First batch of fixes for v240 #17

keszybz · 2019-01-11T12:17:15Z

No description provided.

(cherry picked from commit 7da7340)

Closes systemd/systemd#11251. (cherry picked from commit 7334ade)

Fixes #11261. (cherry picked from commit a5c67cc)

Fixes #11255. (cherry picked from commit adeb26c)

Fixes #11295. (cherry picked from commit 1f00998)

(cherry picked from commit 8d7fac9)

The test fails under valgrind, so there was an exception for valgrind. Unfortunately that check only works when valgrind-devel headers are available during build. But it is possible to have just valgrind installed, or simply install it after the build, and then "valgrind test-json" would fail. It also seems that even without valgrind, this fails on some arm32 CPUs. Let's do the usual-style test for absolute and relative differences. (cherry picked from commit aa70783)

MIPS/O32's st_rdev member of struct stat is unsigned long, which is 32bit, while dev_t is defined as 64bit, which make some problems in device_path_parse_major_minor. Don't pass st.st_rdev, st_mode to device_path_parse_major_minor, while pass 2 seperate variables. The result of stat is alos copied out into these 2 variables. Fixes: #11247 (cherry picked from commit f585569)

This effectively reverts df8ba4f. Fixes #11264. (cherry picked from commit 577ab71)

…strv}() As devpath may not be set yet. When debug logging is enabled, log_device_*() calls sd_device_get_sysname(). So, we should not assume that devpath is always set. Fixes #11258. (cherry picked from commit 18fee12)

This reverts commit 56c886d. Fixes #11277 and #11299. (cherry picked from commit b261494)

This reverts commit 49f3ee7. (cherry picked from commit ff86c92)

(cherry picked from commit 4fe0caa)

…ient_context_read_cgroup Closes systemd/systemd#11253. (cherry picked from commit ef30f7c)

This reverts commit 2b2b722. Fixes #11293. Removing the environment variable causes problems, e.g. Xfce and Chromium and ... don't communicate with the running dbus instance. If they attempt to start their own instance, things become even more confusing. Those packages could be fixed one by one, but removing the variable right now is causing too many problems. (cherry picked from commit 00efd49)

When running PROGRAM="...", we would log systemd-udevd[447]: Failed to wait spawned command '...': Input/output error no matter why the program actually failed, at error level. The code wouldn't distinguish between an internal failure and a failure in the program being called and run sd_event_exit(..., -EIO) on any kind of error. EIO is rather misleading here, becuase it suggests a serious error. on_spawn_sigchld is updated to set the return code to distinguish failure to spawn, including the program being killed by a signal (a negative return value), and the program failing (positive return value). The logging levels are adjusted, so that for PROGRAM= calls, which are essentially "if" statements, we only log at debug level (unless we get a timeout or segfault or another unexpected error). (cherry picked from commit a752114)

(cherry picked from commit f8c186c)

…thing found Fixes a bug introduced by a2554ac. Fixes RHBZ#1662303. (cherry picked from commit 82d9ac2)

…_MOUNTED flag from units This fixes a bug introduced by ec88d1e. Fixes #11362. (cherry picked from commit d253a45)

systemd-coredump[9982]: MESSAGE=Process 771 (systemd-journal) of user 0 dumped core. systemd-coredump[9982]: Coredump diverted to /var/lib/systemd/coredump/core... log_dispatch() calls log_dispatch_internal() which calls write_to_journal() which appends MESSAGE= on its own. (cherry picked from commit 4f62556)

(cherry picked from commit bc2762a)

This fixes a crash where we would read the commandline, whose length is under control of the sending program, and then crash when trying to create a stack allocation for it. CVE-2018-16864 https://bugzilla.redhat.com/show_bug.cgi?id=1653855 The message actually doesn't get written to disk, because journal_file_append_entry() returns -E2BIG. (cherry picked from commit 084eeb8)

This affects systemd-journald and systemd-coredump. Example entry: $ journalctl -o export -n1 'MESSAGE=Something logged' __CURSOR=s=976542d120c649f494471be317829ef9;i=34e;b=4871e4c474574ce4a462dfe3f1c37f06;m=c7d0c37dd2;t=57c4ac58f3b98;x=67598e942bd23dc0 __REALTIME_TIMESTAMP=1544035467475864 __MONOTONIC_TIMESTAMP=858200964562 _BOOT_ID=4871e4c474574ce4a462dfe3f1c37f06 PRIORITY=6 _UID=1000 _GID=1000 _CAP_EFFECTIVE=0 _SELINUX_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 _AUDIT_SESSION=1 _AUDIT_LOGINUID=1000 _SYSTEMD_OWNER_UID=1000 [email protected] _SYSTEMD_SLICE=user-1000.slice _SYSTEMD_USER_SLICE=-.slice _SYSTEMD_INVOCATION_ID=1c4a469986d448719cb0f9141a10810e _MACHINE_ID=08a5690a2eed47cf92ac0a5d2e3cf6b0 _HOSTNAME=krowka _TRANSPORT=syslog SYSLOG_FACILITY=17 SYSLOG_IDENTIFIER=syslog-caller MESSAGE=Something logged _COMM=poc _EXE=/home/zbyszek/src/systemd-work3/poc _SYSTEMD_CGROUP=/user.slice/user-1000.slice/[email protected]/gnome-terminal-server.service _SYSTEMD_USER_UNIT=gnome-terminal-server.service SYSLOG_PID=4108 SYSLOG_TIMESTAMP=Dec 5 19:44:27 _PID=4108 _CMDLINE=./poc AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA> _SOURCE_REALTIME_TIMESTAMP=1544035467475848 $ journalctl -o export -n1 'MESSAGE=Something logged' --output-fields=_CMDLINE|wc 6 2053 2097410 2MB might be hard for some clients to use meaningfully, but OTOH, it is important to log the full commandline sometimes. For example, when the program is crashing, the exact argument list is useful. (cherry picked from commit 2d5d2e0)

If creation of the message failed, we'd write a bogus entry: systemd-coredump[1400]: Cannot store coredump of 416 (systemd-journal): No space left on device systemd-coredump[1400]: MESSAGE=Process 416 (systemd-journal) of user 0 dumped core. systemd-coredump[1400]: Coredump diverted to (cherry picked from commit f0136e0)

We allocate a iovec entry for each field, so with many short entries, our memory usage and processing time can be large, even with a relatively small message size. Let's refuse overly long entries. CVE-2018-16865 https://bugzilla.redhat.com/show_bug.cgi?id=1653861 What from I can see, the problem is not from an alloca, despite what the CVE description says, but from the attack multiplication that comes from creating many very small iovecs: (void* + size_t) for each three bytes of input message. (cherry picked from commit 052c57f)

…big messages We'd first parse all or most of the message, and only then consider if it is not too large. Also, when encountering a single field over the limit, we'd still process the preceding part of the message. Let's be stricter, and check size limits early, and let's refuse the whole message if it fails any of the size limits. (cherry picked from commit 964ef92)

We immediately read the whole contents into memory, making thigs much more expensive. Sealed fds should be used instead since they are more efficient on our side. (cherry picked from commit 6670c9d)

(cherry picked from commit d101fb2)

Calling mhd_respond(), which ulimately calls MHD_queue_response() is ineffective at point, becuase MHD_queue_response() immediately returns MHD_NO signifying an error, because the connection is in state MHD_CONNECTION_CONTINUE_SENT. As Christian Grothoff kindly explained: > You are likely calling MHD_queue_repsonse() too late: once you are > receiving upload_data, HTTP forces you to process it all. At this time, > MHD has already sent "100 continue" and cannot take it back (hence you > get MHD_NO!). > > In your request handler, the first time when you are called for a > connection (and when hence *upload_data_size == 0 and upload_data == > NULL) you must check the content-length header and react (with > MHD_queue_response) based on this (to prevent MHD from automatically > generating 100 continue). If we ever encounter this kind of error, print a warning and immediately abort the connection. (The alternative would be to keep reading the data, but ignore it, and return an error after we get to the end of data. That is possible, but of course puts additional load on both the sender and reciever, and doesn't seem important enough just to return a good error message.) Note that sending of the error does not work (the connection is always aborted when MHD_queue_response is used with MHD_RESPMEM_MUST_FREE, as in this case) with libµhttpd 0.59, but works with 0.61: https://src.fedoraproject.org/rpms/libmicrohttpd/pull-request/1 (cherry picked from commit 7fdb237)

Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is reused for the new error condition (too many fields). This matches the change done for systemd-journald, hence forming the second part of the fix for CVE-2018-16865 (https://bugzilla.redhat.com/show_bug.cgi?id=1653861). (cherry picked from commit ef4d6ab)

Otherwise we might hit an assertion during cleanup if the following mmap_cache_new() call fails: Assertion 'p->n_ref > 0' failed at src/journal-remote/journal-remote-write.c:80, function writer_unref(). Aborting. ==2069==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000815 (pc 0x7f39dcd0200b bp 0x7ffe2fe24db0 sp 0x7ffe2fe24b60 T0) SCARINESS: 10 (signal) #0 0x7f39dcd0200b in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #1 0x7f39dcce1858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x22858) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #2 0x7f39dd747e49 in log_assert_failed /work/build/../../src/systemd/src/basic/log.c:940:9 #3 0x4e4431 in writer_unref /work/build/../../src/systemd/src/journal-remote/journal-remote-write.c:80:1 #4 0x4e3fd5 in writer_unrefp /work/build/../../src/systemd/src/journal-remote/journal-remote-write.h:27:1 #5 0x4e3fd5 in writer_new /work/build/../../src/systemd/src/journal-remote/journal-remote-write.c:56:1 #6 0x4e04bc in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:125:21 #7 0x4e0e0b in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:181:13 #8 0x4e0e0b in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:233:13 #9 0x4df99f in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/journal-remote/fuzz-journal-remote.c:54:9 #10 0x4e8f48 in NaloFuzzerTestOneInput (/build/fuzz-journal-remote+0x4e8f48) #11 0x507f53 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #12 0x50773a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #13 0x508e09 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #14 0x509ad5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #15 0x4f8e3f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #16 0x4f9708 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #17 0x4e91c5 in main (/build/fuzz-journal-remote+0x4e91c5) #18 0x7f39dcce3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #19 0x420bcd in _start (/build/fuzz-journal-remote+0x420bcd) DEDUP_TOKEN: raise--abort--log_assert_failed AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) in raise Found by Nallocufzz. (cherry picked from commit d3d8597)

==5==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4096 byte(s) in 1 object(s) allocated from: #0 0x4a2056 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 #1 0x5180a9 in malloc (/build/fuzz-resource-record+0x5180a9) #2 0x4f7182 in dns_packet_extend /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:371:36 #3 0x4f8b8b in dns_packet_append_uint8 /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:433:13 #4 0x4f8b8b in dns_packet_append_name /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:597:13 #5 0x4f8f16 in dns_packet_append_key /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:622:13 #6 0x4fa9a0 in dns_packet_append_rr /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:883:13 #7 0x4eb00c in dns_resource_record_to_wire_format /work/build/../../src/systemd/src/resolve/resolved-dns-rr.c:1224:13 #8 0x4df7be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/resolve/fuzz-resource-record.c:32:16 #9 0x518428 in NaloFuzzerTestOneInput (/build/fuzz-resource-record+0x518428) #10 0x537433 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #11 0x536c1a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #12 0x5382e9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #13 0x538fb5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #14 0x52831f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #15 0x528be8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #16 0x5186a5 in main (/build/fuzz-resource-record+0x5186a5) #17 0x7f991fab8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_malloc--malloc--dns_packet_extend SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit b453ebf)

Otherwise we might hit an assertion during cleanup if the following mmap_cache_new() call fails: Assertion 'p->n_ref > 0' failed at src/journal-remote/journal-remote-write.c:80, function writer_unref(). Aborting. ==2069==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000815 (pc 0x7f39dcd0200b bp 0x7ffe2fe24db0 sp 0x7ffe2fe24b60 T0) SCARINESS: 10 (signal) #0 0x7f39dcd0200b in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #1 0x7f39dcce1858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x22858) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #2 0x7f39dd747e49 in log_assert_failed /work/build/../../src/systemd/src/basic/log.c:940:9 #3 0x4e4431 in writer_unref /work/build/../../src/systemd/src/journal-remote/journal-remote-write.c:80:1 #4 0x4e3fd5 in writer_unrefp /work/build/../../src/systemd/src/journal-remote/journal-remote-write.h:27:1 #5 0x4e3fd5 in writer_new /work/build/../../src/systemd/src/journal-remote/journal-remote-write.c:56:1 #6 0x4e04bc in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:125:21 #7 0x4e0e0b in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:181:13 #8 0x4e0e0b in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:233:13 #9 0x4df99f in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/journal-remote/fuzz-journal-remote.c:54:9 #10 0x4e8f48 in NaloFuzzerTestOneInput (/build/fuzz-journal-remote+0x4e8f48) #11 0x507f53 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #12 0x50773a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #13 0x508e09 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #14 0x509ad5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #15 0x4f8e3f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #16 0x4f9708 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #17 0x4e91c5 in main (/build/fuzz-journal-remote+0x4e91c5) #18 0x7f39dcce3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #19 0x420bcd in _start (/build/fuzz-journal-remote+0x420bcd) DEDUP_TOKEN: raise--abort--log_assert_failed AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) in raise Found by Nallocufzz. (cherry picked from commit d3d8597)

Otherwise hilarity ensues: AddressSanitizer:DEADLYSIGNAL ================================================================= ==722==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffff00000000 (pc 0x7f8d50ca9ffb bp 0x7fff11b0d4a0 sp 0x7fff11b0cc30 T0) ==722==The signal is caused by a READ memory access. #0 0x7f8d50ca9ffb in __interceptor_strcmp.part.0 (/lib64/libasan.so.8+0xa9ffb) #1 0x7f8d4f9cf5a1 in strcmp_ptr ../src/fundamental/string-util-fundamental.h:33 #2 0x7f8d4f9cf5f8 in streq_ptr ../src/fundamental/string-util-fundamental.h:46 #3 0x7f8d4f9d74d2 in free_and_strdup ../src/basic/string-util.c:948 #4 0x49139a in free_and_strdup_warn ../src/basic/string-util.h:197 #5 0x4923eb in oci_absolute_path ../src/nspawn/nspawn-oci.c:139 #6 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #7 0x4a8831 in oci_hooks_array ../src/nspawn/nspawn-oci.c:2089 #8 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #9 0x4a8b56 in oci_hooks ../src/nspawn/nspawn-oci.c:2112 #10 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #11 0x4aa298 in oci_load ../src/nspawn/nspawn-oci.c:2197 #12 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 #13 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 #14 0x4552fb in main ../src/nspawn/nspawn.c:5920 #15 0x7f8d4e04a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) #16 0x7f8d4e04a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) #17 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.8+0xa9ffb) in __interceptor_strcmp.part.0 ==722==ABORTING (cherry picked from commit f4e5c04)

==5==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4096 byte(s) in 1 object(s) allocated from: #0 0x4a2056 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 #1 0x5180a9 in malloc (/build/fuzz-resource-record+0x5180a9) #2 0x4f7182 in dns_packet_extend /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:371:36 #3 0x4f8b8b in dns_packet_append_uint8 /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:433:13 #4 0x4f8b8b in dns_packet_append_name /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:597:13 #5 0x4f8f16 in dns_packet_append_key /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:622:13 #6 0x4fa9a0 in dns_packet_append_rr /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:883:13 #7 0x4eb00c in dns_resource_record_to_wire_format /work/build/../../src/systemd/src/resolve/resolved-dns-rr.c:1224:13 #8 0x4df7be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/resolve/fuzz-resource-record.c:32:16 #9 0x518428 in NaloFuzzerTestOneInput (/build/fuzz-resource-record+0x518428) #10 0x537433 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #11 0x536c1a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #12 0x5382e9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #13 0x538fb5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #14 0x52831f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #15 0x528be8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #16 0x5186a5 in main (/build/fuzz-resource-record+0x5186a5) #17 0x7f991fab8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_malloc--malloc--dns_packet_extend SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit b453ebf)

Otherwise we might hit an assertion during cleanup if the following mmap_cache_new() call fails: Assertion 'p->n_ref > 0' failed at src/journal-remote/journal-remote-write.c:80, function writer_unref(). Aborting. ==2069==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000815 (pc 0x7f39dcd0200b bp 0x7ffe2fe24db0 sp 0x7ffe2fe24b60 T0) SCARINESS: 10 (signal) #0 0x7f39dcd0200b in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #1 0x7f39dcce1858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x22858) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #2 0x7f39dd747e49 in log_assert_failed /work/build/../../src/systemd/src/basic/log.c:940:9 #3 0x4e4431 in writer_unref /work/build/../../src/systemd/src/journal-remote/journal-remote-write.c:80:1 #4 0x4e3fd5 in writer_unrefp /work/build/../../src/systemd/src/journal-remote/journal-remote-write.h:27:1 #5 0x4e3fd5 in writer_new /work/build/../../src/systemd/src/journal-remote/journal-remote-write.c:56:1 #6 0x4e04bc in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:125:21 #7 0x4e0e0b in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:181:13 #8 0x4e0e0b in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:233:13 #9 0x4df99f in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/journal-remote/fuzz-journal-remote.c:54:9 #10 0x4e8f48 in NaloFuzzerTestOneInput (/build/fuzz-journal-remote+0x4e8f48) #11 0x507f53 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #12 0x50773a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #13 0x508e09 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #14 0x509ad5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #15 0x4f8e3f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #16 0x4f9708 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #17 0x4e91c5 in main (/build/fuzz-journal-remote+0x4e91c5) #18 0x7f39dcce3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #19 0x420bcd in _start (/build/fuzz-journal-remote+0x420bcd) DEDUP_TOKEN: raise--abort--log_assert_failed AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) in raise Found by Nallocufzz. (cherry picked from commit d3d8597)

Otherwise hilarity ensues: AddressSanitizer:DEADLYSIGNAL ================================================================= ==722==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffff00000000 (pc 0x7f8d50ca9ffb bp 0x7fff11b0d4a0 sp 0x7fff11b0cc30 T0) ==722==The signal is caused by a READ memory access. #0 0x7f8d50ca9ffb in __interceptor_strcmp.part.0 (/lib64/libasan.so.8+0xa9ffb) systemd#1 0x7f8d4f9cf5a1 in strcmp_ptr ../src/fundamental/string-util-fundamental.h:33 systemd#2 0x7f8d4f9cf5f8 in streq_ptr ../src/fundamental/string-util-fundamental.h:46 systemd#3 0x7f8d4f9d74d2 in free_and_strdup ../src/basic/string-util.c:948 systemd#4 0x49139a in free_and_strdup_warn ../src/basic/string-util.h:197 systemd#5 0x4923eb in oci_absolute_path ../src/nspawn/nspawn-oci.c:139 systemd#6 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 systemd#7 0x4a8831 in oci_hooks_array ../src/nspawn/nspawn-oci.c:2089 systemd#8 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 systemd#9 0x4a8b56 in oci_hooks ../src/nspawn/nspawn-oci.c:2112 systemd#10 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 systemd#11 0x4aa298 in oci_load ../src/nspawn/nspawn-oci.c:2197 systemd#12 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 systemd#13 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 systemd#14 0x4552fb in main ../src/nspawn/nspawn.c:5920 systemd#15 0x7f8d4e04a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) systemd#16 0x7f8d4e04a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) systemd#17 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.8+0xa9ffb) in __interceptor_strcmp.part.0 ==722==ABORTING (cherry picked from commit f4e5c04) (cherry picked from commit c786122)

==5==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4096 byte(s) in 1 object(s) allocated from: #0 0x4a2056 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 systemd#1 0x5180a9 in malloc (/build/fuzz-resource-record+0x5180a9) systemd#2 0x4f7182 in dns_packet_extend /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:371:36 systemd#3 0x4f8b8b in dns_packet_append_uint8 /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:433:13 systemd#4 0x4f8b8b in dns_packet_append_name /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:597:13 systemd#5 0x4f8f16 in dns_packet_append_key /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:622:13 systemd#6 0x4fa9a0 in dns_packet_append_rr /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:883:13 systemd#7 0x4eb00c in dns_resource_record_to_wire_format /work/build/../../src/systemd/src/resolve/resolved-dns-rr.c:1224:13 systemd#8 0x4df7be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/resolve/fuzz-resource-record.c:32:16 systemd#9 0x518428 in NaloFuzzerTestOneInput (/build/fuzz-resource-record+0x518428) systemd#10 0x537433 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#11 0x536c1a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#12 0x5382e9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#13 0x538fb5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#14 0x52831f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#15 0x528be8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#16 0x5186a5 in main (/build/fuzz-resource-record+0x5186a5) systemd#17 0x7f991fab8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_malloc--malloc--dns_packet_extend SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit b453ebf) (cherry picked from commit 9dde31a)

Otherwise hilarity ensues: AddressSanitizer:DEADLYSIGNAL ================================================================= ==722==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffff00000000 (pc 0x7f8d50ca9ffb bp 0x7fff11b0d4a0 sp 0x7fff11b0cc30 T0) ==722==The signal is caused by a READ memory access. #0 0x7f8d50ca9ffb in __interceptor_strcmp.part.0 (/lib64/libasan.so.8+0xa9ffb) #1 0x7f8d4f9cf5a1 in strcmp_ptr ../src/fundamental/string-util-fundamental.h:33 #2 0x7f8d4f9cf5f8 in streq_ptr ../src/fundamental/string-util-fundamental.h:46 #3 0x7f8d4f9d74d2 in free_and_strdup ../src/basic/string-util.c:948 #4 0x49139a in free_and_strdup_warn ../src/basic/string-util.h:197 #5 0x4923eb in oci_absolute_path ../src/nspawn/nspawn-oci.c:139 #6 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #7 0x4a8831 in oci_hooks_array ../src/nspawn/nspawn-oci.c:2089 #8 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #9 0x4a8b56 in oci_hooks ../src/nspawn/nspawn-oci.c:2112 #10 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #11 0x4aa298 in oci_load ../src/nspawn/nspawn-oci.c:2197 #12 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 #13 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 #14 0x4552fb in main ../src/nspawn/nspawn.c:5920 #15 0x7f8d4e04a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) #16 0x7f8d4e04a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) #17 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.8+0xa9ffb) in __interceptor_strcmp.part.0 ==722==ABORTING (cherry picked from commit f4e5c04) (cherry picked from commit c786122)

==5==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4096 byte(s) in 1 object(s) allocated from: #0 0x4a2056 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 #1 0x5180a9 in malloc (/build/fuzz-resource-record+0x5180a9) #2 0x4f7182 in dns_packet_extend /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:371:36 #3 0x4f8b8b in dns_packet_append_uint8 /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:433:13 #4 0x4f8b8b in dns_packet_append_name /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:597:13 #5 0x4f8f16 in dns_packet_append_key /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:622:13 #6 0x4fa9a0 in dns_packet_append_rr /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:883:13 #7 0x4eb00c in dns_resource_record_to_wire_format /work/build/../../src/systemd/src/resolve/resolved-dns-rr.c:1224:13 #8 0x4df7be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/resolve/fuzz-resource-record.c:32:16 #9 0x518428 in NaloFuzzerTestOneInput (/build/fuzz-resource-record+0x518428) #10 0x537433 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #11 0x536c1a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #12 0x5382e9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #13 0x538fb5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #14 0x52831f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #15 0x528be8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #16 0x5186a5 in main (/build/fuzz-resource-record+0x5186a5) #17 0x7f991fab8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_malloc--malloc--dns_packet_extend SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit b453ebf) (cherry picked from commit 9dde31a)

Otherwise hilarity ensues: AddressSanitizer:DEADLYSIGNAL ================================================================= ==722==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffff00000000 (pc 0x7f8d50ca9ffb bp 0x7fff11b0d4a0 sp 0x7fff11b0cc30 T0) ==722==The signal is caused by a READ memory access. #0 0x7f8d50ca9ffb in __interceptor_strcmp.part.0 (/lib64/libasan.so.8+0xa9ffb) systemd#1 0x7f8d4f9cf5a1 in strcmp_ptr ../src/fundamental/string-util-fundamental.h:33 systemd#2 0x7f8d4f9cf5f8 in streq_ptr ../src/fundamental/string-util-fundamental.h:46 systemd#3 0x7f8d4f9d74d2 in free_and_strdup ../src/basic/string-util.c:948 systemd#4 0x49139a in free_and_strdup_warn ../src/basic/string-util.h:197 systemd#5 0x4923eb in oci_absolute_path ../src/nspawn/nspawn-oci.c:139 systemd#6 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 systemd#7 0x4a8831 in oci_hooks_array ../src/nspawn/nspawn-oci.c:2089 systemd#8 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 systemd#9 0x4a8b56 in oci_hooks ../src/nspawn/nspawn-oci.c:2112 systemd#10 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 systemd#11 0x4aa298 in oci_load ../src/nspawn/nspawn-oci.c:2197 systemd#12 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 systemd#13 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 systemd#14 0x4552fb in main ../src/nspawn/nspawn.c:5920 systemd#15 0x7f8d4e04a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) systemd#16 0x7f8d4e04a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) systemd#17 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.8+0xa9ffb) in __interceptor_strcmp.part.0 ==722==ABORTING (cherry picked from commit f4e5c04) (cherry picked from commit c786122) (cherry picked from commit d45301d)

==5==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4096 byte(s) in 1 object(s) allocated from: #0 0x4a2056 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 systemd#1 0x5180a9 in malloc (/build/fuzz-resource-record+0x5180a9) systemd#2 0x4f7182 in dns_packet_extend /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:371:36 systemd#3 0x4f8b8b in dns_packet_append_uint8 /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:433:13 systemd#4 0x4f8b8b in dns_packet_append_name /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:597:13 systemd#5 0x4f8f16 in dns_packet_append_key /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:622:13 systemd#6 0x4fa9a0 in dns_packet_append_rr /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:883:13 systemd#7 0x4eb00c in dns_resource_record_to_wire_format /work/build/../../src/systemd/src/resolve/resolved-dns-rr.c:1224:13 systemd#8 0x4df7be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/resolve/fuzz-resource-record.c:32:16 systemd#9 0x518428 in NaloFuzzerTestOneInput (/build/fuzz-resource-record+0x518428) systemd#10 0x537433 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#11 0x536c1a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#12 0x5382e9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#13 0x538fb5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#14 0x52831f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#15 0x528be8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#16 0x5186a5 in main (/build/fuzz-resource-record+0x5186a5) systemd#17 0x7f991fab8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_malloc--malloc--dns_packet_extend SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit b453ebf) (cherry picked from commit 9dde31a) (cherry picked from commit 06b4e1f)

Otherwise hilarity ensues: AddressSanitizer:DEADLYSIGNAL ================================================================= ==722==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffff00000000 (pc 0x7f8d50ca9ffb bp 0x7fff11b0d4a0 sp 0x7fff11b0cc30 T0) ==722==The signal is caused by a READ memory access. #0 0x7f8d50ca9ffb in __interceptor_strcmp.part.0 (/lib64/libasan.so.8+0xa9ffb) #1 0x7f8d4f9cf5a1 in strcmp_ptr ../src/fundamental/string-util-fundamental.h:33 #2 0x7f8d4f9cf5f8 in streq_ptr ../src/fundamental/string-util-fundamental.h:46 #3 0x7f8d4f9d74d2 in free_and_strdup ../src/basic/string-util.c:948 #4 0x49139a in free_and_strdup_warn ../src/basic/string-util.h:197 #5 0x4923eb in oci_absolute_path ../src/nspawn/nspawn-oci.c:139 #6 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #7 0x4a8831 in oci_hooks_array ../src/nspawn/nspawn-oci.c:2089 #8 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #9 0x4a8b56 in oci_hooks ../src/nspawn/nspawn-oci.c:2112 #10 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #11 0x4aa298 in oci_load ../src/nspawn/nspawn-oci.c:2197 #12 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 #13 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 #14 0x4552fb in main ../src/nspawn/nspawn.c:5920 #15 0x7f8d4e04a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) #16 0x7f8d4e04a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) #17 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.8+0xa9ffb) in __interceptor_strcmp.part.0 ==722==ABORTING (cherry picked from commit f4e5c04) (cherry picked from commit c786122) (cherry picked from commit d45301d)

==5==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4096 byte(s) in 1 object(s) allocated from: #0 0x4a2056 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 #1 0x5180a9 in malloc (/build/fuzz-resource-record+0x5180a9) #2 0x4f7182 in dns_packet_extend /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:371:36 #3 0x4f8b8b in dns_packet_append_uint8 /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:433:13 #4 0x4f8b8b in dns_packet_append_name /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:597:13 #5 0x4f8f16 in dns_packet_append_key /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:622:13 #6 0x4fa9a0 in dns_packet_append_rr /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:883:13 #7 0x4eb00c in dns_resource_record_to_wire_format /work/build/../../src/systemd/src/resolve/resolved-dns-rr.c:1224:13 #8 0x4df7be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/resolve/fuzz-resource-record.c:32:16 #9 0x518428 in NaloFuzzerTestOneInput (/build/fuzz-resource-record+0x518428) #10 0x537433 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #11 0x536c1a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #12 0x5382e9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #13 0x538fb5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #14 0x52831f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #15 0x528be8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #16 0x5186a5 in main (/build/fuzz-resource-record+0x5186a5) #17 0x7f991fab8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_malloc--malloc--dns_packet_extend SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit b453ebf) (cherry picked from commit 9dde31a) (cherry picked from commit 06b4e1f)

==8036==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3 systemd#1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1) systemd#2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13 systemd#3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38 systemd#4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13 systemd#5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16 systemd#6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13 systemd#7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13 systemd#8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16 systemd#9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45 systemd#10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16 systemd#11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13 systemd#12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24 systemd#13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16 systemd#14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21 systemd#15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16 systemd#16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208) systemd#17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#23 0x4df485 in main (/build/fuzz-unit-file+0x4df485) systemd#24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit 6c13a39)

==1==ERROR: LeakSanitizer: detected memory leaks Direct leak of 17 byte(s) in 1 object(s) allocated from: #0 0x7fc096c7243b in strdup (/lib64/libasan.so.8+0x7243b) systemd#1 0x7fc095db3899 in bus_socket_set_transient_property ../src/core/dbus-socket.c:386 systemd#2 0x7fc095db5140 in bus_socket_set_property ../src/core/dbus-socket.c:460 systemd#3 0x7fc095dd20f1 in bus_unit_set_properties ../src/core/dbus-unit.c:2473 systemd#4 0x7fc095d87d53 in transient_unit_from_message ../src/core/dbus-manager.c:1025 systemd#5 0x7fc095d8872f in method_start_transient_unit ../src/core/dbus-manager.c:1112 systemd#6 0x7fc0944ddf4f in method_callbacks_run ../src/libsystemd/sd-bus/bus-objects.c:406 systemd#7 0x7fc0944e7854 in object_find_and_run ../src/libsystemd/sd-bus/bus-objects.c:1319 systemd#8 0x7fc0944e8f03 in bus_process_object ../src/libsystemd/sd-bus/bus-objects.c:1439 systemd#9 0x7fc09454ad78 in process_message ../src/libsystemd/sd-bus/sd-bus.c:3011 systemd#10 0x7fc09454b302 in process_running ../src/libsystemd/sd-bus/sd-bus.c:3053 systemd#11 0x7fc09454e158 in bus_process_internal ../src/libsystemd/sd-bus/sd-bus.c:3273 systemd#12 0x7fc09454e2f2 in sd_bus_process ../src/libsystemd/sd-bus/sd-bus.c:3300 systemd#13 0x7fc094551a59 in io_callback ../src/libsystemd/sd-bus/sd-bus.c:3642 systemd#14 0x7fc094727830 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:4187 systemd#15 0x7fc094731009 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:4808 systemd#16 0x7fc094732124 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:4869 systemd#17 0x7fc095f7af9f in manager_loop ../src/core/manager.c:3242 systemd#18 0x41cc7c in invoke_main_loop ../src/core/main.c:1937 systemd#19 0x4252e0 in main ../src/core/main.c:3072 systemd#20 0x7fc092a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s). (cherry picked from commit f8b21a0)

==8036==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3 #1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1) #2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13 #3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38 #4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13 #5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16 #6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13 #7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13 #8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16 #9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45 #10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16 #11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13 #12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24 #13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16 #14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21 #15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16 #16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208) #17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #23 0x4df485 in main (/build/fuzz-unit-file+0x4df485) #24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit 6c13a39)

==1==ERROR: LeakSanitizer: detected memory leaks Direct leak of 17 byte(s) in 1 object(s) allocated from: #0 0x7fc096c7243b in strdup (/lib64/libasan.so.8+0x7243b) #1 0x7fc095db3899 in bus_socket_set_transient_property ../src/core/dbus-socket.c:386 #2 0x7fc095db5140 in bus_socket_set_property ../src/core/dbus-socket.c:460 #3 0x7fc095dd20f1 in bus_unit_set_properties ../src/core/dbus-unit.c:2473 #4 0x7fc095d87d53 in transient_unit_from_message ../src/core/dbus-manager.c:1025 #5 0x7fc095d8872f in method_start_transient_unit ../src/core/dbus-manager.c:1112 #6 0x7fc0944ddf4f in method_callbacks_run ../src/libsystemd/sd-bus/bus-objects.c:406 #7 0x7fc0944e7854 in object_find_and_run ../src/libsystemd/sd-bus/bus-objects.c:1319 #8 0x7fc0944e8f03 in bus_process_object ../src/libsystemd/sd-bus/bus-objects.c:1439 #9 0x7fc09454ad78 in process_message ../src/libsystemd/sd-bus/sd-bus.c:3011 #10 0x7fc09454b302 in process_running ../src/libsystemd/sd-bus/sd-bus.c:3053 #11 0x7fc09454e158 in bus_process_internal ../src/libsystemd/sd-bus/sd-bus.c:3273 #12 0x7fc09454e2f2 in sd_bus_process ../src/libsystemd/sd-bus/sd-bus.c:3300 #13 0x7fc094551a59 in io_callback ../src/libsystemd/sd-bus/sd-bus.c:3642 #14 0x7fc094727830 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:4187 #15 0x7fc094731009 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:4808 #16 0x7fc094732124 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:4869 #17 0x7fc095f7af9f in manager_loop ../src/core/manager.c:3242 #18 0x41cc7c in invoke_main_loop ../src/core/main.c:1937 #19 0x4252e0 in main ../src/core/main.c:3072 #20 0x7fc092a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s). (cherry picked from commit f8b21a0)

==8036==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3 systemd#1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1) systemd#2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13 systemd#3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38 systemd#4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13 systemd#5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16 systemd#6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13 systemd#7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13 systemd#8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16 systemd#9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45 systemd#10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16 systemd#11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13 systemd#12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24 systemd#13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16 systemd#14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21 systemd#15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16 systemd#16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208) systemd#17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#23 0x4df485 in main (/build/fuzz-unit-file+0x4df485) systemd#24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit 6c13a39) (cherry picked from commit b4c9a9b)

==1==ERROR: LeakSanitizer: detected memory leaks Direct leak of 17 byte(s) in 1 object(s) allocated from: #0 0x7fc096c7243b in strdup (/lib64/libasan.so.8+0x7243b) systemd#1 0x7fc095db3899 in bus_socket_set_transient_property ../src/core/dbus-socket.c:386 systemd#2 0x7fc095db5140 in bus_socket_set_property ../src/core/dbus-socket.c:460 systemd#3 0x7fc095dd20f1 in bus_unit_set_properties ../src/core/dbus-unit.c:2473 systemd#4 0x7fc095d87d53 in transient_unit_from_message ../src/core/dbus-manager.c:1025 systemd#5 0x7fc095d8872f in method_start_transient_unit ../src/core/dbus-manager.c:1112 systemd#6 0x7fc0944ddf4f in method_callbacks_run ../src/libsystemd/sd-bus/bus-objects.c:406 systemd#7 0x7fc0944e7854 in object_find_and_run ../src/libsystemd/sd-bus/bus-objects.c:1319 systemd#8 0x7fc0944e8f03 in bus_process_object ../src/libsystemd/sd-bus/bus-objects.c:1439 systemd#9 0x7fc09454ad78 in process_message ../src/libsystemd/sd-bus/sd-bus.c:3011 systemd#10 0x7fc09454b302 in process_running ../src/libsystemd/sd-bus/sd-bus.c:3053 systemd#11 0x7fc09454e158 in bus_process_internal ../src/libsystemd/sd-bus/sd-bus.c:3273 systemd#12 0x7fc09454e2f2 in sd_bus_process ../src/libsystemd/sd-bus/sd-bus.c:3300 systemd#13 0x7fc094551a59 in io_callback ../src/libsystemd/sd-bus/sd-bus.c:3642 systemd#14 0x7fc094727830 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:4187 systemd#15 0x7fc094731009 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:4808 systemd#16 0x7fc094732124 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:4869 systemd#17 0x7fc095f7af9f in manager_loop ../src/core/manager.c:3242 systemd#18 0x41cc7c in invoke_main_loop ../src/core/main.c:1937 systemd#19 0x4252e0 in main ../src/core/main.c:3072 systemd#20 0x7fc092a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s). (cherry picked from commit f8b21a0) (cherry picked from commit 98d2a09)

==8036==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3 #1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1) #2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13 #3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38 #4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13 #5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16 #6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13 #7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13 #8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16 #9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45 #10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16 #11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13 #12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24 #13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16 #14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21 #15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16 #16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208) #17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #23 0x4df485 in main (/build/fuzz-unit-file+0x4df485) #24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit 6c13a39) (cherry picked from commit b4c9a9b)

==1==ERROR: LeakSanitizer: detected memory leaks Direct leak of 17 byte(s) in 1 object(s) allocated from: #0 0x7fc096c7243b in strdup (/lib64/libasan.so.8+0x7243b) #1 0x7fc095db3899 in bus_socket_set_transient_property ../src/core/dbus-socket.c:386 #2 0x7fc095db5140 in bus_socket_set_property ../src/core/dbus-socket.c:460 #3 0x7fc095dd20f1 in bus_unit_set_properties ../src/core/dbus-unit.c:2473 #4 0x7fc095d87d53 in transient_unit_from_message ../src/core/dbus-manager.c:1025 #5 0x7fc095d8872f in method_start_transient_unit ../src/core/dbus-manager.c:1112 #6 0x7fc0944ddf4f in method_callbacks_run ../src/libsystemd/sd-bus/bus-objects.c:406 #7 0x7fc0944e7854 in object_find_and_run ../src/libsystemd/sd-bus/bus-objects.c:1319 #8 0x7fc0944e8f03 in bus_process_object ../src/libsystemd/sd-bus/bus-objects.c:1439 #9 0x7fc09454ad78 in process_message ../src/libsystemd/sd-bus/sd-bus.c:3011 #10 0x7fc09454b302 in process_running ../src/libsystemd/sd-bus/sd-bus.c:3053 #11 0x7fc09454e158 in bus_process_internal ../src/libsystemd/sd-bus/sd-bus.c:3273 #12 0x7fc09454e2f2 in sd_bus_process ../src/libsystemd/sd-bus/sd-bus.c:3300 #13 0x7fc094551a59 in io_callback ../src/libsystemd/sd-bus/sd-bus.c:3642 #14 0x7fc094727830 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:4187 #15 0x7fc094731009 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:4808 #16 0x7fc094732124 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:4869 #17 0x7fc095f7af9f in manager_loop ../src/core/manager.c:3242 #18 0x41cc7c in invoke_main_loop ../src/core/main.c:1937 #19 0x4252e0 in main ../src/core/main.c:3072 #20 0x7fc092a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s). (cherry picked from commit f8b21a0) (cherry picked from commit 98d2a09)

==8036==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3 systemd#1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1) systemd#2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13 systemd#3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38 systemd#4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13 systemd#5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16 systemd#6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13 systemd#7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13 systemd#8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16 systemd#9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45 systemd#10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16 systemd#11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13 systemd#12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24 systemd#13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16 systemd#14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21 systemd#15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16 systemd#16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208) systemd#17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#23 0x4df485 in main (/build/fuzz-unit-file+0x4df485) systemd#24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit 6c13a39) (cherry picked from commit b4c9a9b) (cherry picked from commit 6b8b0f5)

==1==ERROR: LeakSanitizer: detected memory leaks Direct leak of 17 byte(s) in 1 object(s) allocated from: #0 0x7fc096c7243b in strdup (/lib64/libasan.so.8+0x7243b) systemd#1 0x7fc095db3899 in bus_socket_set_transient_property ../src/core/dbus-socket.c:386 systemd#2 0x7fc095db5140 in bus_socket_set_property ../src/core/dbus-socket.c:460 systemd#3 0x7fc095dd20f1 in bus_unit_set_properties ../src/core/dbus-unit.c:2473 systemd#4 0x7fc095d87d53 in transient_unit_from_message ../src/core/dbus-manager.c:1025 systemd#5 0x7fc095d8872f in method_start_transient_unit ../src/core/dbus-manager.c:1112 systemd#6 0x7fc0944ddf4f in method_callbacks_run ../src/libsystemd/sd-bus/bus-objects.c:406 systemd#7 0x7fc0944e7854 in object_find_and_run ../src/libsystemd/sd-bus/bus-objects.c:1319 systemd#8 0x7fc0944e8f03 in bus_process_object ../src/libsystemd/sd-bus/bus-objects.c:1439 systemd#9 0x7fc09454ad78 in process_message ../src/libsystemd/sd-bus/sd-bus.c:3011 systemd#10 0x7fc09454b302 in process_running ../src/libsystemd/sd-bus/sd-bus.c:3053 systemd#11 0x7fc09454e158 in bus_process_internal ../src/libsystemd/sd-bus/sd-bus.c:3273 systemd#12 0x7fc09454e2f2 in sd_bus_process ../src/libsystemd/sd-bus/sd-bus.c:3300 systemd#13 0x7fc094551a59 in io_callback ../src/libsystemd/sd-bus/sd-bus.c:3642 systemd#14 0x7fc094727830 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:4187 systemd#15 0x7fc094731009 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:4808 systemd#16 0x7fc094732124 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:4869 systemd#17 0x7fc095f7af9f in manager_loop ../src/core/manager.c:3242 systemd#18 0x41cc7c in invoke_main_loop ../src/core/main.c:1937 systemd#19 0x4252e0 in main ../src/core/main.c:3072 systemd#20 0x7fc092a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s). (cherry picked from commit f8b21a0) (cherry picked from commit 98d2a09) (cherry picked from commit e94157e)

==8036==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3 systemd#1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1) systemd#2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13 systemd#3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38 systemd#4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13 systemd#5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16 systemd#6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13 systemd#7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13 systemd#8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16 systemd#9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45 systemd#10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16 systemd#11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13 systemd#12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24 systemd#13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16 systemd#14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21 systemd#15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16 systemd#16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208) systemd#17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 systemd#18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 systemd#19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 systemd#20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 systemd#21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 systemd#22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 systemd#23 0x4df485 in main (/build/fuzz-unit-file+0x4df485) systemd#24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit 6c13a39) (cherry picked from commit b4c9a9b) (cherry picked from commit 6b8b0f5)

==1==ERROR: LeakSanitizer: detected memory leaks Direct leak of 17 byte(s) in 1 object(s) allocated from: #0 0x7fc096c7243b in strdup (/lib64/libasan.so.8+0x7243b) systemd#1 0x7fc095db3899 in bus_socket_set_transient_property ../src/core/dbus-socket.c:386 systemd#2 0x7fc095db5140 in bus_socket_set_property ../src/core/dbus-socket.c:460 systemd#3 0x7fc095dd20f1 in bus_unit_set_properties ../src/core/dbus-unit.c:2473 systemd#4 0x7fc095d87d53 in transient_unit_from_message ../src/core/dbus-manager.c:1025 systemd#5 0x7fc095d8872f in method_start_transient_unit ../src/core/dbus-manager.c:1112 systemd#6 0x7fc0944ddf4f in method_callbacks_run ../src/libsystemd/sd-bus/bus-objects.c:406 systemd#7 0x7fc0944e7854 in object_find_and_run ../src/libsystemd/sd-bus/bus-objects.c:1319 systemd#8 0x7fc0944e8f03 in bus_process_object ../src/libsystemd/sd-bus/bus-objects.c:1439 systemd#9 0x7fc09454ad78 in process_message ../src/libsystemd/sd-bus/sd-bus.c:3011 systemd#10 0x7fc09454b302 in process_running ../src/libsystemd/sd-bus/sd-bus.c:3053 systemd#11 0x7fc09454e158 in bus_process_internal ../src/libsystemd/sd-bus/sd-bus.c:3273 systemd#12 0x7fc09454e2f2 in sd_bus_process ../src/libsystemd/sd-bus/sd-bus.c:3300 systemd#13 0x7fc094551a59 in io_callback ../src/libsystemd/sd-bus/sd-bus.c:3642 systemd#14 0x7fc094727830 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:4187 systemd#15 0x7fc094731009 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:4808 systemd#16 0x7fc094732124 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:4869 systemd#17 0x7fc095f7af9f in manager_loop ../src/core/manager.c:3242 systemd#18 0x41cc7c in invoke_main_loop ../src/core/main.c:1937 systemd#19 0x4252e0 in main ../src/core/main.c:3072 systemd#20 0x7fc092a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s). (cherry picked from commit f8b21a0) (cherry picked from commit 98d2a09) (cherry picked from commit e94157e)

==8036==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3 #1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1) #2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13 #3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38 #4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13 #5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16 #6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13 #7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13 #8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16 #9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45 #10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16 #11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13 #12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24 #13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16 #14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21 #15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16 #16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208) #17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #23 0x4df485 in main (/build/fuzz-unit-file+0x4df485) #24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz. (cherry picked from commit 6c13a39) (cherry picked from commit b4c9a9b) (cherry picked from commit 6b8b0f5)

==1==ERROR: LeakSanitizer: detected memory leaks Direct leak of 17 byte(s) in 1 object(s) allocated from: #0 0x7fc096c7243b in strdup (/lib64/libasan.so.8+0x7243b) #1 0x7fc095db3899 in bus_socket_set_transient_property ../src/core/dbus-socket.c:386 #2 0x7fc095db5140 in bus_socket_set_property ../src/core/dbus-socket.c:460 #3 0x7fc095dd20f1 in bus_unit_set_properties ../src/core/dbus-unit.c:2473 #4 0x7fc095d87d53 in transient_unit_from_message ../src/core/dbus-manager.c:1025 #5 0x7fc095d8872f in method_start_transient_unit ../src/core/dbus-manager.c:1112 #6 0x7fc0944ddf4f in method_callbacks_run ../src/libsystemd/sd-bus/bus-objects.c:406 #7 0x7fc0944e7854 in object_find_and_run ../src/libsystemd/sd-bus/bus-objects.c:1319 #8 0x7fc0944e8f03 in bus_process_object ../src/libsystemd/sd-bus/bus-objects.c:1439 #9 0x7fc09454ad78 in process_message ../src/libsystemd/sd-bus/sd-bus.c:3011 #10 0x7fc09454b302 in process_running ../src/libsystemd/sd-bus/sd-bus.c:3053 #11 0x7fc09454e158 in bus_process_internal ../src/libsystemd/sd-bus/sd-bus.c:3273 #12 0x7fc09454e2f2 in sd_bus_process ../src/libsystemd/sd-bus/sd-bus.c:3300 #13 0x7fc094551a59 in io_callback ../src/libsystemd/sd-bus/sd-bus.c:3642 #14 0x7fc094727830 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:4187 #15 0x7fc094731009 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:4808 #16 0x7fc094732124 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:4869 #17 0x7fc095f7af9f in manager_loop ../src/core/manager.c:3242 #18 0x41cc7c in invoke_main_loop ../src/core/main.c:1937 #19 0x4252e0 in main ../src/core/main.c:3072 #20 0x7fc092a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s). (cherry picked from commit f8b21a0) (cherry picked from commit 98d2a09) (cherry picked from commit e94157e)

All other usages of sd_varlink_call* do not free the json return parameter, and it is owned by the varlink object instead. Do the same here. TEST-54-CREDS.sh[1074]: ==1074==ERROR: AddressSanitizer: heap-use-after-free on address 0x50c00000095a at pc 0x55cf8cd18a0f bp 0x7ffd7b9d4f10 sp 0x7ffd7b9d4f08 TEST-54-CREDS.sh[1074]: READ of size 2 at 0x50c00000095a thread T0 ((sd-mkdcreds)) TEST-54-CREDS.sh[1074]: #0 0x55cf8cd18a0e in sd_json_variant_unref /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:887:16 TEST-54-CREDS.sh[1074]: #1 0x55cf8cd4cecb in varlink_clear_current /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:593:22 TEST-54-CREDS.sh[1074]: #2 0x55cf8cd4975e in varlink_clear /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:614:9 TEST-54-CREDS.sh[1074]: #3 0x55cf8cd3dc3c in varlink_destroy /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:651:9 TEST-54-CREDS.sh[1074]: #4 0x55cf8cd3dc3c in sd_varlink_unref /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:657:1 TEST-54-CREDS.sh[1074]: #5 0x55cf8cb47a82 in sd_varlink_unrefp /usr/src/debug/systemd/src/systemd/sd-varlink.h:279:1 TEST-54-CREDS.sh[1074]: #6 0x55cf8cb47a82 in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1660:1 TEST-54-CREDS.sh[1074]: #7 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29 TEST-54-CREDS.sh[1074]: #8 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16 TEST-54-CREDS.sh[1074]: #9 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29 TEST-54-CREDS.sh[1074]: #10 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13 TEST-54-CREDS.sh[1074]: #11 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21 TEST-54-CREDS.sh[1074]: #12 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13 TEST-54-CREDS.sh[1074]: #13 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13 TEST-54-CREDS.sh[1074]: #14 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13 TEST-54-CREDS.sh[1074]: #15 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) TEST-54-CREDS.sh[1074]: #16 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) TEST-54-CREDS.sh[1074]: #17 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222) TEST-54-CREDS.sh[1074]: 0x50c00000095a is located 26 bytes inside of 120-byte region [0x50c000000940,0x50c0000009b8) TEST-54-CREDS.sh[1074]: freed by thread T0 ((sd-mkdcreds)) here: TEST-54-CREDS.sh[1074]: #0 0x7f64b48d57ea in free (/usr/lib/clang/19/lib/x86_64-redhat-linux-gnu/libclang_rt.asan.so+0xd57ea) (BuildId: c59bbd28ceb74038a60373d4a8cd4c258bcf0b4e) TEST-54-CREDS.sh[1074]: #1 0x55cf8cd188ab in sd_json_variant_unref /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:895:25 TEST-54-CREDS.sh[1074]: #2 0x55cf8cb47a4c in sd_json_variant_unrefp /usr/src/debug/systemd/src/systemd/sd-json.h:98:1 TEST-54-CREDS.sh[1074]: #3 0x55cf8cb47a4c in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1660:1 TEST-54-CREDS.sh[1074]: #4 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29 TEST-54-CREDS.sh[1074]: #5 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16 TEST-54-CREDS.sh[1074]: #6 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29 TEST-54-CREDS.sh[1074]: #7 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13 TEST-54-CREDS.sh[1074]: #8 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21 TEST-54-CREDS.sh[1074]: #9 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13 TEST-54-CREDS.sh[1074]: #10 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13 TEST-54-CREDS.sh[1074]: #11 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13 TEST-54-CREDS.sh[1074]: #12 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) TEST-54-CREDS.sh[1074]: #13 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) TEST-54-CREDS.sh[1074]: #14 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222) TEST-54-CREDS.sh[1074]: previously allocated by thread T0 ((sd-mkdcreds)) here: TEST-54-CREDS.sh[1074]: #0 0x7f64b48d5a83 in malloc (/usr/lib/clang/19/lib/x86_64-redhat-linux-gnu/libclang_rt.asan.so+0xd5a83) (BuildId: c59bbd28ceb74038a60373d4a8cd4c258bcf0b4e) TEST-54-CREDS.sh[1074]: #1 0x55cf8cd16bb7 in malloc_multiply /usr/src/debug/systemd/src/basic/alloc-util.h:119:16 TEST-54-CREDS.sh[1074]: #2 0x55cf8cd16bb7 in sd_json_variant_new_object /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:737:13 TEST-54-CREDS.sh[1074]: #3 0x55cf8cd32e58 in json_parse_internal /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3161:29 TEST-54-CREDS.sh[1074]: #4 0x55cf8cd37326 in sd_json_parse_with_source /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3408:16 TEST-54-CREDS.sh[1074]: #5 0x55cf8cd37326 in sd_json_parse /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3437:16 TEST-54-CREDS.sh[1074]: #6 0x55cf8cd3f753 in varlink_parse_message /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:962:13 TEST-54-CREDS.sh[1074]: #7 0x55cf8cd3f753 in sd_varlink_process /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:1466:13 TEST-54-CREDS.sh[1074]: #8 0x55cf8cd4c0a9 in sd_varlink_call_full /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2160:21 TEST-54-CREDS.sh[1074]: #9 0x55cf8cd4d617 in sd_varlink_callb_ap /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2237:16 TEST-54-CREDS.sh[1074]: #10 0x55cf8cd4da3c in sd_varlink_callb /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2251:13 TEST-54-CREDS.sh[1074]: #11 0x55cf8cb47686 in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1623:13 TEST-54-CREDS.sh[1074]: #12 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29 TEST-54-CREDS.sh[1074]: #13 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16 TEST-54-CREDS.sh[1074]: #14 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29 TEST-54-CREDS.sh[1074]: #15 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13 TEST-54-CREDS.sh[1074]: #16 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21 TEST-54-CREDS.sh[1074]: #17 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13 TEST-54-CREDS.sh[1074]: #18 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13 TEST-54-CREDS.sh[1074]: #19 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13 TEST-54-CREDS.sh[1074]: #20 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) TEST-54-CREDS.sh[1074]: #21 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) TEST-54-CREDS.sh[1074]: #22 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222) TEST-54-CREDS.sh[1074]: SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:887:16 in sd_json_variant_unref TEST-54-CREDS.sh[1074]: Shadow bytes around the buggy address: TEST-54-CREDS.sh[1074]: 0x50c000000680: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa TEST-54-CREDS.sh[1074]: 0x50c000000700: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd TEST-54-CREDS.sh[1074]: 0x50c000000780: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 TEST-54-CREDS.sh[1074]: 0x50c000000800: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa TEST-54-CREDS.sh[1074]: 0x50c000000880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa TEST-54-CREDS.sh[1074]: =>0x50c000000900: fa fa fa fa fa fa fa fa fd fd fd[fd]fd fd fd fd TEST-54-CREDS.sh[1074]: 0x50c000000980: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa TEST-54-CREDS.sh[1074]: 0x50c000000a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa TEST-54-CREDS.sh[1074]: 0x50c000000a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa TEST-54-CREDS.sh[1074]: 0x50c000000b00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa TEST-54-CREDS.sh[1074]: 0x50c000000b80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa TEST-54-CREDS.sh[1074]: Shadow byte legend (one shadow byte represents 8 application bytes): TEST-54-CREDS.sh[1074]: Addressable: 00 TEST-54-CREDS.sh[1074]: Partially addressable: 01 02 03 04 05 06 07 TEST-54-CREDS.sh[1074]: Heap left redzone: fa TEST-54-CREDS.sh[1074]: Freed heap region: fd TEST-54-CREDS.sh[1074]: Stack left redzone: f1 TEST-54-CREDS.sh[1074]: Stack mid redzone: f2 TEST-54-CREDS.sh[1074]: Stack right redzone: f3 TEST-54-CREDS.sh[1074]: Stack after return: f5 TEST-54-CREDS.sh[1074]: Stack use after scope: f8 TEST-54-CREDS.sh[1074]: Global redzone: f9 TEST-54-CREDS.sh[1074]: Global init order: f6 TEST-54-CREDS.sh[1074]: Poisoned by user: f7 TEST-54-CREDS.sh[1074]: Container overflow: fc TEST-54-CREDS.sh[1074]: Array cookie: ac TEST-54-CREDS.sh[1074]: Intra object redzone: bb TEST-54-CREDS.sh[1074]: ASan internal: fe TEST-54-CREDS.sh[1074]: Left alloca redzone: ca TEST-54-CREDS.sh[1074]: Right alloca redzone: cb Follow-up for 2c3cbc5 (cherry picked from commit 842a674) (cherry picked from commit b342fb5)

rogerjames99 and others added 30 commits January 11, 2019 13:05

Do not start server if it is already runnning (#11245)

0bb92b9

(cherry picked from commit 7da7340)

core: free lines after reading them

5fa79ab

Closes systemd/systemd#11251. (cherry picked from commit 7334ade)

switch-root: fix error message

ebcd154

Fixes #11261. (cherry picked from commit a5c67cc)

udev-event: do not read stdout or stderr if the pipefd is not created

32a11a2

Fixes #11255. (cherry picked from commit adeb26c)

ask-password-api: do not call ask_password_keyring() if keyname == NULL

095a383

Fixes #11295. (cherry picked from commit 1f00998)

Docs: Add Missing Space Between Words

e60c80a

(cherry picked from commit 8d7fac9)

libudev-util: make util_replace_whitespace() read only len characters

c371230

This effectively reverts df8ba4f. Fixes #11264. (cherry picked from commit 577ab71)

Revert "sd-device: ignore bind/unbind events for now"

ff2145b

This reverts commit 56c886d. Fixes #11277 and #11299. (cherry picked from commit b261494)

Revert "udevd: configure a child process name for worker processes"

7742102

This reverts commit 49f3ee7. (cherry picked from commit ff86c92)

test: add test for sending/receiving an invalid device

c2a1119

(cherry picked from commit 4fe0caa)

journal: rely on _cleanup_free_ to free a temporary string used in cl…

1789a12

…ient_context_read_cgroup Closes systemd/systemd#11253. (cherry picked from commit ef30f7c)

json: handle NULL explicitly in json_variant_has_type()

388e534

(cherry picked from commit f8c186c)

udev-node: make link_find_prioritized() return negative value when no…

f665fe3

…thing found Fixes a bug introduced by a2554ac. Fixes RHBZ#1662303. (cherry picked from commit 82d9ac2)

core/mount: make mount_setup_existing_unit() not drop MOUNT_PROC_JUST…

27492fe

…_MOUNTED flag from units This fixes a bug introduced by ec88d1e. Fixes #11362. (cherry picked from commit d253a45)

journald: remove unnecessary {}

ccbb69e

(cherry picked from commit bc2762a)

journald: lower the maximum entry size limit to ½ for non-sealed fds

f0ad5fe

We immediately read the whole contents into memory, making thigs much more expensive. Sealed fds should be used instead since they are more efficient on our side. (cherry picked from commit 6670c9d)

µhttpd: use a cleanup function to call MHD_destroy_response

03bf8a3

(cherry picked from commit d101fb2)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

First batch of fixes for v240 #17

First batch of fixes for v240 #17

Uh oh!

keszybz commented Jan 11, 2019

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

8 participants

Uh oh!

First batch of fixes for v240 #17

First batch of fixes for v240 #17

Uh oh!

Conversation

keszybz commented Jan 11, 2019

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

8 participants