Bug 1129818 - nm-applet access already released memory
Summary: nm-applet access already released memory
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: network-manager-applet
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-13 17:50 UTC by Zdenek Kabelac
Modified: 2016-09-07 11:49 UTC (History)
4 users (show)

Fixed In Version: network-manager-applet-1.2.0-1.fc24
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-07 12:01:09 UTC


Attachments (Terms of Use)
Full valgrind trace with LOTS of memory leaks (937.48 KB, application/x-tgz)
2014-08-13 17:50 UTC, Zdenek Kabelac
no flags Details
[PATCH] applet: fix accessing freed memory (rh #1129818) (1.34 KB, patch)
2015-12-17 13:39 UTC, Jirka Klimes
no flags Details | Diff

Description Zdenek Kabelac 2014-08-13 17:50:55 UTC
Created attachment 926548 [details]
Full valgrind trace with LOTS of memory leaks

Description of problem:

While trying to create valgrind report for bug 1128766  valgrind spoted read
from already released memory  (while using VPN plugin to access VPN for the second time)

Here is short cut&paste

Invalid read of size 8
   at 0x41A529: applet_agent_cancel_secrets_cb (applet.c:3246)
   by 0x842903B: g_cclosure_marshal_VOID__POINTERv (gmarshal.c:1236)
   by 0x8426103: _g_closure_invoke_va (gclosure.c:831)
   by 0x8440A8F: g_signal_emit_valist (gsignal.c:3218)
   by 0x84412DE: g_signal_emit (gsignal.c:3365)
   by 0x41D758: cancel_get_secrets (applet-agent.c:549)
   by 0x70CB69E: impl_secret_agent_cancel_get_secrets (nm-secret-agent.c:451)
   by 0x777594E: object_registration_message (dbus-gobject.c:1899)
   by 0x79AE51E: _dbus_object_tree_dispatch_and_unlock (dbus-object-tree.c:1018)
   by 0x79A0173: dbus_connection_dispatch (dbus-connection.c:4691)
   by 0x7772D44: message_queue_dispatch (dbus-gmain.c:90)
   by 0x86B1B1A: g_main_context_dispatch (gmain.c:3064)
   by 0x86B1EB7: g_main_context_iterate.isra.29 (gmain.c:3734)
   by 0x86B21E1: g_main_loop_run (gmain.c:3928)
   by 0x413175: main (main.c:106)
 Address 0x125171e8 is 8 bytes inside a block of size 16 free'd
   at 0x4C2CCE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x86B77BE: g_free (gmem.c:190)
   by 0x86CEBE3: g_slice_free1 (gslice.c:1112)
   by 0x86CF7FF: g_slist_remove (gslist.c:414)
   by 0x41A48E: applet_secrets_request_free (applet.c:3116)
   by 0x41A544: applet_agent_cancel_secrets_cb (applet.c:3251)
   by 0x842903B: g_cclosure_marshal_VOID__POINTERv (gmarshal.c:1236)
   by 0x8426103: _g_closure_invoke_va (gclosure.c:831)
   by 0x8440A8F: g_signal_emit_valist (gsignal.c:3218)
   by 0x84412DE: g_signal_emit (gsignal.c:3365)
   by 0x41D758: cancel_get_secrets (applet-agent.c:549)
   by 0x70CB69E: impl_secret_agent_cancel_get_secrets (nm-secret-agent.c:451)
   by 0x777594E: object_registration_message (dbus-gobject.c:1899)
   by 0x79AE51E: _dbus_object_tree_dispatch_and_unlock (dbus-object-tree.c:1018)
   by 0x79A0173: dbus_connection_dispatch (dbus-connection.c:4691)
   by 0x7772D44: message_queue_dispatch (dbus-gmain.c:90)
   by 0x86B1B1A: g_main_context_dispatch (gmain.c:3064)
   by 0x86B1EB7: g_main_context_iterate.isra.29 (gmain.c:3734)
   by 0x86B21E1: g_main_loop_run (gmain.c:3928)
   by 0x413175: main (main.c:106)


Invalid read of size 8
   at 0x41A520: applet_agent_cancel_secrets_cb (applet.c:3247)
   by 0x842903B: g_cclosure_marshal_VOID__POINTERv (gmarshal.c:1236)
   by 0x8426103: _g_closure_invoke_va (gclosure.c:831)
   by 0x8440A8F: g_signal_emit_valist (gsignal.c:3218)
   by 0x84412DE: g_signal_emit (gsignal.c:3365)
   by 0x41D758: cancel_get_secrets (applet-agent.c:549)
   by 0x70CB69E: impl_secret_agent_cancel_get_secrets (nm-secret-agent.c:451)
   by 0x777594E: object_registration_message (dbus-gobject.c:1899)
   by 0x79AE51E: _dbus_object_tree_dispatch_and_unlock (dbus-object-tree.c:1018)
   by 0x79A0173: dbus_connection_dispatch (dbus-connection.c:4691)
   by 0x7772D44: message_queue_dispatch (dbus-gmain.c:90)
   by 0x86B1B1A: g_main_context_dispatch (gmain.c:3064)
   by 0x86B1EB7: g_main_context_iterate.isra.29 (gmain.c:3734)
   by 0x86B21E1: g_main_loop_run (gmain.c:3928)
   by 0x413175: main (main.c:106)
 Address 0xeeeeeeeeeeeeeeee is not stack'd, malloc'd or (recently) free'd


Process terminating with default action of signal 11 (SIGSEGV): dumping core
 General Protection Fault
   at 0x41A520: applet_agent_cancel_secrets_cb (applet.c:3247)
   by 0x842903B: g_cclosure_marshal_VOID__POINTERv (gmarshal.c:1236)
   by 0x8426103: _g_closure_invoke_va (gclosure.c:831)
   by 0x8440A8F: g_signal_emit_valist (gsignal.c:3218)
   by 0x84412DE: g_signal_emit (gsignal.c:3365)
   by 0x41D758: cancel_get_secrets (applet-agent.c:549)
   by 0x70CB69E: impl_secret_agent_cancel_get_secrets (nm-secret-agent.c:451)
   by 0x777594E: object_registration_message (dbus-gobject.c:1899)
   by 0x79AE51E: _dbus_object_tree_dispatch_and_unlock (dbus-object-tree.c:1018)
   by 0x79A0173: dbus_connection_dispatch (dbus-connection.c:4691)
   by 0x7772D44: message_queue_dispatch (dbus-gmain.c:90)
   by 0x86B1B1A: g_main_context_dispatch (gmain.c:3064)
   by 0x86B1EB7: g_main_context_iterate.isra.29 (gmain.c:3734)
   by 0x86B21E1: g_main_loop_run (gmain.c:3928)
   by 0x413175: main (main.c:106)
	


Version-Release number of selected component (if applicable):
network-manager-applet-0.9.9.0-13.git20140424.fc22.x86_64

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Jaroslav Reznik 2015-03-03 16:12:16 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 2 Fedora Admin XMLRPC Client 2015-10-14 14:50:24 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 3 Jirka Klimes 2015-12-17 13:39:15 UTC
Created attachment 1106724 [details]
[PATCH] applet: fix accessing freed memory (rh #1129818)

Comment 4 Beniamino Galvani 2015-12-18 14:38:41 UTC
(In reply to Jirka Klimes from comment #3)
> Created attachment 1106724 [details]
> [PATCH] applet: fix accessing freed memory (rh #1129818)

Looks right.

Comment 5 Dan Williams 2015-12-18 20:47:20 UTC
LGTM too.

Comment 6 Jirka Klimes 2015-12-21 11:41:00 UTC
Upstream commits:
master:  10c78cb applet: fix accessing freed memory (rh #1129818)
nma-1-0: 597c688 applet: fix accessing freed memory (rh #1129818)

Comment 7 Zdenek Kabelac 2016-01-31 18:30:36 UTC
Wondering if the but is already fixed in rawhide package?

network-manager-applet-1.2.0-0.2.beta1.fc24.x86_64


From debug package source it seems so - yet I've still get new nm-applet crash:

(gdb) bt
#0  0x00007fe12d5a7618 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007fe12d5a921a in __GI_abort () at abort.c:89
#2  0x00007fe12dbc7ee5 in g_assertion_message (domain=domain@entry=0x55f7a34ce85c "nm-applet", file=file@entry=0x55f7a34ce5e8 "applet.c", line=line@entry=1227, func=func@entry=0x55f7a34d0080 <__FUNCTION__.69388> "applet_get_first_active_vpn_connection", message=message@entry=0x55f7a3c2fec0 "assertion failed: (s_con)") at gtestutils.c:2429
#3  0x00007fe12dbc7f7a in g_assertion_message_expr (domain=domain@entry=0x55f7a34ce85c "nm-applet", file=file@entry=0x55f7a34ce5e8 "applet.c", line=line@entry=1227, func=func@entry=0x55f7a34d0080 <__FUNCTION__.69388> "applet_get_first_active_vpn_connection", expr=expr@entry=0x55f7a34ce5e2 "s_con") at gtestutils.c:2452
#4  0x000055f7a34ad046 in applet_get_first_active_vpn_connection (applet=applet@entry=0x55f7a399c090 [NMApplet], out_state=out_state@entry=0x7ffd51e54a54) at applet.c:1227
#5  0x000055f7a34b33b2 in applet_update_icon (user_data=<optimized out>) at applet.c:2769
#6  0x00007fe12dba1f9a in g_main_context_dispatch (context=0x55f7a395a200) at gmain.c:3154
#7  0x00007fe12dba1f9a in g_main_context_dispatch (context=context@entry=0x55f7a395a200) at gmain.c:3769
#8  0x00007fe12dba2330 in g_main_context_iterate (context=0x55f7a395a200, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3840
#9  0x00007fe12dba2652 in g_main_loop_run (loop=0x55f7a3934d40) at gmain.c:4034
#10 0x000055f7a34ac58d in main (argc=1, argv=0x7ffd51e54ce8) at main.c:84



Which looks like reincarnation of the same issue?

Comment 8 Zdenek Kabelac 2016-03-05 10:35:28 UTC
Still failing with network-manager-applet-1.2.0-0.3.beta1.fc24.x86_64:


(gdb) bt
#0  0x00007f314c973f88 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007f314c975b9a in __GI_abort () at abort.c:89
#2  0x00007f314cfa0675 in g_assertion_message (domain=domain@entry=0x561a7ab933dc "nm-applet", file=file@entry=0x561a7ab93168 "applet.c", line=line@entry=1227, func=func@entry=0x561a7ab94c00 <__FUNCTION__.69562> "applet_get_first_active_vpn_connection", message=message@entry=0x561a7cd3a1a0 "assertion failed: (s_con)")
    at gtestutils.c:2429
#3  0x00007f314cfa070a in g_assertion_message_expr (domain=domain@entry=0x561a7ab933dc "nm-applet", file=file@entry=0x561a7ab93168 "applet.c", line=line@entry=1227, func=func@entry=0x561a7ab94c00 <__FUNCTION__.69562> "applet_get_first_active_vpn_connection", expr=expr@entry=0x561a7ab93162 "s_con") at gtestutils.c:2452
#4  0x0000561a7ab71a9e in applet_get_first_active_vpn_connection (applet=applet@entry=0x561a7c8b4090 [NMApplet], out_state=out_state@entry=0x7ffc32ab5354) at applet.c:1227
#5  0x0000561a7ab77d92 in applet_update_icon (user_data=<optimized out>) at applet.c:2769
#6  0x00007f314cf7aab3 in g_main_context_dispatch (context=0x561a7c874700) at gmain.c:3154
#7  0x00007f314cf7aab3 in g_main_context_dispatch (context=context@entry=0x561a7c874700) at gmain.c:3769
#8  0x00007f314cf7ae60 in g_main_context_iterate (context=0x561a7c874700, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3840
#9  0x00007f314cf7b182 in g_main_loop_run (loop=0x561a7c76dda0) at gmain.c:4034
#10 0x0000561a7ab70fdd in main (argc=<optimized out>, argv=<optimized out>) at main.c:84


with very simple use-case scenario:

Disconnect in office  wired network via docking station in suspend,
resume at home & connect to wireless and fire   'OpenVPN'  connnection.

As a 'bonus' for version 0.3 I'm getting 'black' background for nm-applet on my otherwise light colored  xfce4 panel...


Switching back to new as still not resolved.

Comment 9 Zdenek Kabelac 2016-03-05 12:20:12 UTC
Here goes revisited valgrind trace when opening VPN:

Invalid read of size 1
   at 0x4C35324: strstr (vg_replace_strmem.c:1613)
   by 0x11E81D: activate_vpn_cb (applet.c:1119)
   by 0x7ED7A0C: g_simple_async_result_complete (gsimpleasyncresult.c:801)
   by 0x7B21F35: activate_cb (nm-client.c:871)
   by 0x7ED7A0C: g_simple_async_result_complete (gsimpleasyncresult.c:801)
   by 0x7B37A04: activate_info_complete (nm-manager.c:778)
   by 0x7B37FB8: object_creation_failed (nm-manager.c:1104)
   by 0x7B3D206: object_created (nm-object.c:797)
   by 0x7B3AD80: create_async_complete (nm-object.c:473)
   by 0x7B3BA2F: create_async_got_property (nm-object.c:566)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F47908: reply_cb (gdbusproxy.c:2570)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F3C82E: g_dbus_connection_call_done (gdbusconnection.c:5702)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EE9C58: complete_in_idle_cb (gtask.c:1121)
   by 0x8691AB2: g_main_dispatch (gmain.c:3154)
   by 0x8691AB2: g_main_context_dispatch (gmain.c:3769)
   by 0x8691E5F: g_main_context_iterate.isra.29 (gmain.c:3840)
   by 0x8692181: g_main_loop_run (gmain.c:4034)
   by 0x118FDC: main (main.c:84)
 Address 0x1d37f1e4 is 0 bytes after a block of size 52 alloc'd
   at 0x4C2DBAD: malloc (vg_replace_malloc.c:299)
   by 0x8697208: g_malloc (gmem.c:94)
   by 0x86AFFFE: g_strdup (gstrfuncs.c:363)
   by 0x867D123: g_error_copy (gerror.c:521)
   by 0x7ED7332: g_simple_async_result_set_from_error (gsimpleasyncresult.c:675)
   by 0x7B37A7B: activate_info_complete (nm-manager.c:777)
   by 0x7B37FB8: object_creation_failed (nm-manager.c:1104)
   by 0x7B3D206: object_created (nm-object.c:797)
   by 0x7B3AD80: create_async_complete (nm-object.c:473)
   by 0x7B3BA2F: create_async_got_property (nm-object.c:566)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F47908: reply_cb (gdbusproxy.c:2570)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F3C82E: g_dbus_connection_call_done (gdbusconnection.c:5702)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EE9C58: complete_in_idle_cb (gtask.c:1121)
   by 0x8691AB2: g_main_dispatch (gmain.c:3154)
   by 0x8691AB2: g_main_context_dispatch (gmain.c:3769)
   by 0x8691E5F: g_main_context_iterate.isra.29 (gmain.c:3840)
   by 0x8692181: g_main_loop_run (gmain.c:4034)
   by 0x118FDC: main (main.c:84)

Invalid read of size 1
   at 0x4C30BC2: strlen (vg_replace_strmem.c:454)
   by 0x8BC773A: vfprintf (vfprintf.c:1632)
   by 0x8C96B74: __vasprintf_chk (vasprintf_chk.c:66)
   by 0x86D54D8: vasprintf (stdio2.h:210)
   by 0x86D54D8: g_vasprintf (gprintf.c:316)
   by 0x86B016C: g_strdup_vprintf (gstrfuncs.c:514)
   by 0x8698311: g_logv (gmessages.c:986)
   by 0x86986BE: g_log (gmessages.c:1118)
   by 0x11E891: activate_vpn_cb (applet.c:1129)
   by 0x7ED7A0C: g_simple_async_result_complete (gsimpleasyncresult.c:801)
   by 0x7B21F35: activate_cb (nm-client.c:871)
   by 0x7ED7A0C: g_simple_async_result_complete (gsimpleasyncresult.c:801)
   by 0x7B37A04: activate_info_complete (nm-manager.c:778)
   by 0x7B37FB8: object_creation_failed (nm-manager.c:1104)
   by 0x7B3D206: object_created (nm-object.c:797)
   by 0x7B3AD80: create_async_complete (nm-object.c:473)
   by 0x7B3BA2F: create_async_got_property (nm-object.c:566)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F47908: reply_cb (gdbusproxy.c:2570)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F3C82E: g_dbus_connection_call_done (gdbusconnection.c:5702)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EE9C58: complete_in_idle_cb (gtask.c:1121)
   by 0x8691AB2: g_main_dispatch (gmain.c:3154)
   by 0x8691AB2: g_main_context_dispatch (gmain.c:3769)
   by 0x8691E5F: g_main_context_iterate.isra.29 (gmain.c:3840)
   by 0x8692181: g_main_loop_run (gmain.c:4034)
   by 0x118FDC: main (main.c:84)
 Address 0x1d37f1e4 is 0 bytes after a block of size 52 alloc'd
   at 0x4C2DBAD: malloc (vg_replace_malloc.c:299)
   by 0x8697208: g_malloc (gmem.c:94)
   by 0x86AFFFE: g_strdup (gstrfuncs.c:363)
   by 0x867D123: g_error_copy (gerror.c:521)
   by 0x7ED7332: g_simple_async_result_set_from_error (gsimpleasyncresult.c:675)
   by 0x7B37A7B: activate_info_complete (nm-manager.c:777)
   by 0x7B37FB8: object_creation_failed (nm-manager.c:1104)
   by 0x7B3D206: object_created (nm-object.c:797)
   by 0x7B3AD80: create_async_complete (nm-object.c:473)
   by 0x7B3BA2F: create_async_got_property (nm-object.c:566)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F47908: reply_cb (gdbusproxy.c:2570)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F3C82E: g_dbus_connection_call_done (gdbusconnection.c:5702)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EE9C58: complete_in_idle_cb (gtask.c:1121)
   by 0x8691AB2: g_main_dispatch (gmain.c:3154)
   by 0x8691AB2: g_main_context_dispatch (gmain.c:3769)
   by 0x8691E5F: g_main_context_iterate.isra.29 (gmain.c:3840)
   by 0x8692181: g_main_loop_run (gmain.c:4034)
   by 0x118FDC: main (main.c:84)

Invalid read of size 1
   at 0x4C30BD4: strlen (vg_replace_strmem.c:454)
   by 0x8BC773A: vfprintf (vfprintf.c:1632)
   by 0x8C96B74: __vasprintf_chk (vasprintf_chk.c:66)
   by 0x86D54D8: vasprintf (stdio2.h:210)
   by 0x86D54D8: g_vasprintf (gprintf.c:316)
   by 0x86B016C: g_strdup_vprintf (gstrfuncs.c:514)
   by 0x8698311: g_logv (gmessages.c:986)
   by 0x86986BE: g_log (gmessages.c:1118)
   by 0x11E891: activate_vpn_cb (applet.c:1129)
   by 0x7ED7A0C: g_simple_async_result_complete (gsimpleasyncresult.c:801)
   by 0x7B21F35: activate_cb (nm-client.c:871)
   by 0x7ED7A0C: g_simple_async_result_complete (gsimpleasyncresult.c:801)
   by 0x7B37A04: activate_info_complete (nm-manager.c:778)
   by 0x7B37FB8: object_creation_failed (nm-manager.c:1104)
   by 0x7B3D206: object_created (nm-object.c:797)
   by 0x7B3AD80: create_async_complete (nm-object.c:473)
   by 0x7B3BA2F: create_async_got_property (nm-object.c:566)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F47908: reply_cb (gdbusproxy.c:2570)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F3C82E: g_dbus_connection_call_done (gdbusconnection.c:5702)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EE9C58: complete_in_idle_cb (gtask.c:1121)
   by 0x8691AB2: g_main_dispatch (gmain.c:3154)
   by 0x8691AB2: g_main_context_dispatch (gmain.c:3769)
   by 0x8691E5F: g_main_context_iterate.isra.29 (gmain.c:3840)
   by 0x8692181: g_main_loop_run (gmain.c:4034)
   by 0x118FDC: main (main.c:84)
 Address 0x1d37f1e5 is 1 bytes after a block of size 52 alloc'd
   at 0x4C2DBAD: malloc (vg_replace_malloc.c:299)
   by 0x8697208: g_malloc (gmem.c:94)
   by 0x86AFFFE: g_strdup (gstrfuncs.c:363)
   by 0x867D123: g_error_copy (gerror.c:521)
   by 0x7ED7332: g_simple_async_result_set_from_error (gsimpleasyncresult.c:675)
   by 0x7B37A7B: activate_info_complete (nm-manager.c:777)
   by 0x7B37FB8: object_creation_failed (nm-manager.c:1104)
   by 0x7B3D206: object_created (nm-object.c:797)
   by 0x7B3AD80: create_async_complete (nm-object.c:473)
   by 0x7B3BA2F: create_async_got_property (nm-object.c:566)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F47908: reply_cb (gdbusproxy.c:2570)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F3C82E: g_dbus_connection_call_done (gdbusconnection.c:5702)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EE9C58: complete_in_idle_cb (gtask.c:1121)
   by 0x8691AB2: g_main_dispatch (gmain.c:3154)
   by 0x8691AB2: g_main_context_dispatch (gmain.c:3769)
   by 0x8691E5F: g_main_context_iterate.isra.29 (gmain.c:3840)
   by 0x8692181: g_main_loop_run (gmain.c:4034)
   by 0x118FDC: main (main.c:84)

Invalid read of size 1
   at 0x4C32AF0: __GI_memcpy (vg_replace_strmem.c:1020)
   by 0x8BF57B5: __mempcpy_inline (string.h:652)
   by 0x8BF57B5: _IO_default_xsputn (genops.c:438)
   by 0x8BC74B0: vfprintf (vfprintf.c:1632)
   by 0x8C96B74: __vasprintf_chk (vasprintf_chk.c:66)
   by 0x86D54D8: vasprintf (stdio2.h:210)
   by 0x86D54D8: g_vasprintf (gprintf.c:316)
   by 0x86B016C: g_strdup_vprintf (gstrfuncs.c:514)
   by 0x8698311: g_logv (gmessages.c:986)
   by 0x86986BE: g_log (gmessages.c:1118)
   by 0x11E891: activate_vpn_cb (applet.c:1129)
   by 0x7ED7A0C: g_simple_async_result_complete (gsimpleasyncresult.c:801)
   by 0x7B21F35: activate_cb (nm-client.c:871)
   by 0x7ED7A0C: g_simple_async_result_complete (gsimpleasyncresult.c:801)
   by 0x7B37A04: activate_info_complete (nm-manager.c:778)
   by 0x7B37FB8: object_creation_failed (nm-manager.c:1104)
   by 0x7B3D206: object_created (nm-object.c:797)
   by 0x7B3AD80: create_async_complete (nm-object.c:473)
   by 0x7B3BA2F: create_async_got_property (nm-object.c:566)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F47908: reply_cb (gdbusproxy.c:2570)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F3C82E: g_dbus_connection_call_done (gdbusconnection.c:5702)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EE9C58: complete_in_idle_cb (gtask.c:1121)
   by 0x8691AB2: g_main_dispatch (gmain.c:3154)
   by 0x8691AB2: g_main_context_dispatch (gmain.c:3769)
   by 0x8691E5F: g_main_context_iterate.isra.29 (gmain.c:3840)
   by 0x8692181: g_main_loop_run (gmain.c:4034)
   by 0x118FDC: main (main.c:84)
 Address 0x1d37f1e4 is 0 bytes after a block of size 52 alloc'd
   at 0x4C2DBAD: malloc (vg_replace_malloc.c:299)
   by 0x8697208: g_malloc (gmem.c:94)
   by 0x86AFFFE: g_strdup (gstrfuncs.c:363)
   by 0x867D123: g_error_copy (gerror.c:521)
   by 0x7ED7332: g_simple_async_result_set_from_error (gsimpleasyncresult.c:675)
   by 0x7B37A7B: activate_info_complete (nm-manager.c:777)
   by 0x7B37FB8: object_creation_failed (nm-manager.c:1104)
   by 0x7B3D206: object_created (nm-object.c:797)
   by 0x7B3AD80: create_async_complete (nm-object.c:473)
   by 0x7B3BA2F: create_async_got_property (nm-object.c:566)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F47908: reply_cb (gdbusproxy.c:2570)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F3C82E: g_dbus_connection_call_done (gdbusconnection.c:5702)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EE9C58: complete_in_idle_cb (gtask.c:1121)
   by 0x8691AB2: g_main_dispatch (gmain.c:3154)
   by 0x8691AB2: g_main_context_dispatch (gmain.c:3769)
   by 0x8691E5F: g_main_context_iterate.isra.29 (gmain.c:3840)
   by 0x8692181: g_main_loop_run (gmain.c:4034)
   by 0x118FDC: main (main.c:84)

Invalid read of size 1
   at 0x4C32AFE: __GI_memcpy (vg_replace_strmem.c:1020)
   by 0x8BF57B5: __mempcpy_inline (string.h:652)
   by 0x8BF57B5: _IO_default_xsputn (genops.c:438)
   by 0x8BC74B0: vfprintf (vfprintf.c:1632)
   by 0x8C96B74: __vasprintf_chk (vasprintf_chk.c:66)
   by 0x86D54D8: vasprintf (stdio2.h:210)
   by 0x86D54D8: g_vasprintf (gprintf.c:316)
   by 0x86B016C: g_strdup_vprintf (gstrfuncs.c:514)
   by 0x8698311: g_logv (gmessages.c:986)
   by 0x86986BE: g_log (gmessages.c:1118)
   by 0x11E891: activate_vpn_cb (applet.c:1129)
   by 0x7ED7A0C: g_simple_async_result_complete (gsimpleasyncresult.c:801)
   by 0x7B21F35: activate_cb (nm-client.c:871)
   by 0x7ED7A0C: g_simple_async_result_complete (gsimpleasyncresult.c:801)
   by 0x7B37A04: activate_info_complete (nm-manager.c:778)
   by 0x7B37FB8: object_creation_failed (nm-manager.c:1104)
   by 0x7B3D206: object_created (nm-object.c:797)
   by 0x7B3AD80: create_async_complete (nm-object.c:473)
   by 0x7B3BA2F: create_async_got_property (nm-object.c:566)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F47908: reply_cb (gdbusproxy.c:2570)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F3C82E: g_dbus_connection_call_done (gdbusconnection.c:5702)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EE9C58: complete_in_idle_cb (gtask.c:1121)
   by 0x8691AB2: g_main_dispatch (gmain.c:3154)
   by 0x8691AB2: g_main_context_dispatch (gmain.c:3769)
   by 0x8691E5F: g_main_context_iterate.isra.29 (gmain.c:3840)
   by 0x8692181: g_main_loop_run (gmain.c:4034)
   by 0x118FDC: main (main.c:84)
 Address 0x1d37f1e6 is 2 bytes after a block of size 52 alloc'd
   at 0x4C2DBAD: malloc (vg_replace_malloc.c:299)
   by 0x8697208: g_malloc (gmem.c:94)
   by 0x86AFFFE: g_strdup (gstrfuncs.c:363)
   by 0x867D123: g_error_copy (gerror.c:521)
   by 0x7ED7332: g_simple_async_result_set_from_error (gsimpleasyncresult.c:675)
   by 0x7B37A7B: activate_info_complete (nm-manager.c:777)
   by 0x7B37FB8: object_creation_failed (nm-manager.c:1104)
   by 0x7B3D206: object_created (nm-object.c:797)
   by 0x7B3AD80: create_async_complete (nm-object.c:473)
   by 0x7B3BA2F: create_async_got_property (nm-object.c:566)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F47908: reply_cb (gdbusproxy.c:2570)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EEA465: g_task_return (gtask.c:1165)
   by 0x7F3C82E: g_dbus_connection_call_done (gdbusconnection.c:5702)
   by 0x7EE9C18: g_task_return_now (gtask.c:1107)
   by 0x7EE9C58: complete_in_idle_cb (gtask.c:1121)
   by 0x8691AB2: g_main_dispatch (gmain.c:3154)
   by 0x8691AB2: g_main_context_dispatch (gmain.c:3769)
   by 0x8691E5F: g_main_context_iterate.isra.29 (gmain.c:3840)
   by 0x8692181: g_main_loop_run (gmain.c:4034)
   by 0x118FDC: main (main.c:84)

(The black background seems to be be 'enhancement' of gtk3 - so likely unrelated)

I set '0xee' in valgrind to reset mem and this is also printed:

(nm-openvpn-auth-dialog:1904): Gtk-WARNING **: Theme parsing error: gtk.css:6:17: The 'gtk-key-bindings' property has been renamed to '-gtk-key-bindings'
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.

(nm-applet:1455): nm-applet-WARNING **: VPN Connection activation failed: (\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee) Active connection removed before it was initialized

(nm-applet:1455): nm-applet-WARNING **: VPN Connection activation failed: (\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee\xee) Active connection removed before it was initialized

(nm-openvpn-auth-dialog:2109): Gtk-WARNING **: Theme parsing error: gtk.css:6:17: The 'gtk-key-bindings' property has been renamed to '-gtk-key-bindings'
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.

Comment 10 Fedora Update System 2016-04-23 16:50:03 UTC
NetworkManager-1.2.0-1.fc24 NetworkManager-fortisslvpn-1.2.0-1.fc24 NetworkManager-iodine-1.2.0-1.fc24 NetworkManager-l2tp-1.2.0-1.fc24 NetworkManager-libreswan-1.2.0-1.fc24 NetworkManager-openconnect-1.2.0-1.fc24 NetworkManager-openvpn-1.2.0-1.fc24 NetworkManager-pptp-1.2.0-1.fc24 NetworkManager-ssh-1.2.0-1.fc24 NetworkManager-vpnc-1.2.0-1.fc24 network-manager-applet-1.2.0-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e287fa1e6

Comment 11 Fedora Update System 2016-04-24 01:24:58 UTC
NetworkManager-1.2.0-1.fc24, NetworkManager-fortisslvpn-1.2.0-1.fc24, NetworkManager-iodine-1.2.0-1.fc24, NetworkManager-l2tp-1.2.0-1.fc24, NetworkManager-libreswan-1.2.0-1.fc24, NetworkManager-openconnect-1.2.0-1.fc24, NetworkManager-openvpn-1.2.0-1.fc24, NetworkManager-pptp-1.2.0-1.fc24, NetworkManager-ssh-1.2.0-1.fc24, NetworkManager-vpnc-1.2.0-1.fc24, network-manager-applet-1.2.0-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e287fa1e6

Comment 12 Fedora Update System 2016-05-07 12:01:06 UTC
NetworkManager-1.2.0-1.fc24, NetworkManager-fortisslvpn-1.2.0-1.fc24, NetworkManager-iodine-1.2.0-1.fc24, NetworkManager-l2tp-1.2.0-1.fc24, NetworkManager-libreswan-1.2.0-1.fc24, NetworkManager-openconnect-1.2.0-1.fc24, NetworkManager-openvpn-1.2.0-1.fc24, NetworkManager-pptp-1.2.0-1.fc24, NetworkManager-ssh-1.2.0-1.fc24, NetworkManager-vpnc-1.2.0-1.fc24, network-manager-applet-1.2.0-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.