Bug 710996 - Network manager has crashed when wifi connects to a WPA2/PEAP/MSCHAPv2 network
Summary: Network manager has crashed when wifi connects to a WPA2/PEAP/MSCHAPv2 network
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kde-plasma-networkmanagement
Version: 15
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Rex Dieter
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-06-06 07:02 UTC by kurik
Modified: 2011-06-30 21:26 UTC (History)
5 users (show)

Fixed In Version: kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-06-30 18:58:49 UTC


Attachments (Terms of Use)
Backtrace from 2011-06-15 (7.29 KB, text/plain)
2011-06-15 06:32 UTC, kurik
no flags Details


Links
System ID Priority Status Summary Last Updated
KDE Software Compilation 274826 None None None Never

Description kurik 2011-06-06 07:02:15 UTC
Description of problem:
Network manager has crashed when wifi connects to a WPA2/PEAP/MSCHAPv2 network and plasma got restarted

Version-Release number of selected component (if applicable):
# rpm -qa | grep -i networkmanage
kde-plasma-networkmanagement-pptp-0.9-0.47.20110323.fc15.x86_64
NetworkManager-pptp-0.8.999-1.fc15.x86_64
NetworkManager-vpnc-0.8.999-2.fc15.x86_64
kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.x86_64
NetworkManager-glib-0.8.9997-1.git20110531.fc15.x86_64
NetworkManager-openvpn-0.8.999-1.fc15.x86_64
kde-plasma-networkmanagement-libs-0.9-0.47.20110323.fc15.x86_64
kde-plasma-networkmanagement-vpnc-0.9-0.47.20110323.fc15.x86_64
kde-plasma-networkmanagement-debuginfo-0.9-0.47.20110323.fc15.x86_64
kde-plasma-networkmanagement-openvpn-0.9-0.47.20110323.fc15.x86_64
NetworkManager-0.8.9997-1.git20110531.fc15.x86_64

How reproducible:
I can reproduce the issue regularly.

Steps to Reproduce:
1. Open "Edit network connection" dialog box and configure a network connection to a WiFi with the following parameters:
* Security: WPA/WPA2
* Authentication: PEAP
* Inner Authentication: MSCHAPv2
2.Press the "OK" button and plasma will crash and get restarts.

I do not observe this behavior when connecting to different WiFi networks (such
as WEP encrypted, or using different Authentication i.e. WPA2/Personal).

  
Actual results:
Crash

Expected results:
Working WiFi network

Additional info:
The bug has been originally reported to KDE community: https://bugs.kde.org/show_bug.cgi?id=274826

I am using Lenovo T410s laptop with built in WiFi:
# lspci -v -s 03:00.0
03:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8191SEvB
Wireless LAN Controller (rev 10)
        Subsystem: Realtek Semiconductor Co., Ltd. Device e020
        Flags: bus master, fast devsel, latency 0, IRQ 17
        I/O ports at 2000 [size=256]
        Memory at f2400000 (32-bit, non-prefetchable) [size=16K]
        Capabilities: [40] Power Management version 3                           
        Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+              
        Capabilities: [70] Express Legacy Endpoint, MSI 00                      
        Capabilities: [100] Advanced Error Reporting                            
        Capabilities: [140] Virtual Channel                                     
        Capabilities: [160] Device Serial Number 88-55-22-fe-ff-4c-e0-00        
        Kernel driver in use: rtl819xSE                                         
        Kernel modules: r8192se_pci

-- Backtrace:
Application: Plasma Desktop Shell (plasma-desktop), signal: Segmentation fault
82    T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[KCrash Handler]
#6  0x00007f2bd17ca1a5 in NMPopup::updateHasWireless (this=0x1d86260) at
/usr/src/debug/networkmanagement-0.9/applet/nmpopup.cpp:536
#7  0x00007f2bd17ca937 in NMPopup::networkingEnabledToggled (this=0x1d86260,
checked=false) at /usr/src/debug/networkmanagement-0.9/applet/nmpopup.cpp:512
#8  0x00007f2bd17c3ed4 in NMPopup::qt_metacall (this=0x1d86260,
_c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fffcd787190) at
/usr/src/debug/networkmanagement-0.9/x86_64-redhat-linux-gnu/applet/moc_nmpopup.cpp:107
#9  0x0000003718b6ceca in QMetaObject::activate (sender=0x1e5da50, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x7fffcd787190) at
kernel/qobject.cpp:3278
#10 0x00000034e49ddddf in Plasma::CheckBox::toggled (this=<optimized out>,
_t1=false) at
/usr/src/debug/kdelibs-4.6.3/x86_64-redhat-linux-gnu/plasma/checkbox.moc:145
#11 0x00000034e49dde49 in Plasma::CheckBox::qt_metacall (this=0x1e5da50,
_c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7fffcd787550) at
/usr/src/debug/kdelibs-4.6.3/x86_64-redhat-linux-gnu/plasma/checkbox.moc:96
#12 0x0000003718b6ceca in QMetaObject::activate (sender=0x1e5dba0, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x7fffcd787550) at
kernel/qobject.cpp:3278
#13 0x000000371ca18d02 in QAbstractButton::toggled (this=<optimized out>,
_t1=false) at .moc/release-shared/moc_qabstractbutton.cpp:213
#14 0x000000371c76426e in QAbstractButton::setChecked (this=0x1e5dba0,
checked=false) at widgets/qabstractbutton.cpp:766
#15 0x00007f2bd17ca526 in NMPopup::managerNetworkingEnabledChanged
(this=0x1d86260, enabled=false) at
/usr/src/debug/networkmanagement-0.9/applet/nmpopup.cpp:590
#16 0x00007f2bd17c3ef4 in NMPopup::qt_metacall (this=0x1d86260,
_c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fffcd7876e0) at
/usr/src/debug/networkmanagement-0.9/x86_64-redhat-linux-gnu/applet/moc_nmpopup.cpp:108
#17 0x0000003718b6ceca in QMetaObject::activate (sender=0x1d200c0, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x7fffcd7876e0) at
kernel/qobject.cpp:3278
#18 0x0000003727c1aeb2 in
Solid::Control::NetworkManager::Notifier::networkingEnabledChanged
(this=<optimized out>, _t1=false) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/libs/solid/control/networkmanager.moc:138
#19 0x0000003727c1af64 in Solid::Control::NetworkManager::Notifier::qt_metacall
(this=0x1d200c0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>,
_a=0x7fffcd787820) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/libs/solid/control/networkmanager.moc:90
#20 0x0000003727c1b3d0 in Solid::Control::NetworkManagerPrivate::qt_metacall
(this=0x1d200c0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>,
_a=0x7fffcd787820) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/libs/solid/control/networkmanager_p.moc:76
#21 0x0000003718b6ceca in QMetaObject::activate (sender=0x1dfb570, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x7fffcd787820) at
kernel/qobject.cpp:3278
#22 0x00007f2bd0caf48f in NMNetworkManager::networkingEnabledChanged
(this=<optimized out>, _t1=false) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/solid/networkmanager-0.7/manager.moc:111
#23 0x00007f2bd0cb1fde in NMNetworkManager::propertiesChanged (this=0x1dfb570,
properties=<optimized out>) at
/usr/src/debug/kdebase-workspace-4.6.3/solid/networkmanager-0.7/manager.cpp:281
#24 0x00007f2bd0cb2b01 in NMNetworkManager::qt_metacall (this=0x1dfb570,
_c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fffcd787c00) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/solid/networkmanager-0.7/manager.moc:98
#25 0x0000003718b6ceca in QMetaObject::activate (sender=0x1df9690, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x7fffcd787c00) at
kernel/qobject.cpp:3278
#26 0x00007f2bd0cbc3f5 in
OrgFreedesktopNetworkManagerInterface::PropertiesChanged (this=<optimized out>,
_t1=<optimized out>) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/solid/networkmanager-0.7/nm-manager-clientinterface.moc:175
#27 0x00007f2bd0cbcc24 in OrgFreedesktopNetworkManagerInterface::qt_metacall
(this=0x1df9690, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fffcd788000) at
/usr/src/debug/kdebase-workspace-4.6.3/x86_64-redhat-linux-gnu/solid/networkmanager-0.7/nm-manager-clientinterface.moc:107
#28 0x00000037194205eb in QDBusConnectionPrivate::deliverCall (this=0x15b1010,
object=0x1df9690, msg=..., metaTypes=..., slotIdx=7) at qdbusintegrator.cpp:941
#29 0x0000003719429d7f in QDBusCallDeliveryEvent::placeMetaCall
(this=<optimized out>, object=<optimized out>) at qdbusintegrator_p.h:103
#30 0x0000003718b70a8a in QObject::event (this=0x1df9690, e=<optimized out>) at
kernel/qobject.cpp:1217
#31 0x000000371c3b73d4 in notify_helper (e=0x294ca00, receiver=0x1df9690,
this=0x1542b20) at kernel/qapplication.cpp:4462
#32 QApplicationPrivate::notify_helper (this=0x1542b20, receiver=0x1df9690,
e=0x294ca00) at kernel/qapplication.cpp:4434
#33 0x000000371c3bc261 in QApplication::notify (this=0x1529400,
receiver=0x1df9690, e=0x294ca00) at kernel/qapplication.cpp:4341
#34 0x000000371e641806 in KApplication::notify (this=0x1529400,
receiver=0x1df9690, event=0x294ca00) at
/usr/src/debug/kdelibs-4.6.3/kdeui/kernel/kapplication.cpp:311
#35 0x0000003718b5a1bc in QCoreApplication::notifyInternal (this=0x1529400,
receiver=0x1df9690, event=0x294ca00) at kernel/qcoreapplication.cpp:731
#36 0x0000003718b5d784 in sendEvent (event=0x294ca00, receiver=0x1df9690) at
kernel/qcoreapplication.h:215
#37 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0,
data=0x14ddcb0) at kernel/qcoreapplication.cpp:1372
#38 0x0000003718b848c3 in sendPostedEvents () at kernel/qcoreapplication.h:220
#39 postEventSourceDispatch (s=0x15489c0) at
kernel/qeventdispatcher_glib.cpp:277
#40 0x000000370f642b6d in g_main_dispatch (context=0x15488e0) at gmain.c:2440
#41 g_main_context_dispatch (context=0x15488e0) at gmain.c:3013
#42 0x000000370f643348 in g_main_context_iterate (context=0x15488e0,
block=<optimized out>, dispatch=1, self=<optimized out>) at gmain.c:3091
#43 0x000000370f6435dc in g_main_context_iteration (context=0x15488e0,
may_block=1) at gmain.c:3154
#44 0x0000003718b84d1f in QEventDispatcherGlib::processEvents (this=0x14df7c0,
flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#45 0x000000371c459f2e in QGuiEventDispatcherGlib::processEvents
(this=<optimized out>, flags=<optimized out>) at
kernel/qguieventdispatcher_glib.cpp:207
#46 0x0000003718b596d2 in QEventLoop::processEvents (this=<optimized out>,
flags=...) at kernel/qeventloop.cpp:149
#47 0x0000003718b598cf in QEventLoop::exec (this=0x7fffcd7889c0, flags=...) at
kernel/qeventloop.cpp:201
#48 0x000000371c7e2181 in QMenu::exec (this=<optimized out>, p=..., action=0x0)
at widgets/qmenu.cpp:2059
#49 0x00000034e49661e3 in Plasma::PopupApplet::eventFilter (this=0x1d186d0,
watched=<optimized out>, event=0x7fffcd788cd0) at
/usr/src/debug/kdelibs-4.6.3/plasma/popupapplet.cpp:515
#50 0x0000003718b5a348 in
QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<optimized out>,
receiver=0x1fccac0, event=0x7fffcd788cd0) at kernel/qcoreapplication.cpp:846
#51 0x000000371c3b739f in notify_helper (e=0x7fffcd788cd0, receiver=0x1fccac0,
this=0x1542b20) at kernel/qapplication.cpp:4458
#52 QApplicationPrivate::notify_helper (this=0x1542b20, receiver=0x1fccac0,
e=0x7fffcd788cd0) at kernel/qapplication.cpp:4434
#53 0x000000371c3bc74c in QApplication::notify (this=<optimized out>,
receiver=0x1fe48a0, e=0x7fffcd789040) at kernel/qapplication.cpp:4102
#54 0x000000371e641806 in KApplication::notify (this=0x1529400,
receiver=0x1fe48a0, event=0x7fffcd789040) at
/usr/src/debug/kdelibs-4.6.3/kdeui/kernel/kapplication.cpp:311
#55 0x0000003718b5a1bc in QCoreApplication::notifyInternal (this=0x1529400,
receiver=0x1fe48a0, event=0x7fffcd789040) at kernel/qcoreapplication.cpp:731
#56 0x000000371c434048 in sendSpontaneousEvent (event=0x7fffcd789040,
receiver=0x1fe48a0) at ../../src/corelib/kernel/qcoreapplication.h:218
#57 QETWidget::translateMouseEvent (this=<optimized out>, event=<optimized
out>) at kernel/qapplication_x11.cpp:4466
#58 0x000000371c432eba in QApplication::x11ProcessEvent (this=0x1529400,
event=0x7fffcd7898d0) at kernel/qapplication_x11.cpp:3587
#59 0x000000371c45a23c in x11EventSourceDispatch (s=0x15499b0, callback=0,
user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:148
#60 0x000000370f642b6d in g_main_dispatch (context=0x15488e0) at gmain.c:2440
#61 g_main_context_dispatch (context=0x15488e0) at gmain.c:3013
#62 0x000000370f643348 in g_main_context_iterate (context=0x15488e0,
block=<optimized out>, dispatch=1, self=<optimized out>) at gmain.c:3091
#63 0x000000370f6435dc in g_main_context_iteration (context=0x15488e0,
may_block=1) at gmain.c:3154
#64 0x0000003718b84d1f in QEventDispatcherGlib::processEvents (this=0x14df7c0,
flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#65 0x000000371c459f2e in QGuiEventDispatcherGlib::processEvents
(this=<optimized out>, flags=<optimized out>) at
kernel/qguieventdispatcher_glib.cpp:207
#66 0x0000003718b596d2 in QEventLoop::processEvents (this=<optimized out>,
flags=...) at kernel/qeventloop.cpp:149
#67 0x0000003718b598cf in QEventLoop::exec (this=0x7fffcd789ca0, flags=...) at
kernel/qeventloop.cpp:201
#68 0x0000003718b5da17 in QCoreApplication::exec () at
kernel/qcoreapplication.cpp:1008
#69 0x00000034e523f1e3 in kdemain (argc=1, argv=0x7fffcd78a088) at
/usr/src/debug/kdebase-workspace-4.6.3/plasma/desktop/shell/main.cpp:120
#70 0x000000370fa2143d in __libc_start_main (main=0x400890 <main(int, char**)>,
argc=1, ubp_av=0x7fffcd78a088, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffcd78a078) at libc-start.c:226
#71 0x00000000004008c1 in _start ()

Reported using DrKonqi

Comment 1 Kevin Kofler 2011-06-08 01:12:35 UTC
This crashes in this loop:
    foreach (InterfaceItem* ifaceitem, m_interfaces) {
        Solid::Control::NetworkInterface* iface = ifaceitem->interface();
        if (iface->type() == Solid::Control::NetworkInterface::Ieee80211) {
            //kDebug() << "there's a wifi iface" << ifaceitem->connectionName() << iface->interfaceName();
            m_hasWirelessInterface = true; // at least one interface is wireless. We're happy.
            m_wifiCheckBox->show();
            break;
        }
    }
on this line:
        if (iface->type() == Solid::Control::NetworkInterface::Ieee80211) {

I assume iface is NULL, adding a NULL check, i.e.:
        if (iface && iface->type() == Solid::Control::NetworkInterface::Ieee80211) {
should probably fix it.

Comment 2 Kevin Kofler 2011-06-08 01:17:57 UTC
In fact, this has been fixed upstream on April 19:
https://projects.kde.org/projects/extragear/base/networkmanagement/repository/revisions/ff9076fe85f31b0cfa388d92a0c6d288ad07f396/diff/applet/nmpopup.cpp
(but we're stuck with the March 23 snapshot for the moment).

Backporting the 2 added NULL checks from that commit is rather easy, I can do that tomorrow if nobody beats me to it.

Comment 3 Fedora Update System 2011-06-08 13:13:08 UTC
kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.1 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.1

Comment 4 Fedora Update System 2011-06-08 13:13:59 UTC
kde-plasma-networkmanagement-0.9-0.40.20110323.fc14.1 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.40.20110323.fc14.1

Comment 5 Fedora Update System 2011-06-08 13:14:32 UTC
kde-plasma-networkmanagement-0.9-0.40.20110323.fc13.1 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.40.20110323.fc13.1

Comment 6 Fedora Update System 2011-06-10 13:34:31 UTC
Package kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.1:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.1'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.47.20110323.fc15.1
then log in and leave karma (feedback).

Comment 7 Kevin Kofler 2011-06-14 15:54:55 UTC
Does the above update fix your crashes?

Comment 8 kurik 2011-06-14 19:45:07 UTC
Unfortunately not. I have tested the new RPM immediately once become available, but the problem persists. The symptoms are exactly the same.
I am currently trying to investigate the place in code causing the issue to be able, at least, provide more info.

Comment 9 Kevin Kofler 2011-06-14 21:30:14 UTC
Have you restarted your session after upgrading? Does the problem persist after a session restart? If so, we need a new backtrace. (I strongly doubt the backtrace is the same, as I fixed that exact place of code.)

Comment 10 kurik 2011-06-15 06:32:45 UTC
Created attachment 504809 [details]
Backtrace from 2011-06-15

Comment 11 kurik 2011-06-15 06:34:09 UTC
OK, the back-trace is attached: https://bugzilla.redhat.com/attachment.cgi?id=504809

Regarding the restart of the session: yes the computer has been restarted several times since I have installed the new network manager RPM and the problem is still the same.

Comment 12 Kevin Kofler 2011-06-15 07:02:38 UTC
#6  0x0000003160e71fa0 in QRegion::shared_empty () from /usr/lib64/libQtGui.so.4
#7  0x00007f9dfcac71ab in NMPopup::updateHasWireless (this=0x16e9450) at /usr/src/debug/networkmanagement-0.9/applet/nmpopup.cpp:536

Huh? There's nothing at nmpopup.cpp:536 which would call QRegion::shared_empty.

I guess the iface pointer is completely bogus here (not valid, but also not NULL) and has a bad vtable, so we end up calling QRegion::shared_empty instead of Solid::Control::NetworkInterface::type. But I'm not sure how to fix that.

I wonder if we shouldn't give up trying to fix that in the old snapshot and move on to the current nm09 branch snapshots instead.

Comment 13 kurik 2011-06-15 07:14:15 UTC
Is there a way how to upgrade my current Fedora-15 to use nm09 ?
According to guys from KDE team, this problem should be fixed (reworked) somehow in the mn09 version.

Comment 14 Kevin Kofler 2011-06-15 07:24:04 UTC
Configure the kde-redhat kde.repo, then use:
yum --enablerepo=kde-unstable update kde-plasma-networkmanagement

The snapshots are due to move to kde-testing, updates-testing and then updates soon.

Fixing this problem in the existing 20110323 snapshot would probably require a Valgrind log to see what exactly is going wrong. (At this point, I guess it's a use-after-free bug.)

That said, I'm not sure this is fixed in the current snapshots either. Upstream added the NULL checks I backported, but NULL checks don't help against invalid non-NULL pointers.

Comment 15 Kevin Kofler 2011-06-17 15:59:16 UTC
I'm reopening the bug. I have queued the updates with the added NULL checks for stable anyway, they cannot hurt, but I removed the reference to this bug, which appears not fixed (completely).

Comment 16 Rex Dieter 2011-06-24 13:23:53 UTC
See also,
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15

(pending, not queued... yet)

Comment 17 Fedora Update System 2011-06-27 12:53:43 UTC
kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15

Comment 18 Fedora Update System 2011-06-30 18:58:33 UTC
kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 kurik 2011-06-30 21:26:26 UTC
Having installed the kde-plasma-networkmanagement-0.9-0.53.20110616git.nm09.fc15 package it works and seems to be stable (at least for me).
Thanks guys.


Note You need to log in before you can comment on or make changes to this bug.