1267462 – NetworkManager segfault on_bss_proxy_acquired

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1267462 - NetworkManager segfault on_bss_proxy_acquired

Summary: NetworkManager segfault on_bss_proxy_acquired

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	NetworkManager
Sub Component:
Version:	7.2
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Jirka Klimes
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:	1266003
Blocks:
TreeView+	depends on / blocked

Reported:	2015-09-30 06:37 UTC by Jirka Klimes
Modified:	2016-01-04 06:05 UTC (History)
CC List:	10 users (show)
Fixed In Version:	NetworkManager-1.0.6-13.el7
Doc Type:	Bug Fix
Doc Text:	NetworkManager could crash while new Wi-Fi network appeared. The crash has been fixed by this update.
Clone Of:	1266003
Environment:
Last Closed:	2015-11-19 11:05:13 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:2315	0	normal	SHIPPED_LIVE	Moderate: NetworkManager security, bug fix, and enhancement update	2015-11-19 10:06:58 UTC

Description Jirka Klimes 2015-09-30 06:37:49 UTC

+++ This bug was initially created as a clone of Bug #1266003 +++

Description of problem:

As of NetworkManager-1.0.6-5.fc22.x86_64 / Linux 4.1.7-200.fc22.x86_64 NetworkManager continuously crashes when I'm at my workplace with WiFi enabled. It does not happen at home. I believe this has something to do with the security enabled on some of the networks here.

Version-Release number of selected component (if applicable):

1.0.6-5.fc22.x86_64
4.1.7-200.fc22.x86_64

How reproducible:

Just leave NetworkManager on with WiFi enabled in the face of WPA2 networks with enterprise authentication schemes. (I think)


Actual results:

Crash

Expected results:

Not a crash

Additional info:

Backtrace of NetworkManager during the crash

Program received signal SIGSEGV, Segmentation fault.
on_bss_proxy_acquired (proxy=0x7f05dc003b80 [GDBusProxy], result=<optimized out>, user_data=<optimized out>) at supplicant-manager/nm-supplicant-interface.c:157
157		while (*iter) {
(gdb) bt
#0  0x000055d77ff2048b in on_bss_proxy_acquired (proxy=0x7f05dc003b80 [GDBusProxy], result=<optimized out>, user_data=<optimized out>) at supplicant-manager/nm-supplicant-interface.c:157
#1  0x00007f05f26c7ba7 in g_simple_async_result_complete (simple=0x55d781af7980 [GSimpleAsyncResult]) at gsimpleasyncresult.c:763
#2  0x00007f05f26c7c09 in complete_in_idle_cb (data=<optimized out>) at gsimpleasyncresult.c:775
#3  0x00007f05f2110a8a in g_main_context_dispatch (context=0x55d781931400) at gmain.c:3122
#4  0x00007f05f2110a8a in g_main_context_dispatch (context=context@entry=0x55d781931400) at gmain.c:3737
#5  0x00007f05f2110e20 in g_main_context_iterate (context=0x55d781931400, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3808
#6  0x00007f05f2111142 in g_main_loop_run (loop=0x55d7819314c0) at gmain.c:4002
#7  0x000055d77feb9ca2 in main (argc=1, argv=0x7ffea5fb5a68) at main.c:512

# journalctl -fu NetworkManager 

Sep 24 11:28:36 lola NetworkManager[11626]: <info>  WiFi now enabled by radio killswitch
Sep 24 11:28:36 lola NetworkManager[11626]: <info>  (wlp3s0) supports 5 scan SSIDs
Sep 24 11:28:36 lola NetworkManager[11626]: <info>  (wlp3s0): supplicant interface state: starting -> ready
Sep 24 11:28:36 lola NetworkManager[11626]: <info>  (wlp3s0): device state change: unavailable -> disconnected (reason 'supplicant-available') [20 30 42]
Sep 24 11:28:39 lola NetworkManager[11626]: <info>  (wlp3s0): supplicant interface state: ready -> inactive
Sep 24 11:31:12 lola systemd[1]: NetworkManager.service: main process exited, code=dumped, status=11/SEGV
Sep 24 11:31:12 lola systemd[1]: Unit NetworkManager.service entered failed state.
Sep 24 11:31:12 lola systemd[1]: NetworkManager.service failed.
Sep 24 11:31:13 lola systemd[1]: NetworkManager.service holdoff time over, scheduling restart.
Sep 24 11:31:13 lola systemd[1]: Starting Network Manager...

Another oddity:

# iwlist scanning
virbr1-nic  Interface doesn't support scanning.

enp0s25   Interface doesn't support scanning.

lo        Interface doesn't support scanning.

virbr1    Interface doesn't support scanning.

print_scanning_info: Allocation failed


this last message makes me thing that perhaps this is a kernel/driver issue but I have not been able to confirm this yet.

--- Additional comment from Hein-Pieter van Braam on 2015-09-24 05:45 EDT ---



--- Additional comment from Jirka Klimes on 2015-09-29 06:58:34 EDT ---

The bug has been fixed [1] in upstream master for some time, but nm-1-0 branch (used for NM 1.0.6) have missed the fix. Adding it now [2].

[1] http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=33527341b1e35034a4f1736df4bc98f8ac8418ab
[2] http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-0&id=9736327b2616861dfec181e88f908a18b22d781c

--- Additional comment from Hein-Pieter van Braam on 2015-09-29 07:03:01 EDT ---

Awesome, thank you. Would it help if I tested this or are you satisfied that this fixes this issue?

--- Additional comment from Jirka Klimes on 2015-09-30 02:36:28 EDT ---

(In reply to Hein-Pieter van Braam from comment #3)
> Awesome, thank you. Would it help if I tested this or are you satisfied that
> this fixes this issue?

I could make a test build if you want. But it is not necessary, I am quite confident of the fix. Thanks.

Comment 1 Jirka Klimes 2015-09-30 06:40:20 UTC

This is a one-liner that fixes a crash, we should include that in RHEL 7.2.

http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-0&id=9736327b2616861dfec181e88f908a18b22d781c

Comment 3 Vitezslav Humpa 2015-10-04 15:57:15 UTC

Patch included and wireless tests have been run for regressions. Switching to verified.

Comment 4 errata-xmlrpc 2015-11-19 11:05:13 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2315.html

Note You need to log in before you can comment on or make changes to this bug.