From: Chris Down <chris@chrisdown.name>
Date: Sat, 14 Feb 2026 16:05:12 +0000 (+0800)
Subject: oomd: Prevent corruption of cgroup paths in Killed signal
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a267656b07912ecb8e304f62646001b895b93c07;p=thirdparty%2Fsystemd.git

oomd: Prevent corruption of cgroup paths in Killed signal

While looking at oomd behaviour in production I noticed that I always
get garbage cgroup paths for the Killed event. Looking more closely, I
noticed that while the signature is (string cgroup, string reason), we
currently erroneously pass the `OomdCGroupContext*` pointer itself as
the first argument to sd_bus_emit_signal(), rather than the ctx->path
string it contains.

The in-memory layout on affected machines in my case is:

    struct OomdCGroupContext {
        unsigned n_ref;
        /* padding */
        char *path;
        /* ... */
    }

...which explains the control characters, since they're garbage from
parsing n_ref, the path pointer, and later fields. At runtime, sd-bus
treats ctx as `const char *` and reads struct bytes as string data,
resulting in garbage being sent.

Pass ctx->path correctly so listeners receive the valid cgroup path.
---

diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c
index 340d2bb60e7..fb4b58eaf54 100644
--- a/src/oom/oomd-util.c
+++ b/src/oom/oomd-util.c
@@ -287,7 +287,7 @@ int oomd_cgroup_kill(Manager *m, OomdCGroupContext *ctx, bool recurse) {
                                           "org.freedesktop.oom1.Manager",
                                           "Killed",
                                           "ss",
-                                          ctx,
+                                          ctx->path,
                                           "oom");
 
         return !set_isempty(pids_killed);