Recently had a problem with ntpd refusing to start. Figured out it was segfaulting on startup for some strange reason. Below is some debug output (thank you solar for providing it). We think there's a problem with the commandline options. We're starting it as: ntpd -u ntp:ntp This was working before a reboot on previous kernel, however I'm not sure if that's related or not. Script started on Wed Jul 28 18:04:29 2004 # gdb `which ntpd` /core GNU gdb 6.1.1 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so .1". Core was generated by `ntpd -u ntp:ntp'. Program terminated with signal 11, Segmentation fault. #0 0x081042d1 in buffered_vfprintf () (gdb) bt full #0 0x081042d1 in buffered_vfprintf () No symbol table info available. #1 0x08100663 in vfprintf () No symbol table info available. #2 0x08108237 in fprintf () No symbol table info available. #3 0x0804891d in getCmdOpts (argc=3, argv=0xbfffdce4) at cmd_args.c:413 inaddrntp = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\027\000\000\0 00\000\000\000"} errflg = 1 c = -1 #4 0x08048bdb in getconfig (argc=3, argv=0xbfffdce4) at ntp_config.c:545 i = 0 c = 134607436 errflg = 0 istart = 0 peerversion = 136479436 minpoll = 39 maxpoll = -1073751608 ttl = 0 stratum = 6880 ul = 134608844 peerkey = 3221215672 peerkeystr = (u_char *) 0x8226898 "Di\"\bl<B9>\036\b\004" fudgeflag = 0 peerflags = 0 hmode = 0 peeraddr = {ss_family = 8136, __ss_align = 3, __ss_padding = "\035\000\000\000\000\000\000\000\001", '\0' <repeats 11 times>, "\003\000\000\000\00 2\000\000\000<FF><FF><FF><FF>", '\0' <repeats 13 times>, "\b\000\000\034<B6>\036\b<E9>\032\000\000\220 h\"\b\t\000\000\000<ED>\032\000\000<C0><B5>\036\b<C0><B5>\036\b<C0><B5>\036\b<E0>\032\000\000x<D9><FF> <BF>0\032\021\b<C0><B5>\036\b<E0>\032\000\000\000\000\000\000-\000\000\000\024\004\002\000\230<D9><FF> <BF>Q<E0>\b\b"} maskaddr = {ss_family = 29797, __ss_align = 0, __ss_padding = '\0' <repeats 24 times>, "\002\000\000\000\002\000\000\000<C6>?<D3><EB>", '\0' <repea ts 12 times>, "\002\000\000\000<FF><FF><FF>", '\0' <repeats 13 times>, "\002\000\000\000<C6>?<D3><FF>" , '\0' <repeats 32 times>, "\031\000\000\000h<CA>U+\000\000\000"} includefile = (FILE *) 0x3 includelevel = 0 line = "settimeofday=\"UNKNOWN\"\0002.0@1.1161-r Wed Jul 28 16:00:49 UTC 2004 (1)\"", '\0' <re peats 11 times>, "%s", '\0' <repeats 110 times>, "precision = 9.000 usec", '\0' <repeats 122 times>, " ntpd 4.2.0@1.1161-r Wed Jul 28 16:00:49 UTC 2004 (1)", '\0' <repeats 124 times>, "<C8>\037\000\000\034 <B6>\036\b\000\000\000\000\b<B6>\036"... tokens = {0x12 <Address 0x12 out of bounds>, 0x1c <Address 0x1c out of bounds>, 0x6 <Address 0 x6 out of bounds>, 0x0, 0x63657270 <Address 0x63657270 out of bounds>, 0x6f697369 <Address 0x6f697369 out of bounds>, 0x203d 206e <Address 0x203d206e out of bounds>, 0x66332e25 <Address 0x66332e25 out of bounds>, 0x49206f6e <Address 0x49206f6e out of bounds>, 0x2036 7650 <Address 0x20367650 out of bounds>, 0x65746e69 <Address 0x65746e69 out of bounds>, 0x63616672 <Address 0x63616672 out of bounds>, 0x6620 7365 <Address 0x66207365 out of bounds>, 0x646e756f <Address 0x646e756f out of bounds>, 0x811dd00 "<E8>\004\035", 0x5 <Address 0x5 out of bou nds>, 0x815957b "%s", 0xbfffd458 "fday=\"UNKNOWN\"", 0xbfffd478 "Jul 28 16:00:49 UTC 2004 (1)\"", 0x808f925 "<E9><B2>"} ntokens = 0 tok = 0 localaddr = (struct interface *) 0xbfffd510 clock_stat = {type = 20 '\024', flags = 4 '\004', haveflags = 2 '\002', lencode = 54200, p_las tcode = 0x811dd9d "\211<EC>]<C3>U\211<E5>WVS\201<EC><CC>\001", polls = 6, noresponse = 135632251, badformat = 3221214152, baddata = 3221214184, timereset = 1348057 97, clockdesc = 0x6 <Address 0x6 out of bounds>, fudgetime1 = -1.9895172420304721, fudgetime2 = 0, fudgeval1 = 0, fudgeval2 = 135612442, currentstatu s = 0 '\0', lastevent = 0 '\0', leap = 0 '\0', kv_list = 0x0} filegen = (FILEGEN *) 0x2d #5 0x0805011f in ntpdmain (argc=3, argv=0xbfffdce4) at ntpd.c:812 now = {Ul_i = {Xl_ui = 3300026640, Xl_i = -994940656}, Ul_f = {Xl_uf = 733163802, Xl_f = 73316 3802}} cp = 0xbffff6f9 "ntpd" rbuflist = (struct recvbuf *) 0x3 rbuf = (struct recvbuf *) 0x80fa700 ---Type <return> to continue, or q <return> to quit--- #6 0x0804fc92 in main (argc=3, argv=0xbfffdce4) at ntpd.c:239 No locals. (gdb) info regs Undefined info command: "regs". Try "help info". (gdb) info registers eax 0xbfffaca4 -1073763164 ecx 0xbfffd288 -1073753464 edx 0x8150844 135596100 ebx 0xbfffabe4 -1073763356 esp 0xbfffabc0 0xbfffabc0 ebp 0xbfffccb0 0xbfffccb0 esi 0x81975a0 135886240 edi 0xffffffff -1 eip 0x81042d1 0x81042d1 eflags 0x10246 66118 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x2b 43 gs 0x2b 43 (gdb) x/8i $pc 0x81042d1 <buffered_vfprintf+59>: mov %esi,0xffffdfcc(%ebp) 0x81042d7 <buffered_vfprintf+65>: movl $0xffffffff,0xffffdf90(%ebp) 0x81042e1 <buffered_vfprintf+75>: mov %eax,0xffffdf48(%ebp) 0x81042e7 <buffered_vfprintf+81>: mov %eax,0xffffdf44(%ebp) 0x81042ed <buffered_vfprintf+87>: movl $0xfbad8004,0xffffdf34(%ebp) 0x81042f7 <buffered_vfprintf+97>: lea 0xfffffff4(%ebp),%eax 0x81042fa <buffered_vfprintf+100>: movl $0x0,0xffffdf7c(%ebp) 0x8104304 <buffered_vfprintf+110>: movl $0x816e540,0xffffdfc8(%ebp) (gdb) quit # exit Script done on Wed Jul 28 18:05:25 2004 Here's a conversation from pipacs we had: <pipacs> uh, how on earth did it segfault on that insn <pipacs> is ntpd multithreaded? <pipacs> mov %esi,0xffffdfcc(%ebp) <pipacs> ebp points to the stack, that should be writable <pipacs> otherwise, yes, that string looks suspiciously long/part garbage <pipacs> but fprintf shouldn't crash on it <pipacs> hmm, actually, it's got a \000 quite early in it <pipacs> so it's not even too long <pipacs> my best guess is that ntpd is multithreaded and the actual crash occured somewhere else Any ideas what's causing this?
please try 4.2.0.20040617