Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 636018 - [-fstack-check] net-misc/ntp-4.2.8_p10-r1 segfaults when >=sys-libs/glibc-2.25-r8 is built with -fstack-check
Summary: [-fstack-check] net-misc/ntp-4.2.8_p10-r1 segfaults when >=sys-libs/glibc-2.2...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
Depends on:
Blocks: stack-check
  Show dependency tree
Reported: 2017-10-31 11:40 UTC by Ortwin Glueck
Modified: 2019-10-23 19:11 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Ortwin Glueck 2017-10-31 11:40:01 UTC
# /usr/sbin/ntpd -p /var/run/ -g
Segmentation fault

works fine with previous sys-libs/glibc-2.23-r4

# emerge --info
Portage 2.3.8 (python 2.7.12-final-0, default/linux/amd64/13.0/desktop/plasma, gcc-5.4.0, glibc-2.25-r8, 4.13.10 x86_64)
System uname: Linux-4.13.10-x86_64-Intel-R-_Core-TM-_i7-4800MQ_CPU_@_2.70GHz-with-gentoo-2.4.1
KiB Mem:    16294216 total,    793784 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Tue, 31 Oct 2017 00:45:01 +0000
Head commit of repository gentoo: 334c26df69518ce5c6a2c9f9010218c51aa16705
sh bash 4.3_p48-r1
ld GNU ld (Gentoo 2.28.1 p1.0) 2.28.1
app-shells/bash:          4.3_p48-r1::gentoo
dev-java/java-config:     2.2.0-r3::gentoo
dev-lang/perl:            5.24.3::gentoo
dev-lang/python:          2.7.12::gentoo, 3.4.5::gentoo
dev-util/cmake:           3.8.2::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.4.1-r2::gentoo
sys-apps/openrc:          0.32.1::gentoo
sys-apps/sandbox:         2.10-r4::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69::gentoo
sys-devel/automake:       1.11.6-r1::gentoo, 1.15-r2::gentoo
sys-devel/binutils:       2.28.1::gentoo
sys-devel/gcc:            5.4.0-r3::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers)
sys-libs/glibc:           2.25-r8::gentoo

    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://
    priority: -1000

    location: /usr/local/portage
    masters: gentoo
    priority: 0

CFLAGS="-march=native -O2 -pipe -fstack-check"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.3/conf /usr/share/themes/oxygen-gtk/gtk-2.0"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe -fstack-check"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
USE="X a52 aac acpi activities alsa amd64 autoipd avahi bacula-clientonly bacula-nodir berkdb bluetooth branding bzip2 cacert cairo cdda cdr cli consolekit cracklib crypt cups cvs cxx dbus ddate declarative dri dri3 dts dvd dvdr emboss encode exif extra-algorithms fam ffmpeg firefox flac fortran g3dvl g711 g722 g7221 g726 gbm gif git glamor gpm gsm gtk iconv icu ilbc ipv6 java jce jpeg kde keymap kipi kwallet l16 lcms ldap libkms libnotify lm_sensors logrotate mad mdnsresponder-compat mng modules mp3 mp4 mpeg mplayer multilib ncurses netlink network-cron networkmanager nls nptl ntp ogg opengl openmp openssl opus pam pango pcre pdf phonon pipelight plasma png policykit ppds qml qt3support qt4 qt5 rdesktop readline resolvconf samba sdl seccomp semantic-desktop session ssl ssse3 startup-notification svg tiff touchpad tracepath truetype udev udisks unicode upower urandom usb v4l vaapi vdpau video vim-syntax visualvm vnc vorbis vpx vte widgets wxwidgets x264 xa xattr xcb xcomposite xinerama xml xmp xorg xscreensaver xv xvid xvmc zenmap zeroconf zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias proxy proxy_ajp proxy_http" APACHE2_MPMS="prefork" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc" INPUT_DEVICES="evdev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_4" PYTHON_TARGETS="python2_7 python3_4" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby22" USERLAND="GNU" VIDEO_CARDS="nouveau intel i915" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Comment 1 Andreas K. Hüttel gentoo-dev 2017-10-31 14:37:38 UTC
1) could you please try to get a backtrace? 
Easiest way would be to start it from gdb (if you havent done that anyway you may have to rebuild ntp with debug information).

2) does the problem go away after rebuilding ntp? 
(I realize that this would make further debugging hard...)

3) if ntp still segfaults, what happens if oyu remove -fstack-check from your CFLAGS?
Comment 2 Ortwin Glueck 2017-10-31 16:08:52 UTC
Rebuilding of ntp did not help (I had tried that first of course).

No backtrace unfortunately. It seems to crash during loading within ld. So it might not even be a problem of ntp itself, but entirely within glibc.

I was unable to create debug symbols with:
 FEATURES="nostrip" CFLAGS="-ggdb" emerge -1 ntp
That also got rid of -fstack-check by the way.

(gdb) run -p /var/run/ -g
Starting program: /usr/sbin/ntpd -p /var/run/ -g
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/".
[New Thread 0x7ffff7ff4700 (LWP 5202)]

Thread 2 "ntpd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7ff4700 (LWP 5202)]
0x00007ffff7de1661 in ?? () from /lib64/
(gdb) bt
#0  0x00007ffff7de1661 in ?? () from /lib64/
#1  0x0000000000000000 in ?? ()

strace ends with:
[pid  5209] open("/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/", O_RDONLY|O_CLOEXEC) = 3
[pid  5209] read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000*\0\0\0\0\0\0"..., 832) = 832
[pid  5209] fstat(3, {st_mode=S_IFREG|0644, st_size=92376, ...}) = 0
[pid  5209] mmap(NULL, 2188320, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f80ab8db000
[pid  5209] mprotect(0x7f80ab8f0000, 2097152, PROT_NONE) = 0
[pid  5209] mmap(0x7f80abaf0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7f80abaf0000
[pid  5209] close(3)                    = 0
[pid  5209] mprotect(0x7f80abaf0000, 4096, PROT_READ) = 0
[pid  5209] munmap(0x7f80ad649000, 259532) = 0
[pid  5209] getpid()                    = 5209
[pid  5209] tgkill(5209, 5210, SIGRTMIN) = 0
[pid  5210] <... nanosleep resumed> {tv_sec=9, tv_nsec=999513235}) = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
[pid  5209] futex(0x7f80ad6ce9d0, FUTEX_WAIT, 5210, NULL <unfinished ...>
[pid  5210] --- SIGRTMIN {si_signo=SIGRTMIN, si_code=SI_TKILL, si_pid=5209, si_uid=0} ---
[pid  5210] getpid()                    = 5209
[pid  5210] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x7f80ad6cbf50} ---
[pid  5209] <... futex resumed>)        = ?
[pid  5210] +++ killed by SIGSEGV +++

Trying with glibc built without -fstack-check.
Comment 3 Ortwin Glueck 2017-10-31 16:19:30 UTC
Woah! Dropping -fstack-check when building glibc-2.25 fixes the problem. I guess that flag better be filtered by the glibc ebuild then.
Comment 4 tt_1 2017-11-08 12:50:52 UTC
Did you add -fstack-check on your own, or is this behavior the general case? 
(to disable for testing you'd choose to set -fno-fstack-check, right?)
Comment 5 Ortwin Glueck 2017-11-08 12:56:09 UTC
I have -fstack-check in make.conf (you guess why):
CFLAGS="-march=native -O2 -pipe -fstack-check"

To disable I have defined separate CFLAGS for glibc via package.env:
Comment 6 Ortwin Glueck 2017-11-20 09:31:34 UTC
same behaviour when glibc is compiled with gcc-6.4.0
Comment 7 Xuefer 2018-02-25 07:03:11 UTC
(gdb) r
Starting program: /usr/sbin/ntpd
warning: File "/lib64/" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
To enable execution of this file add
        add-auto-load-safe-path /lib64/
line to your configuration file "/root/.gdbinit".
To completely disable this security protection add
        set auto-load safe-path /
line to your configuration file "/root/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
        info "(gdb)Auto-loading safe path"
warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available.
[New LWP 7012]

Thread 2 "ntpd" received signal SIG32, Real-time event 32.
[Switching to LWP 7012]
0x00007ffff72478e8 in nanosleep () from /lib64/
(gdb) bt
#0  0x00007ffff72478e8 in nanosleep () from /lib64/
#1  0x00007ffff7247789 in sleep () from /lib64/
#2  0x0000555555572f12 in ?? ()
#3  0x00007ffff754ba76 in start_thread () from /lib64/
#4  0x00007ffff727f05f in clone () from /lib64/

(gdb) c

Thread 2 "ntpd" received signal SIGSEGV, Segmentation fault.
0x00007ffff7de14e4 in _dl_lookup_symbol_x () from /lib64/
(gdb) bt
#0  0x00007ffff7de14e4 in _dl_lookup_symbol_x ()
   from /lib64/
#1  0x00007ffff7de6893 in _dl_fixup () from /lib64/
#2  0x00007ffff7dee07a in _dl_runtime_resolve_xsave ()
   from /lib64/
#3  0x00007ffff6d69873 in ?? ()
   from /usr/lib/gcc/x86_64-pc-linux-gnu/6.4.0/
#4  0x00007ffff6d6aaa0 in ?? ()
   from /usr/lib/gcc/x86_64-pc-linux-gnu/6.4.0/
#5  0x00007ffff6d6b0ad in _Unwind_ForcedUnwind ()
   from /usr/lib/gcc/x86_64-pc-linux-gnu/6.4.0/
#6  0x00007ffff75572ef in __pthread_unwind () from /lib64/
#7  0x00007ffff7549d3a in sigcancel_handler () from /lib64/
#8  <signal handler called>
#9  0x00007ffff72478e8 in nanosleep () from /lib64/
#10 0x00007ffff7247789 in sleep () from /lib64/
#11 0x0000555555572f12 in ?? ()
#12 0x00007ffff754ba76 in start_thread () from /lib64/
#13 0x00007ffff727f05f in clone () from /lib64/
Comment 8 Andreas K. Hüttel gentoo-dev 2018-09-11 15:13:19 UTC
OK we need to figure out if/how we want to handle this on the glibc side.
Comment 9 Sergei Trofimovich gentoo-dev 2019-08-01 23:09:57 UTC
-fstack-check was whitelisted in #607710. The backtrace looks like a bug in pthread_cancel().

Does it still happen on current stable glibc?

Can you post your ntpd config and the exact command to run so I could reproduce it locally?