Description zhixin01 2025-02-28 10:27:26 UTC

[缺陷描述]：
systemd-test 测试套，test-execute用例失败，exec-systemcallfilter-failing.service服务退出码不符合预期，且产生coredump

测试日志失败部分如下：
exit getppid getresuid32 getpgrp getuid set_tid_address pause prlimit64 getpgid getresuid restart_syscall execve sched_yield getgid32 clock_gettime time getsid nanosleep clock_getres getresgid sigreturn set_robust_list get_thread_area set_thread_area set_tls ugetrlimit getrlimit getpid futex getgid gettid membarrier clock_nanosleep
Operating on architecture: arm
Operating on architecture: arm64
Got message type=signal sender=:1.2 destination=n/a path=/org/freedesktop/systemd1/agent interface=org.freedesktop.systemd1.Agent member=Released cookie=856185 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetConnectionUnixUser cookie=108 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.192693 path=n/a interface=n/a member=n/a cookie=109 reply_cookie=108 signature=u error-name=n/a error-message=n/a
Got cgroup empty notification for: /user.slice/user-1377975.slice/session-165.scope/b6ed227df1f77b5c/exec-systemcallfilter-not-failing2.service
Got message type=signal sender=:1.2 destination=n/a path=/org/freedesktop/systemd1/agent interface=org.freedesktop.systemd1.Agent member=Released cookie=856211 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetConnectionUnixUser cookie=109 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.192693 path=n/a interface=n/a member=n/a cookie=110 reply_cookie=109 signature=u error-name=n/a error-message=n/a
Got cgroup empty notification for: /user.slice/user-0.slice/session-c23101.scope
Received SIGCHLD from PID 702656 ((sh)).
Child 702656 ((sh)) died (code=dumped, status=31/SYS)
exec-systemcallfilter-failing.service: Child 702656 belongs to exec-systemcallfilter-failing.service.
exec-systemcallfilter-failing.service: Main process exited, code=dumped, status=31/SYS
exec-systemcallfilter-failing.service: Failed with result 'core-dump'.
exec-systemcallfilter-failing.service: Changed start -> failed
exec-systemcallfilter-failing.service: Unit entered failed state.
        PID: 702656
        Start Timestamp: Fri 2025-02-28 10:23:18 CST
        Exit Timestamp: Fri 2025-02-28 10:23:19 CST
        Exit Code: dumped
        Exit Status: 31
test_exec_systemcallfilter: exec-systemcallfilter-failing.service: exit code 3, expected 2
Aborted (core dumped)

[重现概率]：
必现

[重现环境]：
环境信息：倚天710机器
11.163.178.238

#uname -r
6.6.71-3_rc1.al8.aarch64

#cat /etc/os-release
NAME="Alibaba Cloud Linux"
VERSION="3 (Soaring Falcon)"
ID="alinux"
ID_LIKE="rhel fedora centos anolis"
VERSION_ID="3"
UPDATE_ID="10"
PLATFORM_ID="platform:al8"
PRETTY_NAME="Alibaba Cloud Linux 3 (Soaring Falcon)"
ANSI_COLOR="0;31"
HOME_URL="https://www.aliyun.com/"

#lscpu
Architecture:        aarch64
Byte Order:          Little Endian
CPU(s):              128
On-line CPU(s) list: 0-127
Thread(s) per core:  1
Core(s) per socket:  128
Socket(s):           1
NUMA node(s):        2
Vendor ID:           ARM
BIOS Vendor ID:      T-HEAD
Model:               0
Model name:          Neoverse-N2
BIOS Model name:     Yitian710-128
Stepping:            r0p0
CPU MHz:             2750.000
BogoMIPS:            100.00
Hypervisor vendor:   Alibaba
Virtualization type: full
L1d cache:           64K
L1i cache:           64K
L2 cache:            1024K
L3 cache:            65536K
NUMA node0 CPU(s):   0-63
NUMA node1 CPU(s):   64-127
Flags:               fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm jscvt fcma lrcpc dcpop sha3 sm3 sm4 asimddp sha512 sve asimdfhm dit uscat ilrcpc flagm sb dcpodp sve2 sveaes svepmull svebitperm svesha3 svesm4 flagm2 frint svei8mm svebf16 i8mm bf16 dgh

#free -h
              total        used        free      shared  buff/cache   available
Mem:          125Gi       3.6Gi       121Gi        12Mi       1.0Gi       122Gi
Swap:         2.0Gi          0B       2.0Gi

#cat /proc/cmdline
BOOT_IMAGE=(hd0,gpt2)/boot/vmlinuz-6.6.71-3_rc1.al8.aarch64 root=UUID=d0af582f-7147-41de-85e3-deb2e14cde99 ro biosdevname=0 rd.driver.pre=ahci iommu.passthrough=1 iommu.strict=0 nospectre_bhb ssbd=force-off systemd.unified_cgroup_hierarchy=0 cgroup.memory=nokmem console=ttyS0,115200 fsck.repair=yes crashkernel=0M-2G:0M,2G-256G:256M,256G-1024G:320M,1024G-:384M

[重现步骤]：
# 下载并编译测试套
git clone  http://gitlab-sp.alibaba-inc.com/alinux/systemd.git --branch a3.2104
cd systemd
yum-builddep -D "_topdir $(pwd)" -D "_sourcedir $(pwd)" -D "_builddir $(pwd)" -y systemd.spec
rpmbuild -D "_topdir $(pwd)" -D "_sourcedir $(pwd)" -D "_builddir $(pwd)" -bp systemd.spec
cd systemd-239
meson build
ninja -C build

# 执行用例
cd build
./test-execute

[期望结果]：
用例执行PASS

[实际结果]：
exec-systemcallfilter-failing.service服务退出码不符合预期，产生core-dump文件

[分析]
coredump解析：
#gdb ./test-execute /var/lib/systemd/coredump/'core.(sh).0.9b2499c1c00f4ce4a2a28473dff754c0.675021.1740707442000000'
GNU gdb (GDB) Alibaba Cloud Linux 9.2-7.2.0.5.al8
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "aarch64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./test-execute...
[New LWP 675021]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `(sh)'.
Program terminated with signal SIGSYS, Bad system call.
#0  0x0000ffff994b26a8 in writev () from /lib64/libc.so.6
(gdb) bt
#0  0x0000ffff994b26a8 in writev () from /lib64/libc.so.6
#1  0x0000ffff9970bdfc in write_to_console (level=31, error=0, file=0xaaaac4ef0f08 "../src/core/execute.c", line=3641,
    func=0xaaaac4ef41b0 <__func__.41> "exec_child",
    buffer=0xffffe1dedcc0 "exec-systemcallfilter-failing.service: Executing: /bin/sh -c 'echo \"This should not be seen\"'") at ../src/basic/log.c:390
#2  0x0000ffff9970ccc0 in log_dispatch_internal (level=31, error=0, file=0xaaaac4ef0f08 "../src/core/execute.c", line=3641,
    func=0xaaaac4ef41b0 <__func__.41> "exec_child", object_field=0x0, object=0x0, extra_field=0x0, extra=0x0,
    buffer=0xffffe1dedcc0 "exec-systemcallfilter-failing.service: Executing: /bin/sh -c 'echo \"This should not be seen\"'") at ../src/basic/log.c:658
#3  0x0000ffff9970e460 in log_struct_internal (level=31, error=0, file=0xaaaac4ef0f08 "../src/core/execute.c", line=3641,
    func=0xaaaac4ef41b0 <__func__.41> "exec_child", format=0xaaaac4ef2a30 "MESSAGE=%s: Executing: %s") at ../src/basic/log.c:1008
#4  0x0000aaaac4df4da8 in exec_child (unit=0xaaaac9443a30, command=0xaaaac94435b0, context=0xaaaac9443f08, params=0xffffe1deec50, runtime=0x0,
    dcreds=0xaaaac9444390, argv=0xaaaac943edc0, socket_fd=-1, named_iofds=0xffffe1deea98, fds=0x0, n_socket_fds=0, n_storage_fds=0, files_env=0x0,
    user_lookup_fd=-1, exit_status=0xffffe1deea10) at ../src/core/execute.c:3641
#5  0x0000aaaac4df5b80 in exec_spawn (unit=0xaaaac9443a30, command=0xaaaac94435b0, context=0xaaaac9443f08, params=0xffffe1deec50, runtime=0x0,
    dcreds=0xaaaac9444390, ret=0xffffe1deeb80) at ../src/core/execute.c:3777
#6  0x0000aaaac4e1d5e0 in service_spawn (s=0xaaaac9443a30, c=0xaaaac94435b0, timeout=18446744073709551615,
    flags=(EXEC_APPLY_SANDBOXING | EXEC_APPLY_CHROOT | EXEC_APPLY_TTY_STDIN | EXEC_PASS_FDS | EXEC_SET_WATCHDOG), _pid=0xffffe1deed90) at ../src/core/service.c:1566
#7  0x0000aaaac4e1f398 in service_enter_start (s=0xaaaac9443a30) at ../src/core/service.c:2082
#8  0x0000aaaac4e1f6a8 in service_enter_start_pre (s=0xaaaac9443a30) at ../src/core/service.c:2148
#9  0x0000aaaac4e1f890 in service_enter_condition (s=0xaaaac9443a30) at ../src/core/service.c:2182
#10 0x0000aaaac4e20c54 in service_start (u=0xaaaac9443a30) at ../src/core/service.c:2421
#11 0x0000aaaac4e45aa0 in unit_start (u=0xaaaac9443a30) at ../src/core/unit.c:1820
#12 0x0000aaaac4de2e44 in test (func=0xaaaac4ef0578 <__func__.35> "test_exec_systemcallfilter", m=0xaaaac9350080,
    unit_name=0xaaaac4eef128 "exec-systemcallfilter-failing.service", status_expected=31, code_expected=2) at ../src/test/test-execute.c:172
#13 0x0000aaaac4de402c in test_exec_systemcallfilter (m=0xaaaac9350080) at ../src/test/test-execute.c:379
#14 0x0000aaaac4de606c in run_tests (scope=UNIT_FILE_USER, tests=0xaaaac4f62670 <user_tests>, patterns=0xffffe1def250) at ../src/test/test-execute.c:741
#15 0x0000aaaac4de63a0 in main (argc=1, argv=0xffffe1def248) at ../src/test/test-execute.c:838
(gdb)