mount-setup: create /run/systemd/netif/links/ before accessing#14
Conversation
systemd-timesyncd breaks with Starting Network Time Synchronization... [FAILED] Failed to start Network Time Synchronization. when we have timesyncd activated and systemd-networkd not. Create directory before using it.
Contributor
|
As mentioned on the ML, this should not be done in PID1. We either need a tmpfile fragment, or simply teach timesyncd to ignore this failure. |
ghost
restored the
Closed
evverx
referenced
this pull request
in evverx/systemd
Mar 14, 2016
Fixes:
Message: Process 806 (systemd-importd) of user 0 dumped core.
Stack trace of thread 806:
#0 0x00007f5eaeff7227 raise (libc.so.6)
#1 0x00007f5eaeff8e8a abort (libc.so.6)
#2 0x000055b6d3418f4f log_assert_failed (systemd-importd)
#3 0x000055b6d3409daf safe_close (systemd-importd)
#4 0x000055b6d33c25ea closep (systemd-importd)
#5 0x000055b6d33c38d9 setup_machine_directory (systemd-importd)
#6 0x000055b6d33b8536 method_pull_tar_or_raw (systemd-importd)
#7 0x000055b6d33ed097 method_callbacks_run (systemd-importd)
#8 0x000055b6d33ef929 object_find_and_run (systemd-importd)
#9 0x000055b6d33eff6b bus_process_object (systemd-importd)
#10 0x000055b6d3447f77 process_message (systemd-importd)
#11 0x000055b6d344815a process_running (systemd-importd)
#12 0x000055b6d3448a10 bus_process_internal (systemd-importd)
#13 0x000055b6d3448ae1 sd_bus_process (systemd-importd)
#14 0x000055b6d3449779 time_callback (systemd-importd)
#15 0x000055b6d3454ff4 source_dispatch (systemd-importd)
#16 0x000055b6d34562b9 sd_event_dispatch (systemd-importd)
#17 0x000055b6d34566f8 sd_event_run (systemd-importd)
#18 0x000055b6d33ba72a bus_event_loop_with_idle (systemd-importd)
#19 0x000055b6d33b95bc manager_run (systemd-importd)
#20 0x000055b6d33b9766 main (systemd-importd)
#21 0x00007f5eaefe2a00 __libc_start_main (libc.so.6)
#22 0x000055b6d33b5569 _start (systemd-importd)
evverx
referenced
this pull request
in evverx/systemd
Jun 4, 2016
This makes systemctl robust regarding journal truncation. This is a follow-up for 2cf4172 Fixes: Core was generated by `./systemctl status systemd-journald'. Program terminated with signal SIGBUS, Bus error. PID 8569 - core TID 8569: #0 0x00007f246cc89ed6 __memcmp_sse4_1 #1 0x0000557ebbc6f42c journal_file_init_header #2 0x0000557ebbc77262 journal_file_open #3 0x0000557ebbc42999 file_type_wanted #4 0x0000557ebbc42e08 add_any_file #5 0x0000557ebbc43832 add_directory #6 0x0000557ebbc4401c add_root_directory #7 0x0000557ebbc442e9 add_root_directory #8 0x0000557ebbc446fc add_search_paths #9 0x0000557ebbbacb5e show_journal_by_unit #10 0x0000557ebbb8376d print_status_info #11 0x0000557ebbb86a0b show_one #12 0x0000557ebbb87954 show #13 0x0000557ebbc20b1f dispatch_verb #14 0x0000557ebbb90615 systemctl_main #15 0x0000557ebbb9159f main #16 0x00007f246cb3e731 __libc_start_main #17 0x0000557ebbb75ae9 _start
keszybz
pushed a commit
that referenced
this pull request
Jun 4, 2016
This makes systemctl robust regarding journal truncation. This is a follow-up for 2cf4172 Fixes: Core was generated by `./systemctl status systemd-journald'. Program terminated with signal SIGBUS, Bus error. PID 8569 - core TID 8569: #0 0x00007f246cc89ed6 __memcmp_sse4_1 #1 0x0000557ebbc6f42c journal_file_init_header #2 0x0000557ebbc77262 journal_file_open #3 0x0000557ebbc42999 file_type_wanted #4 0x0000557ebbc42e08 add_any_file #5 0x0000557ebbc43832 add_directory #6 0x0000557ebbc4401c add_root_directory #7 0x0000557ebbc442e9 add_root_directory #8 0x0000557ebbc446fc add_search_paths #9 0x0000557ebbbacb5e show_journal_by_unit #10 0x0000557ebbb8376d print_status_info #11 0x0000557ebbb86a0b show_one #12 0x0000557ebbb87954 show #13 0x0000557ebbc20b1f dispatch_verb #14 0x0000557ebbb90615 systemctl_main #15 0x0000557ebbb9159f main #16 0x00007f246cb3e731 __libc_start_main #17 0x0000557ebbb75ae9 _start
evverx
referenced
this pull request
in evverx/systemd
Jan 9, 2017
Fixes:
```
touch hola.service
systemctl link $(pwd)/hola.service $(pwd)/hola.service
```
```
==1==ERROR: AddressSanitizer: attempting double-free on 0x60300002c560 in thread T0 (systemd):
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
#1 0x7fc8c90ebd3b in strv_clear src/basic/strv.c:83
#2 0x7fc8c90ebdb6 in strv_free src/basic/strv.c:89
#3 0x55637c758c77 in strv_freep src/basic/strv.h:37
#4 0x55637c763ba9 in method_enable_unit_files_generic src/core/dbus-manager.c:1960
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
#20 0x55637c697339 in _start (/usr/lib/systemd/systemd+0xcd339)
0x60300002c560 is located 0 bytes inside of 19-byte region [0x60300002c560,0x60300002c573)
freed by thread T0 (systemd) here:
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
#1 0x7fc8c90ee320 in strv_remove src/basic/strv.c:630
#2 0x7fc8c90ee190 in strv_uniq src/basic/strv.c:602
#3 0x7fc8c9180533 in unit_file_link src/shared/install.c:1996
#4 0x55637c763b25 in method_enable_unit_files_generic src/core/dbus-manager.c:1985
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
previously allocated by thread T0 (systemd) here:
#0 0x7fc8c95b0160 in strdup (/lib64/libasan.so.3+0x5a160)
#1 0x7fc8c90edf32 in strv_extend src/basic/strv.c:552
#2 0x7fc8c923ae41 in bus_message_read_strv_extend src/libsystemd/sd-bus/bus-message.c:5578
#3 0x7fc8c923b0de in sd_bus_message_read_strv src/libsystemd/sd-bus/bus-message.c:5600
#4 0x55637c7639d1 in method_enable_unit_files_generic src/core/dbus-manager.c:1969
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: double-free (/lib64/libasan.so.3+0xc6b00) in free
==1==ABORTING
```
Closes systemd#5015
evverx
referenced
this pull request
in evverx/systemd
Jan 9, 2017
Fixes:
```
touch hola.service
systemctl link $(pwd)/hola.service $(pwd)/hola.service
```
```
==1==ERROR: AddressSanitizer: attempting double-free on 0x60300002c560 in thread T0 (systemd):
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
#1 0x7fc8c90ebd3b in strv_clear src/basic/strv.c:83
#2 0x7fc8c90ebdb6 in strv_free src/basic/strv.c:89
#3 0x55637c758c77 in strv_freep src/basic/strv.h:37
#4 0x55637c763ba9 in method_enable_unit_files_generic src/core/dbus-manager.c:1960
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
#20 0x55637c697339 in _start (/usr/lib/systemd/systemd+0xcd339)
0x60300002c560 is located 0 bytes inside of 19-byte region [0x60300002c560,0x60300002c573)
freed by thread T0 (systemd) here:
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
#1 0x7fc8c90ee320 in strv_remove src/basic/strv.c:630
#2 0x7fc8c90ee190 in strv_uniq src/basic/strv.c:602
#3 0x7fc8c9180533 in unit_file_link src/shared/install.c:1996
#4 0x55637c763b25 in method_enable_unit_files_generic src/core/dbus-manager.c:1985
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
previously allocated by thread T0 (systemd) here:
#0 0x7fc8c95b0160 in strdup (/lib64/libasan.so.3+0x5a160)
#1 0x7fc8c90edf32 in strv_extend src/basic/strv.c:552
#2 0x7fc8c923ae41 in bus_message_read_strv_extend src/libsystemd/sd-bus/bus-message.c:5578
#3 0x7fc8c923b0de in sd_bus_message_read_strv src/libsystemd/sd-bus/bus-message.c:5600
#4 0x55637c7639d1 in method_enable_unit_files_generic src/core/dbus-manager.c:1969
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: double-free (/lib64/libasan.so.3+0xc6b00) in free
==1==ABORTING
```
Closes systemd#5015
2 tasks
keszybz
referenced
this pull request
in keszybz/systemd
May 25, 2017
whot
pushed a commit
to whot/systemd
that referenced
this pull request
Oct 10, 2017
Fixes:
```
touch hola.service
systemctl link $(pwd)/hola.service $(pwd)/hola.service
```
```
==1==ERROR: AddressSanitizer: attempting double-free on 0x60300002c560 in thread T0 (systemd):
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
systemd#1 0x7fc8c90ebd3b in strv_clear src/basic/strv.c:83
systemd#2 0x7fc8c90ebdb6 in strv_free src/basic/strv.c:89
systemd#3 0x55637c758c77 in strv_freep src/basic/strv.h:37
systemd#4 0x55637c763ba9 in method_enable_unit_files_generic src/core/dbus-manager.c:1960
systemd#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
systemd#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
systemd#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
systemd#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
systemd#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
systemd#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
systemd#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
systemd#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
systemd#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
systemd#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
systemd#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
systemd#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
systemd#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
systemd#18 0x55637c6a2194 in main src/core/main.c:1920
systemd#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
systemd#20 0x55637c697339 in _start (/usr/lib/systemd/systemd+0xcd339)
0x60300002c560 is located 0 bytes inside of 19-byte region [0x60300002c560,0x60300002c573)
freed by thread T0 (systemd) here:
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
systemd#1 0x7fc8c90ee320 in strv_remove src/basic/strv.c:630
systemd#2 0x7fc8c90ee190 in strv_uniq src/basic/strv.c:602
systemd#3 0x7fc8c9180533 in unit_file_link src/shared/install.c:1996
systemd#4 0x55637c763b25 in method_enable_unit_files_generic src/core/dbus-manager.c:1985
systemd#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
systemd#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
systemd#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
systemd#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
systemd#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
systemd#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
systemd#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
systemd#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
systemd#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
systemd#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
systemd#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
systemd#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
systemd#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
systemd#18 0x55637c6a2194 in main src/core/main.c:1920
systemd#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
previously allocated by thread T0 (systemd) here:
#0 0x7fc8c95b0160 in strdup (/lib64/libasan.so.3+0x5a160)
systemd#1 0x7fc8c90edf32 in strv_extend src/basic/strv.c:552
systemd#2 0x7fc8c923ae41 in bus_message_read_strv_extend src/libsystemd/sd-bus/bus-message.c:5578
systemd#3 0x7fc8c923b0de in sd_bus_message_read_strv src/libsystemd/sd-bus/bus-message.c:5600
systemd#4 0x55637c7639d1 in method_enable_unit_files_generic src/core/dbus-manager.c:1969
systemd#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
systemd#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
systemd#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
systemd#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
systemd#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
systemd#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
systemd#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
systemd#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
systemd#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
systemd#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
systemd#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
systemd#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
systemd#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
systemd#18 0x55637c6a2194 in main src/core/main.c:1920
systemd#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: double-free (/lib64/libasan.so.3+0xc6b00) in free
==1==ABORTING
```
Closes systemd#5015
(cherry picked from commit 8af35ba)
Related: #1409997
iaguis
pushed a commit
to kinvolk/systemd
that referenced
this pull request
Feb 6, 2018
util: fix another cunescape() regression
keszybz
referenced
this pull request
in keszybz/systemd
Mar 10, 2018
Fuzzing with AddressSanitizer reports an error here:
==11==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fe53f5497d8 at pc 0x7fe53ef055c9 bp 0x7ffd344e9380 sp 0x7ffd344e9378
READ of size 4 at 0x7fe53f5497d8 thread T0
SCARINESS: 27 (4-byte-read-global-buffer-overflow-far-from-bounds)
#0 0x7fe53ef055c8 in bus_error_name_to_errno /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24
#1 0x7fe53ef0577b in bus_error_setfv /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:274:17
#2 0x7fe53ef0595a in sd_bus_error_setf /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:284:21
#3 0x561059 in manager_load_unit_prepare /work/build/../../src/systemd/src/core/manager.c
#4 0x560680 in manager_load_unit /work/build/../../src/systemd/src/core/manager.c:1773:13
#5 0x5d49a6 in unit_add_dependency_by_name /work/build/../../src/systemd/src/core/unit.c:2882:13
#6 0x538996 in config_parse_unit_deps /work/build/../../src/systemd/src/core/load-fragment.c:152:21
#7 0x6db771 in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:155:32
#8 0x6d697e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:273:16
#9 0x6d5c48 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:390:21
#10 0x535678 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-unit-file.c:41:16
#11 0x73bd60 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:517:13
#12 0x73a39f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:442:3
#13 0x73d9bc in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:650:19
#14 0x73fa05 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:773:5
#15 0x71f75d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6
#16 0x71285c in main /src/libfuzzer/FuzzerMain.cpp:20:10
#17 0x7fe53da0482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#18 0x430e68 in _start (/out/fuzz-unit-file+0x430e68)
0x7fe53f5497d8 is located 8 bytes to the right of global variable 'bus_common_errors' defined in '../../src/systemd/src/libsystemd/sd-bus/bus-common-errors.c:28:51' (0x7fe53f549300) of size 1232
SUMMARY: AddressSanitizer: global-buffer-overflow /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24 in bus_error_name_to_errno
Shadow bytes around the buggy address:
0x0ffd27ea12a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffd27ea12f0: 00 00 00 00 00 00 00 00 00 00 f9[f9]f9 f9 f9 f9
0x0ffd27ea1300: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1310: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11==ABORTING
but I think it's a false positive because of our low-level magic in how this
area is constructed.
keszybz
referenced
this pull request
in keszybz/systemd
Mar 10, 2018
Fuzzing with AddressSanitizer reports an error here:
==11==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fe53f5497d8 at pc 0x7fe53ef055c9 bp 0x7ffd344e9380 sp 0x7ffd344e9378
READ of size 4 at 0x7fe53f5497d8 thread T0
SCARINESS: 27 (4-byte-read-global-buffer-overflow-far-from-bounds)
#0 0x7fe53ef055c8 in bus_error_name_to_errno /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24
#1 0x7fe53ef0577b in bus_error_setfv /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:274:17
#2 0x7fe53ef0595a in sd_bus_error_setf /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:284:21
#3 0x561059 in manager_load_unit_prepare /work/build/../../src/systemd/src/core/manager.c
#4 0x560680 in manager_load_unit /work/build/../../src/systemd/src/core/manager.c:1773:13
#5 0x5d49a6 in unit_add_dependency_by_name /work/build/../../src/systemd/src/core/unit.c:2882:13
#6 0x538996 in config_parse_unit_deps /work/build/../../src/systemd/src/core/load-fragment.c:152:21
#7 0x6db771 in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:155:32
#8 0x6d697e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:273:16
#9 0x6d5c48 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:390:21
#10 0x535678 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-unit-file.c:41:16
#11 0x73bd60 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:517:13
#12 0x73a39f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:442:3
#13 0x73d9bc in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:650:19
#14 0x73fa05 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:773:5
#15 0x71f75d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6
#16 0x71285c in main /src/libfuzzer/FuzzerMain.cpp:20:10
#17 0x7fe53da0482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#18 0x430e68 in _start (/out/fuzz-unit-file+0x430e68)
0x7fe53f5497d8 is located 8 bytes to the right of global variable 'bus_common_errors' defined in '../../src/systemd/src/libsystemd/sd-bus/bus-common-errors.c:28:51' (0x7fe53f549300) of size 1232
SUMMARY: AddressSanitizer: global-buffer-overflow /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24 in bus_error_name_to_errno
Shadow bytes around the buggy address:
0x0ffd27ea12a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffd27ea12f0: 00 00 00 00 00 00 00 00 00 00 f9[f9]f9 f9 f9 f9
0x0ffd27ea1300: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1310: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11==ABORTING
but I think it's a false positive because of our low-level magic in how this
area is constructed.
keszybz
referenced
this pull request
in keszybz/systemd
Mar 11, 2018
Fuzzing with AddressSanitizer reports an error here:
==11==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fe53f5497d8 at pc 0x7fe53ef055c9 bp 0x7ffd344e9380 sp 0x7ffd344e9378
READ of size 4 at 0x7fe53f5497d8 thread T0
SCARINESS: 27 (4-byte-read-global-buffer-overflow-far-from-bounds)
#0 0x7fe53ef055c8 in bus_error_name_to_errno /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24
#1 0x7fe53ef0577b in bus_error_setfv /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:274:17
#2 0x7fe53ef0595a in sd_bus_error_setf /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:284:21
#3 0x561059 in manager_load_unit_prepare /work/build/../../src/systemd/src/core/manager.c
#4 0x560680 in manager_load_unit /work/build/../../src/systemd/src/core/manager.c:1773:13
#5 0x5d49a6 in unit_add_dependency_by_name /work/build/../../src/systemd/src/core/unit.c:2882:13
#6 0x538996 in config_parse_unit_deps /work/build/../../src/systemd/src/core/load-fragment.c:152:21
#7 0x6db771 in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:155:32
#8 0x6d697e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:273:16
#9 0x6d5c48 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:390:21
#10 0x535678 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-unit-file.c:41:16
#11 0x73bd60 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:517:13
#12 0x73a39f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:442:3
#13 0x73d9bc in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:650:19
#14 0x73fa05 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:773:5
#15 0x71f75d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6
#16 0x71285c in main /src/libfuzzer/FuzzerMain.cpp:20:10
#17 0x7fe53da0482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#18 0x430e68 in _start (/out/fuzz-unit-file+0x430e68)
0x7fe53f5497d8 is located 8 bytes to the right of global variable 'bus_common_errors' defined in '../../src/systemd/src/libsystemd/sd-bus/bus-common-errors.c:28:51' (0x7fe53f549300) of size 1232
SUMMARY: AddressSanitizer: global-buffer-overflow /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24 in bus_error_name_to_errno
Shadow bytes around the buggy address:
0x0ffd27ea12a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffd27ea12f0: 00 00 00 00 00 00 00 00 00 00 f9[f9]f9 f9 f9 f9
0x0ffd27ea1300: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1310: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11==ABORTING
but I think it's a false positive because of our low-level magic in how this
area is constructed.
keszybz
referenced
this pull request
in keszybz/systemd
Mar 11, 2018
Fuzzing with AddressSanitizer reports an error here:
==11==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fe53f5497d8 at pc 0x7fe53ef055c9 bp 0x7ffd344e9380 sp 0x7ffd344e9378
READ of size 4 at 0x7fe53f5497d8 thread T0
SCARINESS: 27 (4-byte-read-global-buffer-overflow-far-from-bounds)
#0 0x7fe53ef055c8 in bus_error_name_to_errno /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24
#1 0x7fe53ef0577b in bus_error_setfv /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:274:17
#2 0x7fe53ef0595a in sd_bus_error_setf /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:284:21
#3 0x561059 in manager_load_unit_prepare /work/build/../../src/systemd/src/core/manager.c
#4 0x560680 in manager_load_unit /work/build/../../src/systemd/src/core/manager.c:1773:13
#5 0x5d49a6 in unit_add_dependency_by_name /work/build/../../src/systemd/src/core/unit.c:2882:13
#6 0x538996 in config_parse_unit_deps /work/build/../../src/systemd/src/core/load-fragment.c:152:21
#7 0x6db771 in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:155:32
#8 0x6d697e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:273:16
#9 0x6d5c48 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:390:21
#10 0x535678 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-unit-file.c:41:16
#11 0x73bd60 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:517:13
#12 0x73a39f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:442:3
#13 0x73d9bc in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:650:19
#14 0x73fa05 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:773:5
#15 0x71f75d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6
#16 0x71285c in main /src/libfuzzer/FuzzerMain.cpp:20:10
#17 0x7fe53da0482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#18 0x430e68 in _start (/out/fuzz-unit-file+0x430e68)
0x7fe53f5497d8 is located 8 bytes to the right of global variable 'bus_common_errors' defined in '../../src/systemd/src/libsystemd/sd-bus/bus-common-errors.c:28:51' (0x7fe53f549300) of size 1232
SUMMARY: AddressSanitizer: global-buffer-overflow /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24 in bus_error_name_to_errno
Shadow bytes around the buggy address:
0x0ffd27ea12a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffd27ea12f0: 00 00 00 00 00 00 00 00 00 00 f9[f9]f9 f9 f9 f9
0x0ffd27ea1300: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1310: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11==ABORTING
but I think it's a false positive because of our low-level magic in how this
area is constructed.
keszybz
referenced
this pull request
in keszybz/systemd
Mar 11, 2018
Fuzzing with AddressSanitizer reports an error here:
==11==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fe53f5497d8 at pc 0x7fe53ef055c9 bp 0x7ffd344e9380 sp 0x7ffd344e9378
READ of size 4 at 0x7fe53f5497d8 thread T0
SCARINESS: 27 (4-byte-read-global-buffer-overflow-far-from-bounds)
#0 0x7fe53ef055c8 in bus_error_name_to_errno /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24
#1 0x7fe53ef0577b in bus_error_setfv /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:274:17
#2 0x7fe53ef0595a in sd_bus_error_setf /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:284:21
#3 0x561059 in manager_load_unit_prepare /work/build/../../src/systemd/src/core/manager.c
#4 0x560680 in manager_load_unit /work/build/../../src/systemd/src/core/manager.c:1773:13
#5 0x5d49a6 in unit_add_dependency_by_name /work/build/../../src/systemd/src/core/unit.c:2882:13
#6 0x538996 in config_parse_unit_deps /work/build/../../src/systemd/src/core/load-fragment.c:152:21
#7 0x6db771 in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:155:32
#8 0x6d697e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:273:16
#9 0x6d5c48 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:390:21
#10 0x535678 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-unit-file.c:41:16
#11 0x73bd60 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:517:13
#12 0x73a39f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:442:3
#13 0x73d9bc in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:650:19
#14 0x73fa05 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:773:5
#15 0x71f75d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6
#16 0x71285c in main /src/libfuzzer/FuzzerMain.cpp:20:10
#17 0x7fe53da0482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#18 0x430e68 in _start (/out/fuzz-unit-file+0x430e68)
0x7fe53f5497d8 is located 8 bytes to the right of global variable 'bus_common_errors' defined in '../../src/systemd/src/libsystemd/sd-bus/bus-common-errors.c:28:51' (0x7fe53f549300) of size 1232
SUMMARY: AddressSanitizer: global-buffer-overflow /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24 in bus_error_name_to_errno
Shadow bytes around the buggy address:
0x0ffd27ea12a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffd27ea12f0: 00 00 00 00 00 00 00 00 00 00 f9[f9]f9 f9 f9 f9
0x0ffd27ea1300: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1310: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11==ABORTING
but I think it's a false positive because of our low-level magic in how this
area is constructed.
keszybz
referenced
this pull request
in keszybz/systemd
May 20, 2018
`fuzz-journal-remote` seems to be failing under `msan` as soon as it starts:
$ sudo infra/helper.py run_fuzzer systemd fuzz-journal-remote
Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner run_fuzzer fuzz-journal-remote
Using seed corpus: fuzz-journal-remote_seed_corpus.zip
/out/fuzz-journal-remote -rss_limit_mb=2048 -timeout=25 /tmp/fuzz-journal-remote_corpus -max_len=65536 < /dev/null
INFO: Seed: 3380449479
INFO: Loaded 2 modules (36336 inline 8-bit counters): 36139 [0x7ff36ea31d39, 0x7ff36ea3aa64), 197 [0x9998c8, 0x99998d),
INFO: Loaded 2 PC tables (36336 PCs): 36139 [0x7ff36ea3aa68,0x7ff36eac7d18), 197 [0x999990,0x99a5e0),
INFO: 2 files found in /tmp/fuzz-journal-remote_corpus
INFO: seed corpus: files: 2 min: 4657b max: 7790b total: 12447b rss: 97Mb
Uninitialized bytes in __interceptor_pwrite64 at offset 24 inside [0x7fffdd4d7230, 240)
==15==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7ff36e685e8a in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:436:13
#1 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21
#2 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13
#3 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13
#4 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21
#5 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13
#6 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13
#7 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9
#8 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13
#9 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3
#10 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7
#11 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3
#12 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6
#13 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#14 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#15 0x41f9d8 in _start (/out/fuzz-journal-remote+0x41f9d8)
Uninitialized value was stored to memory at
#0 0x7ff36e61cd41 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:288:16
#1 0x7ff36e685cec in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:426:13
#2 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21
#3 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13
#4 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13
#5 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21
#6 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13
#7 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13
#8 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9
#9 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13
#10 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3
#11 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7
#12 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3
#13 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6
#14 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#15 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Uninitialized value was created by an allocation of 't' in the stack frame of function 'sd_id128_randomize'
#0 0x7ff36e61cb00 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:274
SUMMARY: MemorySanitizer: use-of-uninitialized-value /work/build/../../src/systemd/src/journal/journal-file.c:436:13 in journal_file_init_header
Exiting
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-847911777b3096783f4ee70a69ab6d28380c810b
[vagrant@localhost oss-fuzz]$ sudo infra/helper.py check_build --sanitizer=memory systemd
Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -e SANITIZER=memory -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner test_all
INFO: performing bad build checks for /out/fuzz-dhcp-server.
INFO: performing bad build checks for /out/fuzz-journal-remote.
INFO: performing bad build checks for /out/fuzz-unit-file.
INFO: performing bad build checks for /out/fuzz-dns-packet.
4 fuzzers total, 0 seem to be broken (0%).
Check build passed.
It's a false positive which is most likely caused by
google/sanitizers#852. I think it could be got around
by avoiding `getrandom` when the code is compiled with `msan`
keszybz
referenced
this pull request
in keszybz/systemd
May 21, 2018
`fuzz-journal-remote` seems to be failing under `msan` as soon as it starts:
$ sudo infra/helper.py run_fuzzer systemd fuzz-journal-remote
Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner run_fuzzer fuzz-journal-remote
Using seed corpus: fuzz-journal-remote_seed_corpus.zip
/out/fuzz-journal-remote -rss_limit_mb=2048 -timeout=25 /tmp/fuzz-journal-remote_corpus -max_len=65536 < /dev/null
INFO: Seed: 3380449479
INFO: Loaded 2 modules (36336 inline 8-bit counters): 36139 [0x7ff36ea31d39, 0x7ff36ea3aa64), 197 [0x9998c8, 0x99998d),
INFO: Loaded 2 PC tables (36336 PCs): 36139 [0x7ff36ea3aa68,0x7ff36eac7d18), 197 [0x999990,0x99a5e0),
INFO: 2 files found in /tmp/fuzz-journal-remote_corpus
INFO: seed corpus: files: 2 min: 4657b max: 7790b total: 12447b rss: 97Mb
Uninitialized bytes in __interceptor_pwrite64 at offset 24 inside [0x7fffdd4d7230, 240)
==15==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7ff36e685e8a in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:436:13
#1 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21
#2 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13
#3 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13
#4 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21
#5 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13
#6 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13
#7 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9
#8 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13
#9 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3
#10 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7
#11 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3
#12 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6
#13 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#14 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#15 0x41f9d8 in _start (/out/fuzz-journal-remote+0x41f9d8)
Uninitialized value was stored to memory at
#0 0x7ff36e61cd41 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:288:16
#1 0x7ff36e685cec in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:426:13
#2 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21
#3 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13
#4 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13
#5 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21
#6 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13
#7 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13
#8 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9
#9 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13
#10 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3
#11 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7
#12 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3
#13 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6
#14 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#15 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Uninitialized value was created by an allocation of 't' in the stack frame of function 'sd_id128_randomize'
#0 0x7ff36e61cb00 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:274
SUMMARY: MemorySanitizer: use-of-uninitialized-value /work/build/../../src/systemd/src/journal/journal-file.c:436:13 in journal_file_init_header
Exiting
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-847911777b3096783f4ee70a69ab6d28380c810b
[vagrant@localhost oss-fuzz]$ sudo infra/helper.py check_build --sanitizer=memory systemd
Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -e SANITIZER=memory -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner test_all
INFO: performing bad build checks for /out/fuzz-dhcp-server.
INFO: performing bad build checks for /out/fuzz-journal-remote.
INFO: performing bad build checks for /out/fuzz-unit-file.
INFO: performing bad build checks for /out/fuzz-dns-packet.
4 fuzzers total, 0 seem to be broken (0%).
Check build passed.
It's a false positive which is most likely caused by
google/sanitizers#852. I think it could be got around
by avoiding `getrandom` when the code is compiled with `msan`
keszybz
referenced
this pull request
in keszybz/systemd
May 24, 2018
`fuzz-journal-remote` seems to be failing under `msan` as soon as it starts:
$ sudo infra/helper.py run_fuzzer systemd fuzz-journal-remote
Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner run_fuzzer fuzz-journal-remote
Using seed corpus: fuzz-journal-remote_seed_corpus.zip
/out/fuzz-journal-remote -rss_limit_mb=2048 -timeout=25 /tmp/fuzz-journal-remote_corpus -max_len=65536 < /dev/null
INFO: Seed: 3380449479
INFO: Loaded 2 modules (36336 inline 8-bit counters): 36139 [0x7ff36ea31d39, 0x7ff36ea3aa64), 197 [0x9998c8, 0x99998d),
INFO: Loaded 2 PC tables (36336 PCs): 36139 [0x7ff36ea3aa68,0x7ff36eac7d18), 197 [0x999990,0x99a5e0),
INFO: 2 files found in /tmp/fuzz-journal-remote_corpus
INFO: seed corpus: files: 2 min: 4657b max: 7790b total: 12447b rss: 97Mb
Uninitialized bytes in __interceptor_pwrite64 at offset 24 inside [0x7fffdd4d7230, 240)
==15==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7ff36e685e8a in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:436:13
#1 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21
#2 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13
#3 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13
#4 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21
#5 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13
#6 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13
#7 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9
#8 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13
#9 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3
#10 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7
#11 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3
#12 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6
#13 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#14 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#15 0x41f9d8 in _start (/out/fuzz-journal-remote+0x41f9d8)
Uninitialized value was stored to memory at
#0 0x7ff36e61cd41 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:288:16
#1 0x7ff36e685cec in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:426:13
#2 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21
#3 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13
#4 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13
#5 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21
#6 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13
#7 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13
#8 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9
#9 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13
#10 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3
#11 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7
#12 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3
#13 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6
#14 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#15 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Uninitialized value was created by an allocation of 't' in the stack frame of function 'sd_id128_randomize'
#0 0x7ff36e61cb00 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:274
SUMMARY: MemorySanitizer: use-of-uninitialized-value /work/build/../../src/systemd/src/journal/journal-file.c:436:13 in journal_file_init_header
Exiting
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-847911777b3096783f4ee70a69ab6d28380c810b
[vagrant@localhost oss-fuzz]$ sudo infra/helper.py check_build --sanitizer=memory systemd
Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -e SANITIZER=memory -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner test_all
INFO: performing bad build checks for /out/fuzz-dhcp-server.
INFO: performing bad build checks for /out/fuzz-journal-remote.
INFO: performing bad build checks for /out/fuzz-unit-file.
INFO: performing bad build checks for /out/fuzz-dns-packet.
4 fuzzers total, 0 seem to be broken (0%).
Check build passed.
It's a false positive which is most likely caused by
google/sanitizers#852. I think it could be got around
by avoiding `getrandom` when the code is compiled with `msan`
keszybz
referenced
this pull request
in keszybz/systemd
May 27, 2018
`fuzz-journal-remote` seems to be failing under `msan` as soon as it starts:
$ sudo infra/helper.py run_fuzzer systemd fuzz-journal-remote
Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner run_fuzzer fuzz-journal-remote
Using seed corpus: fuzz-journal-remote_seed_corpus.zip
/out/fuzz-journal-remote -rss_limit_mb=2048 -timeout=25 /tmp/fuzz-journal-remote_corpus -max_len=65536 < /dev/null
INFO: Seed: 3380449479
INFO: Loaded 2 modules (36336 inline 8-bit counters): 36139 [0x7ff36ea31d39, 0x7ff36ea3aa64), 197 [0x9998c8, 0x99998d),
INFO: Loaded 2 PC tables (36336 PCs): 36139 [0x7ff36ea3aa68,0x7ff36eac7d18), 197 [0x999990,0x99a5e0),
INFO: 2 files found in /tmp/fuzz-journal-remote_corpus
INFO: seed corpus: files: 2 min: 4657b max: 7790b total: 12447b rss: 97Mb
Uninitialized bytes in __interceptor_pwrite64 at offset 24 inside [0x7fffdd4d7230, 240)
==15==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7ff36e685e8a in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:436:13
#1 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21
#2 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13
#3 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13
#4 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21
#5 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13
#6 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13
#7 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9
#8 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13
#9 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3
#10 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7
#11 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3
#12 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6
#13 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#14 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#15 0x41f9d8 in _start (/out/fuzz-journal-remote+0x41f9d8)
Uninitialized value was stored to memory at
#0 0x7ff36e61cd41 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:288:16
#1 0x7ff36e685cec in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:426:13
#2 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21
#3 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13
#4 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13
#5 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21
#6 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13
#7 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13
#8 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9
#9 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13
#10 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3
#11 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7
#12 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3
#13 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6
#14 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#15 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Uninitialized value was created by an allocation of 't' in the stack frame of function 'sd_id128_randomize'
#0 0x7ff36e61cb00 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:274
SUMMARY: MemorySanitizer: use-of-uninitialized-value /work/build/../../src/systemd/src/journal/journal-file.c:436:13 in journal_file_init_header
Exiting
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-847911777b3096783f4ee70a69ab6d28380c810b
[vagrant@localhost oss-fuzz]$ sudo infra/helper.py check_build --sanitizer=memory systemd
Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -e SANITIZER=memory -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner test_all
INFO: performing bad build checks for /out/fuzz-dhcp-server.
INFO: performing bad build checks for /out/fuzz-journal-remote.
INFO: performing bad build checks for /out/fuzz-unit-file.
INFO: performing bad build checks for /out/fuzz-dns-packet.
4 fuzzers total, 0 seem to be broken (0%).
Check build passed.
It's a false positive which is most likely caused by
google/sanitizers#852. I think it could be got around
by avoiding `getrandom` when the code is compiled with `msan`
keszybz
referenced
this pull request
in keszybz/systemd
May 29, 2018
`fuzz-journal-remote` seems to be failing under `msan` as soon as it starts:
$ sudo infra/helper.py run_fuzzer systemd fuzz-journal-remote
Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner run_fuzzer fuzz-journal-remote
Using seed corpus: fuzz-journal-remote_seed_corpus.zip
/out/fuzz-journal-remote -rss_limit_mb=2048 -timeout=25 /tmp/fuzz-journal-remote_corpus -max_len=65536 < /dev/null
INFO: Seed: 3380449479
INFO: Loaded 2 modules (36336 inline 8-bit counters): 36139 [0x7ff36ea31d39, 0x7ff36ea3aa64), 197 [0x9998c8, 0x99998d),
INFO: Loaded 2 PC tables (36336 PCs): 36139 [0x7ff36ea3aa68,0x7ff36eac7d18), 197 [0x999990,0x99a5e0),
INFO: 2 files found in /tmp/fuzz-journal-remote_corpus
INFO: seed corpus: files: 2 min: 4657b max: 7790b total: 12447b rss: 97Mb
Uninitialized bytes in __interceptor_pwrite64 at offset 24 inside [0x7fffdd4d7230, 240)
==15==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7ff36e685e8a in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:436:13
#1 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21
#2 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13
#3 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13
#4 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21
#5 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13
#6 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13
#7 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9
#8 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13
#9 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3
#10 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7
#11 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3
#12 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6
#13 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#14 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#15 0x41f9d8 in _start (/out/fuzz-journal-remote+0x41f9d8)
Uninitialized value was stored to memory at
#0 0x7ff36e61cd41 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:288:16
#1 0x7ff36e685cec in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:426:13
#2 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21
#3 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13
#4 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13
#5 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21
#6 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13
#7 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13
#8 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9
#9 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13
#10 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3
#11 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7
#12 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3
#13 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6
#14 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#15 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Uninitialized value was created by an allocation of 't' in the stack frame of function 'sd_id128_randomize'
#0 0x7ff36e61cb00 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:274
SUMMARY: MemorySanitizer: use-of-uninitialized-value /work/build/../../src/systemd/src/journal/journal-file.c:436:13 in journal_file_init_header
Exiting
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-847911777b3096783f4ee70a69ab6d28380c810b
[vagrant@localhost oss-fuzz]$ sudo infra/helper.py check_build --sanitizer=memory systemd
Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -e SANITIZER=memory -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner test_all
INFO: performing bad build checks for /out/fuzz-dhcp-server.
INFO: performing bad build checks for /out/fuzz-journal-remote.
INFO: performing bad build checks for /out/fuzz-unit-file.
INFO: performing bad build checks for /out/fuzz-dns-packet.
4 fuzzers total, 0 seem to be broken (0%).
Check build passed.
It's a false positive which is most likely caused by
google/sanitizers#852. I think it could be got around
by avoiding `getrandom` when the code is compiled with `msan`
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 17, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 17, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 18, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 18, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 19, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 22, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 24, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 26, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Dec 7, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 11, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 13, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 14, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 18, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 21, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 24, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 26, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 26, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 26, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 27, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 27, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Jan 27, 2022
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
yuwata
pushed a commit
that referenced
this pull request
Jan 30, 2022
Turns out that part of systemd isn't covered by any fuzz targets and
that's not ideal considering that it parses data sent remotely. The
fuzzer triggers an infinite loop in lease_parse_routes as soon as it
starts so it seems to be working :-)
```
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 23620602
INFO: Loaded 2 modules (182073 inline 8-bit counters): 176548 [0x7fdf511fc8d0, 0x7fdf51227a74), 5525 [0x5f6ef0, 0x5f8485),
INFO: Loaded 2 PC tables (182073 PCs): 176548 [0x7fdf51227a78,0x7fdf514d94b8), 5525 [0x5f8488,0x60ddd8),
./build/fuzz-dhcp-client: Running 1 inputs 1 time(s) each.
Running: test/fuzz/fuzz-dhcp-client/timeout-ed34161922c7075c4773f2ada3dee8685d220980
ALARM: working on the last Unit for 31 seconds
and the timeout value is 30 (use -timeout=N to change)
==80731== ERROR: libFuzzer: timeout after 31 seconds
#0 0x51b32e in __sanitizer_print_stack_trace (/home/vagrant/systemd/build/fuzz-dhcp-client+0x51b32e)
#1 0x4689e9 in fuzzer::PrintStackTrace() (/home/vagrant/systemd/build/fuzz-dhcp-client+0x4689e9)
#2 0x44a0f4 in fuzzer::Fuzzer::StaticAlarmCallback() (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a0f4)
#3 0x7fdf4f8b474f (/lib64/libc.so.6+0x4274f)
#4 0x465fee in __sanitizer_cov_trace_const_cmp4 (/home/vagrant/systemd/build/fuzz-dhcp-client+0x465fee)
#5 0x57eee5 in lease_parse_routes /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:495:23
#6 0x57baf3 in dhcp_lease_parse_options /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:701:21
#7 0x572450 in parse_options /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:348:33
#8 0x571cea in dhcp_option_parse /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:381:21
#9 0x559a01 in client_handle_offer /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-client.c:1543:13
#10 0x5592bd in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/libsystemd-network/fuzz-dhcp-client.c:78:9
#11 0x44a379 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a379)
#12 0x42ae1f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x42ae1f)
#13 0x432ade in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x432ade)
#14 0x421f86 in main (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421f86)
#15 0x7fdf4f89f55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
#16 0x7fdf4f89f60b in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2d60b)
#17 0x421fd4 in _start (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421fd4)
SUMMARY: libFuzzer: timeout
```
ghost
mentioned this pull request
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
systemd-timesyncd breaks with
Starting Network Time Synchronization...
[FAILED] Failed to start Network Time Synchronization.
when we have timesyncd activated and systemd-networkd not. Create
directory before using it.