This bug was fixed in the package systemd - 245.4-4ubuntu3.22
---------------
systemd (245.4-4ubuntu3.22) focal; urgency=medium
* resolve: fix potential memleak and use-after-free (LP: #2012943)
File:
debian/patches/lp2012943-resolve-fix-potential-memleak-and-use-after-free.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ed2729587663dbab3583d06492b715df2896874e
-- Nick Rosbrook <nick.rosbr...@canonical.com> Mon, 27 Mar 2023
13:54:06 -0400
** Changed in: systemd (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2012943
Title:
systemd-resolved crashes due to use-after-free bug
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Focal:
Fix Released
Bug description:
[ Impact ]
The continuous systemd-resolved crashes delay/hang the device startup.
And this leads to unresponsive devices in the system. Specifically, the crash
looks like:
Dec 16 12:51:21 TREND-24-AF-7A systemd[1]: Started Time & Date Service.
Dec 16 12:51:24 TREND-24-AF-7A systemd[1]: systemd-resolved.service: Main
process exited, code=killed, status=11/SEGV
[...]
Dec 16 12:53:47 TREND-24-AF-7A systemd-resolved[2591]: Assertion
'DNS_TRANSACTION_IS_LIVE(q->state)' failed at
src/resolve/resolved-dns-query.c:520, function dns_query_complete(). Aborting.
Dec 16 12:53:47 TREND-24-AF-7A systemd[1]: systemd-resolved.service: Main
process exited, code=killed, status=6/ABRT
[ Test Plan ]
The exact steps to reproduce this issue are still not known.
But we see this crash only in Static IP Addressing mode enabled, where
systemd-resolved is enabled for LLMNR service.
But we were not able to see this crash in DHCP mode.
Steps to reproduce:
1) Powercycle the device.
2) Soft-reboot.
It was also pointed out by Brian Murray that this error in the Ubuntu
error tracker is likely the same bug:
https://errors.ubuntu.com/problem/3cb08ae5efaa4d8c6ce992f7cebd2751ae3f168f.
Therefore, we would expect to stop seeing this error in the tracker as
a result of this patch.
[ Where problems could occur ]
The patch[1] simply disables the timer event source for a DNS query
when the struct representing that query is free'd. I cannot see any
realistic regression potential, because if the timer event fired on
the DNS query after it has been free'd, then that would be this bug.
I.e. no working code should be relying on the timer event source still
being around after the query is free'd.
[1]
https://github.com/systemd/systemd/commit/73bfd7be042cc63e7649242b377ad494bf74ea4b
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2012943/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
