Bug 1409934 - [abrt] nm-connection-editor: g_malloc0(): nm-connection-editor killed by SIGSEGV
Summary: [abrt] nm-connection-editor: g_malloc0(): nm-connection-editor killed by SIGSEGV
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: network-manager-applet
Version: 25
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:1b58de14899774abc1ad8a1e775...
: 1418101 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-03 23:36 UTC by Robert Hancock
Modified: 2017-12-12 10:16 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-12 10:16:54 UTC
Type: ---


Attachments (Terms of Use)
File: backtrace (82.25 KB, text/plain)
2017-01-03 23:36 UTC, Robert Hancock
no flags Details
File: cgroup (242 bytes, text/plain)
2017-01-03 23:36 UTC, Robert Hancock
no flags Details
File: core_backtrace (32.37 KB, text/plain)
2017-01-03 23:36 UTC, Robert Hancock
no flags Details
File: dso_list (9.97 KB, text/plain)
2017-01-03 23:36 UTC, Robert Hancock
no flags Details
File: environ (1.04 KB, text/plain)
2017-01-03 23:36 UTC, Robert Hancock
no flags Details
File: exploitable (82 bytes, text/plain)
2017-01-03 23:36 UTC, Robert Hancock
no flags Details
File: limits (1.29 KB, text/plain)
2017-01-03 23:37 UTC, Robert Hancock
no flags Details
File: maps (51.27 KB, text/plain)
2017-01-03 23:37 UTC, Robert Hancock
no flags Details
File: mountinfo (3.82 KB, text/plain)
2017-01-03 23:37 UTC, Robert Hancock
no flags Details
File: namespaces (102 bytes, text/plain)
2017-01-03 23:37 UTC, Robert Hancock
no flags Details
File: open_fds (1.14 KB, text/plain)
2017-01-03 23:37 UTC, Robert Hancock
no flags Details
File: proc_pid_status (1.12 KB, text/plain)
2017-01-03 23:37 UTC, Robert Hancock
no flags Details
File: var_log_messages (28 bytes, text/plain)
2017-01-03 23:37 UTC, Robert Hancock
no flags Details

Description Robert Hancock 2017-01-03 23:36:47 UTC
Description of problem:
Exited network configuration

Version-Release number of selected component:
nm-connection-editor-1.4.0-1.fc25

Additional info:
reporter:       libreport-2.8.0
backtrace_rating: 4
cmdline:        nm-connection-editor --edit a5727146-65f0-47ec-b5d8-be231334d404
crash_function: g_malloc0
executable:     /usr/bin/nm-connection-editor
global_pid:     23071
kernel:         4.8.15-300.fc25.x86_64
pkg_fingerprint: 4089 D8F2 FDB1 9C98
pkg_vendor:     Fedora Project
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #3 g_malloc0 at gmem.c:124
 #4 g_malloc0_n at gmem.c:355
 #5 g_hash_table_resize at ghash.c:585
 #6 g_hash_table_maybe_resize at ghash.c:645
 #7 g_hash_table_remove_internal at ghash.c:1359
 #8 g_signal_handler_disconnect at gsignal.c:2634
 #9 gtk_style_context_set_cascade at gtkstylecontext.c:317
 #10 gtk_style_context_finalize at gtkstylecontext.c:381
 #12 gtk_widget_finalize at gtkwidget.c:12278
 #14 gtk_box_forall at gtkbox.c:2669

Comment 1 Robert Hancock 2017-01-03 23:36:54 UTC
Created attachment 1237016 [details]
File: backtrace

Comment 2 Robert Hancock 2017-01-03 23:36:55 UTC
Created attachment 1237017 [details]
File: cgroup

Comment 3 Robert Hancock 2017-01-03 23:36:56 UTC
Created attachment 1237018 [details]
File: core_backtrace

Comment 4 Robert Hancock 2017-01-03 23:36:57 UTC
Created attachment 1237019 [details]
File: dso_list

Comment 5 Robert Hancock 2017-01-03 23:36:58 UTC
Created attachment 1237020 [details]
File: environ

Comment 6 Robert Hancock 2017-01-03 23:36:59 UTC
Created attachment 1237021 [details]
File: exploitable

Comment 7 Robert Hancock 2017-01-03 23:37:00 UTC
Created attachment 1237022 [details]
File: limits

Comment 8 Robert Hancock 2017-01-03 23:37:02 UTC
Created attachment 1237023 [details]
File: maps

Comment 9 Robert Hancock 2017-01-03 23:37:03 UTC
Created attachment 1237024 [details]
File: mountinfo

Comment 10 Robert Hancock 2017-01-03 23:37:04 UTC
Created attachment 1237025 [details]
File: namespaces

Comment 11 Robert Hancock 2017-01-03 23:37:05 UTC
Created attachment 1237026 [details]
File: open_fds

Comment 12 Robert Hancock 2017-01-03 23:37:06 UTC
Created attachment 1237027 [details]
File: proc_pid_status

Comment 13 Robert Hancock 2017-01-03 23:37:07 UTC
Created attachment 1237028 [details]
File: var_log_messages

Comment 14 Robert Hancock 2017-01-03 23:40:07 UTC
Similar problem has been detected:

Exited network configuration

reporter:       libreport-2.8.0
backtrace_rating: 4
cmdline:        nm-connection-editor --edit a5727146-65f0-47ec-b5d8-be231334d404
crash_function: g_malloc0
executable:     /usr/bin/nm-connection-editor
global_pid:     22580
kernel:         4.8.15-300.fc25.x86_64
package:        nm-connection-editor-1.4.0-1.fc25
pkg_fingerprint: 4089 D8F2 FDB1 9C98
pkg_vendor:     Fedora Project
reason:         nm-connection-editor killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000

Comment 15 Thomas Haller 2017-01-04 09:18:16 UTC
seems the crash happens during malloc of 16K bytes.

Probably due to a memory corruption. Hard to say how that happened.

Can you reproduce it?

Comment 16 Robert Hancock 2017-01-04 15:41:29 UTC
I have a bridge set up on my wired network connection. I can reproduce the crash every time by opening up the network settings, going into the bridge settings, opening up the settings for a bridge connection, and then cancelling out of all the windows without changing anything.

If I run nm-connection-editor using Valgrind I get some memory errors when opening the bridge settings:

==25349== Invalid read of size 4
==25349==    at 0x772C535: g_array_unref (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x135BE9: ??? (in /usr/bin/nm-connection-editor)
==25349==    by 0x136956: ??? (in /usr/bin/nm-connection-editor)
==25349==    by 0x13705C: ??? (in /usr/bin/nm-connection-editor)
==25349==    by 0x72C83E4: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x72DA431: ??? (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x72E305E: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x72E343E: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x1235C8: ce_page_complete_init (in /usr/bin/nm-connection-editor)
==25349==    by 0x11ECC5: nm_connection_editor_new (in /usr/bin/nm-connection-editor)
==25349==    by 0x120385: ??? (in /usr/bin/nm-connection-editor)
==25349==    by 0x72C8613: ??? (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==  Address 0x1bac48d8 is 6 bytes after a block of size 18 alloc'd
==25349==    at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
==25349==    by 0x775E5A8: g_malloc (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x777865E: g_strdup (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x72F240C: ??? (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x72CFFD3: g_object_get_valist (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x72D040B: g_object_get (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x135BDB: ??? (in /usr/bin/nm-connection-editor)
==25349==    by 0x136956: ??? (in /usr/bin/nm-connection-editor)
==25349==    by 0x13705C: ??? (in /usr/bin/nm-connection-editor)
==25349==    by 0x72C83E4: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x72DA431: ??? (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x72E305E: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.5000.2)

and then when closing:

==25349== Invalid read of size 1
==25349==    at 0x54EDE1B: ??? (in /usr/lib64/libgtk-3.so.0.2200.5)
==25349==    by 0x6F77816: ??? (in /usr/lib64/libgio-2.0.so.0.5000.2)
==25349==    by 0x6F9D2D6: g_simple_async_result_complete (in /usr/lib64/libgio-2.0.so.0.5000.2)
==25349==    by 0x6F9D338: ??? (in /usr/lib64/libgio-2.0.so.0.5000.2)
==25349==    by 0x77558E6: ??? (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x7758E41: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x77591BF: ??? (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x77594E1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x11C7E1: main (in /usr/bin/nm-connection-editor)
==25349==  Address 0x24f3f070 is 208 bytes inside a block of size 584 free'd
==25349==    at 0x4C2ED4A: free (vg_replace_malloc.c:530)
==25349==    by 0x775E6BD: g_free (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x777720F: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x72EBB01: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x54EDE15: ??? (in /usr/lib64/libgtk-3.so.0.2200.5)
==25349==    by 0x6F77816: ??? (in /usr/lib64/libgio-2.0.so.0.5000.2)
==25349==    by 0x6F9D2D6: g_simple_async_result_complete (in /usr/lib64/libgio-2.0.so.0.5000.2)
==25349==    by 0x6F9D338: ??? (in /usr/lib64/libgio-2.0.so.0.5000.2)
==25349==    by 0x77558E6: ??? (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x7758E41: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x77591BF: ??? (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x77594E1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==  Block was alloc'd at
==25349==    at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
==25349==    by 0x775E5A8: g_malloc (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x7776B02: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x777712D: g_slice_alloc0 (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x72EB839: g_type_create_instance (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x72CD69A: ??? (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x72CF0AC: g_object_newv (in /usr/lib64/libgobject-2.0.so.0.5000.2)
==25349==    by 0x5395D79: ??? (in /usr/lib64/libgtk-3.so.0.2200.5)
==25349==    by 0x53973D4: ??? (in /usr/lib64/libgtk-3.so.0.2200.5)
==25349==    by 0x5398E80: ??? (in /usr/lib64/libgtk-3.so.0.2200.5)
==25349==    by 0x775C546: ??? (in /usr/lib64/libglib-2.0.so.0.5000.2)
==25349==    by 0x775D372: g_markup_parse_context_parse (in /usr/lib64/libglib-2.0.so.0.5000.2)

Comment 17 Robert Hancock 2017-02-08 15:44:32 UTC
*** Bug 1418101 has been marked as a duplicate of this bug. ***

Comment 18 Fedora End Of Life 2017-11-16 15:06:00 UTC
This message is a reminder that Fedora 25 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 25. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '25'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 25 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged  change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

Comment 19 Fedora End Of Life 2017-12-12 10:16:54 UTC
Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.