Bug 24589

Summary: xdm-1.1.9: core dump in SessionExit -> PAM -> strlen()
Product: xorg Reporter: Martin Mokrejs <mmokrejs>
Component: App/xdmAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: critical    
Priority: medium CC: ldv, leho, remi, shrek, xorg
Version: gitKeywords: patch
Hardware: All   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 25045    
Attachments:
Description Flags
backtrace of the segfaulting xdm process
none
xdm.log of the segfaulting xdm after logout (no new xdm started)
none
xdm-Call-openlog-3-early.patch
none
ptached-xdm-crashes-on-krb-passwd.txt none

Description Martin Mokrejs 2009-10-17 04:06:35 UTC 
There is a bugreport in Gentoo linux where several observed xdm crash when window manager is quit. Personally I use fvwm2 on linux-2.6.30.9 and glibc-2.10.1. I am not sure this is a xdm issue or PAM or glibc issue but was asked to report upstream. Please follow http://bugs.gentoo.org/show_bug.cgi?id=286923 and look for the attachments with "fvwm2" in its name. In brief:

(gdb) where
#0  strlen () at ../sysdeps/i386/i486/strlen.S:40
#1  0xb7cb6c98 in fputs_unlocked (str=0xb8003d55 <Address 0xb8003d55 out of bounds>, fp=0x8076eb8) at iofputs_u.c:37
#2  0xb7d1993a in __vsyslog_chk (pri=86, flag=1, fmt=0xb7db2a6a "%s %s", ap=0xbfa0bb8c "�006\b \221\006\b\031\034۷����") at ../misc/syslog.c:207
#3  0xb7d19db6 in __syslog_chk (pri=86, flag=1, fmt=0xb7db2a6a "%s %s") at ../misc/syslog.c:131
#4  0xb7db0226 in pam_vsyslog (pamh=0x80bb210, priority=86, fmt=0xb797a69e "session closed for user %s", args=0xbfa0bbfc "�D\f\b") at /usr/include/bits/syslog.h:32
#5  0xb7db02fb in pam_syslog (pamh=0x80bb210, priority=6, fmt=0xb797a69e "session closed for user %s") at pam_syslog.c:113
#6  0xb7974bdb in pam_sm_close_session (pamh=0x80bb210, flags=0, argc=0, argv=0x80c0558) at pam_unix_sess.c:125
#7  0xb7dab4b5 in _pam_dispatch (pamh=0x80bb210, flags=0, choice=5) at pam_dispatch.c:110
#8  0xb7daf4c3 in pam_close_session (pamh=0x0, flags=0) at pam_session.c:44
#9  0x0805340d in SessionExit (d=0x8068298, status=0, removeAuth=1) at session.c:480
#10 0x08053be9 in ManageSession (d=0x8068298) at session.c:375
#11 0x080506b0 in StartDisplay (d=0x8068298) at dm.c:762
#12 0x0804fbdc in ForEachDisplay (f=0x805079e <CheckDisplayStatus>) at dpylist.c:54
#13 0x08051267 in main (argc=1, argv=0xbfa0c304) at dm.c:630
Current language:  auto; currently asm
(gdb) bt full
#0  strlen () at ../sysdeps/i386/i486/strlen.S:40
No locals.
#1  0xb7cb6c98 in fputs_unlocked (str=0xb8003d55 <Address 0xb8003d55 out of bounds>, fp=0x8076eb8) at iofputs_u.c:37
        result = <value optimized out>
[cut]
Comment 1 Johannes Dewender 2009-11-13 09:47:12 UTC 
Created attachment 31179 [details]
backtrace of the segfaulting xdm process

I also have two different segfaults leading to a broken XDMCP setup in
https://bugs.freedesktop.org/show_bug.cgi?id=25045

This is the backtrace of the segfaulting process when I close fluxbox (window manager)

This is the moment the segfault occurs and shows up as
Nov 13 18:14:56 haljo kernel: xdm[24782]: segfault at 7fdc0079dd10 ip 00007fdc018c8272 sp 00007fff2be4bc78 error 4 in libc-2.11.so[7fdc0184d000+14d000]
Comment 2 Johannes Dewender 2009-11-13 09:51:13 UTC 
Created attachment 31180 [details]
xdm.log of the segfaulting xdm after logout (no new xdm started)

In order to generate a xdm.log for the segfaulting process I changed xdm in /etc/inittab form respawn to once. So no new xdm gets started and the log file is not overwritten.

Interesting part should be:
xdm error (pid 24777): Unknown session exit code 2816 from process 24782
xdm info (pid 24777): Exiting

The participating processes:
root     24777     1  0 18:14 ?        00:00:00 /usr/bin/xdm -nodaemon -config /etc/X11/xdm/haljo/xdm-config
root     24779 24777  3 18:14 tty7     00:00:01 /usr/bin/X :0 -auth /var/lib/xdm/authdir/authfiles/A:0-OHeSiQ
root     24782 24777  0 18:14 ?        00:00:00 -:0
Comment 3 Dmitry V. Levin 2010-01-12 09:49:33 UTC 
Created attachment 32596 [details] [review]
xdm-Call-openlog-3-early.patch

Proposed fix.
Comment 4 Alan Coopersmith 2010-01-12 10:00:09 UTC 
Awesome find - thanks for solving this.   I've pushed the patch to git master.
(Will probably do a new xdm release once some other patches are merged from
 debian and a few other bug reports.)
Comment 5 Martin Mokrejs 2010-01-19 05:28:12 UTC 
Created attachment 32712 [details]
ptached-xdm-crashes-on-krb-passwd.txt

The patch fixes the problem with xdm crashing on logout for me. Unfortunately, not the issue with a crash on login when I enter valid kerberos password. I will instead the new stacktrace here instead of poking around the many other xdm core dumps reported in bugzilla. Please let me know if you think this is a separate issue. In my eyes the current stacktrace with Dmitrij's patch still points to syslog stuff.
Comment 6 Julien Cristau 2010-01-19 05:55:44 UTC 
> --- Comment #5 from Martin Mokrejs <mmokrejs@ribosome.natur.cuni.cz>  2010-01-19 05:28:12 PST ---
> Created an attachment (id=32712)
>  --> (http://bugs.freedesktop.org/attachment.cgi?id=32712)
> ptached-xdm-crashes-on-krb-passwd.txt
> 
Looks like pam_get_item(PAM_USER) doesn't return a valid username?
Comment 7 Martin Mokrejs 2010-02-01 08:19:11 UTC 
(In reply to comment #6)
> > --- Comment #5 from Martin Mokrejs <mmokrejs@ribosome.natur.cuni.cz>  2010-01-19 05:28:12 PST ---
> > Created an attachment (id=32712) [details]
> >  --> (http://bugs.freedesktop.org/attachment.cgi?id=32712)
> > ptached-xdm-crashes-on-krb-passwd.txt
> > 
> Looks like pam_get_item(PAM_USER) doesn't return a valid username?

I did use valid username which is even same as a local username. And, I can get my kerberos ticket from my shell.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.