Created attachment 181807 [details]
gdb backtraced generated using the ubuntu packages with nostrip,debug options

Created attachment 181808 [details] [review]
patch adding has_pending_queries boolean against 2.30.5 (from gnome.org)

You may also have a look at https://bugs.launchpad.net/gdm/+bug/724205 for more details.

Created attachment 182242 [details] [review]
git formatted patch against gnome-2-32 branch

This patch is updated against the current gnome-2-32 branch, and changed to standard git format-patch. Unfortuantely I don't know who to credit there, it's an anonymous person in Launchpad as well.

The patch is authored by Michael Braun <michael-dev@fami-braun.de>.

Thanks.

Created attachment 182349 [details] [review]
git formatted patch against gnome-2-32 branch (with modified credits)

Change credit.

Couldn't this be changed to just check num_queries > 0 instead of introducing a new variable?

Currently, set_sensitive is used to prevent replies if no query is pending. So one could try to just call set_sensitive(..., FALSE) once the mode switches to MODE_AUTHENTICATION or have set_sentitive(..., FALSE) be in place implicitly when entering this mode, fixing the bug as well.
Though, set_sensitive also blocks the cancel button. As I'm unsure about all the modes of operation of gdm, I don't know when this would be safe.
I also looked at num_queries, though num_queries only counts for alle queries already seen in this session and therefore does itself not indicate if there is an unanswered one. Combining this variable with the set_sensitive mechanism that already blocks duplicate replies would work to fix this bug, but make num_queries a bit overloaded and have it combined with a scheme that should (but doesn't) block calls to n_login_button_clicked_answer_query in this case already. So using num_queries looks a bit more like a work around rather than a fix.
I opted for adding a new variable that indicates the state of a sequential query-reply mechanism as think that this change is safe also in the cases I did not test (I tested user list based logins with a single/without any password).

Created attachment 182609 [details] [review]
patch disabling the login button in MODE_AUTHENTICATION if no query is pending (against 2.32.0)

Created attachment 182610 [details] [review]
patch disabling the login button in MODE_AUTHENTICATION if no query is pending (against 2.91.91)

Created attachment 182611 [details] [review]
patch disabling the login button in MODE_AUTHENTICATION if no query is pending (against 2.30.5)

I wrote a new patch that avoids using a new variable by just making sure that the login button stays disabled in MODE_AUTHENTICATION if no query is pending. Actually this just requires set_sensitive(...,FALSE) to be called in switch_mode and avoid this to be overriden in reset_dialog and gdm_greeter_login_window_ready.
I've checked that timed login, login with password with/out user lists, login without password with/out user lists works fine and cannot be crashed with pam_mkhomedir taking some time.

Okay, one last request, if you don't mind.  Can you supply this as a git formatted patch so that I can give proper attribution?

The following fix has been pushed:
66a8a9e greeter: disable the login button in MODE_AUTHENTICATION if no query is pending

Created attachment 182885 [details] [review]
greeter: disable the login button in MODE_AUTHENTICATION if no query is pending

If the user does not need a password to login with gdm, then hitting the
"log in" button causes gdm to crash. This seems to be due to an
AnswerQuery DBUS message being generated even if the password input
field is not visible and an password has not been requested. The user
has a real opportunity to hit this bug at least if pam_mkhomedir is in
use and needs some time to finish due to the size of the skeleton.

This commit desensitizes the Login button when it's unavailable.

I pushed your patch with the above attribution/description.