[Bug 254375] Re: SIGSEGV in ntpq

marekm marekm at amelek.gda.pl
Tue May 4 12:17:44 BST 2010 

Bug still present on 10.04 LTS 32-bit, installed on an old AMD64 box,
with 32-bit PAE-enabled kernel for NX protection.

"ntpq rv" segfault happens soon after ntp is started:

$ ntpq -n -c rv 127.0.0.1
assID=0 status=c644 sync_alarm, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.4p8 at 1.1612-o Fri Apr  9 00:28:40 UTC 2010 (1)",
processor="i686", system="Linux/2.6.32-21-generic-pae", leap=11,
stratum=16, precision=-19, rootdelay=0.000, rootdispersion=11.190,
Segmentation fault

but not anymore with time in sync with the NTP server:

$ ntpq -n -c rv 127.0.0.1
assID=0 status=0664 leap_none, sync_ntp, 6 events, event_peer/strat_chg,
version="ntpd 4.2.4p8 at 1.1612-o Fri Apr  9 00:28:40 UTC 2010 (1)",
processor="i686", system="Linux/2.6.32-21-generic-pae", leap=00,
stratum=3, precision=-19, rootdelay=49.444, rootdispersion=97.440,
peer=43637, refid=91.189.94.4,
reftime=cf8a76a2.db946652  Tue, May  4 2010 12:34:10.857, poll=6,
clock=cf8a7874.58f15d7e  Tue, May  4 2010 12:41:56.347, state=4,
offset=-29.822, frequency=-100.651, jitter=37.655, noise=55.979,
stability=30.935, tai=0

Also, earlier it said "stack smashing detected" (just once, can't
reproduce that again):

$ ntpq -n -c rv 127.0.0.1
assID=0 status=c644 sync_alarm, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.4p8 at 1.1612-o Fri Apr  9 00:28:40 UTC 2010 (1)",
processor="i686", system="Linux/2.6.32-21-generic-pae", leap=11,
stratum=16, precision=-19, rootdelay=0.000, rootdispersion=10.965,
*** stack smashing detected ***: <unknown> terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x50)[0xb74f8350]
/lib/tls/i686/cmov/libc.so.6(+0xe22fa)[0xb74f82fa]
[0xb7769924]
[0xb7765ef6]
[0x0]
======= Memory map: ========
b73b1000-b73ce000 r-xp 00000000 08:05 133715     /lib/libgcc_s.so.1
b73ce000-b73cf000 r--p 0001c000 08:05 133715     /lib/libgcc_s.so.1
b73cf000-b73d0000 rw-p 0001d000 08:05 133715     /lib/libgcc_s.so.1
b73de000-b73e8000 r-xp 00000000 08:05 138070     /lib/tls/i686/cmov/libnss_files-2.11.1.so
b73e8000-b73e9000 r--p 00009000 08:05 138070     /lib/tls/i686/cmov/libnss_files-2.11.1.so
b73e9000-b73ea000 rw-p 0000a000 08:05 138070     /lib/tls/i686/cmov/libnss_files-2.11.1.so
b73ea000-b73eb000 rw-p 00000000 00:00 0
b73eb000-b73ef000 r-xp 00000000 08:05 133671     /lib/libattr.so.1.1.0
b73ef000-b73f0000 r--p 00003000 08:05 133671     /lib/libattr.so.1.1.0
b73f0000-b73f1000 rw-p 00004000 08:05 133671     /lib/libattr.so.1.1.0
b73f1000-b7404000 r-xp 00000000 08:05 133830     /lib/libz.so.1.2.3.3
b7404000-b7405000 r--p 00012000 08:05 133830     /lib/libz.so.1.2.3.3
b7405000-b7406000 rw-p 00013000 08:05 133830     /lib/libz.so.1.2.3.3
b7406000-b7407000 rw-p 00000000 00:00 0
b7407000-b7409000 r-xp 00000000 08:05 138059     /lib/tls/i686/cmov/libdl-2.11.1.so
b7409000-b740a000 r--p 00001000 08:05 138059     /lib/tls/i686/cmov/libdl-2.11.1.so
b740a000-b740b000 rw-p 00002000 08:05 138059     /lib/tls/i686/cmov/libdl-2.11.1.so
b740b000-b7414000 r-xp 00000000 08:05 133677     /lib/libbsd.so.0.2.0
b7414000-b7415000 r--p 00008000 08:05 133677     /lib/libbsd.so.0.2.0
b7415000-b7416000 rw-p 00009000 08:05 133677     /lib/libbsd.so.0.2.0
b7416000-b7569000 r-xp 00000000 08:05 138053     /lib/tls/i686/cmov/libc-2.11.1.so
b7569000-b756a000 ---p 00153000 08:05 138053     /lib/tls/i686/cmov/libc-2.11.1.so
b756a000-b756c000 r--p 00153000 08:05 138053     /lib/tls/i686/cmov/libc-2.11.1.so
b756c000-b756d000 rw-p 00155000 08:05 138053     /lib/tls/i686/cmov/libc-2.11.1.so
b756d000-b7570000 rw-p 00000000 00:00 0
b7570000-b7573000 r-xp 00000000 08:05 133684     /lib/libcap.so.2.17
b7573000-b7574000 r--p 00002000 08:05 133684     /lib/libcap.so.2.17
b7574000-b7575000 rw-p 00003000 08:05 133684     /lib/libcap.so.2.17
b7575000-b76ad000 r-xp 00000000 08:05 134388     /lib/i686/cmov/libcrypto.so.0.9.8
b76ad000-b76b5000 r--p 00137000 08:05 134388     /lib/i686/cmov/libcrypto.so.0.9.8
b76b5000-b76c3000 rw-p 0013f000 08:05 134388     /lib/i686/cmov/libcrypto.so.0.9.8
b76c3000-b76c8000 rw-p 00000000 00:00 0
b76c8000-b76fc000 r-xp 00000000 08:05 133734     /lib/libncurses.so.5.7
b76fc000-b76fd000 ---p 00034000 08:05 133734     /lib/libncurses.so.5.7
b76fd000-b76ff000 r--p 00034000 08:05 133734     /lib/libncurses.so.5.7
b76ff000-b7700000 rw-p 00036000 08:05 133734     /lib/libncurses.so.5.7
b7700000-b771b000 r-xp 00000000 08:05 141649     /usr/lib/libedit.so.2.11
b771b000-b771c000 ---p 0001b000 08:05 141649     /usr/lib/libedit.so.2.11
b771c000-b771d000 r--p 0001b000 08:05 141649     /usr/lib/libedit.so.2.11
b771d000-b771e000 rw-p 0001c000 08:05 141649     /usr/lib/libedit.so.2.11
b771e000-b7720000 rw-p 00000000 00:00 0
b772d000-b7730000 rw-p 00000000 00:00 0
b7730000-b7731000 r-xp 00000000 00:00 0          [vdso]
b7731000-b774c000 r-xp 00000000 08:05 133657     /lib/ld-2.11.1.so
b774c000-b774d000 r--p 0001a000 08:05 133657     /lib/ld-2.11.1.so
b774d000-b774e000 rw-p 0001b000 08:05 133657     /lib/ld-2.11.1.so
b774e000-b7770000 r-xp 00000000 08:05 195238     /usr/bin/ntpq
b7770000-b7771000 r--p 00022000 08:05 195238     /usr/bin/ntpq
b7771000-b7773000 rw-p 00023000 08:05 195238     /usr/bin/ntpq
b7773000-b777c000 rw-p 00000000 00:00 0
b8195000-b81b6000 rw-p 00000000 00:00 0          [heap]
bfc11000-bfc26000 rw-p 00000000 00:00 0          [stack]
peer=43637Aborted

and I can't reproduce it again after /etc/init.d/ntp restart:

$ ntpq -n -c rv 127.0.0.1
assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
version="ntpd 4.2.4p8 at 1.1612-o Fri Apr  9 00:28:40 UTC 2010 (1)",
processor="i686", system="Linux/2.6.32-21-generic-pae", leap=11,
stratum=16, precision=-19, rootdelay=0.000, rootdispersion=0.105,
peer=0, refid=INIT,
reftime=00000000.00000000  Thu, Feb  7 2036  7:28:16.000, poll=6,
clock=cf8a7d81.fd70b86f  Tue, May  4 2010 13:03:29.990, state=1,
offset=0.000, frequency=-99.251, jitter=0.002, noise=0.002,
stability=0.000, tai=0

I see something common in the crashes: status=c644, and crash just
before printing "refid".  Could this be related to the upstream bug
reported below (where garbage is printed as "refid" on a Windows
platform, perhaps the same kind of bug results in a segfault on Linux)?

http://bugs.ntp.org/show_bug.cgi?id=1020


** Bug watch added: bugs.ntp.org/ #1020
   http://bugs.ntp.org/show_bug.cgi?id=1020

-- 
SIGSEGV in ntpq 
https://bugs.launchpad.net/bugs/254375
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in ubuntu.

More information about the Ubuntu-server-bugs mailing list