Created attachment 109835 [details]
ntpd crash output

I recompiled kernel with -bk4 patch and it stopped crashing. I'll monitor and 
report if there is any change. 

OK....ntpd is crashing again with the latest kernels based on -bk7 and -bk8. 

If I comment the Server lines in 0.pool etc in the ntp.conf file it 
no longer crashes. If I put anyting in there it does. I saw this by 
doing ntpd -D4 and looked were it crashed. 

I'm seeing this also under kernel ...1090_FC4 and ...1107_FC4
same symptoms
1090:Dell Lattitude CPi with PII-MMX
1107:AMD K6-2

Ditto on 1115, on a Dell Inspiron with a Pentium III 1GHz.

I found that if I start strace -f ntp, it sometimes starts
successfully, other times it crashes after logging the ports it's
listening on, and then issuing the following syscalls:

rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
setsockopt(4, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(5, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(6, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(7, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(8, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(9, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
setsockopt(10, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
rt_sigaction(SIGSYS, {0xa04b2f, [], SA_RESTORER, 0xb68a48}, {SIG_DFL},
8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
adjtimex({modes=61, offset=0, freq=2563440, maxerror=16, esterror=16,
status=64, constant=0, precision=1, tolerance=33554432,
time={1107450206, 864189}}) = 5
rt_sigaction(SIGSYS, {SIG_DFL}, NULL, 8) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---

Some more info: ntp doesn't always crash at the same spot, but it's
almost always within glibc, in function prologues, at the instruction
that calls __i686.get_pc_thunk.bx.  The stack pointer looks
reasonable, so I'd guess it's something wrong with the TLB handler.

Rolling back to the FC3 2.6.10-1.770_FC3 kernel fixes this problem.
Therefore it is unlikely to be related to a concurrently-released glibc FC3 update.

It seems this bug worked his way into FC3 updates (2.6.11-1.14_FC3).
See: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155446
Can please someone confirm this?

*** Bug 155446 has been marked as a duplicate of this bug. ***

I can confirm that whis bug exists in up2dated FC3. I think it can have
something in common with bug #151262 (duplicate or depend).

There's a workaround for this issue. If an ntpd is started with:
        setarch i386 -L ntpd -u ntp:ntp -p /var/run/ntpd.pid
it doesn't crash.

Another workaround:
Disable exec-shield-randomize by
        echo 0 > /proc/sys/kernel/exec-shield-randomize
or
        echo kernel.exec-shield-randomize = 1 >> /etc/sysctl.conf

Yet another workaround:

execstack -s /usr/sbin/ntpd

As I understand it, it alters the binary:

rpm -V ntp
..5......   /usr/sbin/ntpd

but the rest of the system is unaffected.

Also, you can undo the change with:

execstack -c /usr/sbin/ntpd

which restores the old binary (rpm -V won't report it as changed).

Thanks to Tomasz for reporting the workarounds (as you may guess, mine
is based on the info he provided, it's just a different way to disable
the exec-shield for ntpd).

Confirm the workaround works.

FWIW, I did a fresh install but disabled anacron, so prelink has not been run
yet. I'm on the new kernel, and yet ntpd seems to be working fine.

I just tested the prelink connection: 
 
I did a "prelink -uv" on the files that ntpd uses: 
 
/lib/ld-linux.so.2 
/lib/libcap.so.1 
/lib/libcom_err.so.2 
/lib/libcrypto.so.4 
/lib/libdl.so.2 
/lib/libresolv.so.2 
/lib/tls/libc.so.6 
/lib/tls/libm.so.6 
/usr/lib/libgssapi_krb5.so.2 
/usr/lib/libk5crypto.so.3 
/usr/lib/libkrb5.so.3 
/usr/lib/libz.so.1 
/usr/sbin/ntpd 
 
And I still get the same Segmentation fault. 
 
The I did a "prelink -auv" and ntpd still Segfaults. 

Could somebody please assign "DUPLICATE" status to two of the three bugs 
#145258 #154759 #151262 ? They are obviously the same problem. 

*** This bug has been marked as a duplicate of 154759 ***