Ubuntu
ntp package

1:4.2.6.p3+dfsg-1ubuntu3 on Precise generates a memory corruption

Bug #971314 reported by olivier.brisson
82
This bug affects 16 people
Affects Status Importance Assigned to Milestone
ntp (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

ntp, from the package ntp-1:4.2.6.p3+dfsg-1ubuntu3 on Precise with KDE, generates the following error when restarted on the command line with the command "sudo service ntp restart"

 rapc@rapc-HP-Compaq-dc7800-Small-Form-Factor:/etc/apparmor/init$ sudo service ntp restart
 * Stopping NTP server ntpd
   ...done.
 * Starting NTP server ntpd
*** glibc detected *** lockfile-create: malloc(): memory corruption (fast): 0x0000000000ba40e0 ***

In syslog, i found this:

[ 257.286600] lockfile-create[1340]: segfault at 18 ip 00007f394c218805 sp 00007fffbbc0c0c0 error 4 in libc-2.15.so[7f394c19a000+1b2000]

Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor kernel: [ 257.286596] show_signal_msg: 33 callbacks suppressed
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor kernel: [ 257.286600] lockfile-create[1340]: segfault at 18 ip 00007f394c218805 sp 00007fffbbc0c0c0 error 4 in libc-2.15.so[7f394c19a000+1b2000]
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2294]: ntpd 4.2.6p3@1.2290 Tue Mar 6 15:36:36 UTC 2012 (1)
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2295]: proto: precision = 0.419 usec
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2295]: ntp_io: estimated max descriptors: 2144, initial socket boundary: 16
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2295]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2295]: Listen and drop on 1 v6wildcard :: UDP 123
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2295]: Listen normally on 2 lo 127.0.0.1 UDP 123
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2295]: Listen normally on 3 eth0 10.146.19.204 UDP 123
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2295]: Listen normally on 4 eth0 fe80::21f:29ff:fed4:8328 UDP 123
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2295]: Listen normally on 5 lo ::1 UDP 123
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2295]: peers refreshed
Apr 2 09:10:05 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2295]: Listening on routing socket on fd #22 for interface updates
Apr 2 09:15:37 rapc-HP-Compaq-dc7800-Small-Form-Factor ntpd[2295]: ntpd exiting on signal 15

My /etc/ntp.conf has not been changed
---
ApportVersion: 2.0-0ubuntu2
Architecture: amd64
DistroRelease: Ubuntu 12.04
InstallationMedia: Kubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120228.1)
Package: ntp 1:4.2.6.p3+dfsg-1ubuntu3
PackageArchitecture: amd64
ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-3.2.0-21-generic root=UUID=0a0fc268-6d80-4e5d-8687-0715859a9a0f ro quiet splash vt.handoff=7
ProcEnviron:
 LANGUAGE=fr_CH:fr
 TERM=xterm
 LANG=fr_CH.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 3.2.0-21.34-generic 3.2.13
Tags: precise
Uname: Linux 3.2.0-21-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
---
ApportVersion: 2.0-0ubuntu2
Architecture: amd64
DistroRelease: Ubuntu 12.04
InstallationMedia: Kubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120228.1)
Package: ntp 1:4.2.6.p3+dfsg-1ubuntu3
PackageArchitecture: amd64
ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-3.2.0-21-generic root=UUID=0a0fc268-6d80-4e5d-8687-0715859a9a0f ro quiet splash vt.handoff=7
ProcEnviron:
 LANGUAGE=fr_CH:fr
 TERM=xterm
 LANG=fr_CH.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 3.2.0-21.34-generic 3.2.13
Tags: precise
Uname: Linux 3.2.0-21-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

See original description
Revision history for this message
James Page (james-page) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command, as it will automatically gather debugging information, in a terminal:

apport-collect 971314

When reporting bugs in the future please use apport by using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at https://wiki.ubuntu.com/ReportingBugs.

Changed in ntp (Ubuntu):
status: New → Incomplete
Revision history for this message
olivier.brisson (olivier-brisson) wrote : .etc.apparmor.d.usr.sbin.ntpd.txt

apport information

tags: added: apport-collected precise
description: updated
Revision history for this message
olivier.brisson (olivier-brisson) wrote : Dependencies.txt

apport information

Revision history for this message
olivier.brisson (olivier-brisson) wrote : KernLog.txt

apport information

Revision history for this message
olivier.brisson (olivier-brisson) wrote : NtpStatus.txt

apport information

description: updated
Revision history for this message
olivier.brisson (olivier-brisson) wrote : .etc.apparmor.d.usr.sbin.ntpd.txt

apport information

Revision history for this message
olivier.brisson (olivier-brisson) wrote : Dependencies.txt

apport information

Revision history for this message
olivier.brisson (olivier-brisson) wrote : KernLog.txt

apport information

Revision history for this message
olivier.brisson (olivier-brisson) wrote : NtpStatus.txt

apport information

Revision history for this message
olivier.brisson (olivier-brisson) wrote :

Thank you James for your help and be assured that i will use ubuntu-bug the next time.

olivier.brisson (olivier-brisson)
Changed in ntp (Ubuntu):
status: Incomplete → New
James Page (james-page)
Changed in ntp (Ubuntu):
importance: Undecided → Low
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ntp (Ubuntu):
status: New → Confirmed
Revision history for this message
Paul Woolley (paul-woolley) wrote :

This bug appears to be linked to hostnames greater than 36 character in length:

----------
root@ip-10-53-101-13:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"
root@ip-10-53-101-13:~# hostname 01234567890123456789012345678901234
root@ip-10-53-101-13:~# service ntp restart
 * Stopping NTP server ntpd [ OK ]
 * Starting NTP server ntpd [ OK ]
root@ip-10-53-101-13:~# hostname 012345678901234567890123456789012345
root@ip-10-53-101-13:~# service ntp restart
 * Stopping NTP server ntpd [ OK ]
 * Starting NTP server ntpd [ OK ]
root@ip-10-53-101-13:~# hostname 0123456789012345678901234567890123456
root@ip-10-53-101-13:~# service ntp restart
 * Stopping NTP server ntpd [ OK ]
 * Starting NTP server ntpd *** glibc detected *** lockfile-create: free(): invalid next size (fast): 0x0000000000fc90a0 ***
Segmentation fault (core dumped)
                                                                                                                                                                  [ OK ]
----------

...'rapc-HP-Compaq-dc7800-Small-Form-Factor' being 39 chars.

Revision history for this message
Paul Woolley (paul-woolley) wrote :

Actually, on closer inspection, the error I saw was 'invalid next size', not 'memory corruption'.

Revision history for this message
Paul Woolley (paul-woolley) wrote :

Some further investigation:
-----------------------------------
Hostname length | Result
-----------------------------------
0-35 | ok
36-37 | invalid next size
38-39 | memory corruption
40-47 | invalid next size
>47 | untested
 -----------------------------------

Revision history for this message
Matthew O'Riordan (matthew-oriordan) wrote :

I can confirm I too experience this issue with a host name that is longer than 36 chars

Revision history for this message
Sergio Rubio (rubiojr) wrote :

I can confirm this too. I wonder if it's somewhat related to bug 941968

Apparently in our case (we use puppet to provision the server), /etc/init.d/ntp start gets stuck (maybe because lockfile-create segfaults?) while the package postinstall script is run, so puppet gets stuck too while provisioning.

We've found two ways to workaround the issue:

1. Use shorter hostnames
2. Rename /usr/bin/lockfile-create to /etc/bin/lockfile-create.bak so /etc/init.d/ntp does not find. Restore it back to /usr/bin/lockfile-create after the ntp package install.

Both workarounds are somewhat hackish, so it would be great if someone could reproduce it and give it a higher priority :).

Revision history for this message
Nick Moffitt (nick-moffitt) wrote :

This bug had me stymied for far too long. When using juju, hostnames can get quite long. For instance, I have instances with names like "juju-nick-testopenstack-lhr01-instance-24", and ntp in precise will just hang on installation and prevent juju from even installing the charm. This can be a rather troublesome state to work your way through.

tags: added: juju
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.