Source: systemd Source-Version: 241-7~deb10u1 Severity: important Tags: upstream patch buster
Hi! We hit an assert in logind from the latest systemd package in buster: systemd-logind coredumped: in log_assert_failed_realm ... at ../src/basic/log.c:795 Investiaging from the following stack trace: ,--- # gdb -c core.systemd-logind.0.4c92c46cf794487eb1df36acdfa8d37e.363.1568024520000000 /lib/systemd/systemd-logind […] Reading symbols from /lib/systemd/systemd-logind...Reading symbols from /usr/lib/debug/.build-id/67/1f5fd985d111ef7cca8db8d01c5175738b0ec6.debug...done. done. [New LWP 363] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/lib/systemd/systemd-logind'. Program terminated with signal SIGABRT, Aborted. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt full #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 set = {__val = {8589950979, 0, 17179869308, 0, 0, 0, 4096, 255, 18446744073709551615, 0, 1024, 140109258535907, 4294967295, 4096, 94012397244720, 140109259796384}} pid = <optimized out> tid = <optimized out> ret = <optimized out> #1 0x00007f6dba8f9535 in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x5580f5dcb87e, sa_sigaction = 0x5580f5dcb87e}, sa_mask = {__val = {17, 94012397097648, 13205360909752802304, 206158430240, 94012369043465, 2943, 94012369067104, 2, 94012369067104, 94012397040272, 140109256346163, 0, 0, 0, 140109257989088, 94012369057967}}, sa_flags = 0, sa_restorer = 0x5580f5dcb8af} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007f6dba69508a in log_assert_failed_realm (realm=<optimized out>, text=0x5580f5dcb8af "pid > 1", file=0x5580f5dc8009 "../src/login/logind-dbus.c", line=2943, func=0x5580f5dcdc60 <__PRETTY_FUNCTION__.15284> "manager_start_scope") at ../src/basic/log.c:795 No locals. #3 0x00005580f5dbc282 in manager_start_scope (job=0x5580f7889330, error=0x7ffe8737fb60, more_properties=0x5580f78c1820, requires_mounts_for=0x5580f787ceb0 "/root", after=0x7ffe8737f970, wants=0x7ffe8737f950, description=0x7ffe8737f8d0 "Session 342 of user root", slice=0x5580f787b290 "user-0.slice", pid=0, scope=0x5580f78ad360 "session-342.scope", manager=0x5580f7865c50) at ../src/login/logind-session.c:638 m = 0x0 reply = 0x0 i = <optimized out> r = <optimized out> m = <optimized out> reply = <optimized out> i = <optimized out> r = <optimized out> __PRETTY_FUNCTION__ = <optimized out> #4 session_start_scope (s=s@entry=0x5580f78892b0, properties=properties@entry=0x5580f78c1820, error=error@entry=0x7ffe8737fb60) at ../src/login/logind-session.c:640 scope = <optimized out> description = 0x7ffe8737f8d0 "Session 342 of user root" _ptr_ = <optimized out> r = <optimized out> __PRETTY_FUNCTION__ = "session_start_scope" __func__ = "session_start_scope" _ptr_ = <optimized out> #5 0x00005580f5dc2a6d in session_start (s=<optimized out>, properties=<optimized out>, error=<optimized out>, s=<optimized out>, properties=<optimized out>, error=<optimized out>) at ../src/login/logind-session.c:682 r = <optimized out> r = <optimized out> __func__ = "session_start" __PRETTY_FUNCTION__ = "session_start" #6 0x00005580f5db4f1a in method_create_session (message=0x5580f78c1820, userdata=<optimized out>, error=0x7ffe8737fb60) at ../src/login/logind-dbus.c:860 service = 0x5580f787e9d4 "sshd" type = 0x5580f787e9e0 "tty" class = 0x5580f787e9e8 "user" cseat = 0x5580f787e9fc "" tty = 0x5580f787ea08 "" display = 0x5580f787ea10 "" remote_user = 0x5580f787ea1c "" remote_host = 0x5580f787ea24 "<…REDACTED…>" desktop = 0x0 id = 0x5580f78b82b0 "342" session = 0x5580f78892b0 audit_id = 342 m = <optimized out> user = 0x5580f78a2490 seat = <optimized out> leader = 2973 uid = 0 remote = 1 vtnr = 0 t = <optimized out> c = SESSION_USER r = 1 __PRETTY_FUNCTION__ = "method_create_session" __func__ = "method_create_session" #7 0x00007f6dba708767 in method_callbacks_run (found_object=0x7ffe8737fc17, require_fallback=<optimized out>, c=<optimized out>, m=0x5580f78c1820, bus=0x5580f7868c00) at ../src/libsystemd/sd-bus/bus-objects.c:403 slot = 0x5580f786abf0 error = {name = 0x0, message = 0x0, _need_free = 0} signature = <optimized out> u = 0x5580f7865c50 r = <optimized out> error = <optimized out> signature = <optimized out> u = <optimized out> r = <optimized out> __PRETTY_FUNCTION__ = <optimized out> slot = <optimized out> __unique_prefix_A8 = <optimized out> #8 object_find_and_run (bus=0x5580f7868c00, m=0x5580f78c1820, p=<optimized out>, require_fallback=false, found_object=0x7ffe8737fc17) at ../src/libsystemd/sd-bus/bus-objects.c:1266 n = 0x5580f786aba0 vtable_key = {path = 0x5580f787e928 "/org/freedesktop/login1", interface = 0x5580f787e960 "org.freedesktop.login1.Manager", member = 0x5580f787e948 "CreateSession", parent = 0x5580f7868c88, last_iteration = 4152790016, vtable = 0x5580f7868c88} v = <optimized out> r = <optimized out> __PRETTY_FUNCTION__ = "object_find_and_run" #9 0x00007f6dba6ff809 in bus_process_object (bus=0x5580f7868c00, m=0x5580f78c1820) at ../src/libsystemd/sd-bus/bus-objects.c:1386 prefix = <optimized out> r = <optimized out> pl = <optimized out> found_object = true __PRETTY_FUNCTION__ = "bus_process_object" #10 0x00007f6dba6f4014 in process_message (m=0x5580f78c1820, bus=0x5580f7868c00) at ../src/libsystemd/sd-bus/sd-bus.c:2703 r = <optimized out> r = <optimized out> __PRETTY_FUNCTION__ = <optimized out> __func__ = <optimized out> _mm = <optimized out> _level = <optimized out> _e = <optimized out> _realm = <optimized out> #11 process_running (ret=0x0, priority=0, hint_priority=false, bus=0x5580f7868c00) at ../src/libsystemd/sd-bus/sd-bus.c:2745 m = 0x5580f78c1820 r = 1 m = <optimized out> r = <optimized out> __PRETTY_FUNCTION__ = <optimized out> __func__ = <optimized out> _found = <optimized out> _ptr_ = <optimized out> _level = <optimized out> _e = <optimized out> _realm = <optimized out> #12 bus_process_internal (bus=bus@entry=0x5580f7868c00, hint_priority=hint_priority@entry=false, priority=priority@entry=0, ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:2963 r = <optimized out> __PRETTY_FUNCTION__ = "bus_process_internal" _dont_destroy_bus = 0x5580f7868c00 #13 0x00007f6dba6f424c in sd_bus_process (bus=bus@entry=0x5580f7868c00, ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:2990 No locals. #14 0x00007f6dba6f4318 in io_callback (s=<optimized out>, fd=<optimized out>, revents=<optimized out>, userdata=<optimized out>, s=<optimized out>, fd=<optimized out>, revents=<optimized out>, userdata=<optimized out>) at ../src/libsystemd/sd-bus/sd-bus.c:3341 bus = 0x5580f7868c00 r = <optimized out> _level = <optimized out> _e = <optimized out> _realm = <optimized out> bus = <optimized out> r = <optimized out> __PRETTY_FUNCTION__ = "io_callback" __func__ = "io_callback" #15 0x00007f6dba6c4e50 in source_dispatch (s=s@entry=0x5580f7872b70) at ../src/libsystemd/sd-event/sd-event.c:2821 saved_type = SOURCE_IO r = <optimized out> __PRETTY_FUNCTION__ = "source_dispatch" __func__ = "source_dispatch" #16 0x00007f6dba6c5141 in sd_event_dispatch (e=e@entry=0x5580f7866e50) at ../src/libsystemd/sd-event/sd-event.c:3234 ref = <optimized out> p = <optimized out> r = <optimized out> __PRETTY_FUNCTION__ = "sd_event_dispatch" #17 0x00007f6dba6c5308 in sd_event_run (e=0x5580f7866e50, timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:3291 r = 1 __PRETTY_FUNCTION__ = "sd_event_run" #18 0x00005580f5daa6ed in manager_run (m=0x5580f7865c50) at ../src/login/logind.c:1187 r = <optimized out> r = <optimized out> __PRETTY_FUNCTION__ = <optimized out> #19 run (argv=<optimized out>, argc=<optimized out>) at ../src/login/logind.c:1235 m = <optimized out> r = <optimized out> m = <optimized out> r = <optimized out> __func__ = <optimized out> __PRETTY_FUNCTION__ = <optimized out> _level = <optimized out> _e = <optimized out> _realm = <optimized out> _level = <optimized out> _e = <optimized out> _realm = <optimized out> _level = <optimized out> _e = <optimized out> _realm = <optimized out> _level = <optimized out> _e = <optimized out> _realm = <optimized out> _level = <optimized out> _e = <optimized out> _realm = <optimized out> _level = <optimized out> _e = <optimized out> _realm = <optimized out> #20 main (argc=<optimized out>, argv=<optimized out>) at ../src/login/logind.c:1245 r = <optimized out> (gdb) `--- We can see that the pid in the assert comes from the s->leader as passed to manager_start_scope() in its pid argument. The s->leader gets assigned in method_create_session(), via a session_set_leader() call, after having been previously initialized as a stack variable and validated. But the session_set_leader() call can fail in its hashmap_put() function, but the call site does not check for any error code. Checking then upstream's master I noticed this has already been fixed there! Attached the upstream patch fixing this. And I've set this only as important, but it might deserve being serious perhaps? Up to you. Thanks, Guillem
From fe3ab8458b9c0ead4b3e14ac25b342d8c34376fe Mon Sep 17 00:00:00 2001 From: Yu Watanabe <watanabe.yu+git...@gmail.com> Date: Thu, 14 Feb 2019 10:59:13 +0900 Subject: [PATCH] login: add a missing error check for session_set_leader() session_set_leader() may fail. If it fails, then manager_start_scope() will trigger assertion. This may be related to RHBZ#1663704. --- src/login/logind-dbus.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 8ab498fdc2..b9ea370ec0 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -790,7 +790,9 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus goto fail; session_set_user(session, user); - session_set_leader(session, leader); + r = session_set_leader(session, leader); + if (r < 0) + goto fail; session->type = t; session->class = c; -- 2.23.0.237.gc6a4ce50a0