Ubuntu
network-manager package

NM crashes when restarted on arale

Bug #1499906 reported by Mathieu Trudel-Lapierre
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Fix Released
High
Mathieu Trudel-Lapierre

Bug Description

Discovered this while testing for another bug; I hadn't run into this problem before:

NetworkManager[3456]: <info> startup complete
NetworkManager[3456]: <info> (/ril_0) modem is now Online
NetworkManager[3456]: <info> (/ril_0): update_modem_state: 'Attached': false 'Online': true 'IMSI': (null)
NetworkManager[3456]: <info> (ril_0): modem state changed, 'initializing' --> 'disabled' (reason: modem not ready)
NetworkManager[3456]: <info> (/ril_0) updated available interfaces
NetworkManager[3456]: <info> (/ril_0): found new SimManager interface
NetworkManager[3456]: <info> (/ril_0): found new ConnectionManager interface
NetworkManager[3456]: <info> GetPropsDone: 'SubscriberIdentity': (null)
NetworkManager[3456]: <info> (/ril_0): update_modem_state: 'Attached': false 'Online': true 'IMSI': 302500200836319

Program received signal SIGSEGV, Segmentation fault.
0xb690606e in strlen () from /lib/arm-linux-gnueabihf/libc.so.6
(gdb) bt full
#0 0xffffffff in strlen () at /lib/arm-linux-gnueabihf/libc.so.6
#1 0xffffffff in vfprintf () at /lib/arm-linux-gnueabihf/libc.so.6
#2 0xffffffff in __vasprintf_chk () at /lib/arm-linux-gnueabihf/libc.so.6
#3 0xffffffff in g_vasprintf (__ap=..., __fmt=<optimized out>, __ptr=0xbefff1f8) at /usr/include/arm-linux-gnueabihf/bits/stdio2.h:210
        __func__ = "g_vasprintf"
#4 0xffffffff in g_vasprintf (string=string@entry=0xbefff1f8, format=format@entry=0xb2ace180 "(%s): modem state changed, '%s' --> '%s' (reason: %s)\n", args=...) at /build/glib2.0-hi_vf7/glib2.0-2.45.8/./glib/gprintf.c:316
        __func__ = "g_vasprintf"
#5 0xffffffff in g_strdup_vprintf (format=format@entry=0xb2ace180 "(%s): modem state changed, '%s' --> '%s' (reason: %s)\n", args=..., args@entry=...)
    at /build/glib2.0-hi_vf7/glib2.0-2.45.8/./glib/gstrfuncs.c:514
        string = 0x0
#6 0x000a0d04 in _nm_log_impl (file=0xb2acdf70 "nm-modem.c", line=line@entry=153, func=0xb2acdd60 <__func__.33002> "nm_modem_set_state", level=level@entry=LOGL_INFO, domain=domain@entry=LOGD_MB, error=error@entry=0, fmt=0xb2ace180 "(%s): modem state changed, '%s' --> '%s' (reason: %s)\n") at nm-logging.c:388
        args = {__ap = 0xbefff260}
        msg = <optimized out>
        fullmsg = 0x0
        tv = {tv_sec = -1232066209, tv_usec = -1226609788}
        syslog_level = 6
---Type <return> to continue, or q <return> to quit---
        g_log_level = 64
        __func__ = "_nm_log_impl"
#7 0xffffffff in nm_modem_set_state (self=0x1eb8e0 [NMModemOfono], new_state=NM_MODEM_STATE_UNKNOWN, reason=0x1 <error: Cannot access memory at address 0x1>)
    at nm-modem.c:149
        priv = <optimized out>
        old_state = NM_MODEM_STATE_DISABLED
        __func__ = "nm_modem_set_state"
#8 0xffffffff in update_modem_state (self=self@entry=0x1eb8e0 [NMModemOfono])
    at nm-modem-ofono.c:124
        priv = <optimized out>
        state = <optimized out>
        new_state = <optimized out>
        reason = <optimized out>
        __func__ = "update_modem_state"
#9 0xffffffff in handle_subscriber_identity (self=self@entry=0x1eb8e0 [NMModemOfono], value=value@entry=0x1dd368) at nm-modem-ofono.c:334
        priv = <optimized out>
        value_str = <optimized out>
        __func__ = "handle_subscriber_identity"
#10 0xffffffff in get_ofono_sim_properties_done (proxy=0x1daf80 [DBusGProxy], call_id=0x1, user_data=0x1eb8e0) at nm-modem-ofono.c:365
        self = 0x1eb8e0 [NMModemOfono]
---Type <return> to continue, or q <return> to quit---
        error = 0x0
Python Exception <class 'TypeError'> iter() returned non-iterator of type '_iterator':
        properties = 0x1e4440
        value = 0x1dd368
        __func__ = "get_ofono_sim_properties_done"
#11 0xffffffff in () at /lib/arm-linux-gnueabihf/libdbus-1.so.3

CVE References

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

NM probably really shouldn't run into this case, since right after initializing state to NM_STATE_UNKNOWN, there is a big if-ifelse-else block which is supposed to *always* set the correct state. Somehow we don't get through the else block.

Mathieu Trudel-Lapierre (cyphermox)
Changed in network-manager (Ubuntu):
status: New → In Progress
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager - 1.0.4-0ubuntu4

---------------
network-manager (1.0.4-0ubuntu4) wily; urgency=medium

  [ Mathieu Trudel-Lapierre ]
  * d/p/0001-wwan-add-support-for-using-oFono-as-a-modem-manager.patch:
    Pre-initialize reason for ofono state changes to NULL; this avoids getting
    to nm_device_set_state with an invalid reason string. (LP: #1499906)
  * d/p/0001-wwan-add-support-for-using-oFono-as-a-modem-manager.patch:
    cleanup ip_string_to_network_address() to work as its NMModemBroadband
    version, and start setting NM_MODEM_IP4_METHOD to _STATIC so IP, prefix,
    gateway and DNS get properly applied on an oFono modem as it comes up.
  * debian/NetworkManager.conf: re-enable the ofono plugin (fixes a regression).
  * debian/patches/add_ofono_settings_support.patch: don't link against
    libnm-glib as this would cause type duplication and crashes. (LP: #1499904)
  * debian/patches/lp1496434_warn_on_invalid_new_link.patch: don't outright
    crash by dereferencing a NULL pointer if a device can't get created by its
    NMDeviceFactory; we should warn though, as we want to know about these
    failures; but no need to make all of NM sad. (LP: #1496434)

  [ Tony Espy ]
  * d/p/0002-wifi-cull-the-scan-list-before-signalling-ScanDone-b.patch:
    Fix duplicate 'LastSeen' PropertiesChanged signals being generated
    after every scan. The 'Last-Seen' property is now only updated when
    a scan finishes, and schedule_scanlist_cull is no longer triggered
    new_bss_cb or updated_bss_cb. (LP: #1480877)
  * d/p/add_ofono_settings_support.patch: Fix memory leaks in plugin.
  * d/p/add_ofono_settings_support.patch: Remove unused plugin DBus code.
  * d/p/CVE-2015-1322.patch: Drop CVE which applied to removed DBus code
    in ofono settings plugin.

 -- Mathieu Trudel-Lapierre <email address hidden> Sat, 26 Sep 2015 00:02:02 -0400

Changed in network-manager (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.