Ubuntu
policykit-1 package

NetworkManager crashed with SIGSEGV in g_type_check_instance_cast()

Bug #438574 reported by Rogério Theodoro de Brito on 2009-09-29

This bug affects 12 people

Affects		Status	Importance	Assigned to
	PolicyKit	Fix Released	Medium	freedesktop-bugs #24566
	policykit-1 (Ubuntu)	Fix Released	High	Alexander Sack
Nominated for Karmic by just for fun

Bug Description

Binary package hint: network-manager

I'm not really sure if this has already been reported (it sure looks like some other bugs, but I did not have any chance to see the backtrace).

This is the latest and greatest karmic, updated a few moments ago.

If this is a dup, just merge it.

Regards, Rogério Brito.

ProblemType: Crash
Architecture: i386
CRDA: Error: [Errno 2] Arquivo ou diretório inexistente
Date: Tue Sep 29 03:46:21 2009
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/sbin/NetworkManager
Gconf:

IpRoute:
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.173 metric 2
default via 192.168.0.1 dev wlan0 proto static
Package: network-manager 0.8~a~git.20090923t064445.b20cef2-0ubuntu1
ProcCmdline: NetworkManager
ProcEnviron: PATH=(custom, no user)
ProcVersionSignature: Ubuntu 2.6.31-11.36-generic
RfKill:
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
SegvAnalysis:
Segfault happened at: 0x2d6fc2 <g_type_check_instance_cast+50>: mov (%edx),%edi
PC (0x002d6fc2) ok
source "(%edx)" (0x0000002d) not located in a known VMA region (needed readable region)!
destination "%edi" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: network-manager
StacktraceTop:
g_type_check_instance_cast ()
?? () from /usr/lib/libpolkit-gobject-1.so.0
?? ()
?? ()
g_cclosure_marshal_VOID__POINTER ()
Title: NetworkManager crashed with SIGSEGV in g_type_check_instance_cast()
Uname: Linux 2.6.31-11-generic i686
UserGroups:

WpaSupplicantLog:

Tags:

Related branches

lp:ubuntu/karmic/policykit-1

lp:ubuntu/lucid/policykit-1

lp:debian/policykit-1

Revision history for this message

Rogério Theodoro de Brito (rbrito) wrote on 2009-09-29:

Dependencies.txt Edit (1.7 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (1.1 KiB, text/plain; charset="utf-8")
IfupdownConfig.txt Edit (154 bytes, text/plain; charset="utf-8")
IpAddr.txt Edit (675 bytes, text/plain; charset="utf-8")
IwConfig.txt Edit (577 bytes, text/plain; charset="utf-8")
NetDevice.lo.txt Edit (3.0 KiB, text/plain; charset="utf-8")
NetDevice.wlan0.txt Edit (1.0 KiB, text/plain; charset="utf-8")
NetDevice.wmaster0.txt Edit (1.0 KiB, text/plain; charset="utf-8")
PciNetwork.txt Edit (702 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (10.0 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (705 bytes, text/plain; charset="utf-8")
Registers.txt Edit (469 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (1.2 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (1.8 KiB, text/plain; charset="utf-8")
WifiSyslog.txt Edit (232.1 KiB, text/plain; charset="utf-8")

visibility:

private → public

Revision history for this message

Apport retracing service (apport) wrote on 2009-09-30: Stacktrace.txt (retraced)

Stacktrace.txt (retraced) Edit (6.3 KiB, text/plain)

StacktraceTop:g_type_check_instance_cast ()
polkit_authority_check_authorization_async (
start_permission_check (self=<value optimized out>,
impl_settings_get_permissions (self=0x8834418,
g_cclosure_marshal_VOID__POINTER ()

Revision history for this message

Apport retracing service (apport) wrote on 2009-09-30: ThreadStacktrace.txt (retraced)

ThreadStacktrace.txt (retraced) Edit (6.9 KiB, text/plain)

Changed in network-manager (Ubuntu):
importance:	Undecided → Medium
tags:	removed: need-i386-retrace

Revision history for this message

In freedesktop.org Bugzilla #24566, Alexander Sack (asac) wrote on 2009-10-16:

Created an attachment (id=30474)
_ref authority in _get

we got a bunch of NM crashes that seem to be due to i polkit not reffing the authority in _get ... attached an mbox patch that fixes this.

Revision history for this message

In freedesktop.org Bugzilla #24566, Alexander Sack (asac) wrote on 2009-10-16:

Launchpad NM crash bug:

https://bugs.edge.launchpad.net/ubuntu/+source/policykit-1/+bug/438574

Revision history for this message

In freedesktop.org Bugzilla #24566, Martin Pitt (pitti) wrote on 2009-10-16:

This makes sense, since http://hal.freedesktop.org/docs/polkit/polkit-1-polkitauthority.html#polkit-authority-get says that the object must be unrefed when done with it.

Revision history for this message

In freedesktop.org Bugzilla #24566, Zeuthen (zeuthen) wrote on 2009-10-16:

Yeah, dcbw has been bugging me about this. Thanks for the patch. Committed.

Revision history for this message

Alexander Sack (asac) wrote on 2009-10-16:

seems to be a polkit bug.

Changed in network-manager (Ubuntu):
status:	New → Confirmed

Revision history for this message

Alexander Sack (asac) wrote on 2009-10-16:

properly _ref authority in singleton constructor Edit (841 bytes, text/plain)

turned out to be a bug in polkit. The patch attached should fix this.

affects:	network-manager (Ubuntu) → policykit-1 (Ubuntu)
Changed in policykit-1 (Ubuntu):
assignee:	nobody → Alexander Sack (asac)
status:	Confirmed → In Progress

Revision history for this message

Alexander Sack (asac) wrote on 2009-10-16:

#10

setting to importance to high as without this patch basically every policykit consumer that follows the official code examples and holds more than one ref on the authority at the same time will invalidate all authority refs when unreffing one of those refs.

Changed in policykit-1 (Ubuntu):
importance:	Medium → High

Bug Watch Updater (bug-watch-updater) on 2009-10-16

Changed in policykit:
status:	Unknown → Confirmed

Revision history for this message

Sebastien Bacher (seb128) wrote on 2009-10-16:

#11

confirming that the change fixes the issue there

Revision history for this message

Sebastien Bacher (seb128) wrote on 2009-10-16:

#12

to be clear it was crasher as soon as the editor was opened before and works in a stable way now

Revision history for this message

Alexander Sack (asac) wrote on 2009-10-16:

#13

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading policykit-1_0.94-1ubuntu1.dsc: done.
  Uploading policykit-1_0.94-1ubuntu1.diff.gz: done.
  Uploading policykit-1_0.94-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Changed in policykit-1 (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-10-16:

#14

This bug was fixed in the package policykit-1 - 0.94-1ubuntu1

---------------
policykit-1 (0.94-1ubuntu1) karmic; urgency=low

  * fix network-manager crashes when opening connection editor
    with system connections; crahes turned out to be caused by
    freed policy kit authority - fix involves propery reffing
    authority in singleton accessor (LP: #438574, #432452)
    - See: https://bugs.freedesktop.org/show_bug.cgi?id=24566
    - add 03_0001-authority-g_object_ref-authority-when-returning-sing.patch