Thanks for the report. The additional debugging paste is short enough to include directly in the comments:
==24767== Invalid read of size 8
==24767== at 0x411048: input_handler (ntp_io.c:3621)
==24767== by 0x414B84: ntpdmain (ntpd.c:1078)
==24767== by 0x406448: main (ntpd.c:356)
==24767== Address 0x5e897f0 is 0 bytes inside a block of size 32 free'd
==24767== at 0x4C26649: free (in /lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24767== by 0x411072: input_handler (ntp_io.c:3619)
==24767== by 0x414B84: ntpdmain (ntpd.c:1078)
==24767== by 0x406448: main (ntpd.c:356)
The code in question is:
#ifdef HAS_ROUTING_SOCKET
/*
* scan list of asyncio readers - currently only used for routing sockets
*/
asyncio_reader = asyncio_reader_list;
line 3619 is calling process_routing_msgs() which, after root is dropped, is noticing a failed read or other error and removing the entry from asyncio_reader_list and free()ing it, triggering the valgrind catch.
I bet can be worked around by adding -U 0 to the command line to disable dynamic interface updates, I suspect (I could be wrong, too). To patch it, we need to add a "next_asyncio_reader" local variable of the same type as asyncio_reader, and assign to it asyncio_reader->link before if (FD_ISSET(..., and change the asyncio_reader assignment to use the saved next_asyncio_reader. I will get that ready for ntp-dev, and am requesting 4.2.6 blocking in case we do another release of that stable version.
Thanks for the report. The additional debugging paste is short enough to include directly in the comments:
==24767== Invalid read of size 8 vgpreload_ memcheck- amd64-linux. so)
==24767== at 0x411048: input_handler (ntp_io.c:3621)
==24767== by 0x414B84: ntpdmain (ntpd.c:1078)
==24767== by 0x406448: main (ntpd.c:356)
==24767== Address 0x5e897f0 is 0 bytes inside a block of size 32 free'd
==24767== at 0x4C26649: free (in /lib/valgrind/
==24767== by 0x411072: input_handler (ntp_io.c:3619)
==24767== by 0x414B84: ntpdmain (ntpd.c:1078)
==24767== by 0x406448: main (ntpd.c:356)
The code in question is:
#ifdef HAS_ROUTING_SOCKET reader_ list;
/*
* scan list of asyncio readers - currently only used for routing sockets
*/
asyncio_reader = asyncio_
while (asyncio_reader != NULL) { asyncio_ reader- >fd, &fds)) { reader- >receiver) (asyncio_ reader) ; /*3619 */ reader- >link; /* 3621 */
if (FD_ISSET(
++select_count;
(asyncio_
}
asyncio_reader = asyncio_
}
#endif /* HAS_ROUTING_SOCKET */
line 3619 is calling process_ routing_ msgs() which, after root is dropped, is noticing a failed read or other error and removing the entry from asyncio_reader_list and free()ing it, triggering the valgrind catch.
I bet can be worked around by adding -U 0 to the command line to disable dynamic interface updates, I suspect (I could be wrong, too). To patch it, we need to add a "next_asyncio_ reader" local variable of the same type as asyncio_reader, and assign to it asyncio_ reader- >link before if (FD_ISSET(..., and change the asyncio_reader assignment to use the saved next_asyncio_ reader. I will get that ready for ntp-dev, and am requesting 4.2.6 blocking in case we do another release of that stable version.