Source: systemd
Source-Version: 241-7~deb10u1
Severity: important
Tags: upstream patch buster
Hi!
We hit an assert in logind from the latest systemd package in buster:
systemd-logind coredumped: in log_assert_failed_realm ... at
../src/basic/log.c:795
Investiaging from the following stack trace:
,---
# gdb -c
core.systemd-logind.0.4c92c46cf794487eb1df36acdfa8d37e.363.1568024520000000
/lib/systemd/systemd-logind
[…]
Reading symbols from /lib/systemd/systemd-logind...Reading symbols from
/usr/lib/debug/.build-id/67/1f5fd985d111ef7cca8db8d01c5175738b0ec6.debug...done.
done.
[New LWP 363]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/lib/systemd/systemd-logind'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt full
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
set = {__val = {8589950979, 0, 17179869308, 0, 0, 0, 4096, 255,
18446744073709551615, 0, 1024, 140109258535907, 4294967295, 4096,
94012397244720, 140109259796384}}
pid = <optimized out>
tid = <optimized out>
ret = <optimized out>
#1 0x00007f6dba8f9535 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x5580f5dcb87e, sa_sigaction
= 0x5580f5dcb87e}, sa_mask = {__val = {17, 94012397097648,
13205360909752802304, 206158430240, 94012369043465, 2943, 94012369067104, 2,
94012369067104,
94012397040272, 140109256346163, 0, 0, 0, 140109257989088,
94012369057967}}, sa_flags = 0, sa_restorer = 0x5580f5dcb8af}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007f6dba69508a in log_assert_failed_realm (realm=<optimized out>,
text=0x5580f5dcb8af "pid > 1", file=0x5580f5dc8009
"../src/login/logind-dbus.c", line=2943, func=0x5580f5dcdc60
<__PRETTY_FUNCTION__.15284> "manager_start_scope")
at ../src/basic/log.c:795
No locals.
#3 0x00005580f5dbc282 in manager_start_scope (job=0x5580f7889330,
error=0x7ffe8737fb60, more_properties=0x5580f78c1820,
requires_mounts_for=0x5580f787ceb0 "/root", after=0x7ffe8737f970,
wants=0x7ffe8737f950,
description=0x7ffe8737f8d0 "Session 342 of user root", slice=0x5580f787b290
"user-0.slice", pid=0, scope=0x5580f78ad360 "session-342.scope",
manager=0x5580f7865c50) at ../src/login/logind-session.c:638
m = 0x0
reply = 0x0
i = <optimized out>
r = <optimized out>
m = <optimized out>
reply = <optimized out>
i = <optimized out>
r = <optimized out>
__PRETTY_FUNCTION__ = <optimized out>
#4 session_start_scope (s=s@entry=0x5580f78892b0,
properties=properties@entry=0x5580f78c1820, error=error@entry=0x7ffe8737fb60)
at ../src/login/logind-session.c:640
scope = <optimized out>
description = 0x7ffe8737f8d0 "Session 342 of user root"
_ptr_ = <optimized out>
r = <optimized out>
__PRETTY_FUNCTION__ = "session_start_scope"
__func__ = "session_start_scope"
_ptr_ = <optimized out>
#5 0x00005580f5dc2a6d in session_start (s=<optimized out>,
properties=<optimized out>, error=<optimized out>, s=<optimized out>,
properties=<optimized out>, error=<optimized out>) at
../src/login/logind-session.c:682
r = <optimized out>
r = <optimized out>
__func__ = "session_start"
__PRETTY_FUNCTION__ = "session_start"
#6 0x00005580f5db4f1a in method_create_session (message=0x5580f78c1820,
userdata=<optimized out>, error=0x7ffe8737fb60) at
../src/login/logind-dbus.c:860
service = 0x5580f787e9d4 "sshd"
type = 0x5580f787e9e0 "tty"
class = 0x5580f787e9e8 "user"
cseat = 0x5580f787e9fc ""
tty = 0x5580f787ea08 ""
display = 0x5580f787ea10 ""
remote_user = 0x5580f787ea1c ""
remote_host = 0x5580f787ea24 "<…REDACTED…>"
desktop = 0x0
id = 0x5580f78b82b0 "342"
session = 0x5580f78892b0
audit_id = 342
m = <optimized out>
user = 0x5580f78a2490
seat = <optimized out>
leader = 2973
uid = 0
remote = 1
vtnr = 0
t = <optimized out>
c = SESSION_USER
r = 1
__PRETTY_FUNCTION__ = "method_create_session"
__func__ = "method_create_session"
#7 0x00007f6dba708767 in method_callbacks_run (found_object=0x7ffe8737fc17,
require_fallback=<optimized out>, c=<optimized out>, m=0x5580f78c1820,
bus=0x5580f7868c00) at ../src/libsystemd/sd-bus/bus-objects.c:403
slot = 0x5580f786abf0
error = {name = 0x0, message = 0x0, _need_free = 0}
signature = <optimized out>
u = 0x5580f7865c50
r = <optimized out>
error = <optimized out>
signature = <optimized out>
u = <optimized out>
r = <optimized out>
__PRETTY_FUNCTION__ = <optimized out>
slot = <optimized out>
__unique_prefix_A8 = <optimized out>
#8 object_find_and_run (bus=0x5580f7868c00, m=0x5580f78c1820, p=<optimized
out>, require_fallback=false, found_object=0x7ffe8737fc17) at
../src/libsystemd/sd-bus/bus-objects.c:1266
n = 0x5580f786aba0
vtable_key = {path = 0x5580f787e928 "/org/freedesktop/login1",
interface = 0x5580f787e960 "org.freedesktop.login1.Manager", member =
0x5580f787e948 "CreateSession", parent = 0x5580f7868c88, last_iteration =
4152790016,
vtable = 0x5580f7868c88}
v = <optimized out>
r = <optimized out>
__PRETTY_FUNCTION__ = "object_find_and_run"
#9 0x00007f6dba6ff809 in bus_process_object (bus=0x5580f7868c00,
m=0x5580f78c1820) at ../src/libsystemd/sd-bus/bus-objects.c:1386
prefix = <optimized out>
r = <optimized out>
pl = <optimized out>
found_object = true
__PRETTY_FUNCTION__ = "bus_process_object"
#10 0x00007f6dba6f4014 in process_message (m=0x5580f78c1820,
bus=0x5580f7868c00) at ../src/libsystemd/sd-bus/sd-bus.c:2703
r = <optimized out>
r = <optimized out>
__PRETTY_FUNCTION__ = <optimized out>
__func__ = <optimized out>
_mm = <optimized out>
_level = <optimized out>
_e = <optimized out>
_realm = <optimized out>
#11 process_running (ret=0x0, priority=0, hint_priority=false,
bus=0x5580f7868c00) at ../src/libsystemd/sd-bus/sd-bus.c:2745
m = 0x5580f78c1820
r = 1
m = <optimized out>
r = <optimized out>
__PRETTY_FUNCTION__ = <optimized out>
__func__ = <optimized out>
_found = <optimized out>
_ptr_ = <optimized out>
_level = <optimized out>
_e = <optimized out>
_realm = <optimized out>
#12 bus_process_internal (bus=bus@entry=0x5580f7868c00,
hint_priority=hint_priority@entry=false, priority=priority@entry=0,
ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:2963
r = <optimized out>
__PRETTY_FUNCTION__ = "bus_process_internal"
_dont_destroy_bus = 0x5580f7868c00
#13 0x00007f6dba6f424c in sd_bus_process (bus=bus@entry=0x5580f7868c00,
ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:2990
No locals.
#14 0x00007f6dba6f4318 in io_callback (s=<optimized out>, fd=<optimized out>,
revents=<optimized out>, userdata=<optimized out>, s=<optimized out>,
fd=<optimized out>, revents=<optimized out>, userdata=<optimized out>)
at ../src/libsystemd/sd-bus/sd-bus.c:3341
bus = 0x5580f7868c00
r = <optimized out>
_level = <optimized out>
_e = <optimized out>
_realm = <optimized out>
bus = <optimized out>
r = <optimized out>
__PRETTY_FUNCTION__ = "io_callback"
__func__ = "io_callback"
#15 0x00007f6dba6c4e50 in source_dispatch (s=s@entry=0x5580f7872b70) at
../src/libsystemd/sd-event/sd-event.c:2821
saved_type = SOURCE_IO
r = <optimized out>
__PRETTY_FUNCTION__ = "source_dispatch"
__func__ = "source_dispatch"
#16 0x00007f6dba6c5141 in sd_event_dispatch (e=e@entry=0x5580f7866e50) at
../src/libsystemd/sd-event/sd-event.c:3234
ref = <optimized out>
p = <optimized out>
r = <optimized out>
__PRETTY_FUNCTION__ = "sd_event_dispatch"
#17 0x00007f6dba6c5308 in sd_event_run (e=0x5580f7866e50,
timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:3291
r = 1
__PRETTY_FUNCTION__ = "sd_event_run"
#18 0x00005580f5daa6ed in manager_run (m=0x5580f7865c50) at
../src/login/logind.c:1187
r = <optimized out>
r = <optimized out>
__PRETTY_FUNCTION__ = <optimized out>
#19 run (argv=<optimized out>, argc=<optimized out>) at
../src/login/logind.c:1235
m = <optimized out>
r = <optimized out>
m = <optimized out>
r = <optimized out>
__func__ = <optimized out>
__PRETTY_FUNCTION__ = <optimized out>
_level = <optimized out>
_e = <optimized out>
_realm = <optimized out>
_level = <optimized out>
_e = <optimized out>
_realm = <optimized out>
_level = <optimized out>
_e = <optimized out>
_realm = <optimized out>
_level = <optimized out>
_e = <optimized out>
_realm = <optimized out>
_level = <optimized out>
_e = <optimized out>
_realm = <optimized out>
_level = <optimized out>
_e = <optimized out>
_realm = <optimized out>
#20 main (argc=<optimized out>, argv=<optimized out>) at
../src/login/logind.c:1245
r = <optimized out>
(gdb)
`---
We can see that the pid in the assert comes from the s->leader as
passed to manager_start_scope() in its pid argument. The s->leader
gets assigned in method_create_session(), via a session_set_leader()
call, after having been previously initialized as a stack variable
and validated.
But the session_set_leader() call can fail in its hashmap_put()
function, but the call site does not check for any error code.
Checking then upstream's master I noticed this has already been fixed
there! Attached the upstream patch fixing this. And I've set this only
as important, but it might deserve being serious perhaps? Up to you.
Thanks,
Guillem
From fe3ab8458b9c0ead4b3e14ac25b342d8c34376fe Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+git...@gmail.com>
Date: Thu, 14 Feb 2019 10:59:13 +0900
Subject: [PATCH] login: add a missing error check for session_set_leader()
session_set_leader() may fail. If it fails, then manager_start_scope()
will trigger assertion.
This may be related to RHBZ#1663704.
---
src/login/logind-dbus.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 8ab498fdc2..b9ea370ec0 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -790,7 +790,9 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
goto fail;
session_set_user(session, user);
- session_set_leader(session, leader);
+ r = session_set_leader(session, leader);
+ if (r < 0)
+ goto fail;
session->type = t;
session->class = c;
--
2.23.0.237.gc6a4ce50a0
