Created attachment 718818 [details]
Collected output of crash in NetworkManager

In contrast to bug 1020299 I cannot connect to mobile broadband at all
(NetworkManager-1.0.12-3.2.x86_64):

NetworkManager crashes after writing this message (ZTE MF-100):
NetworkManager[3415]: <info>  (ttyUSB2): device state change: prepare ->
need-auth (reason 'none') [40 60 0]

In gdb the crash looks like this:
Thread 1 "NetworkManager" received signal SIGSEGV, Segmentation fault.
0x000000000052cc25 in ?? ()
(gdb) bt
#0  0x000000000052cc25 in ?? ()
#1  0x000000000052d4c5 in ?? ()
#2  0x00007ffff504e015 in g_main_context_dispatch () from
/usr/lib64/libglib-2.0.so.0
#3  0x00007ffff504e388 in ?? () from /usr/lib64/libglib-2.0.so.0
#4  0x00007ffff504e64a in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0
#5  0x000000000043c5e7 in main ()
(gdb) info registers 
rax            0x0    0
rbx            0x871ed0    8855248
rcx            0x5    5
rdx            0x28    40
rsi            0x7ffff4ddf628    140737301575208
rdi            0x871fc0    8855488
rbp            0x802b30    0x802b30
rsp            0x7fffffffdc20    0x7fffffffdc20
r8             0x84d220    8704544
r9             0x0    0
r10            0x2b    43
r11            0x33    51
r12            0x862e80    8793728
r13            0x0    0
r14            0x2    2
r15            0x8401f0    8651248
rip            0x52cc25    0x52cc25
eflags         0x10202    [ IF RF ]
cs             0x33    51
ss             0x2b    43
ds             0x0    0
es             0x0    0
fs             0x0    0
gs             0x0    0
(gdb) info threads 
  Id   Target Id         Frame 
* 1    Thread 0x7ffff7fc1900 (LWP 3724) "NetworkManager" 0x000000000052cc25 in
?? ()
  2    Thread 0x7ffff13d7700 (LWP 3728) "gmain" 0x00007ffff4b2349d in poll ()
from /lib64/libc.so.6
  3    Thread 0x7ffff0bd6700 (LWP 3729) "pool" 0x00007ffff4b278e9 in syscall ()
from /lib64/libc.so.6
  4    Thread 0x7fffebfff700 (LWP 3730) "gdbus" 0x00007ffff4b2349d in poll ()
from /lib64/libc.so.6
(gdb) 

And valgrind also reports a problem (that looks like a NULL-pointer with offset
access):
NetworkManager[3749]: <info>  (ttyUSB2): device state change: prepare ->
need-auth (reason 'none') [40 60 0]
==3749== Invalid read of size 4
==3749==    at 0x52CC25: ??? (in /usr/sbin/NetworkManager)
==3749==    by 0x52D4C4: ??? (in /usr/sbin/NetworkManager)
==3749==    by 0x794B014: g_main_context_dispatch (in
/usr/lib64/libglib-2.0.so.0.4800.2)
==3749==    by 0x794B387: ??? (in /usr/lib64/libglib-2.0.so.0.4800.2)
==3749==    by 0x794B649: g_main_loop_run (in
/usr/lib64/libglib-2.0.so.0.4800.2)
==3749==    by 0x43C5E6: main (in /usr/sbin/NetworkManager)
==3749==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
==3749== 
==3749== 
==3749== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==3749==  Access not within mapped region at address 0x8
==3749==    at 0x52CC25: ??? (in /usr/sbin/NetworkManager)
==3749==    by 0x52D4C4: ??? (in /usr/sbin/NetworkManager)
==3749==    by 0x794B014: g_main_context_dispatch (in
/usr/lib64/libglib-2.0.so.0.4800.2)
==3749==    by 0x794B387: ??? (in /usr/lib64/libglib-2.0.so.0.4800.2)
==3749==    by 0x794B649: g_main_loop_run (in
/usr/lib64/libglib-2.0.so.0.4800.2)
==3749==    by 0x43C5E6: main (in /usr/sbin/NetworkManager)

Bug ID	1031049
Summary	NetworkManager dumps core when trying to unlock SIM in ZTE MF-100
Classification	openSUSE
Product	openSUSE Distribution
Version	Leap 42.2
Hardware	x86-64
OS	openSUSE 42.2
Status	NEW
Severity	Critical
Priority	P5 - None
Component	GNOME
Assignee	bnc-team-gnome@forge.provo.novell.com
Reporter	Ulrich.Windl@rz.uni-regensburg.de
QA Contact	qa-bugs@suse.de
Found By	---
Blocker	---