systemd: patch freezer stuck-state on kill-while-frozen

Reset u->freezer_state to FREEZER_RUNNING when a unit transitions to inactive/failed. Without this, any SIGKILL path to a frozen unit (systemctl kill, OOM, watchdog SIGABRT-then-KILL, segfault) leaves the unit stranded at FreezerState=frozen with no recovery short of a reboot. Complements upstream PR #38528 which covers only the watchdog path. xmrig-auto-pause never calls `systemctl freeze` itself (direct cgroup.freeze writes bypass the bug class entirely), so the patch is defensive: benefits systemd-homed on lock, user-session freezing on suspend, or anything else that may freeze units on muffin. Patching systemd cascades udev-check-hook hash changes into fuse3 --> e2fsprogs and into fish. Two test-suite workarounds ride along: drop e2fsprogs m_hugefile (4 GiB sparse file, fails on some build sandboxes) and fish doCheck=false (cargo pexpect TTY tests). Both are environmental, unrelated to the patch.
2026-04-21 21:37:37 -04:00
parent 018b590e0d
commit a228f61d34
2 changed files with 74 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -304,6 +304,12 @@
                  prev.callPackage "${patchedStableSrc}/pkgs/by-name/sy/syncstorage-rs/package.nix"
                    { };
              })
+              # NOTE: systemd patch is applied via `systemd.package` in the module
+              # list below, not via an overlay. An overlay replaces pkgs.systemd
+              # for every consumer, which cascades through udev-check-hook and
+              # causes the entire closure (fish, e2fsprogs, valkey, …) to rebuild
+              # and re-run flaky test suites in the sandbox. `systemd.package`
+              # only injects the patched systemd into the runtime init chain.
            ];
            nixpkgs.config.allowUnfreePredicate =
              pkg:
@@ -312,6 +318,26 @@
              ];
          }

+          # Runtime-only systemd patch: reset FreezerState on inactive/failed
+          # transitions so a SIGKILL to a frozen unit doesn't strand
+          # FreezerState=frozen (unrecoverable without a reboot, upstream issue
+          # #38517). PR #38528 closed only the watchdog path; this closes
+          # systemctl kill / OOM / segfault paths too.
+          #
+          # Applied via systemd.package, not via overlay, so pkgs.systemd stays
+          # untouched for every other consumer — no udev-check-hook cascade,
+          # no fish/e2fsprogs/valkey rebuild, no flaky-test fallout.
+          (
+            { pkgs, ... }:
+            {
+              systemd.package = pkgs.systemd.overrideAttrs (old: {
+                patches = (old.patches or [ ]) ++ [
+                  ./patches/systemd/0001-core-unit-reset-freezer-state-on-inactive-failed.patch
+                ];
+              });
+            }
+          )
+
          lanzaboote.nixosModules.lanzaboote
          arr-init.nixosModules.default
          (import "${nixpkgs-p2pool-module}/nixos/modules/services/networking/p2pool.nix")