Non-admin user logout fails on Lucid

Bug #569879 reported by Scott Kitterman on 2010-04-25
72
This bug affects 10 people
Affects Status Importance Assigned to Milestone
xorg-server (Ubuntu)
High
Scott Kitterman
Lucid
High
Scott Kitterman

Bug Description

Binary package hint: kdebase-workspace

So far I have reproduced this on three machines. If user with admin privs logs out, no problems. If a user without admin privs logs out the logout fails to a VT that says (process:310) GLib-WARNING **: getpwuid_r(): failed due to unknown user id (0).

Trying to switch to a different VT is not successful.

This does not happen when a non-admin user logs out from Gnome (when using KDM).

The systems in question all have various Intel video. There was one report on #kubuntu-devel that the problem was not reproducable on a system with nVidia.

Touching the power button results in the plymouth "splash" screen coming up and a normal shutdown.

TEST CASE:

Create a non-admin user. Log into Kubuntu using this non-admin user. Log out. Log in again. Log out. See the system hang. Restart X. Install the updated package. Restart X. Log into Kubuntu as a non-admin user. Log out. Log in. Log out again. See the system not hang.

description: updated
Scott Kitterman (kitterman) wrote :

Confirmed based on seeing the same problem on three different machines. May be related to Bug #569897.

Changed in kdebase-workspace (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Scott Kitterman (kitterman) wrote :

Seems to generally work OK on the first logout and fail on the second.

Scott Kitterman (kitterman) wrote :

On the one system I have that also has Gnome installed, if I login/out to Gnome (with KDM) I can do it multiple times and there is never a problem. After logging into/out of Gnome once I can not reproduce the problem in KDE anymore until after a reboot.

tags: added: regression-potential
Changed in kdebase-workspace (Ubuntu Lucid):
milestone: none → lucid-updates
Felix Geyer (debfx) wrote :

For me this happens even when logging out admin users.

From kdm.log:
(EE) intel(0): Couldn't create pixmap for fbcon
*** glibc detected *** /usr/bin/X: double free or corruption (fasttop): 0x00000000037f4f00 ***
======= Backtrace: =========
/lib/libc.so.6(+0x775b6)[0x7f270b1e95b6]
/lib/libc.so.6(cfree+0x73)[0x7f270b1efe53]
/usr/bin/X(dixFreePrivates+0x84)[0x44a304]
/usr/bin/X[0x42625d]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f270b190c4d]
/usr/bin/X[0x425d59]

koso (koso) wrote :

I have probably the same problem. It happens almost everytime I try to relog.

After first attempt to relog, desktop starts, but it is in some "safe" mode, becase there are no composite effects, and I cannot enable them.

When I try to relog again, there is no kdm, only glib warning (on black screen). Switching to console is not succesfull.

Strange is, that there is no problem after I I log in to virtual console (before logout), also restarting kdm using "service kdm stop" helps.

kdm.log shows: (EE) intel(0): Couldn't create pixmap for fbcon

Jonathan Thomas (echidnaman) wrote :

The backtrace in comment 5 pretty much confirms that this is X crashing on logout.

affects: kdebase-workspace (Ubuntu Lucid) → xserver-xorg-video-intel (Ubuntu Lucid)
Bryce Harrington (bryce) on 2010-05-02
tags: added: kubuntu
pschorre (twodogs) wrote :

I can confirm this bug but not on every logout. It does not matter how many VT running, admin or not. I see a standing cursor in the upper right corner and the keyboard does not work any more. I can ony shutdown the computer via power-button.

Jake Cobb (error404) wrote :

I sometimes experience a similar problem, although I have an nVidia graphics card. The stack in the attached KDM log appears close, but not exactly the same, as the one posted in #5.

For me, this seems to be proceeded by my up key no longer working in KDE. If I then logout, I get a blank black screen and cannot do anything locally (no VT switching, etc). I don't get anything displayed the way others have described (messages, cursors, etc). However, I can SSH in and restart KDM to restore it.

Nightfall (someoneelse) wrote :

Having the same problem ...

The following happens:
1) Log in - compositing has been disabled (and cannot be re-enabled if I
   remember correctly)
2) Then log out - display freezes (black screen/displaying terminal content/...).
   The system can still be rebooted using SysRq combinations/executing
   "sleep 300; sudo shutdown -r now" in a terminal before triggering the crash/...
3) Reboot and log in again - one plasma panel is corrupted (see screenshot), the
   other one looks as if compositing was disabled (according to the settings it is
   enabled though); after toggling compositing, the panel is displayed correctly

Backtrace of one crash (diff of kdm.log before logging out and before
rebooting, i.e. after the crash):

(EE) intel(0): Couldn't create pixmap for fbcon
(EE) intel(0): Couldn't create pixmap for fbcon
QFont::fromString: Invalid description 'Serif,20,5,0,50,0'
QFont::fromString: Invalid description 'Sans Serif,10,5,0,50,0'
QFont::fromString: Invalid description 'Sans Serif,10,5,0,75,0'
QInotifyFileSystemWatcherEngine::addPaths: inotify_add_watch failed: No such file or directory
QFileSystemWatcher: failed to add paths: /tmp/1446371504/.config/ibus/bus
Bus::open: Can not get ibus-daemon's address.
IBusInputContext::createInputContext: no connection to ibus-daemon
*** glibc detected *** /usr/bin/X: double free or corruption (fasttop): 0x0a2f4630 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0x17b591]
/lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0x17cde8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x17fecd]
/usr/bin/X(Xfree+0x21)[0x80a9f71]
/usr/bin/X(dixFreePrivates+0xaa)[0x808ce9a]
/usr/bin/X[0x8066e24]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x126bd6]
/usr/bin/X[0x8066961]
======= Memory map: ========
[...]

Desktop environment: KDE 4.4.3

$ lsb_release -d
Description: Ubuntu 10.04 LTS

$ lspci | grep VGA
00:02.0 VGA compatible controller: Intel Corporation Mobile 945GME Express Integrated Graphics Controller (rev 03)

$ apt-cache policy xserver-xorg-video-intel
xserver-xorg-video-intel:
  Installed: 2:2.9.1-3ubuntu5
[...]

Ken Hagan (k-a-hagan) wrote :

I think I'm getting this problem on both my systems. (Certainly the symptoms are very similar and they're both Intel 945 graphics.) I've switched to the non-themed greeter (SystemSetting/Advanced/LoginManager) and this appears to be sufficient to avoid provoking the problem.

Ken Hagan (k-a-hagan) wrote :

I spoke too soon, although certainly I'm seeing it less than I was.

The same systems are also prone to runaway nepomuk services, so I've been disabling those in all user accounts, but this is little more than hearsay evidence.

This is an X crash so it'd be surprising if nepomuk affected it.
Scott Kitterman

Joao S Veiga (jsveiga-it) wrote :

Same here:
kubuntu lucid + all updates, intel video
- Every now and then, when a non-admin user logs out or tries to shutdown the result is a black screen.
- Not possible to switch tty (ctrl+alt+Fn)
- power button brings the blue kubuntu, white dots countdown and shuts down

If it happens on a logout, I can still ssh to the pc, then if I (root) do a "killall -HUP kdm", I get the kdm login screen back (but I can't give the root password to my kids...).

Maybe there's a place where to insert a killall -HUP kdm so it happens after every login, as a temporary workaround?

I have attached the kdm.log (not sure if it is relevant; got it after a -HUP and logging back as an admin user).

Joao

Michel Zink (mmzz) wrote :

Having an old Geforce2 Nvidia card using "nouveau" driver, i can experience the same:
*** glibc detected *** /usr/bin/X: double free or corruption (fasttop): 0x0a111bd8 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0x17c591]
/lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0x17dde8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x180ecd]
/usr/bin/X(Xfree+0x21)[0x80a9f71]
/usr/bin/X(dixFreePrivates+0xaa)[0x808ce9a]
/usr/bin/X[0x8066e24]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x127bd6]
/usr/bin/X[0x8066961]

But after 2 adm user KDE sessions in and out => this affects also "nouveau" driver, with adm users

Albert Damen (albrt) wrote :

Disassembling dixFreePrivates in gdb shows the crash is happening in:

                if (items[i].size)
                    xfree(privates[i].value);

Also, Kubuntu resets/regenerates the Xserver on log-out, where Gnome starts a new server on log-out.
The regeneration bit in the git commit below matches Scotts findings in comment #3.
Therefore in my opinion this patch from xserver git looks quite promising to fix this bug:

commit 4151a13c80f3afa43f88afcf19a7aeb16dace93a
Author: Francisco Jerez <email address hidden>
Date: Mon Oct 5 02:39:03 2009 +0200

    dix: Fix a double free in dixFreePrivates.

    It can be reproduced when the server is regenerated and for some
    reason the private keys are reassigned in a different order: a
    manually allocated private may get an index formerly used by a
    preallocated private. In that case it will first be manually freed and
    then again by dixFreePrivates, as items[i].size was never zeroed
    out. Do it in dixResetPrivates.

    Signed-off-by: Francisco Jerez <email address hidden>
    Acked-by: Eamon Walsh <email address hidden>
    Signed-off-by: Keith Packard <email address hidden>

diff --git a/dix/privates.c b/dix/privates.c
index 3a2deb8..e3e7274 100644
--- a/dix/privates.c
+++ b/dix/privates.c
@@ -303,6 +303,7 @@ dixResetPrivates(void)
     /* reset private descriptors */
     for (i = 1; i < nextPriv; i++) {
        *items[i].key = 0;
+ items[i].size = 0;
        DeleteCallbackList(&items[i].initfuncs);
        DeleteCallbackList(&items[i].deletefuncs);
     }

Can anyone test if this patch against xorg-server solves the crash? (I cannot reproduce the crash myself)

Scott Kitterman (kitterman) wrote :

I've added this patch and uploaded the package to my PPA:

https://launchpad.net/~kitterman/+archive/ppa

Once it's built, I'll give it a try. I might be useful if other people experiencing this problem did too.

Scott Kitterman (kitterman) wrote :

Due to the long PPA build queue, I built it locally. Based on light testing, this appears to solve it.

Scott Kitterman (kitterman) wrote :

PPA package is finally built on i386, please test and give feedback so I can see about getting this into the official release for 10.04.1.

tags: added: regression-release
removed: regression-potential
Changed in xserver-xorg-video-intel (Ubuntu Lucid):
assignee: nobody → Scott Kitterman (kitterman)
milestone: lucid-updates → ubuntu-10.04.1
affects: xserver-xorg-video-intel (Ubuntu) → xorg-server (Ubuntu)
Changed in xorg-server (Ubuntu):
assignee: nobody → Scott Kitterman (kitterman)
status: Confirmed → In Progress
Changed in xorg-server (Ubuntu Lucid):
status: Confirmed → In Progress
description: updated
Scott Kitterman (kitterman) wrote :

Uploaded to lucid-proposed after reviewing the change with RAOF and others on #ubuntu-x.

ubuntu-sru ACK. Thank you.

Accepted xorg-server into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in xorg-server (Ubuntu Lucid):
status: In Progress → Fix Committed
tags: added: verification-needed
description: updated
Martin Pitt (pitti) wrote :

Any testers?

Changed in xorg-server (Ubuntu):
milestone: lucid-updates → none
Launchpad Janitor (janitor) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package xorg-server - 2:1.8.99.905-1ubuntu1

---------------
xorg-server (2:1.8.99.905-1ubuntu1) maverick; urgency=low

  * Merge from (unreleased) Debian experimental. Remaining Ubuntu changes:
    - rules, control:
      + Disable SELinux, libaudit-dev is not in main yet (LP 406226).
        Drop libaudit-dev from build-deps.
    - rules: Enable xcsecurity (LP 247537).
    - local/xvfb-run*: Add correct docs about error codes (LP 328205)
    - rules: Add --with-extra-module-dir to support GL alternatives.
    - control: Xvfb depends on xauth, x11-xkb-utils. (LP 500102)
    - rules, local/64-xorg-xkb.rules: Don't use keyboard-configuration
      until it's available.
    - control: Update some versioned Breaks for Ubuntu versions.
    - debian/patches:
      + 100_rethrow_signals.patch:
        When aborting, re-raise signals for apport
      + 109_fix-swcursor-crash.patch:
        Avoid dereferencing null pointer while reloading cursors during
        resume. (LP 371405)
      + 111_armel-drv-fallbacks.patch:
        Add support for armel driver fallbacks.
      + 121_only_switch_vt_when_active.diff:
        Add a check to prevent the X server from changing the VT when killing
        GDM from the console.
      + 122_xext_fix_card32_overflow_in_xauth.patch:
        Fix server crash when “xauth generate” is called with large timeout.
      + 157_check_null_modes.patch, 162_null_crtc_in_rotation.patch,
        166_nullptr_xinerama_keyrepeat.patch, 167_nullptr_xisbread.patch
        169_mipointer_nullptr_checks.patch,
        172_cwgetbackingpicture_nullptr_check.patch:
        Fix various segfaults in xserver by checking pointers for NULL
        values before dereferencing them.
      + 165_man_xorg_conf_no_device_ident.patch
        Correct man page
      + 168_glibc_trace_to_stderr.patch:
        Report abort traces to stderr instead of terminal
      + 184_virtual_devices_autodetect.patch:
        Use vesa for qemu device, which is not supported by cirrus
      + 187_edid_quirk_hp_nc8430.patch:
        Quirk for another LPL monitor (LP 380009)
      + 188_default_primary_to_first_busid.patch:
        Pick the first device and carry on (LP 459512)
      + 189_xserver_1.5.0_bg_none_root.patch:
        Create a root window with no background.
      + 190_cache-xkbcomp_output_for_fast_start_up.patch:
        Cache keyboard settings.
      + 191-Xorg-add-an-extra-module-path.patch:
        Add support for the alternatives module path.
      + 197_xvfb-randr.patch:
        Adds xrandr support to xvfb. (LP 516123)
      + 198_nohwaccess.patch:
        Adds a -nohwaccess argument to make X not access the hardware
        ports directly.
      + 200_randr-null.patch:
        Clarify a pointer initialization.
  * Update changelog entries for 1.8.1.902-1 which became 1.8.99.904-1
  * Drop 196_xvfbscreeninit-handling.patch: it's semantically empty, and now
    doesn't apply. Merge remaining #include change into 197_xvfb-randr.patch
  * New upstream version will start correctly when no outputs are connected,
    as long as the video driver can dynamically resize the framebuffer
    (true for all KMS drivers) (LP: #337889)
...

Read more...

Changed in xorg-server (Ubuntu):
status: In Progress → Fix Released
Martin Pitt (pitti) wrote :

Scott Kitterman confirmed that this update fixes this bug for him. I confirm that the proposed package works fine and shows no regression on both my Dell Latitude D430 (intel card) under Ubuntu/GNOME, as well as on my wife's amd64 desktop machine with an ATI card.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xorg-server - 2:1.7.6-2ubuntu7.3

---------------
xorg-server (2:1.7.6-2ubuntu7.3) lucid-proposed; urgency=low

  * Add 201_dixFreePrivates.patch patch: Patch from upstream to fix double
    free in dixFreePrivates to prevent crash on logout in KDE (LP: #569879)
 -- Scott Kitterman <email address hidden> Tue, 20 Jul 2010 19:52:00 -0400

Changed in xorg-server (Ubuntu Lucid):
status: Fix Committed → Fix Released
tags: added: testcase
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers