Bug 437985

Summary: summary is determined: reporter is an idiot ;-)
Product: [Fedora] Fedora Reporter: Matěj Cepl <mcepl>
Component: dbusAssignee: David Zeuthen <davidz>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: mcepl, mclasen, robin.norwood
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-18 16:03:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
/var/log/Xorg.0.log none

Description Matěj Cepl 2008-03-18 15:27:44 UTC 
Description of problem:
Starting empathy I get zillion of coredumps from telepathy-mission-control (see
http://sourceforge.net/tracker/index.php?func=detail&aid=1916575&group_id=190214&atid=932444
for the upstream bug about that).

When trying pk-application then, it ends with 

[matej@hubmaier dumpBugzilla]$ pk-application 

** ERROR **: This program cannot start until you start the dbus system service.
aborting...
[matej@hubmaier dumpBugzilla]$ 

when running gdb on dbus --system I get:

Loaded symbols for /lib64/libnss_files.so.2
0x0000000000e86346 in __poll (fds=<value optimized out>, 
    nfds=<value optimized out>, timeout=<value optimized out>)
    at ../sysdeps/unix/sysv/linux/poll.c:87
87	  int result = INLINE_SYSCALL (poll, 3, CHECK_N (fds, nfds), nfds, timeout);
(gdb) thread apply all backtrace

Thread 2 (Thread 0x41d35950 (LWP 2414)):
#0  0x00000000007833ec in recvfrom () from /lib64/libpthread.so.0
#1  0x000000000056002a in avc_netlink_receive (buf=<value optimized out>, 
    buflen=<value optimized out>) at /usr/include/bits/socket2.h:77
#2  0x000000000056042b in avc_netlink_loop () at avc_internal.c:219
#3  0x000000000077c40a in start_thread (arg=<value optimized out>)
    at pthread_create.c:297
#4  0x0000000000e8fd1d in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7ffa4ff17780 (LWP 2413)):
#0  0x0000000000e86346 in __poll (fds=<value optimized out>, 
    nfds=<value optimized out>, timeout=<value optimized out>)
    at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007ffa4ff6e996 in _dbus_loop_iterate (loop=0x7ffa51bb4530, block=1)
    at dbus-mainloop.c:707
#2  0x00007ffa4ff6ecfd in _dbus_loop_run (loop=0x7ffa51bb4530)
    at dbus-mainloop.c:874
#3  0x00007ffa4ff5040e in main (argc=<value optimized out>, 
    argv=0x7fff57f8ec88) at main.c:468
Current language:  auto; currently asm
0x0000000000e86346	87	  int result = INLINE_SYSCALL (poll, 3, CHECK_N (fds,
nfds), nfds, timeout);
Current language:  auto; currently c
(gdb) 

SELinux is in the Enforcing mode.

Version-Release number of selected component (if applicable):
dbus-1.1.20-1.fc9.x86_64
PackageKit-0.1.9-1.fc9.x86_64
telepathy-mission-control-4.64-1.fc9.x86_64


How reproducible:
100% unfortunately
Comment 1 Matěj Cepl 2008-03-18 15:30:33 UTC 
Created attachment 298406 [details]
/var/log/Xorg.0.log

et tu Brute!
Comment 2 David Zeuthen 2008-03-18 15:31:01 UTC 
Please check if this happens in selinux permissive mode.
Comment 3 David Zeuthen 2008-03-18 16:01:43 UTC 
From IRC

<mcepl> davidz: I am an ... (just my pride bars to say who I am), of course that
calling telepathy-{idle,mission-control,gabble} in an endless loop puts
dbus-daemon on its knees.
Comment 4 Matěj Cepl 2008-03-18 16:03:16 UTC 
by making script running in the endless loop while calling endlessly new and new
instances of telepathy-{idle,mission-control,gabble} it finally crashes dbus
and/or mission-control.

Sorry.
Comment 5 David Zeuthen 2008-03-18 16:04:14 UTC 
No problem. To summarize: The bus daemon doesn't appear to be crashing judging
from the stack trace; it's just denying service to your uid because you have a
lot of other connections (comment 3). To avoid a denial of service attack. This
is a feature of D-Bus, not a bug. Closing.