Bug 1267462 - NetworkManager segfault on_bss_proxy_acquired
Summary: NetworkManager segfault on_bss_proxy_acquired
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager
Version: 7.2
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Jirka Klimes
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On: 1266003
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-30 06:37 UTC by Jirka Klimes
Modified: 2016-01-04 06:05 UTC (History)
10 users (show)

Fixed In Version: NetworkManager-1.0.6-13.el7
Doc Type: Bug Fix
Doc Text:
NetworkManager could crash while new Wi-Fi network appeared. The crash has been fixed by this update.
Clone Of: 1266003
Environment:
Last Closed: 2015-11-19 11:05:13 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2315 normal SHIPPED_LIVE Moderate: NetworkManager security, bug fix, and enhancement update 2015-11-19 10:06:58 UTC

Description Jirka Klimes 2015-09-30 06:37:49 UTC
+++ This bug was initially created as a clone of Bug #1266003 +++

Description of problem:

As of NetworkManager-1.0.6-5.fc22.x86_64 / Linux 4.1.7-200.fc22.x86_64 NetworkManager continuously crashes when I'm at my workplace with WiFi enabled. It does not happen at home. I believe this has something to do with the security enabled on some of the networks here.

Version-Release number of selected component (if applicable):

1.0.6-5.fc22.x86_64
4.1.7-200.fc22.x86_64

How reproducible:

Just leave NetworkManager on with WiFi enabled in the face of WPA2 networks with enterprise authentication schemes. (I think)


Actual results:

Crash

Expected results:

Not a crash

Additional info:

Backtrace of NetworkManager during the crash

Program received signal SIGSEGV, Segmentation fault.
on_bss_proxy_acquired (proxy=0x7f05dc003b80 [GDBusProxy], result=<optimized out>, user_data=<optimized out>) at supplicant-manager/nm-supplicant-interface.c:157
157		while (*iter) {
(gdb) bt
#0  0x000055d77ff2048b in on_bss_proxy_acquired (proxy=0x7f05dc003b80 [GDBusProxy], result=<optimized out>, user_data=<optimized out>) at supplicant-manager/nm-supplicant-interface.c:157
#1  0x00007f05f26c7ba7 in g_simple_async_result_complete (simple=0x55d781af7980 [GSimpleAsyncResult]) at gsimpleasyncresult.c:763
#2  0x00007f05f26c7c09 in complete_in_idle_cb (data=<optimized out>) at gsimpleasyncresult.c:775
#3  0x00007f05f2110a8a in g_main_context_dispatch (context=0x55d781931400) at gmain.c:3122
#4  0x00007f05f2110a8a in g_main_context_dispatch (context=context@entry=0x55d781931400) at gmain.c:3737
#5  0x00007f05f2110e20 in g_main_context_iterate (context=0x55d781931400, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3808
#6  0x00007f05f2111142 in g_main_loop_run (loop=0x55d7819314c0) at gmain.c:4002
#7  0x000055d77feb9ca2 in main (argc=1, argv=0x7ffea5fb5a68) at main.c:512

# journalctl -fu NetworkManager 

Sep 24 11:28:36 lola NetworkManager[11626]: <info>  WiFi now enabled by radio killswitch
Sep 24 11:28:36 lola NetworkManager[11626]: <info>  (wlp3s0) supports 5 scan SSIDs
Sep 24 11:28:36 lola NetworkManager[11626]: <info>  (wlp3s0): supplicant interface state: starting -> ready
Sep 24 11:28:36 lola NetworkManager[11626]: <info>  (wlp3s0): device state change: unavailable -> disconnected (reason 'supplicant-available') [20 30 42]
Sep 24 11:28:39 lola NetworkManager[11626]: <info>  (wlp3s0): supplicant interface state: ready -> inactive
Sep 24 11:31:12 lola systemd[1]: NetworkManager.service: main process exited, code=dumped, status=11/SEGV
Sep 24 11:31:12 lola systemd[1]: Unit NetworkManager.service entered failed state.
Sep 24 11:31:12 lola systemd[1]: NetworkManager.service failed.
Sep 24 11:31:13 lola systemd[1]: NetworkManager.service holdoff time over, scheduling restart.
Sep 24 11:31:13 lola systemd[1]: Starting Network Manager...

Another oddity:

# iwlist scanning
virbr1-nic  Interface doesn't support scanning.

enp0s25   Interface doesn't support scanning.

lo        Interface doesn't support scanning.

virbr1    Interface doesn't support scanning.

print_scanning_info: Allocation failed


this last message makes me thing that perhaps this is a kernel/driver issue but I have not been able to confirm this yet.

--- Additional comment from Hein-Pieter van Braam on 2015-09-24 05:45 EDT ---



--- Additional comment from Jirka Klimes on 2015-09-29 06:58:34 EDT ---

The bug has been fixed [1] in upstream master for some time, but nm-1-0 branch (used for NM 1.0.6) have missed the fix. Adding it now [2].

[1] http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=33527341b1e35034a4f1736df4bc98f8ac8418ab
[2] http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-0&id=9736327b2616861dfec181e88f908a18b22d781c

--- Additional comment from Hein-Pieter van Braam on 2015-09-29 07:03:01 EDT ---

Awesome, thank you. Would it help if I tested this or are you satisfied that this fixes this issue?

--- Additional comment from Jirka Klimes on 2015-09-30 02:36:28 EDT ---

(In reply to Hein-Pieter van Braam from comment #3)
> Awesome, thank you. Would it help if I tested this or are you satisfied that
> this fixes this issue?

I could make a test build if you want. But it is not necessary, I am quite confident of the fix. Thanks.

Comment 1 Jirka Klimes 2015-09-30 06:40:20 UTC
This is a one-liner that fixes a crash, we should include that in RHEL 7.2.

http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-0&id=9736327b2616861dfec181e88f908a18b22d781c

Comment 3 Vitezslav Humpa 2015-10-04 15:57:15 UTC
Patch included and wireless tests have been run for regressions. Switching to verified.

Comment 4 errata-xmlrpc 2015-11-19 11:05:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2315.html


Note You need to log in before you can comment on or make changes to this bug.