Hi, running systemd-timesyncd from current git under valgrind yields: ==16536== Thread 2 sd-resolve: ==16536== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) ==16536== at 0x5765FAD: ??? (syscall-template.S:81) ==16536== by 0x112A36: thread_worker.3172 (sd-resolve.c:308) ==16536== by 0x575F0A3: start_thread (pthread_create.c:309) ==16536== by 0x5A5A04C: clone (clone.S:111) ==16536== Address 0x735397c is on thread 2's stack ==16536==
and ==16536== Thread 1: ==16536== Invalid read of size 1 ==16536== at 0x114BE5: complete_query.3430 (sd-resolve.c:783) ==16536== by 0x116682: sd_resolve_process (sd-resolve.c:957) ==16536== by 0x10FD10: io_callback.3175 (sd-resolve.c:1379) ==16536== by 0x1191FF: source_dispatch.6446 (sd-event.c:2004) ==16536== by 0x116D89: sd_event_run.constprop.8 (sd-event.c:2291) ==16536== by 0x10C89E: main (sd-event.c:2310) ==16536== Address 0x5f28470 is 16 bytes inside a block of size 104 free'd ==16536== at 0x4C29730: free (vg_replace_malloc.c:468) ==16536== by 0x114053: sd_resolve_query_unref (sd-resolve.c:1324) ==16536== by 0x114BDD: complete_query.3430 (sd-resolve.c:781) ==16536== by 0x116682: sd_resolve_process (sd-resolve.c:957) ==16536== by 0x10FD10: io_callback.3175 (sd-resolve.c:1379) ==16536== by 0x1191FF: source_dispatch.6446 (sd-event.c:2004) ==16536== by 0x116D89: sd_event_run.constprop.8 (sd-event.c:2291) ==16536== by 0x10C89E: main (sd-event.c:2310) ==16536== The first one, I'm not sure what's wrong. Maybe valgrind is complaining about some padding that is not initalized. But the second one is an error in reference counting: when alloc_query creates a query, it sets n_ref=1, and this reference is "given" to the caller. If the caller then decides to unref the query at some point, complete_query operates without a valid reference. In this case, manager_resolve_handler does this unref. So, is the caller supposed to keep a reference to the query for sd-resolve all the time? In this case it would seem pointless to do the reference counting. Otherwise, sd-resolve needs to keep a reference to all queries is keeps in the query array. But then I don't see the point of floating queries, since it would be enough to simply look at the reference count, and destroy the query after the callback if caller failed to keep a reference. Zbyszek _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
