Bug 486217
| Summary: | segfault in timer_gettime / reinit_timer: timer_gettime called with ntpd_timerid==0 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Sami Farin <hvtaifwkbgefbaei> |
| Component: | ntp | Assignee: | Miroslav Lichvar <mlichvar> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | mlichvar, pertusus |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-04-20 12:11:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Is this a recompiled/patched package? The ntpd binary from ntp-4.2.4p6-2.fc11 doesn't even have timer_gettime in the symbol table. Yes, this is compiled by me. I compiled it without optimizations to get reliable debug info. Fixed in ntp-4.2.4p6-4.fc11. Please note that Fedora rpms didn't have this problem and enabling HAVE_TIMER_CREATE doesn't really change anything as the timers are disabled and a scheduler is used instead. |
Description of problem: ntpd segfault every 5-10 minutes. /usr/sbin/ntpd -u ntp:ntp -4 -N -c /etc/ntp.conf -n Version-Release number of selected component (if applicable): 4.2.4p6-2 How reproducible: always Steps to Reproduce: 1. /usr/sbin/ntpd -u ntp:ntp -4 -N -c /etc/ntp.conf -n 2. 3. Actual results: Program received signal SIGSEGV, Segmentation fault. 0x00000000009c1ec6 in timer_gettime@@GLIBC_2.3.3 () from /lib64/librt.so.1 Expected results: timer_gettime returning -EINVAL would also be very neat... but maybe ntpd should setup the timer first? Additional info: remote refid st t when poll reach delay offset jitter ============================================================================== *ntp1.tdc.fi .PPS. 1 u 44 64 377 37.766 -89.987 41.457 +ntp1.funet.fi 193.166.6.176 2 u 41 64 377 36.853 -91.141 41.985 +ns1.eunet.fi 192.36.143.151 2 u 43 64 377 37.228 -90.505 40.864 +plaza.suomi.net 62.220.226.1 3 u 43 64 377 46.543 -79.497 36.221 (gdb) bt #0 0x00000000009c1ec6 in timer_gettime@@GLIBC_2.3.3 () from /lib64/librt.so.1 #1 0x00007f945891c131 in reinit_timer () at ntp_timer.c:105 #2 0x00007f945890874b in local_clock (peer=0x7f9458b8ee70, fp_offset=-0.28397776938163888) at ntp_loopfilter.c:405 #3 0x00007f945890e2f5 in clock_update () at ntp_proto.c:1283 #4 0x00007f9458910ba7 in clock_select () at ntp_proto.c:2316 #5 0x00007f945890f5ad in clock_filter (peer=0x7f9458b8ee70, sample_offset=-0.29154613183345646, sample_delay=0.038759583374485373, sample_disp=4.638730194419622e-06) at ntp_proto.c:1780 #6 0x00007f945890e136 in process_packet (peer=0x7f9458b8ee70, pkt=0x400000) at ntp_proto.c:1247 #7 0x00007f945890d475 in receive (rbufp=0x7f945944f378) at ntp_proto.c:1077 #8 0x00007f9458900deb in ntpdmain (argc=0, argv=0x7ffff98baea8) at ntpd.c:1138 #9 0x00007f94588ff973 in main (argc=8, argv=0x7ffff98bae68) at ntpd.c:314 (gdb) frame 1 #1 0x00007f945891c131 in reinit_timer () at ntp_timer.c:105 105 timer_gettime(ntpd_timerid, &itimer); (gdb) p ntpd_timerid $2 = (timer_t) 0x0 (gdb) p itimer $3 = {it_interval = {tv_sec = 0, tv_nsec = 0}, it_value = {tv_sec = 0, tv_nsec = 0}} (gdb) frame 2 #2 0x00007f945890874b in local_clock (peer=0x7f9458b8ee70, fp_offset=-0.28397776938163888) at ntp_loopfilter.c:405 405 reinit_timer(); (gdb) p *peer $4 = {next = 0x0, ass_next = 0x0, srcadr = {ss_family = 2, __ss_align = 0, __ss_padding = '\0' <repeats 111 times>}, dstadr = 0x7f9459450d50, ilink = { prev = 0x0, next = 0x7f9458b8eb98}, associd = 17911, version = 4 '\004', hmode = 3 '\003', hpoll = 6 '\006', minpoll = 6 '\006', maxpoll = 10 '\n', flags = 65, cast_flags = 1 '\001', flash = 0, last_event = 4 '\004', num_events = 1 '\001', ttl = 0 '\0', procptr = 0x0, refclktype = 0 '\0', refclkunit = 0 '\0', sstclktype = 0 '\0', leap = 0 '\0', pmode = 4 '\004', stratum = 1 '\001', ppoll = 6 '\006', precision = -18 '�, rootdelay = 0, rootdispersion = 0.0018768310546875, refid = 5460048, reftime = {Ul_i = { Xl_ui = 3443980634, Xl_i = -850986662}, Ul_f = {Xl_uf = 3791253213, Xl_f = -503714083}}, keyid = 0, status = 6 '\006', reach = 255 '�', epoch = 1489, burst = 0, filter_nextpt = 1, filter_delay = {0.038759583374485373, 0.038984449580311775, 0.037414940539747477, 0.039729314390569925, 0.039080384653061628, 0.042136190459132195, 0.038839472224935889, 0.037923363735899329}, filter_offset = {-0.29154613183345646, -0.2096097613684833, -0.2209947993978858, -0.23273956729099154, -0.24350286810658872, -0.2539139969740063, -0.26654463645536453, -0.27938373119104654}, filter_disp = { 4.638730194419622e-06, 0.0067696436581597659, 0.0057796179414470678, 0.0048346530301263558, 0.0038446433573786636, 0.0028846892519760877, 0.001939641492352821, 0.0009646255767531693}, filter_epoch = {1489, 1038, 1104, 1167, 1233, 1297, 1360, 1425}, filter_order = "\000\a\006\005\004\003\002\001", org = {Ul_i = {Xl_ui = 3443980699, Xl_i = -850986597}, Ul_f = {Xl_uf = 1061307722, Xl_f = 1061307722}}, rec = {Ul_i = {Xl_ui = 3443980699, Xl_i = -850986597}, Ul_f = {Xl_uf = 2396724395, Xl_f = -1898242901}}, xmt = {Ul_i = {Xl_ui = 3443980699, Xl_i = -850986597}, Ul_f = {Xl_uf = 2229044763, Xl_f = -2065922533}}, offset = -0.29154613183345646, delay = 0.038759583374485373, jitter = 0.052977896834207151, disp = 0.00093350776829915962, estbdelay = 0.0040000000000000001, update = 1489, unreach = 0, outdate = 1489, nextdate = 1552, nextaction = 0, action = 0, timereset = 0, timereceived = 1489, timereachable = 1, sent = 24, received = 24, processed = 24, badauth = 0, bogusorg = 0, oldpkt = 0, seldisptoolarge = 0, selbroken = 0}