Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1086189

Summary: [abrt] gdm: g_wakeup_new(): gdm killed by SIGTRAP
Product: Red Hat Enterprise Linux 7 Reporter: Michal Domonkos <mdomonko>
Component: gdmAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: mdomonko, tpelka
Target Milestone: rcKeywords: ZStream
Target Release: 7.0   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:7751991391b524c6d599bb8d739bb0bc7c29295a
Fixed In Version: gdm-3.8.4-28.el7 Doc Type: Bug Fix
Doc Text:
Cause: a problem in uid checking causes unlock failures and resource leaks for VNC sessions started from within an "su" shell. Consequence: vnc session won't unlock and gdm eventually crashes Fix: correct the uid comparison Result: sessions unlock properly and gdm doesn't crash
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 13:28:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1093706    
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages
none
File: sosreport.tar.xz
none
Fix resource leak when reauthentication client is rejected none

Description Michal Domonkos 2014-04-10 10:35:12 UTC 
Description of problem:
The current session terminates and GDM greeter is displayed.  It appears to be completely random.

Version-Release number of selected component:
gdm-3.8.4-25.el7

Additional info:
reporter:       libreport-2.1.11
backtrace_rating: 4
cmdline:        /usr/sbin/gdm
crash_function: g_wakeup_new
executable:     /usr/sbin/gdm
kernel:         3.10.0-119.el7.x86_64
runlevel:       3 5
type:           CCpp
uid:            0

Truncated backtrace:
Thread no. 1 (10 frames)
 #2 g_wakeup_new at gwakeup.c:163
 #3 g_main_context_new at gmain.c:614
 #4 g_dbus_connection_send_message_with_reply_sync at gdbusconnection.c:2227
 #5 g_dbus_connection_call_sync_internal at gdbusconnection.c:5564
 #6 g_dbus_connection_call_sync at gdbusconnection.c:5790
 #7 gdm_dbus_get_pid_for_name at gdm-dbus-util.c:122
 #8 get_display_and_details_for_bus_sender at gdm-manager.c:545
 #9 gdm_manager_handle_open_reauthentication_channel at gdm-manager.c:937
 #10 ffi_call_unix64 at ../src/x86/unix64.S:76
 #11 ffi_call at ../src/x86/ffi64.c:522
Comment 1 Michal Domonkos 2014-04-10 10:35:15 UTC 
Created attachment 884878 [details]
File: backtrace
Comment 2 Michal Domonkos 2014-04-10 10:35:17 UTC 
Created attachment 884879 [details]
File: cgroup
Comment 3 Michal Domonkos 2014-04-10 10:35:20 UTC 
Created attachment 884880 [details]
File: core_backtrace
Comment 4 Michal Domonkos 2014-04-10 10:35:22 UTC 
Created attachment 884881 [details]
File: dso_list
Comment 5 Michal Domonkos 2014-04-10 10:35:24 UTC 
Created attachment 884882 [details]
File: environ
Comment 6 Michal Domonkos 2014-04-10 10:35:26 UTC 
Created attachment 884883 [details]
File: limits
Comment 7 Michal Domonkos 2014-04-10 10:35:28 UTC 
Created attachment 884884 [details]
File: maps
Comment 8 Michal Domonkos 2014-04-10 10:35:30 UTC 
Created attachment 884885 [details]
File: open_fds
Comment 9 Michal Domonkos 2014-04-10 10:35:32 UTC 
Created attachment 884886 [details]
File: proc_pid_status
Comment 10 Michal Domonkos 2014-04-10 10:35:36 UTC 
Created attachment 884887 [details]
File: var_log_messages
Comment 11 Michal Domonkos 2014-04-10 10:36:09 UTC 
Created attachment 884888 [details]
File: sosreport.tar.xz
Comment 12 Michal Domonkos 2014-04-10 10:37:18 UTC 
I'm currently trying to find the pattern that reproduces this.
Comment 13 Ray Strode [halfline] 2014-04-10 12:04:40 UTC 
ugh this sounds bad:

        msg_alloc = 0x7f41623c6cb0 "Creating pipes for GWakeup: Too many open files\n"

a resource leak? This could be a resource leak in the gdm process or another processs.  After using the system for a while, can you run lsof as root?
Comment 14 Ray Strode [halfline] 2014-04-10 12:27:00 UTC 
Michal figured out a reproducer for this on IRC. it's related to bug 1057179:

1) ssh to machine as root
2) su -l to a non-root user
3) run vncpasswd to set a vnc password
4) run vncserver to start vnc
5) connect to the vncserver with a vncviewer from another machine
6) lock the screen
7) note the fail loop, each time it fails it leaks a file descriptor and leaks quickly
8) eventually it crashes GDM.

devack+
Comment 15 Ray Strode [halfline] 2014-04-10 12:40:44 UTC 
So there are two closely related problems:

1) we're only allowing root (the owner of the audit session) to reauthenticate, not the the non-root user who actually is running the session.

2) our error handling for failure in the scenario is inadequate. The code is here:

static gboolean•
allow_user_function (GDBusAuthObserver *observer,•
                     GIOStream         *stream,•
                     GCredentials      *credentials,•
                     GdmSession        *self)•
{•
        uid_t client_uid;•
•
        client_uid = g_credentials_get_unix_user (credentials, NULL);•
        if (client_uid == self->priv->allowed_user) {•
                return TRUE;•
        }•
•
        g_debug ("GdmSession: User not allowed");•
•
        return FALSE;•
}•

We don't emit any sort of signal to the calling code on the error, so the caller can clean up the now defunct session object.  Fix should be straightforward, and will address bug 1057179 at the same time, but I don't know if we're too late in the game to get this in for GA
Comment 18 Ray Strode [halfline] 2014-04-10 14:38:24 UTC 
Created attachment 884973 [details]
Fix resource leak when reauthentication client is rejected

Resolves: #1086189
Comment 23 errata-xmlrpc 2015-03-05 13:28:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0551.html