Bug#883690: systemd Caught <ABRT>, "Freezing execution", __libc_fatal("*** %n in writable segment detected ***\n") after execute asprintf(&message, "U\002%c%s%n"... in src/core/manager.c:2404
Jan Fuchs
fuky at asu.cas.cz
Wed Dec 6 14:42:34 GMT 2017
Package: systemd
Version: 232-25+deb9u1
Severity: normal
systemd[1]: Caught <ABRT>, dumped core as pid 786.
systemd[1]: Freezing execution.
$ gdb /lib/systemd/systemd systemd.coredump
[New LWP 786]
[New LWP 1]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/sbin/init BOOT_IMAGE=boot/stretch-9_1_0'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007f46b4d342e7 in kill () at ../sysdeps/unix/syscall-template.S:84
84../sysdeps/unix/syscall-template.S: No such file or directory.
[Current thread is 1 (LWP 786)]
(gdb) bt
#0 0x00007f46b4d342e7 in kill () at ../sysdeps/unix/syscall-template.S:84
#1 0x000056551288c95a in crash (sig=6) at ../src/core/main.c:189
#2 <signal handler called>
#3 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#4 0x00007f46b4d353fa in __GI_abort () at abort.c:89
#5 0x00007f46b4d71bd0 in __libc_message (do_abort=do_abort at entry=1, fmt=fmt at entry=0x7f46b4e6516c "%s")
at ../sysdeps/posix/libc_fatal.c:175
#6 0x00007f46b4d71c12 in __GI___libc_fatal (message=0x7f46b4e66640 "*** %n in writable segment detected ***\n")
at ../sysdeps/posix/libc_fatal.c:185
#7 0x00007f46b4d4a12f in _IO_vfprintf_internal (s=s at entry=0x7fff5b7558d0, format=<optimized out>,
format at entry=0x56551290c66c "U\002%c%s%n", ap=ap at entry=0x7fff5b755a08) at vfprintf.c:1636
#8 0x00007f46b4df9c05 in __GI___vasprintf_chk (result_ptr=0x7fff5b755b20, flags=1, format=0x56551290c66c "U\002%c%s%n",
args=args at entry=0x7fff5b755a08) at vasprintf_chk.c:66
#9 0x00007f46b4df9b42 in __asprintf_chk (result_ptr=<optimized out>, flags=<optimized out>, format=<optimized out>)
at asprintf_chk.c:32
#10 0x00005655128f1ef3 in asprintf () at /usr/include/x86_64-linux-gnu/bits/stdio2.h:178
#11 manager_send_unit_plymouth (u=0x565513938d80, m=0x5655138ae9b0) at ../src/core/manager.c:2404
#12 unit_notify (u=0x565513938d80, os=UNIT_ACTIVATING, ns=<optimized out>, reload_success=<optimized out>) at ../src/core/unit.c:2062
#13 0x00005655128fa330 in service_enter_running.lto_priv.525 (s=<optimized out>, f=<optimized out>, s=<optimized out>)
at ../src/core/service.c:1688
#14 0x00005655128c90d4 in service_sigchld_event.lto_priv.83 (u=0x565513938d80, pid=<optimized out>, code=1, status=0)
at ../src/core/service.c:2715
#15 0x00005655128d73ed in invoke_sigchld_event (m=m at entry=0x5655138ae9b0, u=u at entry=0x565513938d80, si=si at entry=0x7fff5b755c30)
at ../src/core/manager.c:1827
#16 0x00005655128d9fbe in manager_dispatch_sigchld.lto_priv.626 (m=<optimized out>, m=<optimized out>) at ../src/core/manager.c:1878
#17 0x00005655128daac5 in manager_dispatch_signal_fd.lto_priv.586 (source=<optimized out>, fd=<optimized out>,
revents=<optimized out>, userdata=<optimized out>, userdata=<optimized out>) at ../src/core/manager.c:2139
#18 0x00007f46b64b55e3 in source_dispatch (s=s at entry=0x5655138b0540) at ../src/libsystemd/sd-event/sd-event.c:2267
#19 0x00007f46b64b57c4 in sd_event_dispatch (e=e at entry=0x5655138b0090) at ../src/libsystemd/sd-event/sd-event.c:2626
#20 0x00007f46b64b6d07 in sd_event_run (e=0x5655138b0090, timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:2685
#21 0x0000565512889b54 in manager_loop (m=0x5655138ae9b0) at ../src/core/manager.c:2255
#22 main (argc=2, argv=<optimized out>) at ../src/core/main.c:1869
$ fgrep -ri asprintf . |fgrep %n
./resolve/resolved-dns-rr.c: r = asprintf(&s, "%s %u %u %s %n",
./resolve/resolved-dns-rr.c: r = asprintf(&s, "%s %s%.*u %s %u %u %s %s %u %s %n",
./resolve/resolved-dns-rr.c: r = asprintf(&s, "%s %n",
./tty-ask-password-agent/tty-ask-password-agent.c: } else if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0)
./tty-ask-password-agent/tty-ask-password-agent.c: if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0) {
./fsckd/fsckd.c: if (asprintf(&packet, "%c\002%c%s%n", mode, (int) (strlen(message) + 1), message, &n) < 0)
./core/manager.c: if (asprintf(&message, "U\002%c%s%n", (int) (strlen(u->id) + 1), u->id, &n) < 0) {
$ vim glibc-2.24/stdio-common/vfprintf.c
LABEL (form_number): \
if (s->_flags2 & _IO_FLAGS2_FORTIFY) \
{ \
if (! readonly_format) \
{ \
extern int __readonly_area (const void *, size_t) \
attribute_hidden; \
readonly_format \
= __readonly_area (format, ((STR_LEN (format) + 1) \
* sizeof (CHAR_T))); \
} \
if (readonly_format < 0) \
__libc_fatal ("*** %n in writable segment detected ***\n"); \
-- Package-specific info:
-- System Information:
Debian Release: 9.1
APT prefers stable-debug
APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii adduser 3.115
ii libacl1 2.2.52-3+b1
ii libapparmor1 2.11.0-3
ii libaudit1 1:2.6.7-2
ii libblkid1 2.29.2-1
ii libc6 2.24-11+deb9u1
ii libcap2 1:2.25-1
ii libcryptsetup4 2:1.7.3-4
ii libgcrypt20 1.7.6-2+deb9u2
ii libgpg-error0 1.26-2
ii libidn11 1.33-1
ii libip4tc0 1.6.0+snapshot20161117-6
ii libkmod2 23-2
ii liblz4-1 0.0~r131-2+b1
ii liblzma5 5.2.2-1.2+b1
ii libmount1 2.29.2-1
ii libpam0g 1.1.8-3.6
ii libseccomp2 2.3.1-2.1
ii libselinux1 2.6-3+b3
ii libsystemd0 232-25+deb9u1
ii mount 2.29.2-1
ii procps 2:3.3.12-3
ii util-linux 2.29.2-1
Versions of packages systemd recommends:
ii dbus 1.10.22-0+deb9u1
ii libpam-systemd 232-25+deb9u1
Versions of packages systemd suggests:
ii policykit-1 0.105-18
pn systemd-container <none>
pn systemd-ui <none>
Versions of packages systemd is related to:
pn dracut <none>
ii initramfs-tools 0.130
ii udev 232-25+deb9u1
-- Configuration Files:
/etc/systemd/system.conf changed:
[Manager]
LogLevel=debug
LogTarget=journal-or-kmsg
DumpCore=yes
-- no debconf information
--
http://www.fuky.org
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: systemd-analyze-dump.txt
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20171206/5f5f79b0/attachment-0003.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dsh-enabled.txt
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20171206/5f5f79b0/attachment-0004.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: systemd-delta.txt
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20171206/5f5f79b0/attachment-0005.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd.coredump
Type: application/octet-stream
Size: 4489216 bytes
Desc:
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20171206/5f5f79b0/attachment-0001.obj>
More information about the Pkg-systemd-maintainers
mailing list