After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 782545 - NetworkManager crashes when connecting to phone via bluetooth
NetworkManager crashes when connecting to phone via bluetooth
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: Mobile broadband
1.8.x
Other Linux
: Normal critical
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
: 783322 783402 784416 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2017-05-12 07:48 UTC by dsc
Modified: 2017-07-17 10:26 UTC
See Also:
GNOME target: ---
GNOME version: 3.23/3.24


Description dsc 2017-05-12 07:48:17 UTC 
On Arch linux with Gnome 3.24, NetworkManager 1.8.0-1-x86_64,  
NetworkManager segfaults when trying to connect to bluetooth-phone:

NetworkManager[485]: segfault at 8 ip 00000000004a0b52 sp 00007fff8bfb4230 error 4 in NetworkManager[400000+23e000]

Downgrading NetworkManager to version networkmanager-1.8rc3+10+gddd6f94ab-1-x86_64   fixes the issue!

Steps to reproduce:
(Phone is paired via bluetooth and visible in gnome menu)
Select "Connect to internet" in gnome menu:
-> NetworkManager segfault with version 1.8.0-1
Comment 1 Thomas Haller 2017-05-12 08:00:53 UTC 
Please install debugging symbols and provide a backtrace of the crash.

Possibly easiest, by running under the debugger, something like

  systemctl stop NetworkManager
  gdb /usr/sbin/NetworkManager
  > run --debug
  ... reproduce crash
  > bt


Thanks
Comment 2 dsc 2017-05-12 13:50:00 UTC 
Ok, already w/o debug symbols: (I'll update once I manage to get the symbols)

<info>  [1494596210.0398] device (FC:FC:48:xx..): Activation: starting connection 'Phone Network' (b45d0b3f-7b5f-49e6-a3e3-55a91dxxxx)
<info>  [1494596210.0407] audit: op="connection-activate" uuid="b45d0b3f-7b5f-49e6-a3e3-55a91dxxxx" name="Phone Network" pid=901 uid=1000 result="success"
<info>  [1494596210.0413] device (FC:FC:48:xx..): state change: disconnected -> prepare (reason 'none') [30 40 0]
<info>  [1494596210.0430] manager: NetworkManager state is now CONNECTING
<info>  [1494596210.0436] device (FC:FC:48:xx..): state change: prepare -> config (reason 'none') [40 50 0]
<info>  [1494596210.7293] device (FC:FC:48:xx..): Activation: (bluetooth) Stage 2 of 5 (Device Configure) successful. Will connect via PAN.
<info>  [1494596210.7305] device (FC:FC:48:xx..): state change: config -> ip-config (reason 'none') [50 70 0]
<info>  [1494596210.7326] dhcp4 (bnep0): activation: beginning transaction (timeout in 45 seconds)

(NetworkManager:18692): GLib-CRITICAL **: g_array_sort_with_data: assertion 'array != NULL' failed

Thread 1 "NetworkManager" received signal SIGSEGV, Segmentation fault.
0x00000000004a0b52 in ?? ()
(gdb) bt

+ Trace 237472

  • #0 0x00000000004a0b52 in
  • #1 0x00000000004f11ae in
  • #2 0x00000000004f3d16 in
  • #3 0x0000000000503831 in
  • #4 0x0000000000504bb0 in
  • #5 0x00000000004e9ab2 in
  • #6 0x00000000004e9b9e in
  • #7 g_main_context_dispatch
  • #8 0x00007ffff6780a20 in
  • #9 g_main_loop_run
  • #10 0x000000000041bbd4 in
  • #11 __libc_start_main
  • #12 () 






Comment 3


dsc





          2017-05-12 14:19:05 UTC
        



With debug symbols:

Two connect-attempts are necessary to crash NetworkManager: the first attempt fails (always), that was already the case with earlier, non-crashing versions of NetworkManager, the second attempt always crashes with 1.8.0-1.

<info>  [1494598284.4874] device (wlp58s0): state change: activated -> unavailable (reason 'none') [100 20 0]
<info>  [1494598284.5201] dhcp4 (wlp58s0): canceled DHCP transaction, DHCP client pid 19712
<info>  [1494598284.5203] dhcp4 (wlp58s0): state changed bound -> done
<info>  [1494598284.5247] device (wlp58s0): set-hw-addr: set MAC address to BA:1C:22:8F:93:B1 (scanning)
<info>  [1494598284.5248] manager: NetworkManager state is now CONNECTED_GLOBAL
<info>  [1494598284.5259] dns-mgr: Removing DNS information from /usr/bin/resolvconf
<info>  [1494598284.5705] manager: NetworkManager state is now CONNECTED_LOCAL
<info>  [1494598284.5708] manager: NetworkManager state is now DISCONNECTED
<info>  [1494598284.5748] audit: op="radio-control" arg="wireless-enabled:0" pid=901 uid=1000 result="success"
<info>  [1494598284.5751] manager: WiFi now disabled by radio killswitch
<info>  [1494598294.3623] device (FC:FC:48:xx..): Activation: starting connection 'MxiPhone Network' (610cb977-5db8-4dee-97e0-42b146b569a0)
<info>  [1494598294.3627] audit: op="connection-activate" uuid="610cb977-5db8-4dee-97e0-42b146b569a0" name="MxiPhone Network" pid=901 uid=1000 result="success"
<info>  [1494598294.3633] device (FC:FC:48:xx..): state change: disconnected -> prepare (reason 'none') [30 40 0]
<info>  [1494598294.3638] manager: NetworkManager state is now CONNECTING
<info>  [1494598294.3663] device (FC:FC:48:xx..): state change: prepare -> config (reason 'none') [40 50 0]
<warn>  [1494598294.3723] device (FC:FC:48:xx..): Error connecting with bluez: GDBus.Error:org.bluez.Error.Failed: Operation already in progress
<info>  [1494598294.3724] device (FC:FC:48:xx..): state change: config -> failed (reason 'bluetooth-failed') [50 120 44]
<info>  [1494598294.3726] manager: NetworkManager state is now DISCONNECTED
<warn>  [1494598294.3730] device (FC:FC:48:xx..): Activation: failed for connection 'MxiPhone Network'
<info>  [1494598294.3739] device (FC:FC:48:xx..): state change: failed -> disconnected (reason 'none') [120 30 0]
[Thread 0x7fffdee0e700 (LWP 19711) exited]
<info>  [1494598309.4118] device (FC:FC:48:xx..): Activation: starting connection 'MxiPhone Network' (610cb977-5db8-4dee-97e0-42b146b569a0)
<info>  [1494598309.4120] audit: op="connection-activate" uuid="610cb977-5db8-4dee-97e0-42b146b569a0" name="MxiPhone Network" pid=901 uid=1000 result="success"
<info>  [1494598309.4122] device (FC:FC:48:xx..): state change: disconnected -> prepare (reason 'none') [30 40 0]
<info>  [1494598309.4124] manager: NetworkManager state is now CONNECTING
<info>  [1494598309.4129] device (FC:FC:48:xx..): state change: prepare -> config (reason 'none') [40 50 0]
<info>  [1494598310.1368] device (FC:FC:48:xx..): Activation: (bluetooth) Stage 2 of 5 (Device Configure) successful. Will connect via PAN.
<info>  [1494598310.1373] device (FC:FC:48:xx..): state change: config -> ip-config (reason 'none') [50 70 0]
<info>  [1494598310.1378] dhcp4 (bnep0): activation: beginning transaction (timeout in 45 seconds)
<info>  [1494598310.1404] dhcp4 (bnep0): dhclient started with pid 19845

(NetworkManager:19681): GLib-CRITICAL **: g_array_sort_with_data: assertion 'array != NULL' failed

Thread 1 "NetworkManager" received signal SIGSEGV, Segmentation fault.
nm_ip6_config_get_address_first_nontentative (config=0x87d670, 
    linklocal=linklocal@entry=1) at src/nm-ip6-config.c:1458
1458		for (i = 0; i < priv->addresses->len; i++) {
(gdb) bt




+
Trace
    237473






    

  • 
#0
nm_ip6_config_get_address_first_nontentative

    
                at src/nm-ip6-config.c
                  line
                  1458

    

    • 

  • 
#1
linklocal6_start

    
                at src/devices/nm-device.c
                  line
                  6961

    

    • 

  • 
#2
addrconf6_start

    
                at src/devices/nm-device.c
                  line
                  7448

    

    • 

  • 
#3
act_stage3_ip6_config_start

    
                at src/devices/nm-device.c
                  line
                  7736

    

    • 

  • 
#4
nm_device_activate_stage3_ip6_start

    
                at src/devices/nm-device.c
                  line
                  7845

    

    • 

  • 
#5
activate_stage3_ip_config_start

    
                at src/devices/nm-device.c
                  line
                  7922

    

    • 

  • 
#6
activation_source_handle_cb

    
                at src/devices/nm-device.c
                  line
                  4453

    

    • 

  • 
#7
activation_source_handle_cb4

    
                at src/devices/nm-device.c
                  line
                  4390

    

    • 

  • 
#8
g_main_context_dispatch

    • 

  • 
#9
0x00007ffff6780a20 in

    • 

  • 
#10
g_main_loop_run

    • 

  • 
#11
main

    
                at src/main.c
                  line
                  435

    

    • 













Comment 4


dsc





          2017-05-12 14:19:22 UTC
        



With debug symbols:

Two connect-attempts are necessary to crash NetworkManager: the first attempt fails (always), that was already the case with earlier, non-crashing versions of NetworkManager, the second attempt always crashes with 1.8.0-1.

<info>  [1494598284.4874] device (wlp58s0): state change: activated -> unavailable (reason 'none') [100 20 0]
<info>  [1494598284.5201] dhcp4 (wlp58s0): canceled DHCP transaction, DHCP client pid 19712
<info>  [1494598284.5203] dhcp4 (wlp58s0): state changed bound -> done
<info>  [1494598284.5247] device (wlp58s0): set-hw-addr: set MAC address to BA:1C:22:8F:93:B1 (scanning)
<info>  [1494598284.5248] manager: NetworkManager state is now CONNECTED_GLOBAL
<info>  [1494598284.5259] dns-mgr: Removing DNS information from /usr/bin/resolvconf
<info>  [1494598284.5705] manager: NetworkManager state is now CONNECTED_LOCAL
<info>  [1494598284.5708] manager: NetworkManager state is now DISCONNECTED
<info>  [1494598284.5748] audit: op="radio-control" arg="wireless-enabled:0" pid=901 uid=1000 result="success"
<info>  [1494598284.5751] manager: WiFi now disabled by radio killswitch
<info>  [1494598294.3623] device (FC:FC:48:xx..): Activation: starting connection 'MxiPhone Network' (610cb977-5db8-4dee-97e0-42b146b569a0)
<info>  [1494598294.3627] audit: op="connection-activate" uuid="610cb977-5db8-4dee-97e0-42b146b569a0" name="MxiPhone Network" pid=901 uid=1000 result="success"
<info>  [1494598294.3633] device (FC:FC:48:xx..): state change: disconnected -> prepare (reason 'none') [30 40 0]
<info>  [1494598294.3638] manager: NetworkManager state is now CONNECTING
<info>  [1494598294.3663] device (FC:FC:48:xx..): state change: prepare -> config (reason 'none') [40 50 0]
<warn>  [1494598294.3723] device (FC:FC:48:xx..): Error connecting with bluez: GDBus.Error:org.bluez.Error.Failed: Operation already in progress
<info>  [1494598294.3724] device (FC:FC:48:xx..): state change: config -> failed (reason 'bluetooth-failed') [50 120 44]
<info>  [1494598294.3726] manager: NetworkManager state is now DISCONNECTED
<warn>  [1494598294.3730] device (FC:FC:48:xx..): Activation: failed for connection 'MxiPhone Network'
<info>  [1494598294.3739] device (FC:FC:48:xx..): state change: failed -> disconnected (reason 'none') [120 30 0]
[Thread 0x7fffdee0e700 (LWP 19711) exited]
<info>  [1494598309.4118] device (FC:FC:48:xx..): Activation: starting connection 'MxiPhone Network' (610cb977-5db8-4dee-97e0-42b146b569a0)
<info>  [1494598309.4120] audit: op="connection-activate" uuid="610cb977-5db8-4dee-97e0-42b146b569a0" name="MxiPhone Network" pid=901 uid=1000 result="success"
<info>  [1494598309.4122] device (FC:FC:48:xx..): state change: disconnected -> prepare (reason 'none') [30 40 0]
<info>  [1494598309.4124] manager: NetworkManager state is now CONNECTING
<info>  [1494598309.4129] device (FC:FC:48:xx..): state change: prepare -> config (reason 'none') [40 50 0]
<info>  [1494598310.1368] device (FC:FC:48:xx..): Activation: (bluetooth) Stage 2 of 5 (Device Configure) successful. Will connect via PAN.
<info>  [1494598310.1373] device (FC:FC:48:xx..): state change: config -> ip-config (reason 'none') [50 70 0]
<info>  [1494598310.1378] dhcp4 (bnep0): activation: beginning transaction (timeout in 45 seconds)
<info>  [1494598310.1404] dhcp4 (bnep0): dhclient started with pid 19845

(NetworkManager:19681): GLib-CRITICAL **: g_array_sort_with_data: assertion 'array != NULL' failed

Thread 1 "NetworkManager" received signal SIGSEGV, Segmentation fault.
nm_ip6_config_get_address_first_nontentative (config=0x87d670, 
    linklocal=linklocal@entry=1) at src/nm-ip6-config.c:1458
1458		for (i = 0; i < priv->addresses->len; i++) {
(gdb) bt




+
Trace
    237474






    

  • 
#0
nm_ip6_config_get_address_first_nontentative

    
                at src/nm-ip6-config.c
                  line
                  1458

    

    • 

  • 
#1
linklocal6_start

    
                at src/devices/nm-device.c
                  line
                  6961

    

    • 

  • 
#2
addrconf6_start

    
                at src/devices/nm-device.c
                  line
                  7448

    

    • 

  • 
#3
act_stage3_ip6_config_start

    
                at src/devices/nm-device.c
                  line
                  7736

    

    • 

  • 
#4
nm_device_activate_stage3_ip6_start

    
                at src/devices/nm-device.c
                  line
                  7845

    

    • 

  • 
#5
activate_stage3_ip_config_start

    
                at src/devices/nm-device.c
                  line
                  7922

    

    • 

  • 
#6
activation_source_handle_cb

    
                at src/devices/nm-device.c
                  line
                  4453

    

    • 

  • 
#7
activation_source_handle_cb4

    
                at src/devices/nm-device.c
                  line
                  4390

    

    • 

  • 
#8
g_main_context_dispatch

    • 

  • 
#9
0x00007ffff6780a20 in

    • 

  • 
#10
g_main_loop_run

    • 

  • 
#11
main

    
                at src/main.c
                  line
                  435

    

    • 













Comment 5


Lubomir Rintel





          2017-05-22 15:17:14 UTC
        



Thank you for the report and the traceback.
Fixed in master, queued for 1.8.2 too.

https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=30d06b2253b7277ed1153bcbbc81f9e1ca3e3474






Comment 6


Beniamino Galvani





          2017-06-01 16:12:42 UTC
        



*** Bug 783322 has been marked as a duplicate of this bug. ***






Comment 7


Beniamino Galvani





          2017-06-04 12:43:34 UTC
        



*** Bug 783402 has been marked as a duplicate of this bug. ***






Comment 8


Thomas Haller





          2017-07-17 10:26:29 UTC
        



*** Bug 784416 has been marked as a duplicate of this bug. ***