Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 58684 - ntpd segfaults on startup
Summary: ntpd segfaults on startup
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: SpanKY
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-07-28 11:24 UTC by Lance Albertson (RETIRED)
Modified: 2004-11-09 07:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lance Albertson (RETIRED) gentoo-dev 2004-07-28 11:24:47 UTC 
Recently had a problem with ntpd refusing to start. Figured out it was segfaulting on startup for some strange reason. Below is some debug output (thank you solar for providing it). We think there's a problem with the commandline options. We're starting it as: ntpd -u ntp:ntp

This was working before a reboot on previous kernel, however I'm not sure if that's related or not. 

Script started on Wed Jul 28 18:04:29 2004
# gdb `which ntpd` /core
GNU gdb 6.1.1
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so
.1".

Core was generated by `ntpd -u ntp:ntp'.
Program terminated with signal 11, Segmentation fault.
#0  0x081042d1 in buffered_vfprintf ()
(gdb) bt full
#0  0x081042d1 in buffered_vfprintf ()
No symbol table info available.
#1  0x08100663 in vfprintf ()
No symbol table info available.
#2  0x08108237 in fprintf ()
No symbol table info available.
#3  0x0804891d in getCmdOpts (argc=3, argv=0xbfffdce4) at cmd_args.c:413
        inaddrntp = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\027\000\000\0
00\000\000\000"}
        errflg = 1
        c = -1
#4  0x08048bdb in getconfig (argc=3, argv=0xbfffdce4) at ntp_config.c:545
        i = 0
        c = 134607436
        errflg = 0
        istart = 0
        peerversion = 136479436
        minpoll = 39
        maxpoll = -1073751608
        ttl = 0
        stratum = 6880
        ul = 134608844
        peerkey = 3221215672
        peerkeystr = (u_char *) 0x8226898 "Di\"\bl<B9>\036\b\004"
        fudgeflag = 0
        peerflags = 0
        hmode = 0
        peeraddr = {ss_family = 8136, __ss_align = 3,
  __ss_padding = "\035\000\000\000\000\000\000\000\001", '\0' <repeats 11 times>, "\003\000\000\000\00
2\000\000\000<FF><FF><FF><FF>", '\0' <repeats 13 times>, "\b\000\000\034<B6>\036\b<E9>\032\000\000\220
h\"\b\t\000\000\000<ED>\032\000\000<C0><B5>\036\b<C0><B5>\036\b<C0><B5>\036\b<E0>\032\000\000x<D9><FF>
<BF>0\032\021\b<C0><B5>\036\b<E0>\032\000\000\000\000\000\000-\000\000\000\024\004\002\000\230<D9><FF>
<BF>Q<E0>\b\b"}
        maskaddr = {ss_family = 29797, __ss_align = 0,
  __ss_padding = '\0' <repeats 24 times>, "\002\000\000\000\002\000\000\000<C6>?<D3><EB>", '\0' <repea
ts 12 times>, "\002\000\000\000<FF><FF><FF>", '\0' <repeats 13 times>, "\002\000\000\000<C6>?<D3><FF>"
, '\0' <repeats 32 times>, "\031\000\000\000h<CA>U+\000\000\000"}
        includefile = (FILE *) 0x3
        includelevel = 0
        line = "settimeofday=\"UNKNOWN\"\0002.0@1.1161-r Wed Jul 28 16:00:49 UTC 2004 (1)\"", '\0' <re
peats 11 times>, "%s", '\0' <repeats 110 times>, "precision = 9.000 usec", '\0' <repeats 122 times>, "
ntpd 4.2.0@1.1161-r Wed Jul 28 16:00:49 UTC 2004 (1)", '\0' <repeats 124 times>, "<C8>\037\000\000\034
<B6>\036\b\000\000\000\000\b<B6>\036"...
        tokens = {0x12 <Address 0x12 out of bounds>, 0x1c <Address 0x1c out of bounds>, 0x6 <Address 0
x6 out of bounds>, 0x0,
  0x63657270 <Address 0x63657270 out of bounds>, 0x6f697369 <Address 0x6f697369 out of bounds>, 0x203d
206e <Address 0x203d206e out of bounds>,
  0x66332e25 <Address 0x66332e25 out of bounds>, 0x49206f6e <Address 0x49206f6e out of bounds>, 0x2036
7650 <Address 0x20367650 out of bounds>,
  0x65746e69 <Address 0x65746e69 out of bounds>, 0x63616672 <Address 0x63616672 out of bounds>, 0x6620
7365 <Address 0x66207365 out of bounds>,
  0x646e756f <Address 0x646e756f out of bounds>, 0x811dd00 "<E8>\004\035", 0x5 <Address 0x5 out of bou
nds>, 0x815957b "%s", 0xbfffd458 "fday=\"UNKNOWN\"",
  0xbfffd478 "Jul 28 16:00:49 UTC 2004 (1)\"", 0x808f925 "<E9><B2>"}
        ntokens = 0
        tok = 0
        localaddr = (struct interface *) 0xbfffd510
        clock_stat = {type = 20 '\024', flags = 4 '\004', haveflags = 2 '\002', lencode = 54200, p_las
tcode = 0x811dd9d "\211<EC>]<C3>U\211<E5>WVS\201<EC><CC>\001",
  polls = 6, noresponse = 135632251, badformat = 3221214152, baddata = 3221214184, timereset = 1348057
97, clockdesc = 0x6 <Address 0x6 out of bounds>,
  fudgetime1 = -1.9895172420304721, fudgetime2 = 0, fudgeval1 = 0, fudgeval2 = 135612442, currentstatu
s = 0 '\0', lastevent = 0 '\0', leap = 0 '\0',
  kv_list = 0x0}
        filegen = (FILEGEN *) 0x2d
#5  0x0805011f in ntpdmain (argc=3, argv=0xbfffdce4) at ntpd.c:812
        now = {Ul_i = {Xl_ui = 3300026640, Xl_i = -994940656}, Ul_f = {Xl_uf = 733163802, Xl_f = 73316
3802}}
        cp = 0xbffff6f9 "ntpd"
        rbuflist = (struct recvbuf *) 0x3
        rbuf = (struct recvbuf *) 0x80fa700
---Type <return> to continue, or q <return> to quit---
#6  0x0804fc92 in main (argc=3, argv=0xbfffdce4) at ntpd.c:239
No locals.
(gdb) info regs
Undefined info command: "regs".  Try "help info".
(gdb) info registers
eax            0xbfffaca4       -1073763164
ecx            0xbfffd288       -1073753464
edx            0x8150844        135596100
ebx            0xbfffabe4       -1073763356
esp            0xbfffabc0       0xbfffabc0
ebp            0xbfffccb0       0xbfffccb0
esi            0x81975a0        135886240
edi            0xffffffff       -1
eip            0x81042d1        0x81042d1
eflags         0x10246  66118
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x2b     43
gs             0x2b     43
(gdb) x/8i $pc
0x81042d1 <buffered_vfprintf+59>:       mov    %esi,0xffffdfcc(%ebp)
0x81042d7 <buffered_vfprintf+65>:       movl   $0xffffffff,0xffffdf90(%ebp)
0x81042e1 <buffered_vfprintf+75>:       mov    %eax,0xffffdf48(%ebp)
0x81042e7 <buffered_vfprintf+81>:       mov    %eax,0xffffdf44(%ebp)
0x81042ed <buffered_vfprintf+87>:       movl   $0xfbad8004,0xffffdf34(%ebp)
0x81042f7 <buffered_vfprintf+97>:       lea    0xfffffff4(%ebp),%eax
0x81042fa <buffered_vfprintf+100>:      movl   $0x0,0xffffdf7c(%ebp)
0x8104304 <buffered_vfprintf+110>:      movl   $0x816e540,0xffffdfc8(%ebp)
(gdb) quit
# exit

Script done on Wed Jul 28 18:05:25 2004

Here's a conversation from pipacs we had: 

<pipacs> uh, how on earth did it
         segfault on that insn
<pipacs> is ntpd multithreaded?
<pipacs> mov    %esi,0xffffdfcc(%ebp)
<pipacs> ebp points to the stack, that should
         be writable
<pipacs> otherwise, yes, that string looks
         suspiciously long/part garbage
<pipacs> but fprintf shouldn't crash on it
<pipacs> hmm, actually, it's got a \000 quite
         early in it
<pipacs> so it's not even too long
<pipacs> my best guess is that ntpd is
         multithreaded and the actual crash occured somewhere
         else


Any ideas what's causing this?
Comment 1 SpanKY gentoo-dev 2004-11-09 07:40:47 UTC 
please try 4.2.0.20040617