Done. I found someone else reporting a problem that had the same underlying cause, which led to an interesting conversation with a developer. You can read it here: https://gitlab.freedesktop.org/dbus/dbus/-/issues/343
The tl;dr version is to use dbus 1.14.x in which the code path that triggers the fault is replaced by SO_PEERGROUPS. This makes it immune to nss disappearing under its feet, though it is a slight change in behaviour. When applying a policy, it will be the user's current groups that count, rather than the groups they would get if they logged in now. Peter ** Bug watch added: gitlab.freedesktop.org/dbus/dbus/-/issues #343 https://gitlab.freedesktop.org/dbus/dbus/-/issues/343 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/2024585 Title: dbus-daemon segfault if group lookup fails Status in dbus package in Ubuntu: New Bug description: Ubuntu release: Ubuntu 22.04.2 LTS (but also tested on Ubuntu 20.04.6 LTS) dbus version: 1.12.20-2ubuntu4.1 This is related to https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2023598, in which an sssd was upgraded before its libraries. This caused dbus-daemon to crash, which in turn ended the user's X session along with many other programs. It also triggered NetworkManager to exit so it was no longer doing DHCP renewals; he network connection was lost a few hours later when the lease expired. The failure of dbus-daemon was triggered by it reloading its configuration while group lookups were not functioning, which revealed an error in the dbus's error handling code. The failure happened in two stages. First, it failed to load the policy, and reported this error: dbus-daemon[1207]: Unable to reload configuration: (null) Then, a few seconds later, dbus-daemon reloaded its config again, and this time it segfaulted. dbus-daemon[1207]: segfault at 0 ip 00005602b18336e4 sp 00007ffe2579de28 error 6 in dbus-daemon[5602b181b000+24000] Code: 00 00 00 48 83 c4 08 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 83 07 01 48 89 f8 c3 0f 1f 44 00 00 f3 0f 1e fa <83> 2f 01 74 07 c3 66 0f 1f 44 00 00 e9 bb fb ff ff 66 66 2e 0f 1f The code corresponds to policy->refcount -= 1, inside bus_client_policy_unref(). This error can only happen if policy was NULL on entry. bus_connections_reload_policy() has this code: // connection.c line 1644 bus_client_policy_unref (d->policy); d->policy = bus_context_create_client_policy (connections->context, connection, error); if (d->policy == NULL) { _dbus_verbose ("Failed to create security policy for connection %p\n", connection); _DBUS_ASSERT_ERROR_IS_SET (error); return FALSE; } If bus_context_create_client_policy fails, the code decrements the policy reference count and sets d->policy to NULL. The second time round, the reference count is decremented again, but policy is already NULL from last time round, hence the crash. I've included a patch that I think should fix the error, but note that it is not well tested! Peter To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/2024585/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
