Issues found by memory sanitizer (MSan)

[mrc0mmand]

As #11730 found quite a lot warnings, opening an issue for each of them would unnecessarily clutter the issue tracker. I'll try to organize them here in some, hopefully, easy-to-track way.

Also, I omitted warnings in non-instrumented libraries (libmount, libpcap, libseccomp, etc.) which are most likely false positives and should be dealt with later.

Already filed issues for reference: #11731, #11733, #11735

• test/test-json.c, basic/log.c, shared/json.c

==20296==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7f92216827c2 in json_buildv /build/build/../src/shared/json.c:2674:17
    #1 0x7f922168fda3 in json_build /build/build/../src/shared/json.c:3122:13
    #2 0x4a81cb in test_build /build/build/../src/test/test-json.c:272:9
    #3 0x49790c in main /build/build/../src/test/test-json.c:454:9
    #4 0x7f9220e3009a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #5 0x41f459 in _start (/build/build/test-json+0x41f459)

  Uninitialized value was stored to memory at
    #0 0x7f9221682751 in json_buildv /build/build/../src/shared/json.c:2672:25
    #1 0x7f922168fda3 in json_build /build/build/../src/shared/json.c:3122:13
    #2 0x4a81cb in test_build /build/build/../src/test/test-json.c:272:9
    #3 0x49790c in main /build/build/../src/test/test-json.c:454:9
    #4 0x7f9220e3009a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)

  Uninitialized value was created by an allocation of 'buffer' in the stack frame of function 'log_internalv_realm'
    #0 0x7f9221b09810 in log_internalv_realm /build/build/../src/basic/log.c:667

SUMMARY: MemorySanitizer: use-of-uninitialized-value /build/build/../src/shared/json.c:2674:17 in json_buildv

• test/test-mountpoint-util.c, basic/mountpoint-util.c

Uninitialized bytes in __interceptor_name_to_handle_at at offset 0 inside [0x707000000a80, 13)
==20306==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7f69092fa49d in name_to_handle_at_loop /build/build/../src/basic/mountpoint-util.c:53:21
    #1 0x7f6909301280 in path_get_mnt_id /build/build/../src/basic/mountpoint-util.c:285:13
    #2 0x499427 in test_mnt_id /build/build/../src/test/test-mountpoint-util.c:70:21
    #3 0x49662b in main /build/build/../src/test/test-mountpoint-util.c:263:9
    #4 0x7f69085e909a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #5 0x41f429 in _start (/build/build/test-mountpoint-util+0x41f429)

  Uninitialized value was created by a heap allocation
    #0 0x42b22d in __interceptor_malloc (/build/build/test-mountpoint-util+0x42b22d)
    #1 0x7f6908625968 in _IO_vfscanf (/lib/x86_64-linux-gnu/libc.so.6+0x60968)
    #2 0x7f690863765c in vsscanf (/lib/x86_64-linux-gnu/libc.so.6+0x7265c)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /build/build/../src/basic/mountpoint-util.c:53:21 in name_to_handle_at_loop

• socket-util: re-implement socket_address_parse_netlink() by using extract_first_word() #11740 test/test-socket-util.c, basic/string-util.c

Uninitialized bytes in __interceptor_strcmp at offset 0 inside [0x707000000000, 1)
==20380==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7f34bee02a85 in strcmp_ptr /build/build/../src/basic/string-util.c:26:24
    #1 0x7f34beddcd3f in streq_ptr /build/build/../src/basic/string-util.h:33:16
    #2 0x7f34bedcb9ba in netlink_family_from_string /build/build/../src/basic/socket-util.c:814:1
    #3 0x7f34bedcb034 in socket_address_parse_netlink /build/build/../src/basic/socket-util.c:251:18
    #4 0x4999fb in test_socket_address_parse_netlink /build/build/../src/test/test-socket-util.c:164:9
    #5 0x4965a0 in main /build/build/../src/test/test-socket-util.c:804:9
    #6 0x7f34bdfb109a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #7 0x41f529 in _start (/build/build/test-socket-util+0x41f529)

  Uninitialized value was created by a heap allocation
    #0 0x42b32d in __interceptor_malloc (/build/build/test-socket-util+0x42b32d)
    #1 0x7f34bdfed968 in _IO_vfscanf (/lib/x86_64-linux-gnu/libc.so.6+0x60968)
    #2 0x7f34bdfff65c in vsscanf (/lib/x86_64-linux-gnu/libc.so.6+0x7265c)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /build/build/../src/basic/string-util.c:26:24 in strcmp_ptr

• test/test-acl-util.c, shared/acl-util.c

==20404==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7f8f95d49c06 in acl_find_uid /build/build/../src/shared/acl-util.c:31:21
    #1 0x7f8f95d56f76 in add_acls_for_user /build/build/../src/shared/acl-util.c:387:13
    #2 0x4988ab in test_add_acls_for_user /build/build/../src/test/test-acl-util.c:41:13
    #3 0x495359 in main /build/build/../src/test/test-acl-util.c:65:9
    #4 0x7f8f9533809a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #5 0x41e309 in _start (/build/build/test-acl-util+0x41e309)

  Uninitialized value was created by an allocation of 'tag' in the stack frame of function 'acl_find_uid'
    #0 0x7f8f95d49110 in acl_find_uid /build/build/../src/shared/acl-util.c:13

SUMMARY: MemorySanitizer: use-of-uninitialized-value /build/build/../src/shared/acl-util.c:31:21 in acl_find_uid

• test/test-gcrypt-util.c, basic/hexdecoct.c

==20512==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7f9261e457a0 in hexchar /build/build/../src/basic/hexdecoct.c:41:16
    #1 0x7f9261e4668b in hexmem /build/build/../src/basic/hexdecoct.c:67:26
    #2 0x7f9262162393 in string_hashsum /build/build/../src/basic/gcrypt-util.c:45:15
    #3 0x495561 in test_string_hashsum /build/build/../src/test/test-gcrypt-util.c:11:9
    #4 0x4952f9 in main /build/build/../src/test/test-gcrypt-util.c:29:9
    #5 0x7f92611d909a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #6 0x41e2a9 in _start (/build/build/test-gcrypt-util+0x41e2a9)

  Uninitialized value was stored to memory at
    #0 0x7f9261e4570d in hexchar /build/build/../src/basic/hexdecoct.c:38
    #1 0x7f9261e4668b in hexmem /build/build/../src/basic/hexdecoct.c:67:26
    #2 0x7f9262162393 in string_hashsum /build/build/../src/basic/gcrypt-util.c:45:15
    #3 0x495561 in test_string_hashsum /build/build/../src/test/test-gcrypt-util.c:11:9
    #4 0x4952f9 in main /build/build/../src/test/test-gcrypt-util.c:29:9
    #5 0x7f92611d909a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)

  Uninitialized value was created by a heap allocation
    #0 0x42a0ad in __interceptor_malloc (/build/build/test-gcrypt-util+0x42a0ad)
    #1 0x7f9260e40a93  (/lib/x86_64-linux-gnu/libgcrypt.so.20+0xfa93)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /build/build/../src/basic/hexdecoct.c:41:16 in hexchar

• test/test-journal-flush.c, journal/lookup3.c

==20551==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7fbaa744bb9b in journal_file_find_data_object_with_hash /build/build/../src/journal/journal-file.c:1331:43
    #1 0x7fbaa7455dfe in journal_file_append_data /build/build/../src/journal/journal-file.c:1487:13
    #2 0x7fbaa74b0204 in journal_file_copy_entry /build/build/../src/journal/journal-file.c:3658:21
    #3 0x496780 in main /build/build/../src/journal/test-journal-flush.c:42:21
    #4 0x7fbaa5e2309a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #5 0x41e369 in _start (/build/build/test-journal-flush+0x41e369)

  Uninitialized value was stored to memory at
    #0 0x7fbaa7548e90 in jenkins_hashlittle2 /build/build/../src/journal/lookup3.c:492:7
    #1 0x7fbaa744a44d in hash64 /build/build/../src/journal/lookup3.h:19:9
    #2 0x7fbaa7455ca1 in journal_file_append_data /build/build/../src/journal/journal-file.c:1485:16
    #3 0x7fbaa74b0204 in journal_file_copy_entry /build/build/../src/journal/journal-file.c:3658:21
    #4 0x496780 in main /build/build/../src/journal/test-journal-flush.c:42:21
    #5 0x7fbaa5e2309a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)

  Uninitialized value was stored to memory at
    #0 0x7fbaa7548c7d in jenkins_hashlittle2 /build/build/../src/journal/lookup3.c:492:7
    #1 0x7fbaa744a44d in hash64 /build/build/../src/journal/lookup3.h:19:9
    #2 0x7fbaa7455ca1 in journal_file_append_data /build/build/../src/journal/journal-file.c:1485:16
    #3 0x7fbaa74b0204 in journal_file_copy_entry /build/build/../src/journal/journal-file.c:3658:21
    #4 0x496780 in main /build/build/../src/journal/test-journal-flush.c:42:21
    #5 0x7fbaa5e2309a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)

  Uninitialized value was stored to memory at
    #0 0x7fbaa7548a6a in jenkins_hashlittle2 /build/build/../src/journal/lookup3.c:492:7
    #1 0x7fbaa744a44d in hash64 /build/build/../src/journal/lookup3.h:19:9
    #2 0x7fbaa7455ca1 in journal_file_append_data /build/build/../src/journal/journal-file.c:1485:16
    #3 0x7fbaa74b0204 in journal_file_copy_entry /build/build/../src/journal/journal-file.c:3658:21
    #4 0x496780 in main /build/build/../src/journal/test-journal-flush.c:42:21
    #5 0x7fbaa5e2309a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)

  Uninitialized value was stored to memory at
    #0 0x7fbaa7548857 in jenkins_hashlittle2 /build/build/../src/journal/lookup3.c:492:7
    #1 0x7fbaa744a44d in hash64 /build/build/../src/journal/lookup3.h:19:9
    #2 0x7fbaa7455ca1 in journal_file_append_data /build/build/../src/journal/journal-file.c:1485:16
    #3 0x7fbaa74b0204 in journal_file_copy_entry /build/build/../src/journal/journal-file.c:3658:21
    #4 0x496780 in main /build/build/../src/journal/test-journal-flush.c:42:21
    #5 0x7fbaa5e2309a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)

  Uninitialized value was stored to memory at
    #0 0x7fbaa7548644 in jenkins_hashlittle2 /build/build/../src/journal/lookup3.c:492:7
    #1 0x7fbaa744a44d in hash64 /build/build/../src/journal/lookup3.h:19:9
    #2 0x7fbaa7455ca1 in journal_file_append_data /build/build/../src/journal/journal-file.c:1485:16
    #3 0x7fbaa74b0204 in journal_file_copy_entry /build/build/../src/journal/journal-file.c:3658:21
    #4 0x496780 in main /build/build/../src/journal/test-journal-flush.c:42:21
    #5 0x7fbaa5e2309a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)

  Uninitialized value was stored to memory at
    #0 0x7fbaa754833c in jenkins_hashlittle2 /build/build/../src/journal/lookup3.c:490:9
    #1 0x7fbaa744a44d in hash64 /build/build/../src/journal/lookup3.h:19:9
    #2 0x7fbaa7455ca1 in journal_file_append_data /build/build/../src/journal/journal-file.c:1485:16
    #3 0x7fbaa74b0204 in journal_file_copy_entry /build/build/../src/journal/journal-file.c:3658:21
    #4 0x496780 in main /build/build/../src/journal/test-journal-flush.c:42:21
    #5 0x7fbaa5e2309a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)

  Uninitialized value was created by a heap allocation
    #0 0x42a022 in realloc (/build/build/test-journal-flush+0x42a022)
    #1 0x7fbaa7412e6c in decompress_blob_lz4 /build/build/../src/journal/compress.c:192:23
    #2 0x7fbaa741435c in decompress_blob /build/build/../src/journal/compress.c:218:24
    #3 0x7fbaa74afda0 in journal_file_copy_entry /build/build/../src/journal/journal-file.c:3645:29
    #4 0x496780 in main /build/build/../src/journal/test-journal-flush.c:42:21
    #5 0x7fbaa5e2309a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /build/build/../src/journal/journal-file.c:1331:43 in journal_file_find_data_object_with_hash

• libsystemd/sd-resolve/sd-resolve.c, libsystemd/sd-resolve/test-resolve.c

Uninitialized bytes in read_iovec at offset 17 inside [0x7fff76dd6658, 56)
==20673==WARNING: MemorySanitizer: use-of-uninitialized-value
Uninitialized bytes in read_iovec at offset 28 inside [0x7fc655ef4010, 32)
    #0 0x43b81f in read_msghdr(void*, __sanitizer::__sanitizer_msghdr*, long) (/build/build/test-resolve+0x43b81f)
    #1 0x43b49c in __interceptor_sendmsg (/build/build/test-resolve+0x43b49c)
    #2 0x7fc6597e30b6 in resolve_getaddrinfo_with_destroy_callback /build/build/../src/libsystemd/sd-resolve/sd-resolve.c:969:13
    #3 0x7fc6597e61cc in sd_resolve_getaddrinfo /build/build/../src/libsystemd/sd-resolve/sd-resolve.c:991:16
    #4 0x4961d6 in main /build/build/../src/libsystemd/sd-resolve/test-resolve.c:74:13
    #5 0x7fc65832c09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #6 0x41e389 in _start (/build/build/test-resolve+0x41e389)

  Uninitialized value was stored to memory at
    #0 0x423f0b in __msan_memcpy (/build/build/test-resolve+0x423f0b)
    #1 0x7fc6597e2925 in resolve_getaddrinfo_with_destroy_callback /build/build/../src/libsystemd/sd-resolve/sd-resolve.c:947:15
    #2 0x7fc6597e61cc in sd_resolve_getaddrinfo /build/build/../src/libsystemd/sd-resolve/sd-resolve.c:991:16
    #3 0x4961d6 in main /build/build/../src/libsystemd/sd-resolve/test-resolve.c:74:13
    #4 0x7fc65832c09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)

  Uninitialized value was created by an allocation of '.compoundliteral' in the stack frame of function 'resolve_getaddrinfo_with_destroy_callback'
    #0 0x7fc6597dff80 in resolve_getaddrinfo_with_destroy_callback /build/build/../src/libsystemd/sd-resolve/sd-resolve.c:922

SUMMARY: MemorySanitizer: use-of-uninitialized-value (/build/build/test-resolve+0x43b81f) in read_msghdr(void*, __sanitizer::__sanitizer_msghdr*, long)

[yuwata]

The reports for test-gcrypt, test-acl, test-mountpoint seem false-positive.
For sd-resolve, it seems to be related to b127bc9.

[mrc0mmand]

Thanks for digging into this!

I that case disabling these features as evverx proposed in #11730 (comment) should do the trick. Also, feel free to edit the first comment with any updates you get to make tracking of these issues somewhat easier.

[keszybz]

What's the status here?