systemd-resolved crashes due to use-after-free bug
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
The continuous systemd-resolved crashes delay/hang the device startup.
And this leads to unresponsive devices in the system. Specifically, the crash looks like:
Dec 16 12:51:21 TREND-24-AF-7A systemd[1]: Started Time & Date Service.
Dec 16 12:51:24 TREND-24-AF-7A systemd[1]: systemd-
[...]
Dec 16 12:53:47 TREND-24-AF-7A systemd-
Dec 16 12:53:47 TREND-24-AF-7A systemd[1]: systemd-
[ Test Plan ]
The exact steps to reproduce this issue are still not known.
But we see this crash only in Static IP Addressing mode enabled, where systemd-resolved is enabled for LLMNR service.
But we were not able to see this crash in DHCP mode.
Steps to reproduce:
1) Powercycle the device.
2) Soft-reboot.
It was also pointed out by Brian Murray that this error in the Ubuntu error tracker is likely the same bug: https:/
[ Where problems could occur ]
The patch[1] simply disables the timer event source for a DNS query when the struct representing that query is free'd. I cannot see any realistic regression potential, because if the timer event fired on the DNS query after it has been free'd, then that would be this bug. I.e. no working code should be relying on the timer event source still being around after the query is free'd.
[1] https:/
Related branches
- Lukas Märdian: Approve
-
Diff: 64 lines (+42/-0)3 files modifieddebian/changelog (+8/-0)
debian/patches/lp2012943-resolve-fix-potential-memleak-and-use-after-free.patch (+33/-0)
debian/patches/series (+1/-0)
From what I can tell, this patch is present in Jammy and newer, but not Focal.