TEST-21-DFUZZER: improve stability of the test, and enable services to be tested (#37862)

Fixes #37834.
2026-04-14 08:25:20 +09:00 · 2025-07-27 10:33:12 +01:00
parent 5c68c51045 69865ca697
commit ef101750ca
1 changed files with 160 additions and 55 deletions
--- a/test/units/TEST-21-DFUZZER.sh
+++ b/test/units/TEST-21-DFUZZER.sh
@@ -43,61 +43,135 @@ trap at_exit EXIT

 systemctl log-level info

-# FIXME: systemd-run doesn't play well with daemon-reexec
-# See: https://github.com/systemd/systemd/issues/27204
-add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Manager:Reexecute FIXME"
-
-add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Manager:SoftReboot destructive"
-add_suppression "org.freedesktop.login1" "Sleep destructive"
-
 # Skip calling start and stop methods on unit objects, as doing that is not only time consuming, but it also
 # starts/stops units that interfere with the machine state. The actual code paths should be covered (to some
 # degree) by the respective method counterparts on the manager object.
-for method in Start Stop Restart ReloadOrRestart ReloadOrTryRestart Kill; do
+MANAGER_METHOD_FILTER=(
+    StartUnit
+    StartUnitWithFlags
+    StartUnitReplace
+    StopUnit
+    RestartUnit
+    TryRestartUnit
+    ReloadOrRestartUnit
+    ReloadOrTryRestartUnit
+    KillUnit
+    QueueSignalUnit
+    FreezeUnit
+    AttachProcessesToUnit
+    RemoveSubgroupFromUnit
+    AbandonScope
+    CancelJob
+    Exit
+    Reboot
+    SoftReboot
+    PowerOff
+    Halt
+    KExec
+    SwitchRoot
+    EnqueueMarkedJobs
+)
+UNIT_METHOD_FILTER=(
+    Start
+    Stop
+    Restart
+    TryRestart
+    ReloadOrRestart
+    ReloadOrTryRestart
+    Kill
+    QueueSignal
+    Freeze
+)
+SCOPE_METHOD_FILTER=(
+    Abandon
+)
+JOB_METHOD_FILTER=(
+    Cancel
+)
+LOGIN_METHOD_FILTER=(
+    FlushDevices # This triggers all devices and makes the system super heavy
+    PowerOff
+    PowerOffWithFlags
+    Reboot
+    RebootWithFlags
+    Halt
+    HaltWithFlags
+    Suspend
+    SuspendWithFlags
+    Hibernate
+    HibernateWithFlags
+    HybridSleep
+    HybridSleepWithFlags
+    SuspendThenHibernate
+    SuspendThenHibernateWithFlags
+    ScheduleShutdown
+)
+for method in "${MANAGER_METHOD_FILTER[@]}"; do
+    add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Manager:$method"
+done
+for method in "${UNIT_METHOD_FILTER[@]}"; do
    add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Unit:$method"
 done
+for method in "${SCOPE_METHOD_FILTER[@]}"; do
+    add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Scope:$method"
+done
+for method in "${JOB_METHOD_FILTER[@]}"; do
+    add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Job:$method"
+done
+for method in "${LOGIN_METHOD_FILTER[@]}"; do
+    add_suppression "org.freedesktop.login1" "org.freedesktop.login1.Manager:$method"
+done

 cat /etc/dfuzzer.conf

 # TODO
 #   * check for possibly newly introduced buses?
-BUS_LIST=(
-    org.freedesktop.home1
-    org.freedesktop.hostname1
-    org.freedesktop.import1
-    org.freedesktop.locale1
-    org.freedesktop.login1
-    org.freedesktop.machine1
-    org.freedesktop.portable1
-    org.freedesktop.resolve1
-    org.freedesktop.systemd1
-    org.freedesktop.timedate1
+NAME_LIST=(
+    home
+    hostname
+    import
+    locale
+    login
+    machine
+    portable
+    resolve
+    timedate
 )

-# systemd-oomd requires PSI
-if tail -n +1 /proc/pressure/{cpu,io,memory}; then
-    BUS_LIST+=(
-        org.freedesktop.oom1
-    )
-fi
-
 # Some services require specific conditions:
+#   - systemd-oomd requires PSI
 #   - systemd-timesyncd can't run in a container
 #   - systemd-networkd can run in a container if it has CAP_NET_ADMIN capability
-if ! systemd-detect-virt --container; then
-    BUS_LIST+=(
-        org.freedesktop.network1
-        org.freedesktop.timesync1
-    )
-elif busctl introspect org.freedesktop.network1 / &>/dev/null; then
-    BUS_LIST+=(
-        org.freedesktop.network1
-    )
+if tail -n +1 /proc/pressure/{cpu,io,memory}; then
+    NAME_LIST+=( oom )
 fi

-SESSION_BUS_LIST=(
-    org.freedesktop.systemd1
-)
+if ! systemd-detect-virt --container; then
+    NAME_LIST+=( timesync )
+fi
+
+if ip link add dummy-fuzz type dummy; then
+    # if a dummy interface is created, then let's also setup it for resolved
+    ip link set dummy-fuzz up
+    ip address add 192.0.2.1/24 dev dummy-fuzz
+
+    # When we can create a dummy interface, we definitely have CAP_NET_ADMIN
+    NAME_LIST+=( network )
+
+    # Create unit files for another dummy interface for networkd
+    mkdir -p /run/systemd/network
+    cat >/run/systemd/network/10-dummy-fuzz2.netdev <<EOF
+[NetDev]
+Kind=dummy
+Name=dummy-fuzz2
+EOF
+    cat >/run/systemd/network/10-dummy-fuzz2.network <<EOF
+[Match]
+Name=dummy-fuzz2
+[Network]
+Address=192.0.2.2/24
+EOF
+fi

 # Maximum payload size generated by dfuzzer (in bytes) - default: 50K
 PAYLOAD_MAX=50000
@@ -107,33 +181,64 @@ if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then
    PAYLOAD_MAX=10000 # 10K
 fi

+# Disable debugging logs from systemd-homed, systemd-nsresourced, and systemd-userdbd.
+# Otherwise, journal is filled with the debugging logs by them.
+systemctl service-log-level systemd-homed.service info
+for service in systemd-nsresourced.service systemd-userdbd.service; do
+    mkdir -p "/run/systemd/system/${service}.d"
+    cat >"/run/systemd/system/${service}.d/10-disable-debug.conf" <<EOF
+[Service]
+Environment=SYSTEMD_LOG_LEVEL=info
+EOF
+    systemctl daemon-reload
+    systemctl restart "$service"
+done
+
+test_systemd() {
+    systemd-run "$@" --pipe --wait \
+                -- dfuzzer -b "$PAYLOAD_MAX" -n org.freedesktop.systemd1
+
+    # Let's reload the systemd user daemon to test (de)serialization as well
+    systemctl "$@" daemon-reload
+    # FIXME: explicitly trigger reexecute until systemd/systemd#27204 is resolved
+    systemctl "$@" daemon-reexec
+}
+
+# Let's first test the session bus before the system one, as it may be in a
+# spurious state after fuzzing the system bus or login bus.
+echo "Bus: org.freedesktop.systemd1 (session)"
+test_systemd --machine 'testuser@.host' --user
+
 # Overmount /var/lib/machines with a size-limited tmpfs, as fuzzing
 # the org.freedesktop.machine1 stuff makes quite a mess
 mount -t tmpfs -o size=50M tmpfs /var/lib/machines

-# Fuzz both the system and the session buses (where applicable)
-for bus in "${BUS_LIST[@]}"; do
-    echo "Bus: $bus (system)"
+# Next, test the system service buses, as the services may be in a spurious
+# state after fuzzing the system service manager bus.
+for name in "${NAME_LIST[@]}"; do
+    bus="org.freedesktop.${name}1"
+    service="systemd-${name}d.service"
+
+    echo "Bus: $bus"
+
+    # Unmask and enable the service.
+    systemctl unmask "$service"
+    systemctl enable "$service"
+
+    # enable debugging logs
+    systemctl service-log-level "$service" debug || :
+
    systemd-run --pipe --wait \
                -- dfuzzer -b "$PAYLOAD_MAX" -n "$bus"

-    # Let's reload the systemd daemon to test (de)serialization as well
-    systemctl daemon-reload
-    # FIXME: explicitly trigger reexecute until systemd/systemd#27204 is resolved
-    systemctl daemon-reexec
+    # disable debugging logs
+    systemctl service-log-level "$service" info || :
 done

 umount /var/lib/machines

-for bus in "${SESSION_BUS_LIST[@]}"; do
-    echo "Bus: $bus (session)"
-    systemd-run --machine 'testuser@.host' --user --pipe --wait \
-                -- dfuzzer -b "$PAYLOAD_MAX" -n "$bus"
-
-    # Let's reload the systemd user daemon to test (de)serialization as well
-    systemctl --machine 'testuser@.host' --user daemon-reload
-    # FIXME: explicitly trigger reexecute until systemd/systemd#27204 is resolved
-    systemctl --machine 'testuser@.host' --user daemon-reexec
-done
+# Finally, test the system bus.
+echo "Bus: org.freedesktop.systemd1 (system)"
+test_systemd

 touch /testok