shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define. #6

xnox · 2015-06-02T10:26:15Z

In cgtop,mount-setup,nspawn the name= prefix is hard-coded in the
mount options, and the define is not used.

Everywhere else, we explicitly white-list allow 'name=' prefix to be
used with all controllers, and strip it out to 'normalise' the
controller name. That work is mostly inflicted on us due to 'name='
prefix in the define. Dropping this prefix makes everything more sane
overall.

In cgtop,mount-setup,nspawn the name= prefix is hard-coded in the mount options, and the define is not used. Everywhere else, we explicitly white-list allow 'name=' prefix to be used with all controllers, and strip it out to 'normalise' the controller name. That work is mostly inflicted on us due to 'name=' prefix in the define. Dropping this prefix makes everything more sane overall.

================================================================= ==64281==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7f623c961c4a in malloc (/usr/lib64/libasan.so.2+0x96c4a) #1 0x5651f79ad34e in malloc_multiply (/home/crrodriguez/scm/systemd/systemd-modules-load+0x2134e) #2 0x5651f79b02d6 in strjoin (/home/crrodriguez/scm/systemd/systemd-modules-load+0x242d6) #3 0x5651f79be1f5 in files_add (/home/crrodriguez/scm/systemd/systemd-modules-load+0x321f5) #4 0x5651f79be6a3 in conf_files_list_strv_internal (/home/crrodriguez/scm/systemd/systemd-modules-load+0x326a3) #5 0x5651f79bea24 in conf_files_list_nulstr (/home/crrodriguez/scm/systemd/systemd-modules-load+0x32a24) #6 0x5651f79ad01a in main (/home/crrodriguez/scm/systemd/systemd-modules-load+0x2101a) #7 0x7f623c11586f in __libc_start_main (/lib64/libc.so.6+0x2086f) SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s). This happens due to the wrong cleanup attribute is used (free vs strv_free)

If systemd is built with GCC address sanitizer or leak sanitizer the following memory leak ocurs: May 12 02:02:46 linux.site systemd[326]: ================================================================= May 12 02:02:46 linux.site systemd[326]: ==326==ERROR: LeakSanitizer: detected memory leaks May 12 02:02:46 linux.site systemd[326]: Direct leak of 101 byte(s) in 3 object(s) allocated from: May 12 02:02:46 linux.site systemd[326]: #0 0x7fd1f504993f in strdup (/usr/lib64/libasan.so.2+0x6293f) May 12 02:02:46 linux.site systemd[326]: #1 0x55d6ffac5336 in strv_new_ap src/shared/strv.c:163 May 12 02:02:46 linux.site systemd[326]: #2 0x55d6ffac56a9 in strv_new src/shared/strv.c:185 May 12 02:02:46 linux.site systemd[326]: #3 0x55d6ffa80272 in generator_paths src/shared/path-lookup.c:223 May 12 02:02:46 linux.site systemd[326]: #4 0x55d6ff9bdb0f in manager_run_generators src/core/manager.c:2828 May 12 02:02:46 linux.site systemd[326]: #5 0x55d6ff9b1a10 in manager_startup src/core/manager.c:1121 May 12 02:02:46 linux.site systemd[326]: #6 0x55d6ff9a78e3 in main src/core/main.c:1667 May 12 02:02:46 linux.site systemd[326]: #7 0x7fd1f394e8c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) May 12 02:02:46 linux.site systemd[326]: Direct leak of 29 byte(s) in 1 object(s) allocated from: May 12 02:02:46 linux.site systemd[326]: #0 0x7fd1f504993f in strdup (/usr/lib64/libasan.so.2+0x6293f) May 12 02:02:46 linux.site systemd[326]: #1 0x55d6ffac5288 in strv_new_ap src/shared/strv.c:152 May 12 02:02:46 linux.site systemd[326]: #2 0x55d6ffac56a9 in strv_new src/shared/strv.c:185 May 12 02:02:46 linux.site systemd[326]: #3 0x55d6ffa80272 in generator_paths src/shared/path-lookup.c:223 May 12 02:02:46 linux.site systemd[326]: #4 0x55d6ff9bdb0f in manager_run_generators src/core/manager.c:2828 May 12 02:02:46 linux.site systemd[326]: #5 0x55d6ff9b1a10 in manager_startup src/core/manager.c:1121 May 12 02:02:46 linux.site systemd[326]: #6 0x55d6ff9a78e3 in main src/core/main.c:1667 May 12 02:02:46 linux.site systemd[326]: #7 0x7fd1f394e8c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) May 12 02:02:46 linux.site systemd[326]: SUMMARY: AddressSanitizer: 130 byte(s) leaked in 4 allocation(s). There is a leak due to the the use of cleanup_free instead _cleanup_strv_free_

$ /usr/lib/systemd/systemd-timedated (wait until auto-exit) ================================================================= ==396==ERROR: LeakSanitizer: detected memory leaks Direct leak of 928 byte(s) in 1 object(s) allocated from: #0 0x7f782f788db1 in __interceptor_calloc (/usr/lib64/libasan.so.2+0x96db1) #1 0x562a83ae60cf in bus_message_from_header src/libsystemd/sd-bus/bus-message.c:480 #2 0x562a83ae6f5a in bus_message_from_malloc src/libsystemd/sd-bus/bus-message.c:576 #3 0x562a83ad3cad in bus_socket_make_message src/libsystemd/sd-bus/bus-socket.c:915 #4 0x562a83ad4cfc in bus_socket_read_message src/libsystemd/sd-bus/bus-socket.c:1051 #5 0x562a83ab733f in bus_read_message src/libsystemd/sd-bus/sd-bus.c:1647 #6 0x562a83ab98ea in sd_bus_call src/libsystemd/sd-bus/sd-bus.c:2038 #7 0x562a83b1f46d in sd_bus_call_method src/libsystemd/sd-bus/bus-convenience.c:94 #8 0x562a83aab3e1 in context_read_ntp src/timedate/timedated.c:192 #9 0x562a83aae1af in main src/timedate/timedated.c:730 #10 0x7f782eb238c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) Indirect leak of 77 byte(s) in 1 object(s) allocated from: #0 0x7f782f788f6a in realloc (/usr/lib64/libasan.so.2+0x96f6a) #1 0x562a83ad418a in bus_socket_read_message src/libsystemd/sd-bus/bus-socket.c:963 #2 0x562a83ab733f in bus_read_message src/libsystemd/sd-bus/sd-bus.c:1647 #3 0x562a83ab98ea in sd_bus_call src/libsystemd/sd-bus/sd-bus.c:2038 #4 0x562a83b1f46d in sd_bus_call_method src/libsystemd/sd-bus/bus-convenience.c:94 #5 0x562a83aab3e1 in context_read_ntp src/timedate/timedated.c:192 #6 0x562a83aae1af in main src/timedate/timedated.c:730 #7 0x7f782eb238c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) Indirect leak of 2 byte(s) in 1 object(s) allocated from: #0 0x7f782f75493f in strdup (/usr/lib64/libasan.so.2+0x6293f) #1 0x562a83b0229b in bus_message_parse_fields src/libsystemd/sd-bus/bus-message.c:5382 #2 0x562a83ae7290 in bus_message_from_malloc src/libsystemd/sd-bus/bus-message.c:601 #3 0x562a83ad3cad in bus_socket_make_message src/libsystemd/sd-bus/bus-socket.c:915 #4 0x562a83ad4cfc in bus_socket_read_message src/libsystemd/sd-bus/bus-socket.c:1051 #5 0x562a83ab733f in bus_read_message src/libsystemd/sd-bus/sd-bus.c:1647 #6 0x562a83ab98ea in sd_bus_call src/libsystemd/sd-bus/sd-bus.c:2038 #7 0x562a83b1f46d in sd_bus_call_method src/libsystemd/sd-bus/bus-convenience.c:94 #8 0x562a83aab3e1 in context_read_ntp src/timedate/timedated.c:192 #9 0x562a83aae1af in main src/timedate/timedated.c:730 #10 0x7f782eb238c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) SUMMARY: AddressSanitizer: 1007 byte(s) leaked in 3 allocation(s). This is due to missing _cleanup_bus_message_unref_ in context_read_ntp()

shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.

$ /usr/lib/systemd/systemd-timedated (wait until auto-exit) ================================================================= ==396==ERROR: LeakSanitizer: detected memory leaks Direct leak of 928 byte(s) in 1 object(s) allocated from: #0 0x7f782f788db1 in __interceptor_calloc (/usr/lib64/libasan.so.2+0x96db1) systemd#1 0x562a83ae60cf in bus_message_from_header src/libsystemd/sd-bus/bus-message.c:480 systemd#2 0x562a83ae6f5a in bus_message_from_malloc src/libsystemd/sd-bus/bus-message.c:576 systemd#3 0x562a83ad3cad in bus_socket_make_message src/libsystemd/sd-bus/bus-socket.c:915 systemd#4 0x562a83ad4cfc in bus_socket_read_message src/libsystemd/sd-bus/bus-socket.c:1051 systemd#5 0x562a83ab733f in bus_read_message src/libsystemd/sd-bus/sd-bus.c:1647 systemd#6 0x562a83ab98ea in sd_bus_call src/libsystemd/sd-bus/sd-bus.c:2038 systemd#7 0x562a83b1f46d in sd_bus_call_method src/libsystemd/sd-bus/bus-convenience.c:94 systemd#8 0x562a83aab3e1 in context_read_ntp src/timedate/timedated.c:192 systemd#9 0x562a83aae1af in main src/timedate/timedated.c:730 systemd#10 0x7f782eb238c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) Indirect leak of 77 byte(s) in 1 object(s) allocated from: #0 0x7f782f788f6a in realloc (/usr/lib64/libasan.so.2+0x96f6a) systemd#1 0x562a83ad418a in bus_socket_read_message src/libsystemd/sd-bus/bus-socket.c:963 systemd#2 0x562a83ab733f in bus_read_message src/libsystemd/sd-bus/sd-bus.c:1647 systemd#3 0x562a83ab98ea in sd_bus_call src/libsystemd/sd-bus/sd-bus.c:2038 systemd#4 0x562a83b1f46d in sd_bus_call_method src/libsystemd/sd-bus/bus-convenience.c:94 systemd#5 0x562a83aab3e1 in context_read_ntp src/timedate/timedated.c:192 systemd#6 0x562a83aae1af in main src/timedate/timedated.c:730 systemd#7 0x7f782eb238c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) Indirect leak of 2 byte(s) in 1 object(s) allocated from: #0 0x7f782f75493f in strdup (/usr/lib64/libasan.so.2+0x6293f) systemd#1 0x562a83b0229b in bus_message_parse_fields src/libsystemd/sd-bus/bus-message.c:5382 systemd#2 0x562a83ae7290 in bus_message_from_malloc src/libsystemd/sd-bus/bus-message.c:601 systemd#3 0x562a83ad3cad in bus_socket_make_message src/libsystemd/sd-bus/bus-socket.c:915 systemd#4 0x562a83ad4cfc in bus_socket_read_message src/libsystemd/sd-bus/bus-socket.c:1051 systemd#5 0x562a83ab733f in bus_read_message src/libsystemd/sd-bus/sd-bus.c:1647 systemd#6 0x562a83ab98ea in sd_bus_call src/libsystemd/sd-bus/sd-bus.c:2038 systemd#7 0x562a83b1f46d in sd_bus_call_method src/libsystemd/sd-bus/bus-convenience.c:94 systemd#8 0x562a83aab3e1 in context_read_ntp src/timedate/timedated.c:192 systemd#9 0x562a83aae1af in main src/timedate/timedated.c:730 systemd#10 0x7f782eb238c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) SUMMARY: AddressSanitizer: 1007 byte(s) leaked in 3 allocation(s). This is due to missing _cleanup_bus_message_unref_ in context_read_ntp() (cherry picked from commit 6b71bab)

Fixes: Message: Process 806 (systemd-importd) of user 0 dumped core. Stack trace of thread 806: #0 0x00007f5eaeff7227 raise (libc.so.6) #1 0x00007f5eaeff8e8a abort (libc.so.6) #2 0x000055b6d3418f4f log_assert_failed (systemd-importd) #3 0x000055b6d3409daf safe_close (systemd-importd) #4 0x000055b6d33c25ea closep (systemd-importd) #5 0x000055b6d33c38d9 setup_machine_directory (systemd-importd) #6 0x000055b6d33b8536 method_pull_tar_or_raw (systemd-importd) #7 0x000055b6d33ed097 method_callbacks_run (systemd-importd) #8 0x000055b6d33ef929 object_find_and_run (systemd-importd) #9 0x000055b6d33eff6b bus_process_object (systemd-importd) #10 0x000055b6d3447f77 process_message (systemd-importd) #11 0x000055b6d344815a process_running (systemd-importd) #12 0x000055b6d3448a10 bus_process_internal (systemd-importd) #13 0x000055b6d3448ae1 sd_bus_process (systemd-importd) #14 0x000055b6d3449779 time_callback (systemd-importd) #15 0x000055b6d3454ff4 source_dispatch (systemd-importd) #16 0x000055b6d34562b9 sd_event_dispatch (systemd-importd) #17 0x000055b6d34566f8 sd_event_run (systemd-importd) #18 0x000055b6d33ba72a bus_event_loop_with_idle (systemd-importd) #19 0x000055b6d33b95bc manager_run (systemd-importd) #20 0x000055b6d33b9766 main (systemd-importd) #21 0x00007f5eaefe2a00 __libc_start_main (libc.so.6) #22 0x000055b6d33b5569 _start (systemd-importd)

$ /usr/lib/systemd/systemd-timedated (wait until auto-exit) ================================================================= ==396==ERROR: LeakSanitizer: detected memory leaks Direct leak of 928 byte(s) in 1 object(s) allocated from: #0 0x7f782f788db1 in __interceptor_calloc (/usr/lib64/libasan.so.2+0x96db1) systemd#1 0x562a83ae60cf in bus_message_from_header src/libsystemd/sd-bus/bus-message.c:480 systemd#2 0x562a83ae6f5a in bus_message_from_malloc src/libsystemd/sd-bus/bus-message.c:576 systemd#3 0x562a83ad3cad in bus_socket_make_message src/libsystemd/sd-bus/bus-socket.c:915 systemd#4 0x562a83ad4cfc in bus_socket_read_message src/libsystemd/sd-bus/bus-socket.c:1051 systemd#5 0x562a83ab733f in bus_read_message src/libsystemd/sd-bus/sd-bus.c:1647 systemd#6 0x562a83ab98ea in sd_bus_call src/libsystemd/sd-bus/sd-bus.c:2038 systemd#7 0x562a83b1f46d in sd_bus_call_method src/libsystemd/sd-bus/bus-convenience.c:94 systemd#8 0x562a83aab3e1 in context_read_ntp src/timedate/timedated.c:192 systemd#9 0x562a83aae1af in main src/timedate/timedated.c:730 systemd#10 0x7f782eb238c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) Indirect leak of 77 byte(s) in 1 object(s) allocated from: #0 0x7f782f788f6a in realloc (/usr/lib64/libasan.so.2+0x96f6a) systemd#1 0x562a83ad418a in bus_socket_read_message src/libsystemd/sd-bus/bus-socket.c:963 systemd#2 0x562a83ab733f in bus_read_message src/libsystemd/sd-bus/sd-bus.c:1647 systemd#3 0x562a83ab98ea in sd_bus_call src/libsystemd/sd-bus/sd-bus.c:2038 systemd#4 0x562a83b1f46d in sd_bus_call_method src/libsystemd/sd-bus/bus-convenience.c:94 systemd#5 0x562a83aab3e1 in context_read_ntp src/timedate/timedated.c:192 systemd#6 0x562a83aae1af in main src/timedate/timedated.c:730 systemd#7 0x7f782eb238c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) Indirect leak of 2 byte(s) in 1 object(s) allocated from: #0 0x7f782f75493f in strdup (/usr/lib64/libasan.so.2+0x6293f) systemd#1 0x562a83b0229b in bus_message_parse_fields src/libsystemd/sd-bus/bus-message.c:5382 systemd#2 0x562a83ae7290 in bus_message_from_malloc src/libsystemd/sd-bus/bus-message.c:601 systemd#3 0x562a83ad3cad in bus_socket_make_message src/libsystemd/sd-bus/bus-socket.c:915 systemd#4 0x562a83ad4cfc in bus_socket_read_message src/libsystemd/sd-bus/bus-socket.c:1051 systemd#5 0x562a83ab733f in bus_read_message src/libsystemd/sd-bus/sd-bus.c:1647 systemd#6 0x562a83ab98ea in sd_bus_call src/libsystemd/sd-bus/sd-bus.c:2038 systemd#7 0x562a83b1f46d in sd_bus_call_method src/libsystemd/sd-bus/bus-convenience.c:94 systemd#8 0x562a83aab3e1 in context_read_ntp src/timedate/timedated.c:192 systemd#9 0x562a83aae1af in main src/timedate/timedated.c:730 systemd#10 0x7f782eb238c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) SUMMARY: AddressSanitizer: 1007 byte(s) leaked in 3 allocation(s). This is due to missing _cleanup_bus_message_unref_ in context_read_ntp() (cherry picked from commit 6b71bab) Cherry-picked from: 6b71bab Resolves: #1222517

This makes systemctl robust regarding journal truncation. This is a follow-up for 2cf4172 Fixes: Core was generated by `./systemctl status systemd-journald'. Program terminated with signal SIGBUS, Bus error. PID 8569 - core TID 8569: #0 0x00007f246cc89ed6 __memcmp_sse4_1 #1 0x0000557ebbc6f42c journal_file_init_header #2 0x0000557ebbc77262 journal_file_open #3 0x0000557ebbc42999 file_type_wanted #4 0x0000557ebbc42e08 add_any_file #5 0x0000557ebbc43832 add_directory #6 0x0000557ebbc4401c add_root_directory #7 0x0000557ebbc442e9 add_root_directory #8 0x0000557ebbc446fc add_search_paths #9 0x0000557ebbbacb5e show_journal_by_unit #10 0x0000557ebbb8376d print_status_info #11 0x0000557ebbb86a0b show_one #12 0x0000557ebbb87954 show #13 0x0000557ebbc20b1f dispatch_verb #14 0x0000557ebbb90615 systemctl_main #15 0x0000557ebbb9159f main #16 0x00007f246cb3e731 __libc_start_main #17 0x0000557ebbb75ae9 _start

Fixes: Oct 20 09:10:49 systemd-sysusers[144]: Direct leak of 20 byte(s) in 1 object(s) allocated from: Oct 20 09:10:49 systemd-sysusers[144]: #0 0x7f3565a13e60 in malloc (/lib64/libasan.so.3+0xc6e60) Oct 20 09:10:49 systemd-sysusers[144]: #1 0x7f3565526bd0 in malloc_multiply src/basic/alloc-util.h:70 Oct 20 09:10:49 systemd-sysusers[144]: #2 0x7f356552cb55 in tempfn_xxxxxx src/basic/fileio.c:1116 Oct 20 09:10:49 systemd-sysusers[144]: #3 0x7f356552c4f0 in fopen_temporary src/basic/fileio.c:1042 Oct 20 09:10:49 systemd-sysusers[144]: #4 0x7f356555e00e in fopen_temporary_label src/basic/fileio-label.c:63 Oct 20 09:10:49 systemd-sysusers[144]: #5 0x56197c4a1766 in make_backup src/sysusers/sysusers.c:209 Oct 20 09:10:49 systemd-sysusers[144]: #6 0x56197c4a6335 in write_files src/sysusers/sysusers.c:710 Oct 20 09:10:49 systemd-sysusers[144]: #7 0x56197c4ae571 in main src/sysusers/sysusers.c:1817 Oct 20 09:10:49 systemd-sysusers[144]: #8 0x7f3564dee730 in __libc_start_main (/lib64/libc.so.6+0x20730)

Fixes: bash-4.3# journalctl --no-hostname >/dev/null ================================================================= ==288==ERROR: LeakSanitizer: detected memory leaks Direct leak of 48492 byte(s) in 2694 object(s) allocated from: #0 0x7fb4aba13e60 in malloc (/lib64/libasan.so.3+0xc6e60) #1 0x7fb4ab5b2cc4 in malloc_multiply src/basic/alloc-util.h:70 #2 0x7fb4ab5b3194 in parse_field src/shared/logs-show.c:98 #3 0x7fb4ab5b4918 in output_short src/shared/logs-show.c:347 #4 0x7fb4ab5b7cb7 in output_journal src/shared/logs-show.c:977 #5 0x5650e29cd83d in main src/journal/journalctl.c:2581 #6 0x7fb4aabdb730 in __libc_start_main (/lib64/libc.so.6+0x20730) SUMMARY: AddressSanitizer: 48492 byte(s) leaked in 2694 allocation(s). Closes: systemd#4568

bash-4.3# journalctl --no-hostname >/dev/null ================================================================= ==288==ERROR: LeakSanitizer: detected memory leaks Direct leak of 48492 byte(s) in 2694 object(s) allocated from: #0 0x7fb4aba13e60 in malloc (/lib64/libasan.so.3+0xc6e60) #1 0x7fb4ab5b2cc4 in malloc_multiply src/basic/alloc-util.h:70 #2 0x7fb4ab5b3194 in parse_field src/shared/logs-show.c:98 #3 0x7fb4ab5b4918 in output_short src/shared/logs-show.c:347 #4 0x7fb4ab5b7cb7 in output_journal src/shared/logs-show.c:977 #5 0x5650e29cd83d in main src/journal/journalctl.c:2581 #6 0x7fb4aabdb730 in __libc_start_main (/lib64/libc.so.6+0x20730) SUMMARY: AddressSanitizer: 48492 byte(s) leaked in 2694 allocation(s). Closes: systemd#4568

"%d (%m) %s\n" crashes asan: google/sanitizers#759 So, let's place %m after %s Fixes: ``` $ ./libtool --mode=execute ./test-selinux ... ============ test_misc ========== ASAN:DEADLYSIGNAL ================================================================= ==2981==ERROR: AddressSanitizer: SEGV on unknown address 0x000041b58ab3 (pc 0x7fd9c55a0eb2 bp 0x7fffdc2f9640 sp 0x7fffdc2f8d68 T0) #0 0x7fd9c55a0eb1 (/lib64/libasan.so.3+0xdeeb1) #1 0x7fd9c5550bbf (/lib64/libasan.so.3+0x8ebbf) #2 0x7fd9c5552cdd in __interceptor_vsnprintf (/lib64/libasan.so.3+0x90cdd) #3 0x7fd9c5063715 in log_internalv src/basic/log.c:680 #4 0x7fd9c506390a in log_internal src/basic/log.c:697 #5 0x561d398181a2 in test_misc src/test/test-selinux.c:81 #6 0x561d398185e8 in main src/test/test-selinux.c:117 #7 0x7fd9c493a400 in __libc_start_main (/lib64/libc.so.6+0x20400) #8 0x561d39817859 in _start (/home/vagrant/systemd-asan/.libs/lt-test-selinux+0x1859) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.3+0xdeeb1) ==2981==ABORTING ```

fuzzers randomly fail with the following: ``` ==172==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7f41169cb39b in update_argv /work/build/../../src/systemd/src/basic/argv-util.c:96:13 #1 0x7f41169cb39b in rename_process /work/build/../../src/systemd/src/basic/argv-util.c:210:16 #2 0x7f4116b6824e in safe_fork_full /work/build/../../src/systemd/src/basic/process-util.c:1516:21 #3 0x7f4116bffa36 in safe_fork /work/build/../../src/systemd/src/basic/process-util.h:191:16 #4 0x7f4116bffa36 in parse_timestamp /work/build/../../src/systemd/src/basic/time-util.c:1047:13 #5 0x4a61e6 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-time-util.c:16:16 #6 0x4c4a13 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #7 0x4c41fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #8 0x4c58c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #9 0x4c6595 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #10 0x4b58ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #11 0x4def52 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #12 0x7f4115ea3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: e678fe54a5d2c2092f8e47eb0b33105e380f7340) #13 0x41f5ad in _start (build-out/fuzz-time-util+0x41f5ad) DEDUP_TOKEN: update_argv--rename_process--safe_fork_full Uninitialized value was created by an allocation of 'fv' in the stack frame of function 'have_effective_cap' #0 0x7f41169d3540 in have_effective_cap /work/build/../../src/systemd/src/basic/capability-util.c:21 ```

When assert_return() is critical, the following assertion is triggered on exit: --- #0 0x00007f8b1f6b0884 in __pthread_kill_implementation () from target:/lib64/libc.so.6 #1 0x00007f8b1f65fafe in raise () from target:/lib64/libc.so.6 #2 0x00007f8b1f64887f in abort () from target:/lib64/libc.so.6 #3 0x00007f8b208d02d6 in log_assert_failed (text=0x7f8b210009e0 "e->state != SD_EVENT_FINISHED", file=0x7f8b20fff403 "src/libsystemd/sd-event/sd-event.c", line=1252, func=0x7f8b21004400 <__func__.154> "sd_event_add_io") at ../src/basic/log.c:948 #4 0x00007f8b208d0457 in log_assert_failed_return (text=0x7f8b210009e0 "e->state != SD_EVENT_FINISHED", file=0x7f8b20fff403 "src/libsystemd/sd-event/sd-event.c", line=1252, func=0x7f8b21004400 <__func__.154> "sd_event_add_io") at ../src/basic/log.c:967 #5 0x00007f8b20c7d102 in sd_event_add_io (e=0x617000000080, ret=0x60c000000a20, fd=11, events=1, callback=0x7dfd85 <ipv4acd_on_packet>, userdata=0x60c000000a00) at ../src/libsystemd/sd-event/sd-event.c:1252 #6 0x00000000007e3934 in sd_ipv4acd_start (acd=0x60c000000a00, reset_conflicts=true) at ../src/libsystemd-network/sd-ipv4acd.c:597 #7 0x00000000007e72b9 in ipv4ll_start_internal (ll=0x6080000006a0, reset_generation=true) at ../src/libsystemd-network/sd-ipv4ll.c:278 #8 0x00000000007e7462 in sd_ipv4ll_start (ll=0x6080000006a0) at ../src/libsystemd-network/sd-ipv4ll.c:298 #9 0x00000000006047a1 in dhcp4_handler (client=0x617000000400, event=0, userdata=0x61a000000680) at ../src/network/networkd-dhcp4.c:1183 #10 0x000000000075b1ed in client_notify (client=0x617000000400, event=0) at ../src/libsystemd-network/sd-dhcp-client.c:783 #11 0x000000000075bf8d in client_stop (client=0x617000000400, error=0) at ../src/libsystemd-network/sd-dhcp-client.c:821 #12 0x000000000077710f in sd_dhcp_client_stop (client=0x617000000400) at ../src/libsystemd-network/sd-dhcp-client.c:2388 #13 0x000000000065cdd1 in link_stop_engines (link=0x61a000000680, may_keep_dhcp=true) at ../src/network/networkd-link.c:336 #14 0x000000000041f214 in manager_free (m=0x618000000080) at ../src/network/networkd-manager.c:613 #15 0x00000000004124e3 in manager_freep (p=0x7f8b1c800040) at ../src/network/networkd-manager.h:128 #16 0x00000000004139f6 in run (argc=1, argv=0x7ffffe4522e8) at ../src/network/networkd.c:24 #17 0x0000000000413b20 in main (argc=1, argv=0x7ffffe4522e8) at ../src/network/networkd.c:119 --- Prompted by #30049 (comment).

By making assert_return() critical, we observe the following: --- Program received signal SIGABRT, Aborted. 0x00007f01320b0884 in __pthread_kill_implementation () from /lib64/libc.so.6 (gdb) bt #0 0x00007f01320b0884 in __pthread_kill_implementation () from /lib64/libc.so.6 #1 0x00007f013205fafe in raise () from /lib64/libc.so.6 #2 0x00007f013204887f in abort () from /lib64/libc.so.6 #3 0x00007f01338d02d6 in log_assert_failed ( text=0x7f01340009e0 "e->state != SD_EVENT_FINISHED", file=0x7f0133fff403 "src/libsystemd/sd-event/sd-event.c", line=1399, func=0x7f01340045a0 <__func__.148> "sd_event_add_time") at ../src/basic/log.c:948 #4 0x00007f01338d0457 in log_assert_failed_return ( text=0x7f01340009e0 "e->state != SD_EVENT_FINISHED", file=0x7f0133fff403 "src/libsystemd/sd-event/sd-event.c", line=1399, func=0x7f01340045a0 <__func__.148> "sd_event_add_time") at ../src/basic/log.c:967 #5 0x00007f0133c7ed83 in sd_event_add_time (e=0x617000022280, ret=0x610000007e98, clock=7, usec=24054941030, accuracy=0, callback=0x4625b4 <on_announcement_timeout>, userdata=0x610000007e40) at ../src/libsystemd/sd-event/sd-event.c:1399 #6 0x00007f0133c7f725 in sd_event_add_time_relative (e=0x617000022280, ret=0x610000007e98, clock=7, usec=1000000, accuracy=0, callback=0x4625b4 <on_announcement_timeout>, userdata=0x610000007e40) at ../src/libsystemd/sd-event/sd-event.c:1462 #7 0x0000000000464cac in dns_scope_announce (scope=0x610000007e40, goodbye=true) at ../src/resolve/resolved-dns-scope.c:1530 #8 0x0000000000504d08 in link_free (l=0x612000023d40) at ../src/resolve/resolved-link.c:83 #9 0x000000000052dbbd in manager_free (m=0x619000000a80) at ../src/resolve/resolved-manager.c:697 #10 0x0000000000562328 in manager_freep (p=0x7f012f800040) at ../src/resolve/resolved-manager.h:198 #11 0x000000000056315a in run (argc=1, argv=0x7fff22b06468) at ../src/resolve/resolved.c:25 #12 0x0000000000563284 in main (argc=1, argv=0x7fff22b06468) at ../src/resolve/resolved.c:99 --- Prompted by #30049 (comment).

Avoid passing a NULL message to sd_bus_message_is_signal(), to not trip over an assertion: [ 132.869436] H testsuite-82.sh[614]: + systemctl --no-block --check-inhibitors=yes soft-reboot [ 132.967386] H systemd[1]: Created slice system-systemd\x2dcoredump.slice. [ 133.018292] H systemd[1]: Starting inhibit.service... [ 133.122610] H systemd[1]: Started systemd-coredump@0-665-0.service. [ 133.163643] H systemd[1]: Started inhibit.service. [ 133.206836] H testsuite-82.sh[614]: + exec sleep infinity [ 133.236762] H systemd-logind[611]: The system will reboot now! [ 135.891607] H systemd-coredump[667]: [🡕] Process 663 (busctl) of user 0 dumped core. Stack trace of thread 663: #0 0x00007f2ec45e6acf raise (libc.so.6 + 0x4eacf) #1 0x00007f2ec45b9ea5 abort (libc.so.6 + 0x21ea5) #2 0x00007f2ec4b5c9a6 log_assert_failed (libsystemd-shared-255.so + 0x1ff9a6) #3 0x00007f2ec4b5dca5 log_assert_failed_return (libsystemd-shared-255.so + 0x200ca5) #4 0x00007f2ec4bb3df6 sd_bus_message_is_signal (libsystemd-shared-255.so + 0x256df6) #5 0x000000000040e478 monitor (busctl + 0xe478) #6 0x000000000040e82f verb_monitor (busctl + 0xe82f) #7 0x00007f2ec4b202cb dispatch_verb (libsystemd-shared-255.so + 0x1c32cb) #8 0x00000000004074fa busctl_main (busctl + 0x74fa) #9 0x0000000000407525 run (busctl + 0x7525) #10 0x000000000040ff67 main (busctl + 0xff67) #11 0x00007f2ec45d2d85 __libc_start_main (libc.so.6 + 0x3ad85) #12 0x00000000004044be _start (busctl + 0x44be) ELF object binary architecture: AMD x86-64 [ 136.141152] H dbus-daemon[634]: [system] Monitoring connection :1.2 closed. [ 136.152233] H systemd[1]: busctl.service: Main process exited, code=dumped, status=6/ABRT [ 136.153996] H systemd[1]: busctl.service: Failed with result 'core-dump'. The asertion in question: Assertion 'm' failed at src/libsystemd/sd-bus/bus-message.c:1015, function sd_bus_message_is_signal(). Aborting. We can get a NULL message here through sd_bus_process() -> bus_process_internal() -> process_running(), so let's handle this case appropriately.

Since in that case the event loop is already finished and we'd hit an assertion: [ 1295.993300] testsuite-75.sh[50]: + systemctl stop systemd-resolved.service [ 1296.005152] systemd-resolved[298]: Assertion 'e->state != SD_EVENT_FINISHED' failed at src/libsystemd/sd-event/sd-event.c:1252, function sd_event_add_io(). Aborting. Thread 1 (Thread 0x7f17d25e2940 (LWP 298)): #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007f17d16ac8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007f17d165c668 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007f17d16444b8 in __GI_abort () at abort.c:79 #4 0x00007f17d2402d2d in log_assert_failed (text=<optimized out>, file=<optimized out>, line=<optimized out>, func=<optimized out>) at ../build/src/basic/log.c:968 #5 0x00007f17d240401c in log_assert_failed_return (text=text@entry=0x7f17d2533f13 "e->state != SD_EVENT_FINISHED", file=file@entry=0x7f17d25195d9 "src/libsystemd/sd-event/sd-event.c", line=line@entry=1252, func=func@entry=0x7f17d2567260 <__func__.140> "sd_event_add_io") at ../build/src/basic/log.c:987 #6 0x00007f17d24d011a in sd_event_add_io (e=0x55e5cb497270, ret=0x55e5cb4a5120, fd=fd@entry=26, events=events@entry=1, callback=callback@entry=0x55e5caff5466 <on_io_event>, userdata=0x55e5cb4a5110) at ../build/src/libsystemd/sd-event/sd-event.c:1252 #7 0x000055e5caff571c in manager_add_socket_to_graveyard (m=0x55e5cb43cf00, fd=26) at ../build/src/resolve/resolved-socket-graveyard.c:117 #8 0x000055e5cafd4253 in dns_transaction_close_connection (t=t@entry=0x55e5cb57c7d0, use_graveyard=use_graveyard@entry=true) at ../build/src/resolve/resolved-dns-transaction.c:78 #9 0x000055e5cafd8444 in dns_transaction_complete (t=t@entry=0x55e5cb57c7d0, state=state@entry=DNS_TRANSACTION_ABORTED) at ../build/src/resolve/resolved-dns-transaction.c:427 #10 0x000055e5cafc4969 in dns_scope_abort_transactions (s=s@entry=0x55e5cb4b1a70) at ../build/src/resolve/resolved-dns-scope.c:91 #11 0x000055e5cafc6aee in dns_scope_free (s=0x55e5cb4b1a70) at ../build/src/resolve/resolved-dns-scope.c:106 #12 0x000055e5cafe72d1 in link_free (l=0x55e5cb4a5160) at ../build/src/resolve/resolved-link.c:94 #13 0x000055e5cafedefc in manager_free (m=0x55e5cb43cf00) at ../build/src/resolve/resolved-manager.c:697 #14 0x000055e5caff99b6 in manager_freep (p=p@entry=0x7ffd71fab8f8) at ../build/src/resolve/resolved-manager.h:198 #15 0x000055e5caff9d66 in run (argc=argc@entry=1, argv=argv@entry=0x7ffd71faba78) at ../build/src/resolve/resolved.c:25 #16 0x000055e5caff9fe3 in main (argc=1, argv=0x7ffd71faba78) at ../build/src/resolve/resolved.c:99 Resolves: #30618

Since libfuzzer feeds a single fuzzing process with multiple inputs, we might carry over arg_transport from a previous invocation, tripping over the assert in acquire_bus(): +----------------------------------------Release Build Stacktrace----------------------------------------+ Assertion 'transport != BUS_TRANSPORT_REMOTE || runtime_scope == RUNTIME_SCOPE_SYSTEM' failed at src/shared/bus-util.c:284, function bus_connect_transport(). Aborting. AddressSanitizer:DEADLYSIGNAL ================================================================= ==2739==ERROR: AddressSanitizer: ABRT on unknown address 0x00000ab3 (pc 0xf7f52509 bp 0xffdf74cc sp 0xffdf74b0 T0) SCARINESS: 10 (signal) #0 0xf7f52509 in linux-gate.so.1 #1 0xf703b415 in raise #2 0xf70233f6 in abort #3 0xf772ac0a in log_assert_failed systemd/src/basic/log.c:968:9 #4 0xf77300d5 in log_assert_failed_return systemd/src/basic/log.c:987:17 #5 0xf7432bbf in bus_connect_transport systemd/src/shared/bus-util.c:284:9 #6 0x818cd17 in acquire_bus systemd/src/systemctl/systemctl-util.c:53:29 #7 0x815fd3c in help_boot_loader_entry systemd/src/systemctl/systemctl-logind.c:431:13 #8 0x819ca87 in systemctl_parse_argv systemd/src/systemctl/systemctl.c:863:37 #9 0x8197632 in systemctl_dispatch_parse_argv systemd/src/systemctl/systemctl.c:1137:16 #10 0x813328d in LLVMFuzzerTestOneInput systemd/src/systemctl/fuzz-systemctl-parse-argv.c:54:13 #11 0x81bbe7e in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #12 0x81bb5b8 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned int, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #13 0x81bd42d in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:826:7 #14 0x81bd62e in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:857:3 #15 0x81ac84c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned int)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #16 0x81d65c7 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #17 0xf7024ed4 in __libc_start_main #18 0x806bdb5 in _start Resolves: #30802

Spotted while fuzzing systemd#27890. ================================================================= ==908098==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x7f4efe6d81f5 in __interceptor_realloc.part.0 (/lib64/libasan.so.8+0xd81f5) (BuildId: dc689b05ca2577037af24700212bb5cce1f91c8a) systemd#1 0x7f4efb8e3ace in greedy_realloc ../src/basic/alloc-util.c:70 systemd#2 0x7f4efb93b713 in extract_first_word ../src/basic/extract-word.c:62 systemd#3 0x7f4efb970d50 in set_put_strsplit ../src/basic/hashmap.c:1902 systemd#4 0x7f4efd76c27e in exec_context_deserialize ../src/core/execute-serialize.c:3341 systemd#5 0x7f4efd778dcb in exec_deserialize ../src/core/execute-serialize.c:4122 systemd#6 0x4032c0 in LLVMFuzzerTestOneInput ../src/core/fuzz-execute-serialize.c:60 systemd#7 0x403c58 in main ../src/fuzz/fuzz-main.c:50 systemd#8 0x7f4efecccb49 in __libc_start_call_main (/lib64/libc.so.6+0x27b49) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9) systemd#9 0x7f4efecccc0a in __libc_start_main_alias_2 (/lib64/libc.so.6+0x27c0a) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9) systemd#10 0x402344 in _start (/home/mrc0mmand/repos/@systemd/systemd/build-san/fuzz-execute-serialize+0x402344) (BuildId: 195f382cf1e39b9ba48d6dcf5a90f786d72837a8) SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). Aborted (core dumped) ==911550==ERROR: LeakSanitizer: detected memory leaks Direct leak of 17 byte(s) in 1 object(s) allocated from: #0 0x4df281 in strdup (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x4df281) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#1 0x7fe4ae2b38fc in _set_put_strndup_full /home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/../src/basic/hashmap.c:1868:21 systemd#2 0x7fe4b0bad897 in exec_context_deserialize /home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/../src/core/execute-serialize.c:3914:29 systemd#3 0x7fe4b0b80592 in exec_deserialize /home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/../src/core/execute-serialize.c:4109:13 systemd#4 0x531d0f in LLVMFuzzerTestOneInput /home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/../src/core/fuzz-execute-serialize.c:59:16 systemd#5 0x440594 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x440594) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#6 0x43f9b9 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x43f9b9) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#7 0x440fd5 in fuzzer::Fuzzer::MutateAndTestOne() (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x440fd5) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#8 0x441955 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, std::allocator<fuzzer::SizedFile>>&) (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x441955) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#9 0x42e151 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x42e151) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#10 0x45a916 in main (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x45a916) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#11 0x7fe4ac449b49 in __libc_start_call_main (/lib64/libc.so.6+0x27b49) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9) systemd#12 0x7fe4ac449c0a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x27c0a) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9) systemd#13 0x422b74 in _start (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x422b74) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s). (cherry picked from commit 9b41270)

When built with ACL support, we might be processing a tmpfiles entry where there's no cause for us to call parse_acls_from_arg, then we get to the end of parse_line without having ever populated i.{acl_access, acl_default}. Then we pass a null pointer into acl_free(). From UBSAN w/ GCC 13.0.0_pre20230101: ``` $ systemd-tmpfiles --clean /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44:14: runtime error: applying non-zero offset 18446744073709551608 to null pointer #0 0x7f65d868b482 in acl_free /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44 systemd#1 0x55fe7e592249 in item_free_contents ../systemd-9999/src/tmpfiles/tmpfiles.c:2855 systemd#2 0x55fe7e5a347a in parse_line ../systemd-9999/src/tmpfiles/tmpfiles.c:3158 systemd#3 0x55fe7e5a347a in read_config_file ../systemd-9999/src/tmpfiles/tmpfiles.c:3897 systemd#4 0x55fe7e590c61 in read_config_files ../systemd-9999/src/tmpfiles/tmpfiles.c:3985 systemd#5 0x55fe7e590c61 in run ../systemd-9999/src/tmpfiles/tmpfiles.c:4157 systemd#6 0x55fe7e590c61 in main ../systemd-9999/src/tmpfiles/tmpfiles.c:4218 systemd#7 0x7f65d7ebe289 (/usr/lib64/libc.so.6+0x23289) systemd#8 0x7f65d7ebe344 in __libc_start_main (/usr/lib64/libc.so.6+0x23344) systemd#9 0x55fe7e591900 in _start (/usr/bin/systemd-tmpfiles+0x11900) ``` (cherry picked from commit 9f804ab)

+ machinectl image-status container1 container1 container0 container1 container2 container3 container4 ================================================================= ==1354==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4704 byte(s) in 6 object(s) allocated from: #0 0x7fc3670ba097 in calloc (/lib64/libasan.so.8+0xba097) systemd#1 0x7fc365e91e8e in message_from_header ../src/libsystemd/sd-bus/bus-message.c:372 systemd#2 0x7fc365e92dfd in bus_message_from_malloc ../src/libsystemd/sd-bus/bus-message.c:421 systemd#3 0x7fc365f089a8 in bus_socket_make_message ../src/libsystemd/sd-bus/bus-socket.c:1165 systemd#4 0x7fc365f0affe in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1294 systemd#5 0x7fc365f2db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 systemd#6 0x7fc365f33352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 systemd#7 0x7fc365e4da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 systemd#8 0x7fc3658789e8 in bus_call_method ../src/shared/bus-locator.c:109 systemd#9 0x413b76 in show_image ../src/machine/machinectl.c:1014 systemd#10 0x7fc365c5c8cf in dispatch_verb ../src/shared/verbs.c:103 systemd#11 0x42e992 in machinectl_main ../src/machine/machinectl.c:2981 systemd#12 0x42ebbd in run ../src/machine/machinectl.c:3006 systemd#13 0x42ece3 in main ../src/machine/machinectl.c:3009 systemd#14 0x7fc36444a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) Indirect leak of 666 byte(s) in 6 object(s) allocated from: #0 0x7fc3670b95b5 in __interceptor_realloc.part.0 (/lib64/libasan.so.8+0xb95b5) systemd#1 0x7fc365f09822 in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1214 systemd#2 0x7fc365f2db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 systemd#3 0x7fc365f33352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 systemd#4 0x7fc365e4da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 systemd#5 0x7fc3658789e8 in bus_call_method ../src/shared/bus-locator.c:109 systemd#6 0x413b76 in show_image ../src/machine/machinectl.c:1014 systemd#7 0x7fc365c5c8cf in dispatch_verb ../src/shared/verbs.c:103 systemd#8 0x42e992 in machinectl_main ../src/machine/machinectl.c:2981 systemd#9 0x42ebbd in run ../src/machine/machinectl.c:3006 systemd#10 0x42ece3 in main ../src/machine/machinectl.c:3009 systemd#11 0x7fc36444a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) Indirect leak of 12 byte(s) in 6 object(s) allocated from: #0 0x7fc36707243b in strdup (/lib64/libasan.so.8+0x7243b) systemd#1 0x7fc365ec1543 in message_parse_fields ../src/libsystemd/sd-bus/bus-message.c:4125 systemd#2 0x7fc365e93586 in bus_message_from_malloc ../src/libsystemd/sd-bus/bus-message.c:443 systemd#3 0x7fc365f089a8 in bus_socket_make_message ../src/libsystemd/sd-bus/bus-socket.c:1165 systemd#4 0x7fc365f0affe in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1294 systemd#5 0x7fc365f2db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 systemd#6 0x7fc365f33352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 systemd#7 0x7fc365e4da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 systemd#8 0x7fc3658789e8 in bus_call_method ../src/shared/bus-locator.c:109 systemd#9 0x413b76 in show_image ../src/machine/machinectl.c:1014 systemd#10 0x7fc365c5c8cf in dispatch_verb ../src/shared/verbs.c:103 systemd#11 0x42e992 in machinectl_main ../src/machine/machinectl.c:2981 systemd#12 0x42ebbd in run ../src/machine/machinectl.c:3006 systemd#13 0x42ece3 in main ../src/machine/machinectl.c:3009 systemd#14 0x7fc36444a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) SUMMARY: AddressSanitizer: 5382 byte(s) leaked in 18 allocation(s). (cherry picked from commit 4b6ce58) (cherry picked from commit e6a7195)

+ machinectl status long-running long-running long-running ================================================================= ==986==ERROR: LeakSanitizer: detected memory leaks Direct leak of 1568 byte(s) in 2 object(s) allocated from: #0 0x7fe57caba097 in calloc (/lib64/libasan.so.8+0xba097) systemd#1 0x7fe57b891e8e in message_from_header ../src/libsystemd/sd-bus/bus-message.c:372 systemd#2 0x7fe57b892dfd in bus_message_from_malloc ../src/libsystemd/sd-bus/bus-message.c:421 systemd#3 0x7fe57b9089a8 in bus_socket_make_message ../src/libsystemd/sd-bus/bus-socket.c:1165 systemd#4 0x7fe57b90affe in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1294 systemd#5 0x7fe57b92db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 systemd#6 0x7fe57b933352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 systemd#7 0x7fe57b84da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 systemd#8 0x7fe57b2789e8 in bus_call_method ../src/shared/bus-locator.c:109 systemd#9 0x40f71c in show_machine ../src/machine/machinectl.c:713 systemd#10 0x7fe57b65c8cf in dispatch_verb ../src/shared/verbs.c:103 systemd#11 0x42e9ce in machinectl_main ../src/machine/machinectl.c:2980 systemd#12 0x42ebf9 in run ../src/machine/machinectl.c:3005 systemd#13 0x42ed1f in main ../src/machine/machinectl.c:3008 systemd#14 0x7fe579e4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) Indirect leak of 234 byte(s) in 2 object(s) allocated from: #0 0x7fe57cab95b5 in __interceptor_realloc.part.0 (/lib64/libasan.so.8+0xb95b5) systemd#1 0x7fe57b909822 in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1214 systemd#2 0x7fe57b92db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 systemd#3 0x7fe57b933352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 systemd#4 0x7fe57b84da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 systemd#5 0x7fe57b2789e8 in bus_call_method ../src/shared/bus-locator.c:109 systemd#6 0x40f71c in show_machine ../src/machine/machinectl.c:713 systemd#7 0x7fe57b65c8cf in dispatch_verb ../src/shared/verbs.c:103 systemd#8 0x42e9ce in machinectl_main ../src/machine/machinectl.c:2980 systemd#9 0x42ebf9 in run ../src/machine/machinectl.c:3005 systemd#10 0x42ed1f in main ../src/machine/machinectl.c:3008 systemd#11 0x7fe579e4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) Indirect leak of 4 byte(s) in 2 object(s) allocated from: #0 0x7fe57ca7243b in strdup (/lib64/libasan.so.8+0x7243b) systemd#1 0x7fe57b8c1543 in message_parse_fields ../src/libsystemd/sd-bus/bus-message.c:4125 systemd#2 0x7fe57b893586 in bus_message_from_malloc ../src/libsystemd/sd-bus/bus-message.c:443 systemd#3 0x7fe57b9089a8 in bus_socket_make_message ../src/libsystemd/sd-bus/bus-socket.c:1165 systemd#4 0x7fe57b90affe in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1294 systemd#5 0x7fe57b92db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 systemd#6 0x7fe57b933352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 systemd#7 0x7fe57b84da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 systemd#8 0x7fe57b2789e8 in bus_call_method ../src/shared/bus-locator.c:109 systemd#9 0x40f71c in show_machine ../src/machine/machinectl.c:713 systemd#10 0x7fe57b65c8cf in dispatch_verb ../src/shared/verbs.c:103 systemd#11 0x42e9ce in machinectl_main ../src/machine/machinectl.c:2980 systemd#12 0x42ebf9 in run ../src/machine/machinectl.c:3005 systemd#13 0x42ed1f in main ../src/machine/machinectl.c:3008 systemd#14 0x7fe579e4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) SUMMARY: AddressSanitizer: 1806 byte(s) leaked in 6 allocation(s). (cherry picked from commit efdaa92) (cherry picked from commit 4d29f74)

When merging the settings we take the pointer to the array of extra devices, but don't reset the array counter to zero. This later leads to a NULL pointer dereference, where device_node_array_free() attempts to loop over a NULL pointer: + systemd-nspawn --oci-bundle=/var/lib/machines/testsuite-13.oci-bundle.Npo ../src/nspawn/nspawn-settings.c:118:29: runtime error: member access within null pointer of type 'struct DeviceNode' #0 0x4b91ee in device_node_array_free ../src/nspawn/nspawn-settings.c:118 systemd#1 0x4ba42a in settings_free ../src/nspawn/nspawn-settings.c:161 systemd#2 0x410b79 in settings_freep ../src/nspawn/nspawn-settings.h:249 systemd#3 0x446ce8 in load_oci_bundle ../src/nspawn/nspawn.c:4733 systemd#4 0x44ff42 in run ../src/nspawn/nspawn.c:5476 systemd#5 0x455296 in main ../src/nspawn/nspawn.c:5919 systemd#6 0x7f0cb7a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) systemd#7 0x7f0cb7a4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) systemd#8 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/nspawn/nspawn-settings.c:118:29 in Also, add an appropriate assert to catch such issues in the future. (cherry picked from commit 825210d) (cherry picked from commit 9a7c6ed)

Otherwise hilarity ensues: AddressSanitizer:DEADLYSIGNAL ================================================================= ==722==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffff00000000 (pc 0x7f8d50ca9ffb bp 0x7fff11b0d4a0 sp 0x7fff11b0cc30 T0) ==722==The signal is caused by a READ memory access. #0 0x7f8d50ca9ffb in __interceptor_strcmp.part.0 (/lib64/libasan.so.8+0xa9ffb) systemd#1 0x7f8d4f9cf5a1 in strcmp_ptr ../src/fundamental/string-util-fundamental.h:33 systemd#2 0x7f8d4f9cf5f8 in streq_ptr ../src/fundamental/string-util-fundamental.h:46 systemd#3 0x7f8d4f9d74d2 in free_and_strdup ../src/basic/string-util.c:948 systemd#4 0x49139a in free_and_strdup_warn ../src/basic/string-util.h:197 systemd#5 0x4923eb in oci_absolute_path ../src/nspawn/nspawn-oci.c:139 systemd#6 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 systemd#7 0x4a8831 in oci_hooks_array ../src/nspawn/nspawn-oci.c:2089 systemd#8 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 systemd#9 0x4a8b56 in oci_hooks ../src/nspawn/nspawn-oci.c:2112 systemd#10 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 systemd#11 0x4aa298 in oci_load ../src/nspawn/nspawn-oci.c:2197 systemd#12 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 systemd#13 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 systemd#14 0x4552fb in main ../src/nspawn/nspawn.c:5920 systemd#15 0x7f8d4e04a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) systemd#16 0x7f8d4e04a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) systemd#17 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.8+0xa9ffb) in __interceptor_strcmp.part.0 ==722==ABORTING (cherry picked from commit f4e5c04) (cherry picked from commit c786122)

Whoopsie. ================================================================= ==3789231==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000051d0b8 at pc 0x7f70850bc904 bp 0x7ffd9bbdf660 sp 0x7ffd9bbdf658 READ of size 8 at 0x00000051d0b8 thread T0 #0 0x7f70850bc903 in json_dispatch ../src/shared/json.c:4347 systemd#1 0x4a5b54 in oci_seccomp_syscalls ../src/nspawn/nspawn-oci.c:1838 systemd#2 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 systemd#3 0x4a668c in oci_seccomp ../src/nspawn/nspawn-oci.c:1905 systemd#4 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 systemd#5 0x4a7d8c in oci_linux ../src/nspawn/nspawn-oci.c:2030 systemd#6 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 systemd#7 0x4aa31c in oci_load ../src/nspawn/nspawn-oci.c:2198 systemd#8 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 systemd#9 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 systemd#10 0x4552fb in main ../src/nspawn/nspawn.c:5920 systemd#11 0x7f7083a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) systemd#12 0x7f7083a4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) systemd#13 0x40d284 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/systemd-nspawn+0x40d284) 0x00000051d0b8 is located 40 bytes to the left of global variable 'bus_standard_errors_copy_0' defined in '../src/libsystemd/sd-bus/bus-error.h:57:1' (0x51d0e0) of size 8 0x00000051d0b8 is located 0 bytes to the right of global variable 'table' defined in '../src/nspawn/nspawn-oci.c:1829:43' (0x51d040) of size 120 SUMMARY: AddressSanitizer: global-buffer-overflow ../src/shared/json.c:4347 in json_dispatch Shadow bytes around the buggy address: 0x00008009b9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009b9d0: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008009b9e0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008009b9f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 =>0x00008009ba10: 00 00 00 00 00 00 00[f9]f9 f9 f9 f9 00 f9 f9 f9 0x00008009ba20: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==3789231==ABORTING (cherry picked from commit 525c3e3) (cherry picked from commit b8ed816)

We can't dereference the variant object directly, as it might be a magic object (which has an address on a faulting page); use json_variant_is_sensitive() instead that handles this case. For example, with an empty array: ==1547789==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000023 (pc 0x7fd616ca9a18 bp 0x7ffcba1dc7c0 sp 0x7ffcba1dc6d0 T0) ==1547789==The signal is caused by a READ memory access. ==1547789==Hint: address points to the zero page. SCARINESS: 10 (null-deref) #0 0x7fd616ca9a18 in json_variant_strv ../src/shared/json.c:2190 systemd#1 0x408332 in oci_args ../src/nspawn/nspawn-oci.c:173 systemd#2 0x7fd616cc09ce in json_dispatch ../src/shared/json.c:4400 systemd#3 0x40addf in oci_process ../src/nspawn/nspawn-oci.c:428 systemd#4 0x7fd616cc09ce in json_dispatch ../src/shared/json.c:4400 systemd#5 0x41fef5 in oci_load ../src/nspawn/nspawn-oci.c:2187 systemd#6 0x4061e4 in LLVMFuzzerTestOneInput ../src/nspawn/fuzz-nspawn-oci.c:23 systemd#7 0x40691c in main ../src/fuzz/fuzz-main.c:50 systemd#8 0x7fd61564a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) systemd#9 0x7fd61564a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) systemd#10 0x405da4 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/fuzz-nspawn-oci+0x405da4) DEDUP_TOKEN: json_variant_strv--oci_args--json_dispatch AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ../src/shared/json.c:2190 in json_variant_strv ==1547789==ABORTING Or with an empty string in an array: ../src/shared/json.c:2202:39: runtime error: member access within misaligned address 0x000000000007 for type 'struct JsonVariant', which requires 8 byte alignment 0x000000000007: note: pointer points here <memory cannot be printed> #0 0x7f35f4ca9bcf in json_variant_strv ../src/shared/json.c:2202 systemd#1 0x408332 in oci_args ../src/nspawn/nspawn-oci.c:173 systemd#2 0x7f35f4cc09ce in json_dispatch ../src/shared/json.c:4400 systemd#3 0x40addf in oci_process ../src/nspawn/nspawn-oci.c:428 systemd#4 0x7f35f4cc09ce in json_dispatch ../src/shared/json.c:4400 systemd#5 0x41fef5 in oci_load ../src/nspawn/nspawn-oci.c:2187 systemd#6 0x4061e4 in LLVMFuzzerTestOneInput ../src/nspawn/fuzz-nspawn-oci.c:23 systemd#7 0x40691c in main ../src/fuzz/fuzz-main.c:50 systemd#8 0x7f35f364a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) systemd#9 0x7f35f364a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) systemd#10 0x405da4 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/fuzz-nspawn-oci+0x405da4) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/shared/json.c:2202:39 in Note: this happens only if json_variant_copy() in json_variant_set_source() fails. Found by Nallocfuzz. (cherry picked from commit 909eb4c) (cherry picked from commit 58c1816)

If we fail to combine the new entry with a previous one, or update it in the hashmap, we might later on attempt a double-free: ================================================================= ==10==ERROR: AddressSanitizer: attempting double-free on 0x611000039fc0 in thread T0: SCARINESS: 42 (double-free) #0 0x4a0962 in __interceptor_free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 systemd#1 0x7f55e431d9f2 in _hashmap_clear /work/build/../../src/systemd/src/basic/hashmap.c:927:33 systemd#2 0x7f55e431d4c8 in _hashmap_free /work/build/../../src/systemd/src/basic/hashmap.c:896:17 systemd#3 0x4de1de in ordered_hashmap_free_free_free /work/build/../../src/systemd/src/basic/hashmap.h:120:24 systemd#4 0x4de1de in ordered_hashmap_free_free_freep /work/build/../../src/systemd/src/basic/hashmap.h:434:1 systemd#5 0x4de1de in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:26:1 systemd#6 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8) systemd#7 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#8 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#9 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#10 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#11 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#12 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#13 0x4deb35 in main (/build/fuzz-catalog+0x4deb35) systemd#14 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) systemd#15 0x41f7cd in _start (/build/fuzz-catalog+0x41f7cd) DEDUP_TOKEN: __interceptor_free--_hashmap_clear--_hashmap_free 0x611000039fc0 is located 0 bytes inside of 224-byte region [0x611000039fc0,0x61100003a0a0) freed by thread T0 here: #0 0x4a0962 in __interceptor_free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 systemd#1 0x7f55e451493d in freep /work/build/../../src/systemd/src/basic/alloc-util.h:107:22 systemd#2 0x7f55e451493d in finish_item /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:187:1 systemd#3 0x7f55e4513e56 in catalog_import_file /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:313:45 systemd#4 0x4de1be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:23:16 systemd#5 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8) systemd#6 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#7 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#8 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#9 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#10 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#11 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#12 0x4deb35 in main (/build/fuzz-catalog+0x4deb35) systemd#13 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_free--freep--finish_item previously allocated by thread T0 here: #0 0x4a0c06 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 systemd#1 0x4de539 in malloc (/build/fuzz-catalog+0x4de539) systemd#2 0x7f55e42bf96b in memdup /work/build/../../src/systemd/src/basic/alloc-util.c:16:15 systemd#3 0x7f55e451475d in finish_item /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:176:28 systemd#4 0x7f55e4513e56 in catalog_import_file /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:313:45 systemd#5 0x4de1be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:23:16 systemd#6 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8) systemd#7 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#8 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#9 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#10 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#11 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#12 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#13 0x4deb35 in main (/build/fuzz-catalog+0x4deb35) systemd#14 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_malloc--malloc--memdup SUMMARY: AddressSanitizer: double-free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 in __interceptor_free Found by Nallocfuzz. (cherry picked from commit ac874b8) (cherry picked from commit b1663b8)

==5==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4096 byte(s) in 1 object(s) allocated from: #0 0x4a2056 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 systemd#1 0x5180a9 in malloc (/build/fuzz-resource-record+0x5180a9) systemd#2 0x4f7182 in dns_packet_extend /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:371:36 systemd#3 0x4f8b8b in dns_packet_append_uint8 /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:433:13 systemd#4 0x4f8b8b in dns_packet_append_name /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:597:13 systemd#5 0x4f8f16 in dns_packet_append_key /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:622:13 systemd#6 0x4fa9a0 in dns_packet_append_rr /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:883:13 systemd#7 0x4eb00c in dns_resource_record_to_wire_format /work/build/../../src/systemd/src/resolve/resolved-dns-rr.c:1224:13 systemd#8 0x4df7be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/resolve/fuzz-resource-record.c:32:16 systemd#9 0x518428 in NaloFuzzerTestOneInput (/build/fuzz-resource-record+0x518428) systemd#10 0x537433 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#11 0x536c1a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#12 0x5382e9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#13 0x538fb5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#14 0x52831f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#15 0x528be8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#16 0x5186a5 in main (/build/fuzz-resource-record+0x5186a5) systemd#17 0x7f991fab8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_malloc--malloc--dns_packet_extend SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit b453ebf) (cherry picked from commit 9dde31a)

==8036==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3 systemd#1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1) systemd#2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13 systemd#3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38 systemd#4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13 systemd#5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16 systemd#6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13 systemd#7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13 systemd#8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16 systemd#9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45 systemd#10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16 systemd#11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13 systemd#12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24 systemd#13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16 systemd#14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21 systemd#15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16 systemd#16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208) systemd#17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#23 0x4df485 in main (/build/fuzz-unit-file+0x4df485) systemd#24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit 6c13a39) (cherry picked from commit b4c9a9b)

If we fail any allocation prior adding the lease to the server lease hashmap. ==2103==ERROR: LeakSanitizer: detected memory leaks Direct leak of 128 byte(s) in 2 object(s) allocated from: #0 0x4a203e in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:77:3 systemd#1 0x4f6341 in calloc (/build/fuzz-dhcp-server+0x4f6341) systemd#2 0x4ec818 in add_lease /work/build/../../src/systemd/src/libsystemd-network/fuzz-dhcp-server.c:26:9 systemd#3 0x4ec2bf in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/libsystemd-network/fuzz-dhcp-server.c:75:9 systemd#4 0x4f68a8 in NaloFuzzerTestOneInput (/build/fuzz-dhcp-server+0x4f68a8) systemd#5 0x5158b3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#6 0x51509a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#7 0x516769 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#8 0x517435 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#9 0x50679f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#10 0x507068 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#11 0x4f6b25 in main (/build/fuzz-dhcp-server+0x4f6b25) systemd#12 0x7f16084e3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_calloc--calloc--add_lease SUMMARY: AddressSanitizer: 128 byte(s) leaked in 2 allocation(s). Found by Nallocufzz. (cherry picked from commit aca607d) (cherry picked from commit 18e08a4)

==1==ERROR: LeakSanitizer: detected memory leaks Direct leak of 17 byte(s) in 1 object(s) allocated from: #0 0x7fc096c7243b in strdup (/lib64/libasan.so.8+0x7243b) systemd#1 0x7fc095db3899 in bus_socket_set_transient_property ../src/core/dbus-socket.c:386 systemd#2 0x7fc095db5140 in bus_socket_set_property ../src/core/dbus-socket.c:460 systemd#3 0x7fc095dd20f1 in bus_unit_set_properties ../src/core/dbus-unit.c:2473 systemd#4 0x7fc095d87d53 in transient_unit_from_message ../src/core/dbus-manager.c:1025 systemd#5 0x7fc095d8872f in method_start_transient_unit ../src/core/dbus-manager.c:1112 systemd#6 0x7fc0944ddf4f in method_callbacks_run ../src/libsystemd/sd-bus/bus-objects.c:406 systemd#7 0x7fc0944e7854 in object_find_and_run ../src/libsystemd/sd-bus/bus-objects.c:1319 systemd#8 0x7fc0944e8f03 in bus_process_object ../src/libsystemd/sd-bus/bus-objects.c:1439 systemd#9 0x7fc09454ad78 in process_message ../src/libsystemd/sd-bus/sd-bus.c:3011 systemd#10 0x7fc09454b302 in process_running ../src/libsystemd/sd-bus/sd-bus.c:3053 systemd#11 0x7fc09454e158 in bus_process_internal ../src/libsystemd/sd-bus/sd-bus.c:3273 systemd#12 0x7fc09454e2f2 in sd_bus_process ../src/libsystemd/sd-bus/sd-bus.c:3300 systemd#13 0x7fc094551a59 in io_callback ../src/libsystemd/sd-bus/sd-bus.c:3642 systemd#14 0x7fc094727830 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:4187 systemd#15 0x7fc094731009 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:4808 systemd#16 0x7fc094732124 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:4869 systemd#17 0x7fc095f7af9f in manager_loop ../src/core/manager.c:3242 systemd#18 0x41cc7c in invoke_main_loop ../src/core/main.c:1937 systemd#19 0x4252e0 in main ../src/core/main.c:3072 systemd#20 0x7fc092a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s). (cherry picked from commit f8b21a0) (cherry picked from commit 98d2a09)

Provides coverage for systemd#26872. With systemd#26875 reverted: [16444.287652] testsuite-03.sh[71]: + for i in {0..19} [16444.287652] testsuite-03.sh[71]: + systemctl start transaction-cycle0.service [16444.359503] systemd[1]: ================================================================= [16444.360321] systemd[1]: ==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6180002e578e at pc 0x7f73b25ec7a6 bp 0x7ffc5531c6f0 sp 0x7ffc5531be68 [16444.360798] systemd[1]: [16444.361044] systemd[1]: READ of size 783 at 0x6180002e578e thread T0 (systemd) [16444.391684] systemd[1]: #0 0x7f73b25ec7a5 (/lib64/libasan.so.5+0x557a5) [16444.392167] systemd[1]: systemd#1 0x7f73b260a1d5 in __interceptor_vasprintf (/lib64/libasan.so.5+0x731d5) [16444.392442] systemd[1]: systemd#2 0x7f73afa1d1e1 in log_format_iovec ../src/basic/log.c:996 [16444.392750] systemd[1]: systemd#3 0x7f73afa1e7b6 in log_struct_internal ../src/basic/log.c:1058 [16444.393101] systemd[1]: systemd#4 0x7f73b1979136 in transaction_verify_order_one ../src/core/transaction.c:392 [16444.393540] systemd[1]: systemd#5 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463 [16444.393946] systemd[1]: systemd#6 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463 [16444.394262] systemd[1]: systemd#7 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463 [16444.394532] systemd[1]: systemd#8 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463 [16444.394812] systemd[1]: systemd#9 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463 ... (cherry picked from commit 0651e71) (cherry picked from commit fdc6ce1)

So we're able to detect memory leaks in our NSS modules. An example after introducing a memory leak in nss-myhostname.c: testsuite-71.sh[2881]: ================================================================= testsuite-71.sh[2881]: ==2880==ERROR: LeakSanitizer: detected memory leaks testsuite-71.sh[2881]: Direct leak of 2 byte(s) in 1 object(s) allocated from: testsuite-71.sh[2881]: #0 0x7fa28907243b in strdup (/usr/lib64/libasan.so.8.0.0+0x7243b) testsuite-71.sh[2881]: systemd#1 0x7fa286a7bc10 in gethostname_full ../src/basic/hostname-util.c:67 testsuite-71.sh[2881]: systemd#2 0x7fa286a74af9 in gethostname_malloc ../src/basic/hostname-util.h:24 testsuite-71.sh[2881]: systemd#3 0x7fa286a756f4 in _nss_myhostname_gethostbyname4_r ../src/nss-myhostname/nss-myhostname.c:79 testsuite-71.sh[2881]: systemd#4 0x7fa288f17588 in getaddrinfo (/lib64/libc.so.6+0xf4588) testsuite-71.sh[2881]: systemd#5 0x7fa2890a4d93 in __interceptor_getaddrinfo.part.0 (/usr/lib64/libasan.so.8.0.0+0xa4d93) testsuite-71.sh[2881]: systemd#6 0x55a54b2b7159 in ahosts_keys_int.part.0 (/usr/bin/getent.orig+0x4159) testsuite-71.sh[2881]: SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s). (cherry picked from commit 2b5e786) (cherry picked from commit 5a29fbb)

Spotted while fuzzing systemd#27890. ================================================================= ==908098==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x7f4efe6d81f5 in __interceptor_realloc.part.0 (/lib64/libasan.so.8+0xd81f5) (BuildId: dc689b05ca2577037af24700212bb5cce1f91c8a) systemd#1 0x7f4efb8e3ace in greedy_realloc ../src/basic/alloc-util.c:70 systemd#2 0x7f4efb93b713 in extract_first_word ../src/basic/extract-word.c:62 systemd#3 0x7f4efb970d50 in set_put_strsplit ../src/basic/hashmap.c:1902 systemd#4 0x7f4efd76c27e in exec_context_deserialize ../src/core/execute-serialize.c:3341 systemd#5 0x7f4efd778dcb in exec_deserialize ../src/core/execute-serialize.c:4122 systemd#6 0x4032c0 in LLVMFuzzerTestOneInput ../src/core/fuzz-execute-serialize.c:60 systemd#7 0x403c58 in main ../src/fuzz/fuzz-main.c:50 systemd#8 0x7f4efecccb49 in __libc_start_call_main (/lib64/libc.so.6+0x27b49) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9) systemd#9 0x7f4efecccc0a in __libc_start_main_alias_2 (/lib64/libc.so.6+0x27c0a) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9) systemd#10 0x402344 in _start (/home/mrc0mmand/repos/@systemd/systemd/build-san/fuzz-execute-serialize+0x402344) (BuildId: 195f382cf1e39b9ba48d6dcf5a90f786d72837a8) SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). Aborted (core dumped) ==911550==ERROR: LeakSanitizer: detected memory leaks Direct leak of 17 byte(s) in 1 object(s) allocated from: #0 0x4df281 in strdup (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x4df281) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#1 0x7fe4ae2b38fc in _set_put_strndup_full /home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/../src/basic/hashmap.c:1868:21 systemd#2 0x7fe4b0bad897 in exec_context_deserialize /home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/../src/core/execute-serialize.c:3914:29 systemd#3 0x7fe4b0b80592 in exec_deserialize /home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/../src/core/execute-serialize.c:4109:13 systemd#4 0x531d0f in LLVMFuzzerTestOneInput /home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/../src/core/fuzz-execute-serialize.c:59:16 systemd#5 0x440594 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x440594) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#6 0x43f9b9 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x43f9b9) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#7 0x440fd5 in fuzzer::Fuzzer::MutateAndTestOne() (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x440fd5) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#8 0x441955 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, std::allocator<fuzzer::SizedFile>>&) (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x441955) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#9 0x42e151 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x42e151) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#10 0x45a916 in main (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x45a916) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) systemd#11 0x7fe4ac449b49 in __libc_start_call_main (/lib64/libc.so.6+0x27b49) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9) systemd#12 0x7fe4ac449c0a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x27c0a) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9) systemd#13 0x422b74 in _start (/home/mrc0mmand/repos/@systemd/systemd/build-libfuzz/fuzz-execute-serialize+0x422b74) (BuildId: 4e58706e607b8be7972d83c421bc0b625d509ec6) SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s). (cherry picked from commit 9b41270) (cherry picked from commit 7bd680b) (cherry picked from commit b97ec52)

fuzzers randomly fail with the following: ``` ==172==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7f41169cb39b in update_argv /work/build/../../src/systemd/src/basic/argv-util.c:96:13 systemd#1 0x7f41169cb39b in rename_process /work/build/../../src/systemd/src/basic/argv-util.c:210:16 systemd#2 0x7f4116b6824e in safe_fork_full /work/build/../../src/systemd/src/basic/process-util.c:1516:21 systemd#3 0x7f4116bffa36 in safe_fork /work/build/../../src/systemd/src/basic/process-util.h:191:16 systemd#4 0x7f4116bffa36 in parse_timestamp /work/build/../../src/systemd/src/basic/time-util.c:1047:13 systemd#5 0x4a61e6 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-time-util.c:16:16 systemd#6 0x4c4a13 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#7 0x4c41fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#8 0x4c58c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#9 0x4c6595 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#10 0x4b58ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#11 0x4def52 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 systemd#12 0x7f4115ea3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: e678fe54a5d2c2092f8e47eb0b33105e380f7340) systemd#13 0x41f5ad in _start (build-out/fuzz-time-util+0x41f5ad) DEDUP_TOKEN: update_argv--rename_process--safe_fork_full Uninitialized value was created by an allocation of 'fv' in the stack frame of function 'have_effective_cap' #0 0x7f41169d3540 in have_effective_cap /work/build/../../src/systemd/src/basic/capability-util.c:21 ``` (cherry picked from commit e521898) (cherry picked from commit 00c146f) (cherry picked from commit 25dcd38)

By making assert_return() critical, we observe the following: --- Program received signal SIGABRT, Aborted. 0x00007f01320b0884 in __pthread_kill_implementation () from /lib64/libc.so.6 (gdb) bt #0 0x00007f01320b0884 in __pthread_kill_implementation () from /lib64/libc.so.6 systemd#1 0x00007f013205fafe in raise () from /lib64/libc.so.6 systemd#2 0x00007f013204887f in abort () from /lib64/libc.so.6 systemd#3 0x00007f01338d02d6 in log_assert_failed ( text=0x7f01340009e0 "e->state != SD_EVENT_FINISHED", file=0x7f0133fff403 "src/libsystemd/sd-event/sd-event.c", line=1399, func=0x7f01340045a0 <__func__.148> "sd_event_add_time") at ../src/basic/log.c:948 systemd#4 0x00007f01338d0457 in log_assert_failed_return ( text=0x7f01340009e0 "e->state != SD_EVENT_FINISHED", file=0x7f0133fff403 "src/libsystemd/sd-event/sd-event.c", line=1399, func=0x7f01340045a0 <__func__.148> "sd_event_add_time") at ../src/basic/log.c:967 systemd#5 0x00007f0133c7ed83 in sd_event_add_time (e=0x617000022280, ret=0x610000007e98, clock=7, usec=24054941030, accuracy=0, callback=0x4625b4 <on_announcement_timeout>, userdata=0x610000007e40) at ../src/libsystemd/sd-event/sd-event.c:1399 systemd#6 0x00007f0133c7f725 in sd_event_add_time_relative (e=0x617000022280, ret=0x610000007e98, clock=7, usec=1000000, accuracy=0, callback=0x4625b4 <on_announcement_timeout>, userdata=0x610000007e40) at ../src/libsystemd/sd-event/sd-event.c:1462 systemd#7 0x0000000000464cac in dns_scope_announce (scope=0x610000007e40, goodbye=true) at ../src/resolve/resolved-dns-scope.c:1530 systemd#8 0x0000000000504d08 in link_free (l=0x612000023d40) at ../src/resolve/resolved-link.c:83 systemd#9 0x000000000052dbbd in manager_free (m=0x619000000a80) at ../src/resolve/resolved-manager.c:697 systemd#10 0x0000000000562328 in manager_freep (p=0x7f012f800040) at ../src/resolve/resolved-manager.h:198 systemd#11 0x000000000056315a in run (argc=1, argv=0x7fff22b06468) at ../src/resolve/resolved.c:25 systemd#12 0x0000000000563284 in main (argc=1, argv=0x7fff22b06468) at ../src/resolve/resolved.c:99 --- Prompted by systemd#30049 (comment). (cherry picked from commit a4be4ad) (cherry picked from commit 390e942) (cherry picked from commit 3529def) (cherry picked from commit 8e70e22)

By making assert_return() critical, we observe the following: --- Program received signal SIGABRT, Aborted. 0x00007f01320b0884 in __pthread_kill_implementation () from /lib64/libc.so.6 (gdb) bt #0 0x00007f01320b0884 in __pthread_kill_implementation () from /lib64/libc.so.6 systemd#1 0x00007f013205fafe in raise () from /lib64/libc.so.6 systemd#2 0x00007f013204887f in abort () from /lib64/libc.so.6 systemd#3 0x00007f01338d02d6 in log_assert_failed ( text=0x7f01340009e0 "e->state != SD_EVENT_FINISHED", file=0x7f0133fff403 "src/libsystemd/sd-event/sd-event.c", line=1399, func=0x7f01340045a0 <__func__.148> "sd_event_add_time") at ../src/basic/log.c:948 systemd#4 0x00007f01338d0457 in log_assert_failed_return ( text=0x7f01340009e0 "e->state != SD_EVENT_FINISHED", file=0x7f0133fff403 "src/libsystemd/sd-event/sd-event.c", line=1399, func=0x7f01340045a0 <__func__.148> "sd_event_add_time") at ../src/basic/log.c:967 systemd#5 0x00007f0133c7ed83 in sd_event_add_time (e=0x617000022280, ret=0x610000007e98, clock=7, usec=24054941030, accuracy=0, callback=0x4625b4 <on_announcement_timeout>, userdata=0x610000007e40) at ../src/libsystemd/sd-event/sd-event.c:1399 systemd#6 0x00007f0133c7f725 in sd_event_add_time_relative (e=0x617000022280, ret=0x610000007e98, clock=7, usec=1000000, accuracy=0, callback=0x4625b4 <on_announcement_timeout>, userdata=0x610000007e40) at ../src/libsystemd/sd-event/sd-event.c:1462 systemd#7 0x0000000000464cac in dns_scope_announce (scope=0x610000007e40, goodbye=true) at ../src/resolve/resolved-dns-scope.c:1530 systemd#8 0x0000000000504d08 in link_free (l=0x612000023d40) at ../src/resolve/resolved-link.c:83 systemd#9 0x000000000052dbbd in manager_free (m=0x619000000a80) at ../src/resolve/resolved-manager.c:697 systemd#10 0x0000000000562328 in manager_freep (p=0x7f012f800040) at ../src/resolve/resolved-manager.h:198 systemd#11 0x000000000056315a in run (argc=1, argv=0x7fff22b06468) at ../src/resolve/resolved.c:25 systemd#12 0x0000000000563284 in main (argc=1, argv=0x7fff22b06468) at ../src/resolve/resolved.c:99 --- Prompted by systemd#30049 (comment). (cherry picked from commit a4be4ad)

fuzzers randomly fail with the following: ``` ==172==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7f41169cb39b in update_argv /work/build/../../src/systemd/src/basic/argv-util.c:96:13 systemd#1 0x7f41169cb39b in rename_process /work/build/../../src/systemd/src/basic/argv-util.c:210:16 systemd#2 0x7f4116b6824e in safe_fork_full /work/build/../../src/systemd/src/basic/process-util.c:1516:21 systemd#3 0x7f4116bffa36 in safe_fork /work/build/../../src/systemd/src/basic/process-util.h:191:16 systemd#4 0x7f4116bffa36 in parse_timestamp /work/build/../../src/systemd/src/basic/time-util.c:1047:13 systemd#5 0x4a61e6 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-time-util.c:16:16 systemd#6 0x4c4a13 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#7 0x4c41fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#8 0x4c58c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#9 0x4c6595 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#10 0x4b58ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#11 0x4def52 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 systemd#12 0x7f4115ea3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: e678fe54a5d2c2092f8e47eb0b33105e380f7340) systemd#13 0x41f5ad in _start (build-out/fuzz-time-util+0x41f5ad) DEDUP_TOKEN: update_argv--rename_process--safe_fork_full Uninitialized value was created by an allocation of 'fv' in the stack frame of function 'have_effective_cap' #0 0x7f41169d3540 in have_effective_cap /work/build/../../src/systemd/src/basic/capability-util.c:21 ``` (cherry picked from commit e521898)

By making assert_return() critical, we observe the following: --- Program received signal SIGABRT, Aborted. 0x00007f01320b0884 in __pthread_kill_implementation () from /lib64/libc.so.6 (gdb) bt #0 0x00007f01320b0884 in __pthread_kill_implementation () from /lib64/libc.so.6 systemd#1 0x00007f013205fafe in raise () from /lib64/libc.so.6 systemd#2 0x00007f013204887f in abort () from /lib64/libc.so.6 systemd#3 0x00007f01338d02d6 in log_assert_failed ( text=0x7f01340009e0 "e->state != SD_EVENT_FINISHED", file=0x7f0133fff403 "src/libsystemd/sd-event/sd-event.c", line=1399, func=0x7f01340045a0 <__func__.148> "sd_event_add_time") at ../src/basic/log.c:948 systemd#4 0x00007f01338d0457 in log_assert_failed_return ( text=0x7f01340009e0 "e->state != SD_EVENT_FINISHED", file=0x7f0133fff403 "src/libsystemd/sd-event/sd-event.c", line=1399, func=0x7f01340045a0 <__func__.148> "sd_event_add_time") at ../src/basic/log.c:967 systemd#5 0x00007f0133c7ed83 in sd_event_add_time (e=0x617000022280, ret=0x610000007e98, clock=7, usec=24054941030, accuracy=0, callback=0x4625b4 <on_announcement_timeout>, userdata=0x610000007e40) at ../src/libsystemd/sd-event/sd-event.c:1399 systemd#6 0x00007f0133c7f725 in sd_event_add_time_relative (e=0x617000022280, ret=0x610000007e98, clock=7, usec=1000000, accuracy=0, callback=0x4625b4 <on_announcement_timeout>, userdata=0x610000007e40) at ../src/libsystemd/sd-event/sd-event.c:1462 systemd#7 0x0000000000464cac in dns_scope_announce (scope=0x610000007e40, goodbye=true) at ../src/resolve/resolved-dns-scope.c:1530 systemd#8 0x0000000000504d08 in link_free (l=0x612000023d40) at ../src/resolve/resolved-link.c:83 systemd#9 0x000000000052dbbd in manager_free (m=0x619000000a80) at ../src/resolve/resolved-manager.c:697 systemd#10 0x0000000000562328 in manager_freep (p=0x7f012f800040) at ../src/resolve/resolved-manager.h:198 systemd#11 0x000000000056315a in run (argc=1, argv=0x7fff22b06468) at ../src/resolve/resolved.c:25 systemd#12 0x0000000000563284 in main (argc=1, argv=0x7fff22b06468) at ../src/resolve/resolved.c:99 --- Prompted by systemd#30049 (comment). (cherry picked from commit a4be4ad) (cherry picked from commit 390e942)

Avoid passing a NULL message to sd_bus_message_is_signal(), to not trip over an assertion: [ 132.869436] H testsuite-82.sh[614]: + systemctl --no-block --check-inhibitors=yes soft-reboot [ 132.967386] H systemd[1]: Created slice system-systemd\x2dcoredump.slice. [ 133.018292] H systemd[1]: Starting inhibit.service... [ 133.122610] H systemd[1]: Started systemd-coredump@0-665-0.service. [ 133.163643] H systemd[1]: Started inhibit.service. [ 133.206836] H testsuite-82.sh[614]: + exec sleep infinity [ 133.236762] H systemd-logind[611]: The system will reboot now! [ 135.891607] H systemd-coredump[667]: [🡕] Process 663 (busctl) of user 0 dumped core. Stack trace of thread 663: #0 0x00007f2ec45e6acf raise (libc.so.6 + 0x4eacf) systemd#1 0x00007f2ec45b9ea5 abort (libc.so.6 + 0x21ea5) systemd#2 0x00007f2ec4b5c9a6 log_assert_failed (libsystemd-shared-255.so + 0x1ff9a6) systemd#3 0x00007f2ec4b5dca5 log_assert_failed_return (libsystemd-shared-255.so + 0x200ca5) systemd#4 0x00007f2ec4bb3df6 sd_bus_message_is_signal (libsystemd-shared-255.so + 0x256df6) systemd#5 0x000000000040e478 monitor (busctl + 0xe478) systemd#6 0x000000000040e82f verb_monitor (busctl + 0xe82f) systemd#7 0x00007f2ec4b202cb dispatch_verb (libsystemd-shared-255.so + 0x1c32cb) systemd#8 0x00000000004074fa busctl_main (busctl + 0x74fa) systemd#9 0x0000000000407525 run (busctl + 0x7525) systemd#10 0x000000000040ff67 main (busctl + 0xff67) systemd#11 0x00007f2ec45d2d85 __libc_start_main (libc.so.6 + 0x3ad85) systemd#12 0x00000000004044be _start (busctl + 0x44be) ELF object binary architecture: AMD x86-64 [ 136.141152] H dbus-daemon[634]: [system] Monitoring connection :1.2 closed. [ 136.152233] H systemd[1]: busctl.service: Main process exited, code=dumped, status=6/ABRT [ 136.153996] H systemd[1]: busctl.service: Failed with result 'core-dump'. The asertion in question: Assertion 'm' failed at src/libsystemd/sd-bus/bus-message.c:1015, function sd_bus_message_is_signal(). Aborting. We can get a NULL message here through sd_bus_process() -> bus_process_internal() -> process_running(), so let's handle this case appropriately. (cherry picked from commit b4a21d5)

Since in that case the event loop is already finished and we'd hit an assertion: [ 1295.993300] testsuite-75.sh[50]: + systemctl stop systemd-resolved.service [ 1296.005152] systemd-resolved[298]: Assertion 'e->state != SD_EVENT_FINISHED' failed at src/libsystemd/sd-event/sd-event.c:1252, function sd_event_add_io(). Aborting. Thread 1 (Thread 0x7f17d25e2940 (LWP 298)): #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 systemd#1 0x00007f17d16ac8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 systemd#2 0x00007f17d165c668 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 systemd#3 0x00007f17d16444b8 in __GI_abort () at abort.c:79 systemd#4 0x00007f17d2402d2d in log_assert_failed (text=<optimized out>, file=<optimized out>, line=<optimized out>, func=<optimized out>) at ../build/src/basic/log.c:968 systemd#5 0x00007f17d240401c in log_assert_failed_return (text=text@entry=0x7f17d2533f13 "e->state != SD_EVENT_FINISHED", file=file@entry=0x7f17d25195d9 "src/libsystemd/sd-event/sd-event.c", line=line@entry=1252, func=func@entry=0x7f17d2567260 <__func__.140> "sd_event_add_io") at ../build/src/basic/log.c:987 systemd#6 0x00007f17d24d011a in sd_event_add_io (e=0x55e5cb497270, ret=0x55e5cb4a5120, fd=fd@entry=26, events=events@entry=1, callback=callback@entry=0x55e5caff5466 <on_io_event>, userdata=0x55e5cb4a5110) at ../build/src/libsystemd/sd-event/sd-event.c:1252 systemd#7 0x000055e5caff571c in manager_add_socket_to_graveyard (m=0x55e5cb43cf00, fd=26) at ../build/src/resolve/resolved-socket-graveyard.c:117 systemd#8 0x000055e5cafd4253 in dns_transaction_close_connection (t=t@entry=0x55e5cb57c7d0, use_graveyard=use_graveyard@entry=true) at ../build/src/resolve/resolved-dns-transaction.c:78 systemd#9 0x000055e5cafd8444 in dns_transaction_complete (t=t@entry=0x55e5cb57c7d0, state=state@entry=DNS_TRANSACTION_ABORTED) at ../build/src/resolve/resolved-dns-transaction.c:427 systemd#10 0x000055e5cafc4969 in dns_scope_abort_transactions (s=s@entry=0x55e5cb4b1a70) at ../build/src/resolve/resolved-dns-scope.c:91 systemd#11 0x000055e5cafc6aee in dns_scope_free (s=0x55e5cb4b1a70) at ../build/src/resolve/resolved-dns-scope.c:106 systemd#12 0x000055e5cafe72d1 in link_free (l=0x55e5cb4a5160) at ../build/src/resolve/resolved-link.c:94 systemd#13 0x000055e5cafedefc in manager_free (m=0x55e5cb43cf00) at ../build/src/resolve/resolved-manager.c:697 systemd#14 0x000055e5caff99b6 in manager_freep (p=p@entry=0x7ffd71fab8f8) at ../build/src/resolve/resolved-manager.h:198 systemd#15 0x000055e5caff9d66 in run (argc=argc@entry=1, argv=argv@entry=0x7ffd71faba78) at ../build/src/resolve/resolved.c:25 systemd#16 0x000055e5caff9fe3 in main (argc=1, argv=0x7ffd71faba78) at ../build/src/resolve/resolved.c:99 Resolves: systemd#30618 (cherry picked from commit ac1b7b9)

martinpitt mentioned this pull request Jun 2, 2015

shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define. #18

Closed

zonque added the cgroups label Jun 2, 2015

crrodriguez mentioned this pull request Jun 8, 2015

util:bind_remount_recursive() fix "use after free" #96

Merged

poettering added a commit that referenced this pull request Jun 10, 2015

Merge pull request #6 from xnox/drop-name

9649050

shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.

poettering merged commit 9649050 into systemd:master Jun 10, 2015

crrodriguez mentioned this pull request Jun 13, 2015

localectl, loginctl (sd-bus?) memory leak #185

Closed

teg mentioned this pull request Jun 17, 2015

hashmap debugging is not thread-safe #264

Closed

rickysarraf mentioned this pull request Sep 23, 2015

crash in journald #1353

Closed

Serafean mentioned this pull request Jan 14, 2016

I/O errors on journal files can make apps using sd-journal SIGBUS (such as qtcreator) #2323

Open

elkrejzi mentioned this pull request Jan 22, 2016

systemd-udevd crashes at shutdown #2418

Closed

TKSpyrop mentioned this pull request Jan 26, 2016

systemd-journal-upload dumps core due to SIGABRT, watchdog timeout #2439

Closed

TKSpyrop mentioned this pull request Feb 9, 2016

systemd crash #2558

Closed

glaubitz mentioned this pull request Feb 16, 2016

[sparc64]: systemctl fails with 'Failed to parse bus message: Bad message' #2633

Closed

klement mentioned this pull request Apr 1, 2016

systemd-journal abort when journal capacity exceeded #2924

Closed

2 tasks

martinpitt mentioned this pull request Jun 2, 2016

systemd-resolved crashes: Assertion '*_head == _item' failed #2942

Closed

2 tasks

fsateler mentioned this pull request Dec 19, 2016

systemctl segfault when told to cat a non-existent template unit #4912

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define. #6

shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define. #6

xnox commented Jun 2, 2015

shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define. #6

shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define. #6

Conversation

xnox commented Jun 2, 2015