Ubuntu
dbus package

dbus-daemon crashed with SIGSEGV

Bug #1237059 reported by Unit 193 on 2013-10-08

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	dbus (Ubuntu)	Fix Released	Critical	Tyler Hicks

Bug Description

Upgraded from Raring to Saucy, fully updated system.
dbus: 1.6.12-0ubuntu8

Symptom: When you first load the desktop all seems normal except you are unable to launch applications. After rebooting into a known good kernel, I got an apport window. After sending the bug data, no browser appears, unable to open one, a terminal, or anything else. Switching to a TTY and restarting dbus will give you the terminal and browser, but the rest of the desktop is black and the border themes are the basic theme. At this point the desktop is still unusable.

Expected: Fully functional desktop.

Steps taken to repair:
1. Reboot into a known working kernel.
2. Clearing out old config/cache.
3. Reinstalling dbus (apt-get install --reinstall.)
4. Downgrading dbus-x11, dbus, libdbus-1-dev, and libdbus-1-3 to 1.6.12-0ubuntu7.
Only the last step had any effect.

ProblemType: Crash
DistroRelease: Ubuntu 13.10
Package: dbus 1.6.12-0ubuntu8
Uname: Linux 3.11.4-u193 i686
ApportVersion: 2.12.5-0ubuntu1
Architecture: i386
CrashCounter: 1
Date: Tue Oct 8 15:12:24 2013
ExecutablePath: /bin/dbus-daemon
ExecutableTimestamp: 1381192108
InstallationDate: Installed on 2011-04-15 (906 days ago)
InstallationMedia: Xubuntu 11.04 "Natty Narwhal" - Beta i386 (20110413.2)
MarkForUpload: True
ProcCmdline: dbus-daemon --fork --session --address=unix:abstract=/tmp/dbus-noQydCFQad
ProcCwd: /
ProcEnviron:
LANGUAGE=en_US:en
PATH=(custom, user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SegvAnalysis:
Segfault happened at: 0x804f3f3: mov 0x8(%eax),%esi
PC (0x0804f3f3) ok
source "0x8(%eax)" (0x00000008) not located in a known VMA region (needed readable region)!
destination "%esi" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: dbus
Stacktrace:
#0 0x0804f3f3 in ?? ()
No symbol table info available.
Cannot access memory at address 0xbff9adcc
StacktraceTop: ?? ()
ThreadStacktrace:
.
Thread 1 (LWP 4638):
#0 0x0804f3f3 in ?? ()
No symbol table info available.
Cannot access memory at address 0xbff9adcc
Title: dbus-daemon crashed with SIGSEGV
UpgradeStatus: Upgraded to saucy on 2013-10-08 (0 days ago)
UserGroups: adm admin cdrom debian-tor dialout lpadmin plugdev sambashare www-data

Tags:

Revision history for this message

Unit 193 (unit193) wrote on 2013-10-08:

Dependencies.txt Edit (2.6 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (527 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (4.3 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (822 bytes, text/plain; charset="utf-8")
Registers.txt Edit (438 bytes, text/plain; charset="utf-8")
upstart.dbus.log.txt Edit (11.7 KiB, text/plain; charset="utf-8")

Unit 193 (unit193) on 2013-10-08

information type:

Private → Public

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2013-10-08:

Hello - Can you give me some more information on the kernel that you were running when experiencing this crash? I don't recognize the version string. Does it contain backported AppArmor patches from Saucy's kernel?

Better yet, can you point me to the source code for that kernel?

Thanks!

Changed in dbus (Ubuntu):
importance:	Undecided → Critical
status:	New → Incomplete

Revision history for this message

Unit 193 (unit193) wrote on 2013-10-09:

Ah, thanks for the pointers.

It's from kernel.org with custom config, also had tested the liquorix kernel (http://liquorix.net/sources/)

During the upgrade, seems the saucy kernel was never pulled in, and as I'm used to using my custom kernel all during Raring (issues with -generic, checked randomly throughout the cycle) I may not have noticed the generic kernel was still on 3.8.

In addition to that, seems the updated apparmor packages just came through a few minutes ago, but guessing that's not the issue here.

Thanks for looking into this issue (and sorry about it!), do you know when/if any patches will become part of upstream source?

Changed in dbus (Ubuntu):
status:	Incomplete → Invalid

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2013-10-09:

I just noticed the problem here. The new eavesdropping AppArmor security hook, added in 1.6.12-0ubuntu8, is missing the check to see if AppArmor D-Bus mediation is enabled.

Changed in dbus (Ubuntu):
assignee:	nobody → Tyler Hicks (tyhicks)
status:	Invalid → In Progress

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2013-10-09: Re: [Bug 1237059] Re: dbus-daemon crashed with SIGSEGV

On 2013-10-09 00:32:03, Unit 193 wrote:
> Thanks for looking into this issue (and sorry about it!), do you know
> when/if any patches will become part of upstream source?

Thanks for the bug report! It helped to quickly track down a nasty bug
in yesterday's dbus upload.

I'm not exactly sure when the patches will go into Linus' tree. They've
been acked by the AppArmor kernel maintainer so I'd guess 3.13, but I
haven't asked him about it lately.

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2013-10-09:

dbus_1.6.12-0ubuntu9.debdiff Edit (2.8 KiB, text/plain)

Here's the fix for this bug. I've manually verified the fix in this way:

1) Add ' <apparmor mode="disabled"/>' under the <busconfig> section of /etc/dbus-1/session.conf
2) Log out and log back in
3) Run `dbus-monitor`
4) Without this debdiff, the session bus will crash and the syslog will contain something like this:
dbus-daemon[2958]: segfault at 10 ip 0000000000408057 sp 00007fff116a7730 error 4 in dbus-daemon[400000+64000]

Additionally, I've verified that QRT's test-dbus.py passes with this debdiff applied.

Tyler Hicks (tyhicks) on 2013-10-09

Changed in dbus (Ubuntu):
status:	In Progress → Confirmed
assignee:	Tyler Hicks (tyhicks) → nobody
status:	Confirmed → In Progress
status:	In Progress → Confirmed

Revision history for this message

Apport retracing service (apport) wrote on 2013-10-09:

Stacktrace:
#0 0x0804f3f3 in ?? ()
No symbol table info available.
Cannot access memory at address 0xbff9adcc
StacktraceSource: #0 0x0804f3f3 in ?? ()
StacktraceTop: ?? ()
ThreadStacktrace:
.
Thread 1 (LWP 4638):
#0 0x0804f3f3 in ?? ()
No symbol table info available.
Cannot access memory at address 0xbff9adcc

Changed in dbus (Ubuntu):
status:	Confirmed → Invalid

Revision history for this message

Apport retracing service (apport) wrote on 2013-10-09: Crash report cannot be processed

Thank you for your report!

However, processing it in order to get sufficient information for the
developers failed (it does not generate a useful symbolic stack trace). This
might be caused by some outdated packages which were installed on your system
at the time of the report:

outdated debug symbol package for libapparmor1: package version 2.8.0-0ubuntu30 dbgsym version 2.8.0-0ubuntu11

Please upgrade your system to the latest package versions. If you still
encounter the crash, please file a new report.

Thank you for your understanding, and sorry for the inconvenience!

tags:

removed: need-i386-retrace

Tyler Hicks (tyhicks) on 2013-10-09

Changed in dbus (Ubuntu):
status:	Invalid → Confirmed

Jamie Strandboge (jdstrand) on 2013-10-09

Changed in dbus (Ubuntu):
status:	Confirmed → Fix Committed
assignee:	nobody → Tyler Hicks (tyhicks)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-10-09:

This bug was fixed in the package dbus - 1.6.12-0ubuntu9

---------------
dbus (1.6.12-0ubuntu9) saucy; urgency=low

  * debian/patches/aa-mediate-eavesdropping.patch: Fix a regression that
    caused dbus-daemon to segfault when AppArmor mediation is disabled, or
    unsupported by the kernel, and an application attempts to eavesdrop
    (LP: #1237059)
-- Tyler Hicks <email address hidden> Tue, 08 Oct 2013 17:58:36 -0700