Bug 505564 - segfault at 0 ip b7eb82ce sp bf9df4ec error 4 in libc-2.10.1.so[b7e3e000+16f000]
segfault at 0 ip b7eb82ce sp bf9df4ec error 4 in libc-2.10.1.so[b7e3e000+16f000]
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: ntp (Show other bugs)
11
All Linux
high Severity high
: ---
: ---
Assigned To: Miroslav Lichvar
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-12 09:20 EDT by udo
Modified: 2009-07-21 12:15 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-21 12:15:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description udo 2009-06-12 09:20:28 EDT
Description of problem:
segfault at 0 ip b7eb82ce sp bf9df4ec error 4 in libc-2.10.1.so[b7e3e000+16f000]

Version-Release number of selected component (if applicable):
glibc-2.10.1-2.i586

How reproducible:
Upgrade F10 to F11.
Compile ntpd 4.2.4p6 patched for LinuxPPS (just touches the NMEA refclock), needed because of libcrypto.8
Run ntpstat

Steps to Reproduce:
1. Upgrade F10 to F11.
2. Compile ntpd 4.2.4p6 patched for LinuxPPS (just touches the NMEA refclock).
3. Run ntpstat
  
Actual results:
ntpstat[27048]: segfault at 0 ip b7ec22ce sp bfce9ffc error 4 in libc-2.10.1.so[b7e48000+16f000]

Expected results:
no segfault.

Additional info:
ntpstat[27048]: segfault at 0 ip b7ec22ce sp bfce9ffc error 4 in libc-2.10.1.so[b7e48000+16f000]
Comment 1 Jakub Jelinek 2009-06-15 08:34:04 EDT
And you are filing this against glibc why?  Crash in strncmp is usually an application bug.  You need to get a full backtrace and see what called it with the incorrect arguments.
If it is not in a binary shipped with the distribution, it is up to you to debug it...
Comment 2 udo 2009-06-15 09:16:04 EDT
Why?
I don't know.
I use a Fedora 11 toolchain.
I use Fedora 11 ntp sources with *minimal* patching and certainly not in the area involved.
ntpstat did not behave like this in F10.

bt?
strace for now:

$ strace ntpstat
execve("/usr/bin/ntpstat", ["ntpstat"], [/* 20 vars */]) = 0
brk(0)                                  = 0xb9f06000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=36805, ...}) = 0
mmap2(NULL, 36805, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ef5000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300k\1\0004\0\0\0\364"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1816332, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ef4000
mmap2(NULL, 1530152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d7e000
mprotect(0xb7eed000, 4096, PROT_NONE)   = 0
mmap2(0xb7eee000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16f) = 0xb7eee000
mmap2(0xb7ef1000, 10536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ef1000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d7d000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7d7d6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb7eee000, 8192, PROT_READ)   = 0
mprotect(0xb7f1e000, 4096, PROT_READ)   = 0
munmap(0xb7ef5000, 36805)               = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
send(3, "\26\2\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 576, 0) = 576
select(4, [3], NULL, NULL, {1, 0})      = 1 (in [3], left {0, 999985})
recv(3, "\26\202\0\1!\364\0\0\0\0\1pversion=\"ntpd 4.2.4p6"..., 576, 0) = 380
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7efd000
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

and:

$ gdb ntpstat
GNU gdb (GDB) Fedora (6.8.50.20090302-23.fc11)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i586-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Missing separate debuginfos, use: debuginfo-install ntp-4.2.4p6-ldnrt3.fc11.i386
(gdb) run
Starting program: /usr/bin/ntpstat 

Program received signal SIGSEGV, Segmentation fault.
0xb7ed62ce in strncmp () from /lib/libc.so.6
(gdb) bt
#0  0xb7ed62ce in strncmp () from /lib/libc.so.6
#1  0xb7ffeb60 in main () from /usr/bin/ntpstat

Move to other component if you like, but please do not close.
Thanks.
Comment 3 Jakub Jelinek 2009-06-16 11:19:36 EDT
If you can reproduce with unpatched ntpstat, you should reassign to ntp, otherwise it really has nothing to do with Fedora.  The backtrace above clearly shows that it was ntpstat that called strncmp with a bad argument.
Comment 4 udo 2009-06-16 11:42:33 EDT
how can a patch that does only touch reflock nmea cause an issue in ntpstat that I start without arguments?
I am the enduser, you know the route to process this issue most efficiently, I hope.
Comment 5 udo 2009-06-16 12:39:02 EDT
# gdb ntpstat
GNU gdb (GDB) Fedora (6.8.50.20090302-26.fc11)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i586-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
(gdb) run
Starting program: /usr/bin/ntpstat 

Program received signal SIGSEGV, Segmentation fault.
*__GI_strncmp (s1=0x0, s2=0xb7fff200 "NTP server", n=4) at strncmp.c:42
42		  c1 = (unsigned char) *s1++;
Current language:  auto; currently minimal
(gdb) bt
#0  *__GI_strncmp (s1=0x0, s2=0xb7fff200 "NTP server", n=4) at strncmp.c:42
#1  0xb7ffeb60 in main () from /usr/bin/ntpstat
(gdb) 

?
Comment 6 udo 2009-07-03 10:06:48 EDT
Similar to https://bugzilla.redhat.com/show_bug.cgi?id=509552 ?
Comment 7 Miroslav Lichvar 2009-07-21 12:15:19 EDT
This is probably caused by an unknown clock type used in the patched refclock driver.

Should be fixed in ntp-4.2.4p7-3.fc12.

Note You need to log in before you can comment on or make changes to this bug.