Segfault inside _reset_errno_ after "Ignoring invalid environment assignment" #6147
Description
Submission type
- Bug report
systemd version the issue has been seen with
Yes, I've read the "do not submit bug reports about anything but the two most recently released", but since I can reproduce it on this one box only, I cannot tell whether this has been fixed (or where it is broken).
Version: 229-4ubuntu17 (Ubuntu/Xenial)
Expected behaviour you didn't see
Jun 19 15:14:55 osso-io-docker-productie systemd[1]: docker@provisioning_api_web.service: Ignoring invalid environment assignment 'ARGS=-p 8080:8080...[2k args]'
Jun 19 15:15:55 xenial-test systemd[1]: Started Docker provisioning_api_web.
Unexpected behaviour you saw
Jun 19 15:14:55 osso-io-docker-productie systemd[1]: docker@provisioning_api_web.service: Ignoring invalid environment assignment 'ARGS=-p 8080:8080...[2k args]'
Jun 19 15:14:55 osso-io-docker-productie kernel: [1255453.406118] show_signal_msg: 15 callbacks suppressed
Jun 19 15:14:55 osso-io-docker-productie kernel: [1255453.406123] systemd[1]: segfault at 7f1e2464005f ip 0000564eec5600a2 sp 00007fffc641bdb0 error 6 in systemd[564eec498000+15c000]
Jun 19 15:14:56 osso-io-docker-productie systemd[1]: Caught , dumped core as pid 22128.
Jun 19 15:14:56 osso-io-docker-productie systemd[1]: Freezing execution.
Steps to reproduce the problem
This is kind of problematic. I haven't been able to reproduce it using a simple testcase on any other machine. But on this particular machine, I'm using a docker@ service to spawn various docker guests. Now, someone put a space in the $ARGS list:
ARGS="-p 8080:8080 \[SPACE HERE]
[more args here]"
At that point, systemd should report an error and continue. Which it does on Ubuntu/Zesty and on a test Ubuntu/Xenial with a simple test service file.
Here however, I get this core dump:
(gdb) bt
#0 0x00007f1f347d1767 in kill () at ../sysdeps/unix/syscall-template.S:84
#1 0x000055e5fc6b9d88 in crash.lto_priv.251 (sig=11) at ../src/core/main.c:190
#2 <signal handler called>
#3 _reset_errno_ () at ../src/basic/util.h:126
#4 log_object_internalv (level=3, error=0, file=0x55e5fc74b760 "../src/core/execute.c", line=2288, func=0x55e5fc77fde8 <__func__.19287> "invalid_env", object_field=0x55e5fc758a92 "UNIT=",
object=0x55e5fd1ce5c0 "docker@provisioning_api_web.service", format=0x55e5fc767c80 "Ignoring invalid environment assignment '%s': %s", ap=0x7ffdf155fb70) at ../src/basic/log.c:711
#5 0x000055e5fc71126b in log_object_internal (level=<optimized out>, error=<optimized out>, file=<optimized out>, line=<optimized out>, func=<optimized out>, object_field=<optimized out>,
object=0x55e5fd1ce5c0 "docker@provisioning_api_web.service", format=0x55e5fc767c80 "Ignoring invalid environment assignment '%s': %s") at ../src/basic/log.c:758
#6 0x000055e5fc71acd6 in invalid_env (p=<optimized out>, userdata=userdata@entry=0x7ffdf155fd50) at ../src/core/execute.c:2288
#7 0x000055e5fc717f95 in strv_env_clean_with_callback (e=0x55e5fd1cec90, invalid_callback=0x55e5fc71ac90 <invalid_env>, userdata=0x7ffdf155fd50) at ../src/basic/env-util.c:446
#8 0x000055e5fc7209f7 in exec_context_load_environment (l=<synthetic pointer>, c=0x55e5fd1d5948, unit=0x55e5fd1d5590) at ../src/core/execute.c:2353
#9 exec_spawn (unit=0x55e5fd1d5590, command=0x55e5fd1d5cd0, context=0x55e5fd1d5948, params=0x7ffdf155fee0, runtime=0x0, ret=0x7ffdf155fed0) at ../src/core/execute.c:2096
#10 0x000055e5fc6e5b70 in service_spawn.lto_priv.937 (s=s@entry=0x55e5fd1d5590, c=0x55e5fd1d5cd0, timeout=<optimized out>, pass_fds=pass_fds@entry=false, apply_permissions=<optimized out>,
apply_chroot=<optimized out>, apply_tty_stdin=true, is_control=true, _pid=0x55e5fd1d5c1c) at ../src/core/service.c:1301
#11 0x000055e5fc6e8f6f in service_enter_start_pre (s=0x55e5fd1d5590) at ../src/core/service.c:1802
#12 service_start.lto_priv.381 (u=0x55e5fd1d5590) at ../src/core/service.c:2027
#13 0x000055e5fc6a6047 in unit_start (u=<optimized out>) at ../src/core/unit.c:1529
#14 job_perform_on_unit.lto_priv.989 (j=0x7ffdf15600a0) at ../src/core/job.c:531
#15 0x000055e5fc7286a8 in job_run_and_invalidate (j=0x55e5fd1e9c20) at ../src/core/job.c:595
#16 manager_dispatch_run_queue.lto_priv.993 (source=<optimized out>, userdata=0x55e5fd1754d0) at ../src/core/manager.c:1443
#17 0x000055e5fc696a3d in source_dispatch.lto_priv.981 (s=0x55e5fd175d30) at ../src/libsystemd/sd-event/sd-event.c:2305
#18 0x000055e5fc72bdb5 in sd_event_dispatch (e=0x55e5fd175aa0) at ../src/libsystemd/sd-event/sd-event.c:2625
#19 sd_event_run (timeout=<optimized out>, e=0x55e5fd175aa0) at ../src/libsystemd/sd-event/sd-event.c:2684
#20 manager_loop (m=0x55e5fd1754d0) at ../src/core/manager.c:2056
#21 0x000055e5fc6777a4 in main (argc=4, argv=0x7ffdf1560cd8) at ../src/core/main.c:1829
And:
#0 0x00007f1f347d1767 in kill () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1 0x000055e5fc6b9d88 in crash.lto_priv.251 (sig=11) at ../src/core/main.c:190
sa = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0x0}
__func__ = "crash"
__PRETTY_FUNCTION__ = "crash"
#2 <signal handler called>
No locals.
#3 _reset_errno_ () at ../src/basic/util.h:126
saved_errno = <synthetic pointer>
#4 log_object_internalv (level=3, error=0, file=0x55e5fc74b760 "../src/core/execute.c", line=2288, func=0x55e5fc77fde8 <__func__.19287> "invalid_env", object_field=0x55e5fc758a92 "UNIT=",
object=0x55e5fd1ce5c0 "docker@provisioning_api_web.service", format=0x55e5fc767c80 "Ignoring invalid environment assignment '%s': %s", ap=0x7ffdf155fb70) at ../src/basic/log.c:711
_saved_errno_ = <optimized out>
buffer = <optimized out>
b = <optimized out>
l = <optimized out>
#5 0x000055e5fc71126b in log_object_internal (level=<optimized out>, error=<optimized out>, file=<optimized out>, line=<optimized out>, func=<optimized out>, object_field=<optimized out>,
object=0x55e5fd1ce5c0 "docker@provisioning_api_web.service", format=0x55e5fc767c80 "Ignoring invalid environment assignment '%s': %s") at ../src/basic/log.c:758
ap = <error reading variable ap (Attempt to dereference a generic pointer.)>
r = <optimized out>
#6 0x000055e5fc71acd6 in invalid_env (p=<optimized out>, userdata=userdata@entry=0x7ffdf155fd50) at ../src/core/execute.c:2288
_u = <optimized out>
info = 0x7ffdf155fd50
__func__ = "invalid_env"
#7 0x000055e5fc717f95 in strv_env_clean_with_callback (e=0x55e5fd1cec90, invalid_callback=0x55e5fc71ac90 <invalid_env>, userdata=0x7ffdf155fd50) at ../src/basic/env-util.c:446
n = <optimized out>
duplicate = false
p = 0x55e5fd1cec98
q = <optimized out>
k = 1
Printing out the *info pointer at 2288 works fine:
InvalidEnvInfo *info = userdata;
log_unit_error(info->unit, "Ignoring invalid environment assignment '%s': %s", p, info->path);
Both p and info->path make sense.
I cannot understand why it would crash inside _reset_errno_.
If you can shed any light on how I can debug this further, it would be appreciated.
Otherwise, I'll just have to mind my spaces on this particular box.
Thanks for looking!
Walter Doekes
OSSO B.V.