[Bug 1934147] Re: systemd leaks abandoned session scopes

Launchpad Bug Tracker 1934147 at bugs.launchpad.net
Wed Sep 15 03:24:04 UTC 2021 

This bug was fixed in the package systemd - 245.4-4ubuntu3.13

---------------
systemd (245.4-4ubuntu3.13) focal; urgency=medium

  * d/p/dell-clamshell-accel-location-base-with-sku.patch:
    Revert incorrect patch (LP: #1942899)

systemd (245.4-4ubuntu3.12) focal; urgency=medium

  [ Yao Wei ]
  * d/p/dell-clamshell-accel-location-base.patch:
    Add ACCEL_LOCATION=base property for Dell clamshell models (LP: #1938259)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5c1be33900edee94da0dc9a4ade8edcd079b4c85

  [ Lukas Märdian ]
  * Add d/p/lp1934221-resolved-disable-event-sources-before-unreffing-them.patch
    - Fix segfault in systemd-resolve (LP: #1934221)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6c401900c70962052f56c7108fdc02fe7f84c9bf

  [ Simon Chopin ]
  * d/p/lp1914740-network-enable-DHCP-broadcast-flag-if-required-by-in.patch:
    - Apply upstream patch to fix Hipersocket DHCP mode (LP: #1914740)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=326ae43b7966d9e7c5f7124027185a79a07fa276

  [ Dan Streetman ]
  * d/p/lp1934981-correct-suspend-then-sleep-string.patch:
    Fix sleep verb used by logind during suspend-then-hibernate
    (LP: #1934981)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=997f3a7da3d5db22e3c63626c3f7dc3dff0830b0
  * d/p/lp1937238-util-return-the-correct-correct-wd-from-inotify-help.patch:
    Fix watch for time sync (LP: #1937238)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=dbabff8a03eb232c19174eff1335cd7cb7d7860c
  * d/extra/dhclient-enter-resolved-hook:
    Reset start limit counter for systemd-resolved in dhclient hook
    (LP: #1939255)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=9d3a91a0b70a4b2bcc166f366cd0a880fd494812
  * d/p/lp1935051-shared-unit-file-make-sure-the-old-hashmaps-and-sets.patch:
    Fix memory leak in path cache (LP: #1935051)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=12d6bdeb35f309158fe8d4242c6dd9be4d067604
  * d/p/lp1934147/0001-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch,
    d/p/lp1934147/0002-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch:
    Catchup cgroup inotify watch after reexec/reload (LP: #1934147)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=63eabc88b8e0005eb40b15b543538ce35377bdbd

 -- Dan Streetman <ddstreet at canonical.com>  Tue, 07 Sep 2021 14:37:22
-0400

** Changed in: systemd (Ubuntu Hirsute)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1934147

Title:
  systemd leaks abandoned session scopes

Status in snapd:
  New
Status in systemd:
  New
Status in systemd package in Ubuntu:
  Fix Committed
Status in systemd source package in Bionic:
  Fix Released
Status in systemd source package in Focal:
  Fix Released
Status in systemd source package in Groovy:
  Won't Fix
Status in systemd source package in Hirsute:
  Fix Released
Status in systemd source package in Impish:
  Fix Committed

Bug description:
  [impact]

  systemd may leak sessions, leaving empty cgroups around as well as
  abandoned session scopes.

  [test case]

  on a system where the user has a ssh key that allows noninteractive
  login to localhost, and also has noninteractive sudo, run:

  $ for i in {1..100}; do sudo -b -i -u ubuntu ssh localhost -- sleep 1;
  done; for i in {1..20}; do echo 'Reloading...'; sudo systemctl daemon-
  reload; done

  check the sessions to see there have been leaked sessions:

  $ loginctl list-sessions

  SESSION  UID USER   SEAT TTY
        1 1000 ubuntu      ttyS0
      350 1000 ubuntu      
      351 1000 ubuntu      
      360 1000 ubuntu      
  ...

  to verify the sessions were leaked, clear them out with:

  $ echo '' | sudo tee
  /sys/fs/cgroup/unified/user.slice/user-1000.slice/session-*.scope/cgroup.events

  that should result in all the leaked sessions being cleaned up.

  [regression potential]

  issues during systemd pid1 reexec/reload, or issues while cleaning up
  sessions, including leaking sessions/cgroups

  [scope]

  this is needed for all releases

  upstream bug linked above, and upstream PR:
  https://github.com/systemd/systemd/pull/20199

  [original description]

  On a system that is monitored via telegraf I found many abandoned
  systemd session which I believe are created by a potential race where
  systemd is reloading unit files and at the same time a user is
  connecting to the system via ssh or is executing the su command.

  The simple reproducer

  $ for i in {1..100}; do sleep 0.2; ssh localhost sudo systemctl
  daemon-reload & ssh localhost sleep 1 & done

  Wait > 1 second

  $ jobs -p | xargs --verbose --no-run-if-empty kill -KILL

  To clean out STOPPED jobs and

  $ systemctl status --all 2> /dev/null | grep --before-context 3
  abandoned

  will produce something similar to

             │ ├─  175 su - ubuntu
             │ ├─  178 -su
             │ ├─62375 systemctl status --all
             │ └─62376 grep --color=auto --before-context 3 abandoned
  --
  ● session-273.scope - Session 273 of user ubuntu
     Loaded: loaded (/run/systemd/transient/session-273.scope; transient)
  Transient: yes
     Active: active (abandoned) since Wed 2021-06-30 13:32:03 UTC; 4min 7s ago
  --
  ● session-274.scope - Session 274 of user ubuntu
     Loaded: loaded (/run/systemd/transient/session-274.scope; transient)
  Transient: yes
     Active: active (abandoned) since Wed 2021-06-30 13:32:03 UTC; 4min 7s ago
  --
  ● session-30.scope - Session 30 of user ubuntu
     Loaded: loaded (/run/systemd/transient/session-30.scope; transient)
  Transient: yes
     Active: active (abandoned) since Wed 2021-06-30 10:05:56 UTC; 3h 30min ago
  --
  ● session-302.scope - Session 302 of user ubuntu
     Loaded: loaded (/run/systemd/transient/session-302.scope; transient)
  Transient: yes
     Active: active (abandoned) since Wed 2021-06-30 13:32:04 UTC; 4min 6s ago
  --
             │ ├─  175 su - ubuntu
             │ ├─  178 -su
             │ ├─62375 systemctl status --all
             │ └─62376 grep --color=auto --before-context 3 abandoned

  The system in question is running Bionic, systemd-237-3ubuntu10.48

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1934147/+subscriptions

More information about the foundations-bugs mailing list