GNOME Bugzilla – Bug 682301
Crash in gdm-session-worker
Last modified: 2012-08-21 03:35:18 UTC
I was just testing the screen shield as usual, when gdm-session-worker crashed, bringing me happily to a text console, with no hope but to log in in a VT and restart gdm. Looking at the backtrace, I'm not sure where the bug is. It could be some lifetime issue due to ReauthenticationRequest freed too early (although in theory freeing that should free the session too, and thus drop all signal connections). Maybe you have some better clue.
Created attachment 221917 [details] /var/log/gdm/:0-slave.log
Forgot to add, this is on gdm-3.5.5-5.fc18.x86_64, which is a locally built package made from 3.5.5 + 27d14a6ebdb9960bb833a1012f49548b47466fb0, f073821e193152d4d0ce4c89aedfdf1f1300dbea and c34004ed4a17b6d7072899e016bbaba3825025ab.
This looks interesting: gdm-password][1068]: DEBUG(+): GdmSession: Closing session gdm-password][1068]: DEBUG(+): GdmSession: Stopping all conversations gdm-password][1068]: GLib-GObject-CRITICAL: g_object_unref: assertion `G_IS_OBJECT (object)' failed gdm-password][1068]: DEBUG(+): GdmSessionWorker: start reauthentication gdm-password][1068]: DEBUG(+): GdmSession: Creating D-Bus server for worker for session gdm-password][1068]: DEBUG(+): GdmSession: D-Bus server for workers listening on unix:abstract=/tmp/gdm-gree Some nearby code: g_debug ("GdmSessionWorker: start reauthentication");• request = reauthentication_request_new (worker, pid_of_caller, uid_of_caller, invocation);• g_hash_table_replace (worker->priv->reauthentication_requests,• GINT_TO_POINTER (pid_of_caller),• request);• So if that gets called multiple times for the same pid, the previous request will be freed, which as you mentioned does: g_clear_object (&request->session);• If session was ref'd it would be freed by that though. In the backtrace there's: gdm[1759]: #21 0x0000003c464c0fe2 in emit_closed_in_idle (user_data=0x7fac08006930) at gdbusconnection.c:1377 so the closed signal is being emitted. The closed signal is connected here: g_signal_connect_object (connection,• "closed",• G_CALLBACK (on_outside_connection_closed),• self,• 0);• docs for g_signal_connect_object say: " uses a closure which ensures that the gobject stays alive during the call to c_handler by temporarily adding a reference count to gobject." so session object has an extra reference, which is why it isn't dying.
The following fix has been pushed: 4857796 worker: disconnect reauth handlers when freeing request There is some guessing involved here, so please reopen if necessary.
Created attachment 221954 [details] [review] worker: disconnect reauth handlers when freeing request If one client does multiple reauthentication requests, we need to clean up old requests properly. This commit ensures all old handlers are disconnected before freeing the request.