Bug#916880: Journald crashes in log_assert_failed()

Wed Dec 19 18:57:24 GMT 2018

Package: systemd
Version: 232-25+deb9u6
X-Debbugs-CC: cw817q at att.com


journald is crashing in log_assert_failed() when running stress tests.
Here is the stack trace:

#0  0x00007fad4a7a2fff in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007fad4a7a442a in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007fad4b240a42 in log_assert_failed () from /lib/systemd/libsystemd-shared-232.so
#3  0x00007fad4b27d1ff in journal_file_post_change () from /lib/systemd/libsystemd-shared-232.so
#4  0x000056369a264bec in ?? ()
#5  0x000056369a263402 in ?? ()
#6  0x000056369a263619 in ?? ()
#7  0x000056369a2605ee in ?? ()
#8  0x000056369a269640 in ?? ()
#9  0x000056369a2639df in ?? ()
#10 0x000056369a26784b in ?? ()
#11 0x00007fad4b2336e5 in ?? () from /lib/systemd/libsystemd-shared-232.so
#12 0x00007fad4b233894 in sd_event_dispatch () from /lib/systemd/libsystemd-shared-232.so
#13 0x00007fad4b234dd7 in sd_event_run () from /lib/systemd/libsystemd-shared-232.so
#14 0x000056369a25c4b3 in ?? ()
#15 0x00007fad4a7902e1 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#16 0x000056369a25e4ea in ?? ()

Debian version on our system is 9.6, and kernel version 4.14.86-0.

We don't see the crash with the following upstream fix for assertion failure:

commit 5b3cc0c86aeddd4615e7e28e79aa89e5b77a6507
Author: Yusuke Nojima <nojima718 at gmail.com>
Date:   Sun Apr 30 02:37:53 2017 +0900

    journald: fix assertion failure on journal_file_link_data. (#5843)
    
    When some error occurs during the initialization of JournalFile,
    the JournalFile can be left without hash tables created.  When later
    trying to append an entry to that file, the assertion in
    journal_file_link_data() fails, and journald crashes.
    
    This patch fix this issue by checking *_hash_table_size in
    journal_file_verify_header().

diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 14cb01a60..243d5198d 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -613,6 +613,9 @@ static int journal_file_verify_header(JournalFile *f) {
                         return -EBUSY;
                 }
 
+                if (f->header->field_hash_table_size == 0 || f->header->data_hash_table_size == 0)
+                        return -EBADMSG;
+
                 /* Don't permit appending to files from the future. Because otherwise the realtime timestamps wouldn't
                  * be strictly ordered in the entries in the file anymore, and we can't have that since it breaks
                  * bisection. */

We would like to see if this upstream patch can be backported to Debian stretch systemd.

