SIGSEGV in ntpq
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ntp (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: ntp
Bug appears on two different computers, both with same release of (k)ubuntu and same architecture (x86_64).
% uname -a
Linux xxxxx 2.6.24-19-generic #1 SMP Fri Jul 11 21:01:46 UTC 2008 x86_64 GNU/Linux
% lsb_release -rd
Description: Ubuntu 8.04.1
Release: 8.04
% apt-cache policy ntp
ntp:
Installed: 1:4.2.4p4+
Candidate: 1:4.2.4p4+
Version table:
*** 1:4.2.4p4+
500 http://
100 /var/lib/
-------
After installing ntp package, without any modification to config files:
% ntptrace
ntpq -n -c rv 127.0.0.1 failed at /usr/bin/ntptrace line 40.
% ntpq -n -c rv 127.0.0.1
assID=0 status=c644 sync_alarm, sync_ntp, 4 events, event_peer/
version="ntpd 4.2.4p4@1.1520-o Fri Mar 7 20:36:58 UTC 2008 (1)",
processor="x86_64", system=
stratum=16, precision=-20, rootdelay=0.000, rootdispersion=
Segmentation fault
% valgrind ntpq -n -c rv 127.0.0.1
==14479== Memcheck, a memory error detector.
==14479== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==14479== Using LibVEX rev 1804, a library for dynamic binary translation.
==14479== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==14479== Using valgrind-
==14479== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==14479== For more details, rerun with: -v
==14479==
==14479== Invalid read of size 8
==14479== at 0x4015ECA: (within /lib/ld-2.7.so)
==14479== by 0x4011C2B: (within /lib/ld-2.7.so)
==14479== by 0x56F8F7F: (within /lib/libc-2.7.so)
==14479== by 0x400DDF5: (within /lib/ld-2.7.so)
==14479== by 0x56F90E6: __libc_dlopen_mode (in /lib/libc-2.7.so)
==14479== by 0x56D303C: __nss_lookup_
==14479== by 0x56D3114: (within /lib/libc-2.7.so)
==14479== by 0x56DBB28: getservbyname_r (in /lib/libc-2.7.so)
==14479== by 0x56A9ADC: (within /lib/libc-2.7.so)
==14479== by 0x56A9DC7: (within /lib/libc-2.7.so)
==14479== by 0x56AC35D: getaddrinfo (in /lib/libc-2.7.so)
==14479== by 0x403546: (within /usr/bin/ntpq)
==14479== Address 0x5fa7fc0 is 40 bytes inside a block of size 46 alloc'd
==14479== at 0x4C22FAB: malloc (vg_replace_
==14479== by 0x400DF00: (within /lib/ld-2.7.so)
==14479== by 0x4008DA5: (within /lib/ld-2.7.so)
==14479== by 0x4012048: (within /lib/ld-2.7.so)
==14479== by 0x400DDF5: (within /lib/ld-2.7.so)
==14479== by 0x401191A: (within /lib/ld-2.7.so)
==14479== by 0x56F8F7F: (within /lib/libc-2.7.so)
==14479== by 0x400DDF5: (within /lib/ld-2.7.so)
==14479== by 0x56F90E6: __libc_dlopen_mode (in /lib/libc-2.7.so)
==14479== by 0x56D303C: __nss_lookup_
==14479== by 0x56D3114: (within /lib/libc-2.7.so)
==14479== by 0x56DBB28: getservbyname_r (in /lib/libc-2.7.so)
==14479==
==14479== Invalid read of size 8
==14479== at 0x4015EE4: (within /lib/ld-2.7.so)
==14479== by 0x400AB93: (within /lib/ld-2.7.so)
==14479== by 0x40061E4: (within /lib/ld-2.7.so)
==14479== by 0x4008677: (within /lib/ld-2.7.so)
==14479== by 0x4012048: (within /lib/ld-2.7.so)
==14479== by 0x400DDF5: (within /lib/ld-2.7.so)
==14479== by 0x401191A: (within /lib/ld-2.7.so)
==14479== by 0x56F8F7F: (within /lib/libc-2.7.so)
==14479== by 0x400DDF5: (within /lib/ld-2.7.so)
==14479== by 0x56F90E6: __libc_dlopen_mode (in /lib/libc-2.7.so)
==14479== by 0x56D303C: __nss_lookup_
==14479== by 0x56D3132: (within /lib/libc-2.7.so)
==14479== Address 0x5fa8140 is 16 bytes inside a block of size 23 alloc'd
==14479== at 0x4C22FAB: malloc (vg_replace_
==14479== by 0x4008B75: (within /lib/ld-2.7.so)
==14479== by 0x4012048: (within /lib/ld-2.7.so)
==14479== by 0x400DDF5: (within /lib/ld-2.7.so)
==14479== by 0x401191A: (within /lib/ld-2.7.so)
==14479== by 0x56F8F7F: (within /lib/libc-2.7.so)
==14479== by 0x400DDF5: (within /lib/ld-2.7.so)
==14479== by 0x56F90E6: __libc_dlopen_mode (in /lib/libc-2.7.so)
==14479== by 0x56D303C: __nss_lookup_
==14479== by 0x56D3132: (within /lib/libc-2.7.so)
==14479== by 0x56DBB28: getservbyname_r (in /lib/libc-2.7.so)
==14479== by 0x56A9ADC: (within /lib/libc-2.7.so)
assID=0 status=c644 sync_alarm, sync_ntp, 4 events, event_peer/
version="ntpd 4.2.4p4@1.1520-o Fri Mar 7 20:36:58 UTC 2008 (1)",
processor="x86_64", system=
stratum=16, precision=-20, rootdelay=0.000, rootdispersion=
==14479==
==14479== Invalid write of size 1
==14479== at 0x412693: (within /usr/bin/ntpq)
==14479== Address 0x7ff001000 is not stack'd, malloc'd or (recently) free'd
==14479==
==14479== Process terminating with default action of signal 11 (SIGSEGV)
==14479== Access not within mapped region at address 0x7FF001000
==14479== at 0x412693: (within /usr/bin/ntpq)
peer=13290==14479==
==14479== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 25 from 1)
==14479== malloc/free: in use at exit: 59 bytes in 2 blocks.
==14479== malloc/free: 51 allocs, 49 frees, 20,570 bytes allocated.
==14479== For counts of detected errors, rerun with: -v
==14479== searching for pointers to 2 not-freed blocks.
==14479== checked 365,984 bytes.
==14479==
==14479== LEAK SUMMARY:
==14479== definitely lost: 0 bytes in 0 blocks.
==14479== possibly lost: 0 bytes in 0 blocks.
==14479== still reachable: 59 bytes in 2 blocks.
==14479== suppressed: 0 bytes in 0 blocks.
==14479== Rerun with --leak-check=full to see details of leaked memory.
Segmentation fault
-------
After rebuild with debugging enabled:
valgrind ntpq -n -c rv 127.0.0.1
==27393== Memcheck, a memory error detector.
==27393== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==27393== Using LibVEX rev 1804, a library for dynamic binary translation.
==27393== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==27393== Using valgrind-
==27393== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==27393== For more details, rerun with: -v
==27393==
==27393== Invalid read of size 8
==27393== at 0x4015ECA: (within /lib/ld-2.7.so)
==27393== by 0x4011C2B: (within /lib/ld-2.7.so)
==27393== by 0x56F8F7F: (within /lib/libc-2.7.so)
==27393== by 0x400DDF5: (within /lib/ld-2.7.so)
==27393== by 0x56F90E6: __libc_dlopen_mode (in /lib/libc-2.7.so)
==27393== by 0x56D303C: __nss_lookup_
==27393== by 0x56D3114: (within /lib/libc-2.7.so)
==27393== by 0x56DBB28: getservbyname_r (in /lib/libc-2.7.so)
==27393== by 0x56A9ADC: (within /lib/libc-2.7.so)
==27393== by 0x56A9DC7: (within /lib/libc-2.7.so)
==27393== by 0x56AC35D: getaddrinfo (in /lib/libc-2.7.so)
==27393== by 0x40319A: openhost (ntpq.c:687)
==27393== Address 0x5fa7fc0 is 40 bytes inside a block of size 46 alloc'd
==27393== at 0x4C22FAB: malloc (vg_replace_
==27393== by 0x400DF00: (within /lib/ld-2.7.so)
==27393== by 0x4008DA5: (within /lib/ld-2.7.so)
==27393== by 0x4012048: (within /lib/ld-2.7.so)
==27393== by 0x400DDF5: (within /lib/ld-2.7.so)
==27393== by 0x401191A: (within /lib/ld-2.7.so)
==27393== by 0x56F8F7F: (within /lib/libc-2.7.so)
==27393== by 0x400DDF5: (within /lib/ld-2.7.so)
==27393== by 0x56F90E6: __libc_dlopen_mode (in /lib/libc-2.7.so)
==27393== by 0x56D303C: __nss_lookup_
==27393== by 0x56D3114: (within /lib/libc-2.7.so)
==27393== by 0x56DBB28: getservbyname_r (in /lib/libc-2.7.so)
==27393==
==27393== Invalid read of size 8
==27393== at 0x4015EE4: (within /lib/ld-2.7.so)
==27393== by 0x400AB93: (within /lib/ld-2.7.so)
==27393== by 0x40061E4: (within /lib/ld-2.7.so)
==27393== by 0x4008677: (within /lib/ld-2.7.so)
==27393== by 0x4012048: (within /lib/ld-2.7.so)
==27393== by 0x400DDF5: (within /lib/ld-2.7.so)
==27393== by 0x401191A: (within /lib/ld-2.7.so)
==27393== by 0x56F8F7F: (within /lib/libc-2.7.so)
==27393== by 0x400DDF5: (within /lib/ld-2.7.so)
==27393== by 0x56F90E6: __libc_dlopen_mode (in /lib/libc-2.7.so)
==27393== by 0x56D303C: __nss_lookup_
==27393== by 0x56D3132: (within /lib/libc-2.7.so)
==27393== Address 0x5fa8140 is 16 bytes inside a block of size 23 alloc'd
==27393== at 0x4C22FAB: malloc (vg_replace_
==27393== by 0x4008B75: (within /lib/ld-2.7.so)
==27393== by 0x4012048: (within /lib/ld-2.7.so)
==27393== by 0x400DDF5: (within /lib/ld-2.7.so)
==27393== by 0x401191A: (within /lib/ld-2.7.so)
==27393== by 0x56F8F7F: (within /lib/libc-2.7.so)
==27393== by 0x400DDF5: (within /lib/ld-2.7.so)
==27393== by 0x56F90E6: __libc_dlopen_mode (in /lib/libc-2.7.so)
==27393== by 0x56D303C: __nss_lookup_
==27393== by 0x56D3132: (within /lib/libc-2.7.so)
==27393== by 0x56DBB28: getservbyname_r (in /lib/libc-2.7.so)
==27393== by 0x56A9ADC: (within /lib/libc-2.7.so)
assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
version="ntpd 4.2.4p4@1.1520-o Sun Aug 3 08:29:27 UTC 2008 (1)",
processor="x86_64", system=
stratum=16, precision=-20, rootdelay=0.000, rootdispersion=
peer=0, refid=INIT,
reftime=
clock=cc3feb02.
offset=0.000, frequency=0.000, jitter=0.001, noise=0.001,
stability=0.000, tai=0
==27393==
==27393== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 25 from 1)
==27393== malloc/free: in use at exit: 59 bytes in 2 blocks.
==27393== malloc/free: 62 allocs, 60 frees, 22,723 bytes allocated.
==27393== For counts of detected errors, rerun with: -v
==27393== searching for pointers to 2 not-freed blocks.
==27393== checked 364,008 bytes.
==27393==
==27393== LEAK SUMMARY:
==27393== definitely lost: 0 bytes in 0 blocks.
==27393== possibly lost: 0 bytes in 0 blocks.
==27393== still reachable: 59 bytes in 2 blocks.
==27393== suppressed: 0 bytes in 0 blocks.
==27393== Rerun with --leak-check=full to see details of leaked memory.
Changed in ntp (Ubuntu): | |
assignee: | Chuck Short (zulcss) → nobody |
Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue that you reported is one that should be reproducible with the live environment of the Desktop CD of the development release - Karmic Koala. It would help us greatly if you could test with it so we can work on getting it fixed in the next release of Ubuntu. You can find out more about the development release at http:// www.ubuntu. com/testing/. Thanks again and we appreciate your help.