Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

packit: enable Rawhide build test job #5

Closed
wants to merge 2 commits into from
Closed

packit: enable Rawhide build test job #5

wants to merge 2 commits into from

Conversation

mrc0mmand
Copy link
Member

spec: temporarily disable test-mountpoint-util
See: https://bugzilla.redhat.com/show_bug.cgi?id=1803070

packit: tweak the RPM version string
git describe returns in systemd's case 'v245-xxx' which breaks RPM
version detection (that expects 245-xxxx'. Let's tweak the version string
accordingly

Using the default one leads to this outcome:

dnf install ...
...
Error: Problem: The operation would result in removing the following protected packages: kernel-core, system

@mrc0mmand mrc0mmand force-pushed the packit branch 3 times, most recently from 12d1ff0 to 2063954 Compare January 27, 2021 13:24
@packit-as-a-service
Copy link

Failed to load packit config file:

Cannot load package config '.packit.yml'. while scanning a double-quoted scalar
  in "<unicode string>", line 14, column 13:
      pre-sync: "sed -ri '/^Patch[0-9]+\:.+\.pat ... 
                ^
found unknown escape character ':'
  in "<unicode string>", line 14, column 37:
      pre-sync: "sed -ri '/^Patch[0-9]+\:.+\.patch/d' .ci/packit/rpm/sys ... 
                                        ^

@mrc0mmand mrc0mmand force-pushed the packit branch 5 times, most recently from c28275d to 255cb21 Compare January 27, 2021 14:29
@mrc0mmand
Copy link
Member Author

Apart from one failing unit test it seems to work as expected:

441/613 test-mountpoint-util                      FAIL           0.12s (killed by signal 6 SIGABRT)

--- command ---
14:03:47 PATH='/builddir/build/BUILD/systemd-247.1097.g00491fb983/x86_64-redhat-linux-gnu:/builddir/.local/bin:/builddir/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin' SYSTEMD_LANGUAGE_FALLBACK_MAP='/builddir/build/BUILD/systemd-247.1097.g00491fb983/src/locale/language-fallback-map' SYSTEMD_KBD_MODEL_MAP='/builddir/build/BUILD/systemd-247.1097.g00491fb983/src/locale/kbd-model-map' /builddir/build/BUILD/systemd-247.1097.g00491fb983/x86_64-redhat-linux-gnu/test-mountpoint-util
--- stderr ---
Failed to read $container of PID 1, ignoring: Permission denied
Found container virtualization none.
Lacking privilege to create separate mount namespace, proceeding in originating mount namespace.
/* test_mount_propagation_flags(shared) */
/* test_mount_propagation_flags(slave) */
/* test_mount_propagation_flags(private) */
/* test_mount_propagation_flags((null)) */
/* test_mount_propagation_flags() */
/* test_mount_propagation_flags(xxxx) */
/* test_mount_propagation_flags( ) */
/* test_mnt_id */
mountinfo: / → 797
mountinfo: /var/cache/yum → 798
mountinfo: /var/cache/dnf → 799
mountinfo: /proc/filesystems → 800
mountinfo: /sys → 801
mountinfo: /sys/fs/selinux → 802
mountinfo: /dev → 803
mountinfo: /dev/shm → 804
mountinfo: /dev/pts → 805
mountinfo: /dev/btrfs-control → 806
mountinfo: /dev/loop-control → 807
mountinfo: /dev/loop0 → 808
mountinfo: /dev/loop1 → 809
mountinfo: /dev/loop10 → 810
mountinfo: /dev/loop11 → 811
mountinfo: /dev/loop2 → 812
mountinfo: /dev/loop3 → 813
mountinfo: /dev/loop4 → 814
mountinfo: /dev/loop5 → 815
mountinfo: /dev/loop6 → 816
mountinfo: /dev/loop7 → 817
mountinfo: /dev/loop8 → 818
mountinfo: /dev/loop9 → 819
mountinfo: /run → 820
mountinfo: /run/host → 821
mountinfo: /run/host/os-release → 822
mountinfo: /run/host/os-release → 823
mountinfo: /run/systemd/nspawn/incoming → 824
mountinfo: /etc/resolv.conf → 825
mountinfo: /proc → 827
mountinfo: /proc/sys → 829
mountinfo: /proc/acpi → 700
mountinfo: /proc/bus → 701
mountinfo: /proc/fs → 702
mountinfo: /proc/irq → 703
mountinfo: /proc/scsi → 704
mountinfo: /dev/mqueue → 705
mountinfo: /sys/fs/cgroup → 706
mountinfo: /proc/sys/kernel/random/boot_id → 707
mountinfo: /proc/sys/kernel/random/boot_id → 708
mountinfo: /proc/kmsg → 709
mnt ids of /sys is 801
mnt ids of /dev/loop3 is 813
mnt ids of /var/cache/yum is 798
mnt ids of /run/host/os-release is 822
mnt ids of /dev is 803
mnt ids of /run/host/os-release are 823, 822
the other path for mnt id 822 is /run/host/os-release
mnt ids of /dev/loop-control is 807
mnt ids of /dev/mqueue is 705
mnt ids of /run is 820
mnt ids of /dev/pts is 805
mnt ids of /etc/resolv.conf is 825
mnt ids of /proc/bus is 701
mnt ids of /dev/loop0 is 808
mnt ids of /sys/fs/cgroup is 706
mnt ids of /proc/filesystems are 800, 827
the other path for mnt id 827 is /proc
Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:97, function test_mnt_id(). Aborting.

@keszybz would something like this work for upstream?

@keszybz
Copy link
Contributor

keszybz commented Jan 27, 2021

Re failing test → see systemd/systemd#17050.

keszybz
keszybz reviewed Jan 27, 2021
View reviewed changes
.packit.yml Outdated
actions:
post-upstream-clone:
- "git clone https://src.fedoraproject.org/rpms/systemd .ci/packit/rpm --depth=1"
- "sed -ri '/^Patch[0-9]+\\:.+\\.patch/d' .ci/packit/rpm/systemd.spec"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some patches should be kept. Maybe we should split the patch list upstream: use Patch0900+ for patches that are downstream specific and should not be removed. Use Patch0000-0899 for patches that are backported from upstream.

This would resolve the issue with the failing test too.

Copy link
Member Author

@mrc0mmand mrc0mmand Jan 27, 2021
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some patches should be kept. Maybe we should split the patch list upstream:

you meant downstream (Fedora)?

use Patch0900+ for patches that are downstream specific and should not be removed. Use Patch0000-0899 for patches that are backported from upstream.

This would resolve the issue with the failing test too.

That would be great, if it's not too much of a hassle for you.

.packit.yml
trigger: pull_request
metadata:
targets:
- fedora-rawhide-x86_64
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could build for other arches here. Why no "all" ?

Copy link
Member Author

@mrc0mmand mrc0mmand Jan 27, 2021
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was just PoC so far if it's even a viable option, building on other archs would be definitely a way to go.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the currently available rawhide chroots:

fedora-rawhide-aarch64
fedora-rawhide-armhfp
fedora-rawhide-i386
fedora-rawhide-s390x
fedora-rawhide-x86_64

only x86_64 and aarch64 are usable - the rest is either irrelevant (i386) or emulated (s390x and armhfp), thus taking a really long time (~4 hours for the s390x build).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i386 is definitely relevant, we still support 32 bit builds.

I agree that emulated architectures should be dropped.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, mea culpa, I wasn't even sure if it's going to compile on i386 Fedora given the warning (Not-released Koji packages, [more info](https://fedoraproject.org/wiki/Changes/Noi686Repositories) why you probably don't need this one). However, it builds without issues and it's as fast as the other native archs, neat!

@packit-as-a-service-stg
Copy link

Failed to load packit config file:

Cannot load package config '.packit.yml'. while scanning a double-quoted scalar
  in "<unicode string>", line 14, column 13:
      pre-sync: "sed -ri '/^Patch[0-9]+\:.+\.pat ... 
                ^
found unknown escape character ':'
  in "<unicode string>", line 14, column 37:
      pre-sync: "sed -ri '/^Patch[0-9]+\:.+\.patch/d' .ci/packit/rpm/sys ... 
                                        ^

@mrc0mmand mrc0mmand force-pushed the packit branch 3 times, most recently from e1766df to 71345cf Compare January 28, 2021 10:19
@keszybz
Copy link
Contributor

keszybz commented Jan 28, 2021

https://src.fedoraproject.org/rpms/systemd/c/88c9300a60ed9397896050e0708edd3cbbc84957?branch=master

@mrc0mmand
Copy link
Member Author

https://src.fedoraproject.org/rpms/systemd/c/88c9300a60ed9397896050e0708edd3cbbc84957?branch=master

Thank you!

@mrc0mmand
Copy link
Member Author

Proposed upstream: systemd/systemd#18396

@mrc0mmand mrc0mmand closed this Jan 28, 2021
@mrc0mmand mrc0mmand deleted the packit branch January 28, 2021 21:31
mrc0mmand pushed a commit that referenced this pull request Mar 15, 2021
@keszybz
homed: disable event sources before unreffing them
cf53663 
C.f. 9793530.

We'd crash when trying to access an already-deallocated object:

Thread no. 1 (7 frames)
 #2 log_assert_failed_realm at ../src/basic/log.c:844
 #3 event_inotify_data_drop at ../src/libsystemd/sd-event/sd-event.c:3035
 #4 source_dispatch at ../src/libsystemd/sd-event/sd-event.c:3250
 #5 sd_event_dispatch at ../src/libsystemd/sd-event/sd-event.c:3631
 #6 sd_event_run at ../src/libsystemd/sd-event/sd-event.c:3689
 #7 sd_event_loop at ../src/libsystemd/sd-event/sd-event.c:3711
 #8 run at ../src/home/homed.c:47

The source in question is an inotify source, and the messages are:

systemd-homed[1340]: /home/ moved or renamed, recreating watch and rescanning.
systemd-homed[1340]: Assertion '*_head == _item' failed at src/libsystemd/sd-event/sd-event.c:3035, function event_inotify_data_drop(). Aborting.

on_home_inotify() got called, then manager_watch_home(), which unrefs the
existing inotify_event_source. I assume that the source gets dispatched again
because it was still in the pending queue.

I can't reproduce the issue (timing?), but this should
fix #17824, https://bugzilla.redhat.com/show_bug.cgi?id=1899264.
mrc0mmand pushed a commit that referenced this pull request Mar 23, 2021
@keszybz
shared/calendarspec: when mktime() moves us backwards, jump forward
129cb6e 
When trying to calculate the next firing of 'Sun *-*-* 01:00:00', we'd fall
into an infinite loop, because mktime() moves us "backwards":

Before this patch:
tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
...

We rely on mktime() normalizing the time. The man page does not say that it'll
move the time forward, but our algorithm relies on this. So let's catch this
case explicitly.

With this patch:
$ TZ=Europe/Dublin faketime 2021-03-21 build/systemd-analyze calendar --iterations=5 'Sun *-*-* 01:00:00'
Normalized form: Sun *-*-* 01:00:00
    Next elapse: Sun 2021-03-21 01:00:00 GMT
       (in UTC): Sun 2021-03-21 01:00:00 UTC
       From now: 59min left
       Iter. #2: Sun 2021-04-04 01:00:00 IST
       (in UTC): Sun 2021-04-04 00:00:00 UTC
       From now: 1 weeks 6 days left           <---- note the 2 week jump here
       Iter. #3: Sun 2021-04-11 01:00:00 IST
       (in UTC): Sun 2021-04-11 00:00:00 UTC
       From now: 2 weeks 6 days left
       Iter. #4: Sun 2021-04-18 01:00:00 IST
       (in UTC): Sun 2021-04-18 00:00:00 UTC
       From now: 3 weeks 6 days left
       Iter. #5: Sun 2021-04-25 01:00:00 IST
       (in UTC): Sun 2021-04-25 00:00:00 UTC
       From now: 1 months 4 days left

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1941335.
mrc0mmand pushed a commit that referenced this pull request Jan 7, 2022
@keszybz @bluca
coredump: do not crash if we failed to acquire exe path
c790632 
The COREDUMP_EXE attribute is "optional", i.e. we continue to process the
crash even if we didn't acquire it. The coredump generation code assumed
that it is always available:

 #5 endswith at ../src/fundamental/string-util-fundamental.c:41
 [ endswith() is called with NULL here, and an assertion fails. ]
 #6 submit_coredump at ../src/coredump/coredump.c:823
 #7 process_socket at ../src/coredump/coredump.c:1038
 #8 run at ../src/coredump/coredump.c:1413

We use the exe path for loop detection, and also (ultimately) pass it to
dwfl_core_file_report(). The latter seems to be fine will NULL, so let's just
change our code to look at COMM, which should be more reliable anyway.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2036517.
mrc0mmand pushed a commit that referenced this pull request Feb 9, 2022
@evverx
tests: fuzz client_handle_offer
4158af3 
Turns out that part of systemd isn't covered by any fuzz targets and
that's not ideal considering that it parses data sent remotely. The
fuzzer triggers an infinite loop in lease_parse_routes as soon as it
starts so it seems to be working :-)
```
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 23620602
INFO: Loaded 2 modules   (182073 inline 8-bit counters): 176548 [0x7fdf511fc8d0, 0x7fdf51227a74), 5525 [0x5f6ef0, 0x5f8485),
INFO: Loaded 2 PC tables (182073 PCs): 176548 [0x7fdf51227a78,0x7fdf514d94b8), 5525 [0x5f8488,0x60ddd8),
./build/fuzz-dhcp-client: Running 1 inputs 1 time(s) each.
Running: test/fuzz/fuzz-dhcp-client/timeout-ed34161922c7075c4773f2ada3dee8685d220980
ALARM: working on the last Unit for 31 seconds
       and the timeout value is 30 (use -timeout=N to change)
==80731== ERROR: libFuzzer: timeout after 31 seconds
    #0 0x51b32e in __sanitizer_print_stack_trace (/home/vagrant/systemd/build/fuzz-dhcp-client+0x51b32e)
    #1 0x4689e9 in fuzzer::PrintStackTrace() (/home/vagrant/systemd/build/fuzz-dhcp-client+0x4689e9)
    #2 0x44a0f4 in fuzzer::Fuzzer::StaticAlarmCallback() (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a0f4)
    #3 0x7fdf4f8b474f  (/lib64/libc.so.6+0x4274f)
    #4 0x465fee in __sanitizer_cov_trace_const_cmp4 (/home/vagrant/systemd/build/fuzz-dhcp-client+0x465fee)
    #5 0x57eee5 in lease_parse_routes /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:495:23
    #6 0x57baf3 in dhcp_lease_parse_options /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:701:21
    #7 0x572450 in parse_options /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:348:33
    #8 0x571cea in dhcp_option_parse /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:381:21
    #9 0x559a01 in client_handle_offer /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-client.c:1543:13
    #10 0x5592bd in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/libsystemd-network/fuzz-dhcp-client.c:78:9
    #11 0x44a379 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a379)
    #12 0x42ae1f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x42ae1f)
    #13 0x432ade in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x432ade)
    #14 0x421f86 in main (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421f86)
    #15 0x7fdf4f89f55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
    #16 0x7fdf4f89f60b in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2d60b)
    #17 0x421fd4 in _start (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421fd4)

SUMMARY: libFuzzer: timeout
```
mrc0mmand pushed a commit that referenced this pull request Feb 9, 2022
@evverx
sd-dhcp-lease: fix a memory leak in dhcp_lease_parse_search_domains
9591c0a 
=================================================================
==81071==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x51245c in __interceptor_reallocarray (/home/vagrant/systemd/build/fuzz-dhcp-client+0x51245c)
    #1 0x7f01440c67e6 in strv_push /home/vagrant/systemd/build/../src/basic/strv.c:435:13
    #2 0x7f01440ca9e1 in strv_consume /home/vagrant/systemd/build/../src/basic/strv.c:506:13
    #3 0x7f01440ca9e1 in strv_extend /home/vagrant/systemd/build/../src/basic/strv.c:558:16
    #4 0x5806e3 in dhcp_lease_parse_search_domains /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:900:21
    #5 0x57c1be in dhcp_lease_parse_options /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:727:21
    #6 0x572450 in parse_options /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:348:33
    #7 0x571c6a in dhcp_option_parse /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:376:13
    #8 0x559a01 in client_handle_offer /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-client.c:1543:13
    #9 0x5592bd in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/libsystemd-network/fuzz-dhcp-client.c:74:16
    #10 0x44a379 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a379)
    #11 0x42ae1f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x42ae1f)
    #12 0x432ade in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x432ade)
    #13 0x421f86 in main (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421f86)
    #14 0x7f0142fff55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
mrc0mmand pushed a commit that referenced this pull request Jun 16, 2022
@evverx @yuwata
timedatectl: fix a memory leak
a2e37d5 
```
timedatectl list-timezones --no-pager
...
==164329==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 8192 byte(s) in 1 object(s) allocated from:
    #0 0x7fe8a74b6f8c in reallocarray (/lib64/libasan.so.6+0xaef8c)
    #1 0x7fe8a63485dc in strv_push ../src/basic/strv.c:419
    #2 0x7fe8a6349419 in strv_consume ../src/basic/strv.c:490
    #3 0x7fe8a634958d in strv_extend ../src/basic/strv.c:542
    #4 0x7fe8a643d787 in bus_message_read_strv_extend ../src/libsystemd/sd-bus/bus-message.c:5606
    #5 0x7fe8a643db9d in sd_bus_message_read_strv ../src/libsystemd/sd-bus/bus-message.c:5628
    #6 0x4085fb in list_timezones ../src/timedate/timedatectl.c:314
    #7 0x7fe8a61ef3e1 in dispatch_verb ../src/shared/verbs.c:103
    #8 0x410f91 in timedatectl_main ../src/timedate/timedatectl.c:1025
    #9 0x41111c in run ../src/timedate/timedatectl.c:1043
    #10 0x411242 in main ../src/timedate/timedatectl.c:1046
    #11 0x7fe8a489df1f in __libc_start_call_main (/lib64/libc.so.6+0x40f1f)
```
mrc0mmand pushed a commit that referenced this pull request Jun 16, 2022
@poettering
efi: include UEFI monotonic boot counter in random seed
f183c4f 
UEFI provides a "monotonic boot counter" which is supposed to increase on
each reboot. We can include this in our random seed hash logic, which
makes things more robust in case our changes to the ESP end up not
actually being as persistent as we assume. As long as the monotonic boot
counter increases we should be good, as each boot we'll anyway end up
with a new seed that way.

This in fact should also pave the way that we can eventually enable the
random seed logic even on SecureBoot enabled systems. Why that? With
this change the input for the random seed hash is now:

1. the old seed file contents
2. (optionally) some bits from the UEFI RNG
3. (optionally) a per system random "token" stored in an UEFI variable,
   initialized at OS install
4. the UEFI monotonic counter
5. a counter integer used by the random seed logic.

We can ignore #5 entirely for security considerations, it's always going
to be a constant series of values determined by the random seed logic.

The #1 file is under control of the attacker. (Since it resides in the
unprotected ESP)

The #2 data is possibly low quality. (it's hard enough to trust the
quality of the Linux RNG, let's not go as far as trusting the UEFI one)

The #3 data should not be under control of the attacker, and should only
exist if explicitly set. Unless you have privileged access to the system
you should not be able to read or set it. (well, within limits of flash
chip security and its connectivity to the firmware)

The #4 data is provided by the firmware, and should not be under control
of the attacker. If it works correctly then it might still be guessable
(i.e. a new system might have the counter close to zero).

Thus: 1+2+5 are guessable/under control of attacker, but 3+4 should not
be. Thus, if 3 is not known to attacker and not guessable, and 4
strictly monotonically increasing then it should be enough to guarantee
that every boot will get a different seed passed in, that should not be
known or guessable by the attacker.

That all said, this patch does not enable the random seed logic on
SecureBoot. That is left for a later patch.
mrc0mmand added a commit that referenced this pull request Jun 16, 2022
@mrc0mmand @yuwata
test: add coverage for #23481
eec2161 
Provide some coverage for systemd/systemd#23481.

Without 794da5a:
```
[   34.730815] testsuite-29.sh[600]: + portablectl detach --now --runtime --enable /tmp/rootdir minimal-app0
         Stopping minimal-app0-foo.service...
[  OK  ] Stopped minimal-app0-foo.service.
         Stopping minimal-app0.service...
[  OK  ] Stopped minimal-app0.service.
[   34.878050] testsuite-29.sh[1383]: =================================================================
[   34.878421] testsuite-29.sh[1383]: ==1383==ERROR: LeakSanitizer: detected memory leaks
[   34.878784] testsuite-29.sh[1383]: Direct leak of 48 byte(s) in 2 object(s) allocated from:
[   34.879174] testsuite-29.sh[1383]:     #0 0x7fdf9c8b0f8c in reallocarray (/lib64/libasan.so.6+0xaef8c)
[   34.879554] testsuite-29.sh[1383]:     #1 0x7fdf9b4270f5 in unit_file_changes_add ../src/shared/install.c:282
[   34.879926] testsuite-29.sh[1383]:     #2 0x7fdf9b2ad9e5 in bus_deserialize_and_dump_unit_file_changes ../src/shared/bus-unit-util.c:2688
[   34.880267] testsuite-29.sh[1383]:     #3 0x40bc27 in maybe_enable_disable ../src/portable/portablectl.c:582
[   34.880673] testsuite-29.sh[1383]:     #4 0x40ef56 in maybe_stop_disable ../src/portable/portablectl.c:810
[   34.881064] testsuite-29.sh[1383]:     #5 0x410bc2 in detach_image ../src/portable/portablectl.c:924
[   34.881493] testsuite-29.sh[1383]:     #6 0x7fdf9b5df424 in dispatch_verb ../src/shared/verbs.c:103
[   34.881953] testsuite-29.sh[1383]:     #7 0x41604a in run ../src/portable/portablectl.c:1427
[   34.882459] testsuite-29.sh[1383]:     #8 0x416106 in main ../src/portable/portablectl.c:1430
[   34.882947] testsuite-29.sh[1383]:     #9 0x7fdf99d5de8f in __libc_start_call_main (/lib64/libc.so.6+0x44e8f)
[   34.883368] testsuite-29.sh[1383]: Indirect leak of 104 byte(s) in 2 object(s) allocated from:
[   34.883732] testsuite-29.sh[1383]:     #0 0x7fdf9c85b8f7 in strdup (/lib64/libasan.so.6+0x598f7)
[   34.884089] testsuite-29.sh[1383]:     #1 0x7fdf9b4271aa in unit_file_changes_add ../src/shared/install.c:288
[   34.884508] testsuite-29.sh[1383]:     #2 0x7fdf9b2ad9e5 in bus_deserialize_and_dump_unit_file_changes ../src/shared/bus-unit-util.c:2688
[   34.884926] testsuite-29.sh[1383]:     #3 0x40bc27 in maybe_enable_disable ../src/portable/portablectl.c:582
[   34.885307] testsuite-29.sh[1383]:     #4 0x40ef56 in maybe_stop_disable ../src/portable/portablectl.c:810
[   34.885647] testsuite-29.sh[1383]:     #5 0x410bc2 in detach_image ../src/portable/portablectl.c:924
[   34.885987] testsuite-29.sh[1383]:     #6 0x7fdf9b5df424 in dispatch_verb ../src/shared/verbs.c:103
[   34.886271] testsuite-29.sh[1383]:     #7 0x41604a in run ../src/portable/portablectl.c:1427
[   34.886557] testsuite-29.sh[1383]:     #8 0x416106 in main ../src/portable/portablectl.c:1430
[   34.886892] testsuite-29.sh[1383]:     #9 0x7fdf99d5de8f in __libc_start_call_main (/lib64/libc.so.6+0x44e8f)
[   34.887187] testsuite-29.sh[1383]: Indirect leak of 2 byte(s) in 2 object(s) allocated from:
[   34.887520] testsuite-29.sh[1383]:     #0 0x7fdf9c85b8f7 in strdup (/lib64/libasan.so.6+0x598f7)
[   34.887797] testsuite-29.sh[1383]:     #1 0x7fdf9b427249 in unit_file_changes_add ../src/shared/install.c:296
[   34.888117] testsuite-29.sh[1383]:     #2 0x7fdf9b2ad9e5 in bus_deserialize_and_dump_unit_file_changes ../src/shared/bus-unit-util.c:2688
[   34.888434] testsuite-29.sh[1383]:     #3 0x40bc27 in maybe_enable_disable ../src/portable/portablectl.c:582
[   34.888693] testsuite-29.sh[1383]:     #4 0x40ef56 in maybe_stop_disable ../src/portable/portablectl.c:810
[   34.888990] testsuite-29.sh[1383]:     #5 0x410bc2 in detach_image ../src/portable/portablectl.c:924
[   34.889254] testsuite-29.sh[1383]:     #6 0x7fdf9b5df424 in dispatch_verb ../src/shared/verbs.c:103
[   34.889580] testsuite-29.sh[1383]:     #7 0x41604a in run ../src/portable/portablectl.c:1427
[   34.889877] testsuite-29.sh[1383]:     #8 0x416106 in main ../src/portable/portablectl.c:1430
[   34.890193] testsuite-29.sh[1383]:     #9 0x7fdf99d5de8f in __libc_start_call_main (/lib64/libc.so.6+0x44e8f)
[   34.890482] testsuite-29.sh[1383]: SUMMARY: AddressSanitizer: 154 byte(s) leaked in 6 allocation(s).

```

With 794da5a:
```
[  OK  ] Started minimal-app0.service.
[   36.794367] testsuite-29.sh[600]: + portablectl detach --now --runtime --enable /tmp/rootdir minimal-app0
         Stopping minimal-app0-foo.service...
[  OK  ] Stopped minimal-app0-foo.service.
         Stopping minimal-app0.service...
[  OK  ] Stopped minimal-app0.service.
[   36.851251] testsuite-29.sh[600]: + umount /tmp/rootdir
```
DaanDeMeyer pushed a commit to DaanDeMeyer/systemd-rpm that referenced this pull request Jul 7, 2022
@keszybz
Reorder patch to separate downstream-only patches
88c9300 
For systemd-ci-incubator/systemd#5:
we want to drop any upstream patches when building from upstream git.
mrc0mmand pushed a commit that referenced this pull request Oct 4, 2022
@yuwata
bootspec: do not build two many json object at once
4d49d19 
This is a workaround for an issue in the memory sanitizer.
If a function is called with too many arguments, then the sanitizer
triggers the following false-positive warning:

==349==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7f8b247134a7 in json_buildv /work/build/../../src/systemd/src/shared/json.c:3213:17
    #1 0x7f8b24714231 in json_build /work/build/../../src/systemd/src/shared/json.c:4117:13
    #2 0x7f8b24487fa5 in show_boot_entries /work/build/../../src/systemd/src/shared/bootspec.c:1424:29
    #3 0x4a6a1b in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-bootspec.c:119:16
    #4 0x4c6693 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #5 0x4c5e7a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #6 0x4c7ce4 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:826:7
    #7 0x4c7f19 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:857:3
    #8 0x4b757f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #9 0x4e0bd2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #10 0x7f8b23ead082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #11 0x41f69d in _start (build-out/fuzz-bootspec+0x41f69d)

Follow-up for #24541.
Fixes #24551.
mrc0mmand pushed a commit that referenced this pull request Oct 4, 2022
@keszybz
coredump: shorten output about package metadata to one line
1a0281a 
We would print the whole thing in extenso. Users generally don't care,
and would likely prefer to just get the compact identifier of the package
that they can use in a bug report or package manager commands.

Before:
systemd-coredump[40645]: [🡕] Process 1975 (gnome-shell) of user 1000 dumped core.

                         Module /usr/bin/gnome-shell (deleted) with build-id aafdb7d69a7efca937e490080ad9348541fc57d8
                         Metadata for module /usr/bin/gnome-shell (deleted) owned by FDO found: {
                                 "type" : "rpm",
                                 "name" : "gnome-shell",
                                 "version" : "43~rc-3.fc37",
                                 "architecture" : "x86_64",
                                 "osCpe" : "cpe:/o:fedoraproject:fedora:37"
                         }

                         Module /usr/lib64/gnome-shell/libgvc.so (deleted) with build-id 56cbb9862e1ee84ca1549b94f2b4cda03537613e
                         Metadata for module /usr/lib64/gnome-shell/libgvc.so (deleted) owned by FDO found: {
                                 "type" : "rpm",
                                 "name" : "gnome-shell",
                                 "version" : "43~rc-2.fc37",
                                 "architecture" : "x86_64",
                                 "osCpe" : "cpe:/o:fedoraproject:fedora:37"
                         }

                         Module /usr/lib64/libLLVM-14.so (deleted) with build-id ffa7e43f48eb4c189304c0241b1862710de4c3a4
                         Metadata for module /usr/lib64/libLLVM-14.so (deleted) owned by FDO found: {
                                 "type" : "rpm",
                                 "name" : "gnome-shell",
                                 "version" : "43~rc-2.fc37",
                                 "architecture" : "x86_64",
                                 "osCpe" : "cpe:/o:fedoraproject:fedora:37"
                         }

After:
systemd-coredump[235218]: [🡕] Process 235216 (bash) of user 1000 dumped core.

                          Module libtinfo.so.6 from rpm ncurses-6.3-3.20220501.fc37.x86_64, build-id=71a04d23fd572525eb6efc47026c379725e06d96
                          Module bash from rpm bash-5.1.16-3.fc37.x86_64, build-id=6c936aff95a2ccda04a3fb685a81a84a0a8d10da
                          Stack trace of thread 235216:
                          #0  0x00007fa409ec8d8b kill (libc.so.6 + 0x38d8b)
                          #1  0x0000560d35e366b1 kill_builtin (bash + 0xad6b1)
                          #2  0x0000560d35dd7227 execute_builtin.lto_priv.0 (bash + 0x4e227)
                          #3  0x0000560d35dd0459 execute_simple_command (bash + 0x47459)
                          #4  0x0000560d35dd1de0 execute_command_internal (bash + 0x48de0)
                          #5  0x0000560d35e307aa parse_and_execute (bash + 0xa77aa)
                          #6  0x0000560d35e91b08 run_one_command.isra.0 (bash + 0x108b08)
                          #7  0x0000560d35dba07c main (bash + 0x3107c)
                          #8  0x00007fa409eb3510 __libc_start_call_main (libc.so.6 + 0x23510)
                          #9  0x00007fa409eb35c9 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x235c9)
                          #10 0x0000560d35dbad85 _start (bash + 0x31d85)
mrc0mmand pushed a commit that referenced this pull request Dec 3, 2023
@yuwata @DaanDeMeyer
capability-util: avoid false-positive use-of-uninitialized-value error
e521898 
fuzzers randomly fail with the following:
```
==172==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7f41169cb39b in update_argv /work/build/../../src/systemd/src/basic/argv-util.c:96:13
    #1 0x7f41169cb39b in rename_process /work/build/../../src/systemd/src/basic/argv-util.c:210:16
    #2 0x7f4116b6824e in safe_fork_full /work/build/../../src/systemd/src/basic/process-util.c:1516:21
    #3 0x7f4116bffa36 in safe_fork /work/build/../../src/systemd/src/basic/process-util.h:191:16
    #4 0x7f4116bffa36 in parse_timestamp /work/build/../../src/systemd/src/basic/time-util.c:1047:13
    #5 0x4a61e6 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-time-util.c:16:16
    #6 0x4c4a13 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #7 0x4c41fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #8 0x4c58c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #9 0x4c6595 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #10 0x4b58ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #11 0x4def52 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #12 0x7f4115ea3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: e678fe54a5d2c2092f8e47eb0b33105e380f7340)
    #13 0x41f5ad in _start (build-out/fuzz-time-util+0x41f5ad)

DEDUP_TOKEN: update_argv--rename_process--safe_fork_full
  Uninitialized value was created by an allocation of 'fv' in the stack frame of function 'have_effective_cap'
    #0 0x7f41169d3540 in have_effective_cap /work/build/../../src/systemd/src/basic/capability-util.c:21
```
mrc0mmand added a commit that referenced this pull request Feb 11, 2024
@mrc0mmand @bluca
test: reinitialize arg_transport before parsing arguments
b53bd7a 
Since libfuzzer feeds a single fuzzing process with multiple inputs, we
might carry over arg_transport from a previous invocation, tripping over
the assert in acquire_bus():

+----------------------------------------Release Build Stacktrace----------------------------------------+
Assertion 'transport != BUS_TRANSPORT_REMOTE || runtime_scope == RUNTIME_SCOPE_SYSTEM' failed at src/shared/bus-util.c:284, function bus_connect_transport(). Aborting.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2739==ERROR: AddressSanitizer: ABRT on unknown address 0x00000ab3 (pc 0xf7f52509 bp 0xffdf74cc sp 0xffdf74b0 T0)
SCARINESS: 10 (signal)
    #0 0xf7f52509 in linux-gate.so.1
    #1 0xf703b415 in raise
    #2 0xf70233f6 in abort
    #3 0xf772ac0a in log_assert_failed systemd/src/basic/log.c:968:9
    #4 0xf77300d5 in log_assert_failed_return systemd/src/basic/log.c:987:17
    #5 0xf7432bbf in bus_connect_transport systemd/src/shared/bus-util.c:284:9
    #6 0x818cd17 in acquire_bus systemd/src/systemctl/systemctl-util.c:53:29
    #7 0x815fd3c in help_boot_loader_entry systemd/src/systemctl/systemctl-logind.c:431:13
    #8 0x819ca87 in systemctl_parse_argv systemd/src/systemctl/systemctl.c:863:37
    #9 0x8197632 in systemctl_dispatch_parse_argv systemd/src/systemctl/systemctl.c:1137:16
    #10 0x813328d in LLVMFuzzerTestOneInput systemd/src/systemctl/fuzz-systemctl-parse-argv.c:54:13
    #11 0x81bbe7e in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #12 0x81bb5b8 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned int, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #13 0x81bd42d in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:826:7
    #14 0x81bd62e in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:857:3
    #15 0x81ac84c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned int)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #16 0x81d65c7 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #17 0xf7024ed4 in __libc_start_main
    #18 0x806bdb5 in _start

Resolves: #30802
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keszybz keszybz keszybz left review comments

Assignees
No one assigned
Labels
merged-upstream
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mrc0mmand @keszybz