Hello all, I tried to reproduce this issue and think I found the problem.
In commit [1] a typo creeped in and "block->name" got replaced by "block_name". Variable block_name gets not initialized and therefore g_str_has_prefix crashes. Might be on other architectures just valid or zero by luck. /* Bridge configuration */ - if(!strncmp ("br", block->name, 2)) { + if (g_str_has_prefix (block_name, "br")) { /* Try to find bridge ports */ Kind regards, Bernhard [1] https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/src/settings/plugins/ifupdown/nms-ifupdown-plugin.c?id=f0938948bc506f2bddda2d574b0890cb4b67b4c4
Homepage: https://wiki.gnome.org/Projects/NetworkManager Bug tracker: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues Git: https://cgit.freedesktop.org/NetworkManager/NetworkManager/ # switch sources.list to unstable apt update apt dist-upgrade apt install dpkg-dev devscripts systemd-coredump gdb network-manager network-manager-dbgsym libglib2.0-0-dbgsym mkdir network-manager/orig -p cd network-manager/orig apt source network-manager cd ../.. dmesg [ 3062.120572] NetworkManager[4737]: segfault at 1 ip b7711328 sp bfce5040 error 4 in libc-2.27.so[b76a4000+14c000] [ 3062.120580] Code: 83 c2 04 0f b6 42 ff 83 c1 04 0f b6 59 ff 84 c0 74 47 38 d8 75 43 39 f2 75 b8 83 e7 03 eb 07 8d 76 00 31 db 31 c0 85 ff 74 2f <0f> b6 02 0f b6 19 38 d8 75 25 84 c0 74 21 be 01 00 00 00 eb 16 8d root@debian:/var/cache/apt/archives# coredumpctl list TIME PID UID GID SIG COREFILE EXE Tue 2018-10-23 18:11:56 CEST 4737 0 0 11 present /usr/sbin/NetworkManager ... set height 0 set width 0 set pagination off directory /home/benutzer/network-manager/orig/network-manager-1.14.2 root@debian:/var/cache/apt/archives# coredumpctl gdb 4737 PID: 4737 (NetworkManager) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Tue 2018-10-23 18:11:55 CEST (10min ago) Command Line: /usr/sbin/NetworkManager --no-daemon Executable: /usr/sbin/NetworkManager Control Group: /system.slice/NetworkManager.service Unit: NetworkManager.service Slice: system.slice Boot ID: c10f4f5c16884a26add01274274b3c2f Machine ID: 45f49504b47f4e5690bc479adf67aa5b Hostname: debian Storage: /var/lib/systemd/coredump/core.NetworkManager.0.c10f4f5c16884a26add01274274b3c2f.4737.1540311115000000.lz4 Message: Process 4737 (NetworkManager) of user 0 dumped core. Stack trace of thread 4737: #0 0x00000000b7711328 n/a (libc.so.6) #1 0x00000000b7aba962 g_str_has_prefix (libglib-2.0.so.0) #2 0x00000000b62ca113 initialize (libnm-settings-plugin-ifupdown.so) #3 0x000000000064f5c4 add_plugin (NetworkManager) #4 0x00000000006521df add_plugin_load_file (NetworkManager) #5 0x0000000000530823 nm_manager_start (NetworkManager) #6 0x0000000000502e7c main (NetworkManager) #7 0x00000000b76a49a1 __libc_start_main (libc.so.6) #8 0x00000000005031c8 _start (NetworkManager) GNU gdb (Debian 8.1-4+b1) 8.1 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/sbin/NetworkManager...Reading symbols from /usr/lib/debug/.build-id/a4/c366d1bc0595bf150e362e650e64d1fd003eda.debug...done. done. [New LWP 4737] [New LWP 4738] [New LWP 4739] [New LWP 4740] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". Core was generated by `/usr/sbin/NetworkManager --no-daemon'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncmp_ia32 (s1=0x2 <error: Cannot access memory at address 0x2>, s2=0xb62ce23c "br", n=2) at ../string/strncmp.c:64 64 ../string/strncmp.c: Datei oder Verzeichnis nicht gefunden. [Current thread is 1 (Thread 0xb6d0a640 (LWP 4737))] (gdb) set height 0 (gdb) set width 0 (gdb) set pagination off (gdb) directory /home/benutzer/network-manager/orig/network-manager-1.14.2 Source directories searched: /home/benutzer/network-manager/orig/network-manager-1.14.2:$cdir:$cwd (gdb) bt #0 __strncmp_ia32 (s1=0x2 <error: Cannot access memory at address 0x2>, s2=0xb62ce23c "br", n=2) at ../string/strncmp.c:64 #1 0xb7aba962 in g_str_has_prefix (str=0x1 <error: Cannot access memory at address 0x1>, prefix=0xb62ce23c "br") at ../../../../glib/gstrfuncs.c:2877 #2 0xb62ca113 in initialize (plugin=0xa78720) at src/settings/plugins/ifupdown/nms-ifupdown-plugin.c:174 #3 0x0064f5c4 in add_plugin (self=0xa57870, plugin=0xa78720, path=0xa4c280 "/usr/lib/i386-linux-gnu/NetworkManager/1.14.2/libnm-settings-plugin-ifupdown.so") at src/settings/nm-settings.c:603 #4 0x006521df in add_plugin_load_file (error=0xbfce52a8, pname=<optimized out>, self=0xa57870) at src/settings/nm-settings.c:680 #5 load_plugins (error=0xbfce52a8, plugins=0xa79150, self=0xa57870) at src/settings/nm-settings.c:749 #6 nm_settings_start (self=0xa57870, error=0xbfce52a8) at src/settings/nm-settings.c:1788 #7 0x00530823 in nm_manager_start () at src/nm-manager.c:6406 #8 0x00502e7c in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:417 (gdb) up #1 0xb7aba962 in g_str_has_prefix (str=0x1 <error: Cannot access memory at address 0x1>, prefix=0xb62ce23c "br") at ../../../../glib/gstrfuncs.c:2877 2877 ../../../../glib/gstrfuncs.c: Datei oder Verzeichnis nicht gefunden. (gdb) #2 0xb62ca113 in initialize (plugin=0xa78720) at src/settings/plugins/ifupdown/nms-ifupdown-plugin.c:174 174 if (g_str_has_prefix (block_name, "br")) { (gdb) print block_name $1 = 0x1 <error: Cannot access memory at address 0x1> (gdb) list 149,289 149 static void 150 initialize (NMSettingsPlugin *plugin) 151 { 152 SettingsPluginIfupdown *self = SETTINGS_PLUGIN_IFUPDOWN (plugin); 153 SettingsPluginIfupdownPrivate *priv = SETTINGS_PLUGIN_IFUPDOWN_GET_PRIVATE (self); 154 gs_unref_hashtable GHashTable *auto_ifaces = NULL; 155 nm_auto_ifparser if_parser *parser = NULL; 156 if_block *block; 157 GHashTableIter con_iter; 158 const char *block_name; 159 NMIfupdownConnection *conn; 160 161 parser = ifparser_parse (ENI_INTERFACES_FILE, 0); 162 163 c_list_for_each_entry (block, &parser->block_lst_head, block_lst) { 164 165 if (NM_IN_STRSET (block->type, "auto", "allow-hotplug")) { 166 if (!auto_ifaces) 167 auto_ifaces = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, NULL); 168 g_hash_table_add (auto_ifaces, g_strdup (block->name)); 169 continue; 170 } 171 172 if (nm_streq (block->type, "iface")) { 173 /* Bridge configuration */ 174 if (g_str_has_prefix (block_name, "br")) { 175 /* Try to find bridge ports */ 176 const char *ports = ifparser_getkey (block, "bridge-ports"); 177 178 if (ports) { 179 guint i; 180 int state = 0; 181 gs_strfreev char **port_ifaces = NULL; 182 183 _LOGD ("parse: found bridge ports %s for %s", ports, block->name); 184 185 port_ifaces = g_strsplit_set (ports, " \t", -1); 186 for (i = 0; port_ifaces[i]; i++) { 187 const char *token = port_ifaces[i]; 188 189 /* Skip crazy stuff like regex or all */ 190 if (nm_streq (token, "all")) 191 continue; 192 193 /* Small SM to skip everything inside regex */ 194 if (nm_streq (token, "regex")) { 195 state++; 196 continue; 197 } 198 if (nm_streq (token, "noregex")) { 199 state--; 200 continue; 201 } 202 if (nm_streq (token, "none")) 203 continue; 204 if (state == 0 && strlen (token) > 0) { 205 conn = g_hash_table_lookup (priv->eni_ifaces, block->name); 206 if (!conn) { 207 _LOGD ("parse: adding bridge port \"%s\"", token); 208 g_hash_table_insert (priv->eni_ifaces, g_strdup (token), NULL); 209 } else { 210 _LOGD ("parse: adding bridge port \"%s\" (have connection %s)", token, 211 nm_settings_connection_get_uuid (NM_SETTINGS_CONNECTION (conn))); 212 } 213 } 214 } 215 } 216 continue; 217 } 218 219 /* Skip loopback configuration */ 220 if (nm_streq (block->name, "lo")) 221 continue; 222 223 /* Remove any connection for this block that was previously found */ 224 conn = g_hash_table_lookup (priv->eni_ifaces, block->name); 225 if (conn) { 226 _LOGD ("parse: replace connection \"%s\" (%s)", 227 block->name, 228 nm_settings_connection_get_uuid (NM_SETTINGS_CONNECTION (conn))); 229 nm_settings_connection_delete (NM_SETTINGS_CONNECTION (conn), NULL); 230 g_hash_table_remove (priv->eni_ifaces, block->name); 231 } 232 233 /* add the new connection */ 234 conn = nm_ifupdown_connection_new (block); 235 if (conn) { 236 _LOGD ("parse: adding connection \"%s\" (%s)", block->name, 237 nm_settings_connection_get_uuid (NM_SETTINGS_CONNECTION (conn))); 238 } else 239 _LOGD ("parse: adding place holder for connection \"%s\"", block->name); 240 g_hash_table_insert (priv->eni_ifaces, g_strdup (block->name), conn); 241 continue; 242 } 243 244 if (nm_streq (block->type, "mapping")) { 245 conn = g_hash_table_lookup (priv->eni_ifaces, block->name); 246 if (!conn) { 247 _LOGD ("parse: adding mapping \"%s\"", block->name); 248 g_hash_table_insert (priv->eni_ifaces, g_strdup (block->name), NULL); 249 } else { 250 _LOGD ("parse: adding mapping \"%s\" (have connection %s)", block->name, 251 nm_settings_connection_get_uuid (NM_SETTINGS_CONNECTION (conn))); 252 } 253 continue; 254 } 255 } 256 257 /* Make 'auto' interfaces autoconnect=TRUE */ 258 g_hash_table_iter_init (&con_iter, priv->eni_ifaces); 259 while (g_hash_table_iter_next (&con_iter, (gpointer) &block_name, (gpointer) &conn)) { 260 NMSettingConnection *setting; 261 262 if ( !conn 263 || !auto_ifaces 264 || !g_hash_table_contains (auto_ifaces, block_name)) 265 continue; 266 267 /* FIXME(copy-on-write-connection): avoid modifying NMConnection instances and share them via copy-on-write. */ 268 setting = nm_connection_get_setting_connection (nm_settings_connection_get_connection (NM_SETTINGS_CONNECTION (conn))); 269 g_object_set (setting, NM_SETTING_CONNECTION_AUTOCONNECT, TRUE, NULL); 270 } 271 272 /* Check the config file to find out whether to manage interfaces */ 273 priv->ifupdown_managed = nm_config_data_get_value_boolean (NM_CONFIG_GET_DATA_ORIG, 274 NM_CONFIG_KEYFILE_GROUP_IFUPDOWN, 275 NM_CONFIG_KEYFILE_KEY_IFUPDOWN_MANAGED, 276 !IFUPDOWN_UNMANAGE_WELL_KNOWN_DEFAULT); 277 _LOGI ("management mode: %s", priv->ifupdown_managed ? "managed" : "unmanaged"); 278 279 /* Now if we're running in managed mode, let NM know there are new connections */ 280 if (priv->ifupdown_managed) { 281 GHashTableIter iter; 282 283 g_hash_table_iter_init (&iter, priv->eni_ifaces); 284 while (g_hash_table_iter_next (&iter, NULL, (gpointer *) conn)) { 285 _nm_settings_plugin_emit_signal_connection_added (NM_SETTINGS_PLUGIN (self), 286 NM_SETTINGS_CONNECTION (conn)); 287 } 288 } 289 } -> no initilization of block_name ? (gdb) print block->name $2 = 0xb4d08044 "lo" https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/src/settings/plugins/ifupdown/nms-ifupdown-plugin.c?id=f0938948bc506f2bddda2d574b0890cb4b67b4c4