[Pkg-utopia-maintainers] Bug#911621: Re : Bug#911621: Re : Bug#911621: network-manager: crash since last apt upgrade
Bernhard Übelacker
bernhardu at mailbox.org
Tue Oct 23 17:45:18 BST 2018
Hello all,
I tried to reproduce this issue and think I found the problem.
In commit [1] a typo creeped in and "block->name" got replaced by "block_name".
Variable block_name gets not initialized and therefore g_str_has_prefix crashes.
Might be on other architectures just valid or zero by luck.
/* Bridge configuration */
- if(!strncmp ("br", block->name, 2)) {
+ if (g_str_has_prefix (block_name, "br")) {
/* Try to find bridge ports */
Kind regards,
Bernhard
[1] https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/src/settings/plugins/ifupdown/nms-ifupdown-plugin.c?id=f0938948bc506f2bddda2d574b0890cb4b67b4c4
-------------- next part --------------
Homepage: https://wiki.gnome.org/Projects/NetworkManager
Bug tracker: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues
Git: https://cgit.freedesktop.org/NetworkManager/NetworkManager/
# switch sources.list to unstable
apt update
apt dist-upgrade
apt install dpkg-dev devscripts systemd-coredump gdb network-manager network-manager-dbgsym libglib2.0-0-dbgsym
mkdir network-manager/orig -p
cd network-manager/orig
apt source network-manager
cd ../..
dmesg
[ 3062.120572] NetworkManager[4737]: segfault at 1 ip b7711328 sp bfce5040 error 4 in libc-2.27.so[b76a4000+14c000]
[ 3062.120580] Code: 83 c2 04 0f b6 42 ff 83 c1 04 0f b6 59 ff 84 c0 74 47 38 d8 75 43 39 f2 75 b8 83 e7 03 eb 07 8d 76 00 31 db 31 c0 85 ff 74 2f <0f> b6 02 0f b6 19 38 d8 75 25 84 c0 74 21 be 01 00 00 00 eb 16 8d
root at debian:/var/cache/apt/archives# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Tue 2018-10-23 18:11:56 CEST 4737 0 0 11 present /usr/sbin/NetworkManager
...
set height 0
set width 0
set pagination off
directory /home/benutzer/network-manager/orig/network-manager-1.14.2
root at debian:/var/cache/apt/archives# coredumpctl gdb 4737
PID: 4737 (NetworkManager)
UID: 0 (root)
GID: 0 (root)
Signal: 11 (SEGV)
Timestamp: Tue 2018-10-23 18:11:55 CEST (10min ago)
Command Line: /usr/sbin/NetworkManager --no-daemon
Executable: /usr/sbin/NetworkManager
Control Group: /system.slice/NetworkManager.service
Unit: NetworkManager.service
Slice: system.slice
Boot ID: c10f4f5c16884a26add01274274b3c2f
Machine ID: 45f49504b47f4e5690bc479adf67aa5b
Hostname: debian
Storage: /var/lib/systemd/coredump/core.NetworkManager.0.c10f4f5c16884a26add01274274b3c2f.4737.1540311115000000.lz4
Message: Process 4737 (NetworkManager) of user 0 dumped core.
Stack trace of thread 4737:
#0 0x00000000b7711328 n/a (libc.so.6)
#1 0x00000000b7aba962 g_str_has_prefix (libglib-2.0.so.0)
#2 0x00000000b62ca113 initialize (libnm-settings-plugin-ifupdown.so)
#3 0x000000000064f5c4 add_plugin (NetworkManager)
#4 0x00000000006521df add_plugin_load_file (NetworkManager)
#5 0x0000000000530823 nm_manager_start (NetworkManager)
#6 0x0000000000502e7c main (NetworkManager)
#7 0x00000000b76a49a1 __libc_start_main (libc.so.6)
#8 0x00000000005031c8 _start (NetworkManager)
GNU gdb (Debian 8.1-4+b1) 8.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/NetworkManager...Reading symbols from /usr/lib/debug/.build-id/a4/c366d1bc0595bf150e362e650e64d1fd003eda.debug...done.
done.
[New LWP 4737]
[New LWP 4738]
[New LWP 4739]
[New LWP 4740]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/NetworkManager --no-daemon'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __strncmp_ia32 (s1=0x2 <error: Cannot access memory at address 0x2>, s2=0xb62ce23c "br", n=2) at ../string/strncmp.c:64
64 ../string/strncmp.c: Datei oder Verzeichnis nicht gefunden.
[Current thread is 1 (Thread 0xb6d0a640 (LWP 4737))]
(gdb) set height 0
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/network-manager/orig/network-manager-1.14.2
Source directories searched: /home/benutzer/network-manager/orig/network-manager-1.14.2:$cdir:$cwd
(gdb) bt
#0 __strncmp_ia32 (s1=0x2 <error: Cannot access memory at address 0x2>, s2=0xb62ce23c "br", n=2) at ../string/strncmp.c:64
#1 0xb7aba962 in g_str_has_prefix (str=0x1 <error: Cannot access memory at address 0x1>, prefix=0xb62ce23c "br") at ../../../../glib/gstrfuncs.c:2877
#2 0xb62ca113 in initialize (plugin=0xa78720) at src/settings/plugins/ifupdown/nms-ifupdown-plugin.c:174
#3 0x0064f5c4 in add_plugin (self=0xa57870, plugin=0xa78720, path=0xa4c280 "/usr/lib/i386-linux-gnu/NetworkManager/1.14.2/libnm-settings-plugin-ifupdown.so") at src/settings/nm-settings.c:603
#4 0x006521df in add_plugin_load_file (error=0xbfce52a8, pname=<optimized out>, self=0xa57870) at src/settings/nm-settings.c:680
#5 load_plugins (error=0xbfce52a8, plugins=0xa79150, self=0xa57870) at src/settings/nm-settings.c:749
#6 nm_settings_start (self=0xa57870, error=0xbfce52a8) at src/settings/nm-settings.c:1788
#7 0x00530823 in nm_manager_start () at src/nm-manager.c:6406
#8 0x00502e7c in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:417
(gdb) up
#1 0xb7aba962 in g_str_has_prefix (str=0x1 <error: Cannot access memory at address 0x1>, prefix=0xb62ce23c "br") at ../../../../glib/gstrfuncs.c:2877
2877 ../../../../glib/gstrfuncs.c: Datei oder Verzeichnis nicht gefunden.
(gdb)
#2 0xb62ca113 in initialize (plugin=0xa78720) at src/settings/plugins/ifupdown/nms-ifupdown-plugin.c:174
174 if (g_str_has_prefix (block_name, "br")) {
(gdb) print block_name
$1 = 0x1 <error: Cannot access memory at address 0x1>
(gdb) list 149,289
149 static void
150 initialize (NMSettingsPlugin *plugin)
151 {
152 SettingsPluginIfupdown *self = SETTINGS_PLUGIN_IFUPDOWN (plugin);
153 SettingsPluginIfupdownPrivate *priv = SETTINGS_PLUGIN_IFUPDOWN_GET_PRIVATE (self);
154 gs_unref_hashtable GHashTable *auto_ifaces = NULL;
155 nm_auto_ifparser if_parser *parser = NULL;
156 if_block *block;
157 GHashTableIter con_iter;
158 const char *block_name;
159 NMIfupdownConnection *conn;
160
161 parser = ifparser_parse (ENI_INTERFACES_FILE, 0);
162
163 c_list_for_each_entry (block, &parser->block_lst_head, block_lst) {
164
165 if (NM_IN_STRSET (block->type, "auto", "allow-hotplug")) {
166 if (!auto_ifaces)
167 auto_ifaces = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, NULL);
168 g_hash_table_add (auto_ifaces, g_strdup (block->name));
169 continue;
170 }
171
172 if (nm_streq (block->type, "iface")) {
173 /* Bridge configuration */
174 if (g_str_has_prefix (block_name, "br")) {
175 /* Try to find bridge ports */
176 const char *ports = ifparser_getkey (block, "bridge-ports");
177
178 if (ports) {
179 guint i;
180 int state = 0;
181 gs_strfreev char **port_ifaces = NULL;
182
183 _LOGD ("parse: found bridge ports %s for %s", ports, block->name);
184
185 port_ifaces = g_strsplit_set (ports, " \t", -1);
186 for (i = 0; port_ifaces[i]; i++) {
187 const char *token = port_ifaces[i];
188
189 /* Skip crazy stuff like regex or all */
190 if (nm_streq (token, "all"))
191 continue;
192
193 /* Small SM to skip everything inside regex */
194 if (nm_streq (token, "regex")) {
195 state++;
196 continue;
197 }
198 if (nm_streq (token, "noregex")) {
199 state--;
200 continue;
201 }
202 if (nm_streq (token, "none"))
203 continue;
204 if (state == 0 && strlen (token) > 0) {
205 conn = g_hash_table_lookup (priv->eni_ifaces, block->name);
206 if (!conn) {
207 _LOGD ("parse: adding bridge port \"%s\"", token);
208 g_hash_table_insert (priv->eni_ifaces, g_strdup (token), NULL);
209 } else {
210 _LOGD ("parse: adding bridge port \"%s\" (have connection %s)", token,
211 nm_settings_connection_get_uuid (NM_SETTINGS_CONNECTION (conn)));
212 }
213 }
214 }
215 }
216 continue;
217 }
218
219 /* Skip loopback configuration */
220 if (nm_streq (block->name, "lo"))
221 continue;
222
223 /* Remove any connection for this block that was previously found */
224 conn = g_hash_table_lookup (priv->eni_ifaces, block->name);
225 if (conn) {
226 _LOGD ("parse: replace connection \"%s\" (%s)",
227 block->name,
228 nm_settings_connection_get_uuid (NM_SETTINGS_CONNECTION (conn)));
229 nm_settings_connection_delete (NM_SETTINGS_CONNECTION (conn), NULL);
230 g_hash_table_remove (priv->eni_ifaces, block->name);
231 }
232
233 /* add the new connection */
234 conn = nm_ifupdown_connection_new (block);
235 if (conn) {
236 _LOGD ("parse: adding connection \"%s\" (%s)", block->name,
237 nm_settings_connection_get_uuid (NM_SETTINGS_CONNECTION (conn)));
238 } else
239 _LOGD ("parse: adding place holder for connection \"%s\"", block->name);
240 g_hash_table_insert (priv->eni_ifaces, g_strdup (block->name), conn);
241 continue;
242 }
243
244 if (nm_streq (block->type, "mapping")) {
245 conn = g_hash_table_lookup (priv->eni_ifaces, block->name);
246 if (!conn) {
247 _LOGD ("parse: adding mapping \"%s\"", block->name);
248 g_hash_table_insert (priv->eni_ifaces, g_strdup (block->name), NULL);
249 } else {
250 _LOGD ("parse: adding mapping \"%s\" (have connection %s)", block->name,
251 nm_settings_connection_get_uuid (NM_SETTINGS_CONNECTION (conn)));
252 }
253 continue;
254 }
255 }
256
257 /* Make 'auto' interfaces autoconnect=TRUE */
258 g_hash_table_iter_init (&con_iter, priv->eni_ifaces);
259 while (g_hash_table_iter_next (&con_iter, (gpointer) &block_name, (gpointer) &conn)) {
260 NMSettingConnection *setting;
261
262 if ( !conn
263 || !auto_ifaces
264 || !g_hash_table_contains (auto_ifaces, block_name))
265 continue;
266
267 /* FIXME(copy-on-write-connection): avoid modifying NMConnection instances and share them via copy-on-write. */
268 setting = nm_connection_get_setting_connection (nm_settings_connection_get_connection (NM_SETTINGS_CONNECTION (conn)));
269 g_object_set (setting, NM_SETTING_CONNECTION_AUTOCONNECT, TRUE, NULL);
270 }
271
272 /* Check the config file to find out whether to manage interfaces */
273 priv->ifupdown_managed = nm_config_data_get_value_boolean (NM_CONFIG_GET_DATA_ORIG,
274 NM_CONFIG_KEYFILE_GROUP_IFUPDOWN,
275 NM_CONFIG_KEYFILE_KEY_IFUPDOWN_MANAGED,
276 !IFUPDOWN_UNMANAGE_WELL_KNOWN_DEFAULT);
277 _LOGI ("management mode: %s", priv->ifupdown_managed ? "managed" : "unmanaged");
278
279 /* Now if we're running in managed mode, let NM know there are new connections */
280 if (priv->ifupdown_managed) {
281 GHashTableIter iter;
282
283 g_hash_table_iter_init (&iter, priv->eni_ifaces);
284 while (g_hash_table_iter_next (&iter, NULL, (gpointer *) conn)) {
285 _nm_settings_plugin_emit_signal_connection_added (NM_SETTINGS_PLUGIN (self),
286 NM_SETTINGS_CONNECTION (conn));
287 }
288 }
289 }
-> no initilization of block_name ?
(gdb) print block->name
$2 = 0xb4d08044 "lo"
https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/src/settings/plugins/ifupdown/nms-ifupdown-plugin.c?id=f0938948bc506f2bddda2d574b0890cb4b67b4c4
More information about the Pkg-utopia-maintainers
mailing list