypes=..., slotIdx=7) at qdbusintegrator.cpp:941
#29 0x0000003719429d7f in QDBusCallDeliveryEvent::placeMetaCall
(this=<optimized out>, object=<optimized out>) at qdbusintegrator_p.h:103
#30 0x0000003718b70a8a in QObject::event (this=0x1df9690, e=<optimized out>) at
kernel/qobject.cpp:1217
#31 0x000000371c3b73d4 in notify_helper (e=0x294ca00, receiver=0x1df9690,
this=0x1542b20) at kernel/qapplication.cpp:4462
#32 QApplicationPrivate::notify_helper (this=0x1542b20, receiver=0x1df9690,
e=0x294ca00) at kernel/qapplication.cpp:4434
#33 0x000000371c3bc261 in QApplication::notify (this=0x1529400,
receiver=0x1df9690, e=0x294ca00) at kernel/qapplication.cpp:4341
#34 0x000000371e641806 in KApplication::notify (this=0x1529400,
receiver=0x1df9690, event=0x294ca00) at
/usr/src/debug/kdelibs-4.6.3/kdeui/kernel/kapplication.cpp:311
#35 0x0000003718b5a1bc in QCoreApplication::notifyInternal (this=0x1529400,
receiver=0x1df9690, event=0x294ca00) at kernel/qcoreapplication.cpp:731
#36 0x0000003718b5d784 in sendEvent (event=0x294ca00, receiver=0x1df9690) at
kernel/qcoreapplication.h:215
#37 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0,
data=0x14ddcb0) at kernel/qcoreapplication.cpp:1372
#38 0x0000003718b848c3 in sendPostedEvents () at kernel/qcoreapplication.h:220
#39 postEventSourceDispatch (s=0x15489c0) at
kernel/qeventdispatcher_glib.cpp:277
#40 0x000000370f642b6d in g_main_dispatch (context=0x15488e0) at gmain.c:2440
#41 g_main_context_dispatch (context=0x15488e0) at gmain.c:3013
#42 0x000000370f643348 in g_main_context_iterate (context=0x15488e0,
block=<optimized out>, dispatch=1, self=<optimized out>) at gmain.c:3091
#43 0x000000370f6435dc in g_main_context_iteration (context=0x15488e0,
may_block=1) at gmain.c:3154
#44 0x0000003718b84d1f in QEventDispatcherGlib::processEvents (this=0x14df7c0,
flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#45 0x000000371c459f2e in QGuiEventDispatcherGlib::processEvents
(this=<optimized out>, flags=<optimized out>) at
kernel/qguieventdispatcher_glib.cpp:207
#46 0x0000003718b596d2 in QEventLoop::processEvents (this=<optimized out>,
flags=...) at kernel/qeventloop.cpp:149
#47 0x0000003718b598cf in QEventLoop::exec (this=0x7fffcd7889c0, flags=...) at
kernel/qeventloop.cpp:201
#48 0x000000371c7e2181 in QMenu::exec (this=<optimized out>, p=..., action=0x0)
at widgets/qmenu.cpp:2059
#49 0x00000034e49661e3 in Plasma::PopupApplet::eventFilter (this=0x1d186d0,
watched=<optimized out>, event=0x7fffcd788cd0) at
/usr/src/debug/kdelibs-4.6.3/plasma/popupapplet.cpp:515
#50 0x0000003718b5a348 in
QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<optimized out>,
receiver=0x1fccac0, event=0x7fffcd788cd0) at kernel/qcoreapplication.cpp:846
#51 0x000000371c3b739f in notify_helper (e=0x7fffcd788cd0, receiver=0x1fccac0,
this=0x1542b20) at kernel/qapplication.cpp:4458
#52 QApplicationPrivate::notify_helper (this=0x1542b20, receiver=0x1fccac0,
e=0x7fffcd788cd0) at kernel/qapplication.cpp:4434
#53 0x000000371c3bc74c in QApplication::notify (this=<optimized out>,
receiver=0x1fe48a0, e=0x7fffcd789040) at kernel/qapplication.cpp:4102
#54 0x000000371e641806 in KApplication::notify (this=0x1529400,
receiver=0x1fe48a0, event=0x7fffcd789040) at
/usr/src/debug/kdelibs-4.6.3/kdeui/kernel/kapplication.cpp:311
#55 0x0000003718b5a1bc in QCoreApplication::notifyInternal (this=0x1529400,
receiver=0x1fe48a0, event=0x7fffcd789040) at kernel/qcoreapplication.cpp:731
#56 0x000000371c434048 in sendSpontaneousEvent (event=0x7fffcd789040,
receiver=0x1fe48a0) at ../../src/corelib/kernel/qcoreapplication.h:218
#57 QETWidget::translateMouseEvent (this=<optimized out>, event=<optimized
out>) at kernel/qapplication_x11.cpp:4466
#58 0x000000371c432eba in QApplication::x11ProcessEvent (this=0x1529400,
event=0x7fffcd7898d0) at kernel/qapplication_x11.cpp:3587
#59 0x000000371c45a23c in x11EventSourceDispatch (s=0x15499b0, callback=0,
user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:148
#60 0x000000370f642b6d in g_main_dispatch (context=0x15488e0) at gmain.c:2440
#61 g_main_context_dispatch (context=0x15488e0) at gmain.c:3013
#62 0x000000370f643348 in g_main_context_iterate (context=0x15488e0,
block=<optimized out>, dispatch=1, self=<optimized out>) at gmain.c:3091
#63 0x000000370f6435dc in g_main_context_iteration (context=0x15488e0,
may_block=1) at gmain.c:3154
#64 0x0000003718b84d1f in QEventDispatcherGlib::processEvents (this=0x14df7c0,
flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#65 0x000000371c459f2e in QGuiEventDispatcherGlib::processEvents
(this=<optimized out>, flags=<optimized out>) at
kernel/qguieventdispatcher_glib.cpp:207
#66 0x0000003718b596d2 in QEventLoop::processEvents (this=<optimized out>,
flags=...) at kernel/qeventloop.cpp:149
#67 0x0000003718b598cf in QEventLoop::exec (this=0x7fffcd789ca0, flags=...) at
kernel/qeventloop.cpp:201
#68 0x0000003718b5da17 in QCoreApplication::exec () at
kernel/qcoreapplication.cpp:1008
#69 0x00000034e523f1e3 in kdemain (argc=1, argv=0x7fffcd78a088) at
/usr/src/debug/kdebase-workspace-4.6.3/plasma/desktop/shell/main.cpp:120
#70 0x000000370fa2143d in __libc_start_main (main=0x400890 <main(int, char**)>,
argc=1, ubp_av=0x7fffcd78a088, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffcd78a078) at libc-start.c:226
#71 0x00000000004008c1 in _start ()

Reported using DrKonqi
Comment 1 Kevin Kofler 2011-06-08 01:12:35 UTC 
This crashes in this loop:
    foreach (InterfaceItem* ifaceitem, m_interfaces) {
        Solid::Control::NetworkInterface* iface = ifaceitem->interface();
        if (iface->type() == Solid::Control::NetworkInterface::Ieee80211) {
            //kDebug() << "there's a wifi iface" << ifaceitem->connectionName() << iface->interfaceName();
            m_hasWirelessInterface = true; // at least one interface is wireless. We're happy.
            m_wifiCheckBox->show();
            break;
        }
    }
on this line:
        if (iface->type() == Solid::Control::NetworkInterface::Ieee80211) {

I assume iface is NULL, adding a NULL check, i.e.:
        if (iface && iface->type() == Solid::Control::NetworkInterface::Ieee80211) {
should probably fix it.
Comment 2 Kevin Kofler 2011-06-08 01:17:57 UTC 
In fact, this has been fixed upstream on April 19:
https://projects.kde.org/projects/extragear/base/networkmanagement/repository/revisions/ff9076fe85f31b0cfa388d92a0c6d288ad07f396/diff/applet/nmpopup.cpp
(but we're stuck with the March 23 snapshot for the moment).

Backporting the 2 added NULL checks from that commit is rather easy, I can do that tomorrow if nobody beats me to it.
Comment 3 Fedora Update System 2011-06-08 13:13:08 UTC 
kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.1 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.1
Comment 4 Fedora Update System 2011-06-08 13:13:59 UTC 
kde-plasma-networkmanagement-0.9-0.40.20110323.fc14.1 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.40.20110323.fc14.1
Comment 5 Fedora Update System 2011-06-08 13:14:32 UTC 
kde-plasma-networkmanagement-0.9-0.40.20110323.fc13.1 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.40.20110323.fc13.1
Comment 6 Fedora Update System 2011-06-10 13:34:31 UTC 
Package kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.1:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.1'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.1
then log in and leave karma (feedback).
Comment 7 Kevin Kofler 2011-06-14 15:54:55 UTC 
Does the above update fix your crashes?
Comment 8 kurik 2011-06-14 19:45:07 UTC 
Unfortunately not. I have tested the new RPM immediately once become available, but the problem persists. The symptoms are exactly the same.
I am currently trying to investigate the place in code causing the issue to be able, at least, provide more info.
Comment 9 Kevin Kofler 2011-06-14 21:30:14 UTC 
Have you restarted your session after upgrading? Does the problem persist after a session restart? If so, we need a new backtrace. (I strongly doubt the backtrace is the same, as I fixed that exact place of code.)
Comment 10 kurik 2011-06-15 06:32:45 UTC 
Created attachment 504809 [details]
Backtrace from 2011-06-15
Comment 11 kurik 2011-06-15 06:34:09 UTC 
OK, the back-trace is attached: https://bugzilla.redhat.com/attachment.cgi?id=504809

Regarding the restart of the session: yes the computer has been restarted several times since I have installed the new network manager RPM and the problem is still the same.
Comment 12 Kevin Kofler 2011-06-15 07:02:38 UTC 
#6  0x0000003160e71fa0 in QRegion::shared_empty () from /usr/lib64/libQtGui.so.4
#7  0x00007f9dfcac71ab in NMPopup::updateHasWireless (this=0x16e9450) at /usr/src/debug/networkmanagement-0.9/applet/nmpopup.cpp:536

Huh? There's nothing at nmpopup.cpp:536 which would call QRegion::shared_empty.

I guess the iface pointer is completely bogus here (not valid, but also not NULL) and has a bad vtable, so we end up calling QRegion::shared_empty instead of Solid::Control::NetworkInterface::type. But I'm not sure how to fix that.

I wonder if we shouldn't give up trying to fix that in the old snapshot and move on to the current nm09 branch snapshots instead.
Comment 13 kurik 2011-06-15 07:14:15 UTC 
Is there a way how to upgrade my current Fedora-15 to use nm09 ?
According to guys from KDE team, this problem should be fixed (reworked) somehow in the mn09 version.
Comment 14 Kevin Kofler 2011-06-15 07:24:04 UTC 
Configure the kde-redhat kde.repo, then use:
yum --enablerepo=kde-unstable update kde-plasma-networkmanagement

The snapshots are due to move to kde-testing, updates-testing and then updates soon.

Fixing this problem in the existing 20110323 snapshot would probably require a Valgrind log to see what exactly is going wrong. (At this point, I guess it's a use-after-free bug.)

That said, I'm not sure this is fixed in the current snapshots either. Upstream added the NULL checks I backported, but NULL checks don't help against invalid non-NULL pointers.
Comment 15 Kevin Kofler 2011-06-17 15:59:16 UTC 
I'm reopening the bug. I have queued the updates with the added NULL checks for stable anyway, they cannot hurt, but I removed the reference to this bug, which appears not fixed (completely).
Comment 16 Rex Dieter 2011-06-24 13:23:53 UTC 
See also,
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15

(pending, not queued... yet)
Comment 17 Fedora Update System 2011-06-27 12:53:43 UTC 
kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15
Comment 18 Fedora Update System 2011-06-30 18:58:33 UTC 
kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 kurik 2011-06-30 21:26:26 UTC 
Having installed the kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15 package it works and seems to be stable (at least for me).
Thanks guys.