Package: ntp Version: 1:4.2.8p10+dfsg-3+deb9u1 Severity: important Dear Maintainers,
Running ntpd with stretch-proposed-updates configured in APT's sources can cause an immediate segfault on certain machines. Inspecting a core dump as well as the kernel log hints that the error actually happens somewhere in libc, rather than ntpd's own code. I suppose that the current version of libc6 from stretch-proposed-updates somehow triggers a bug in ntpd which has already been handled upstream [1]. Applying the upstream patch [2] to the current ntp source package from stable seems to provide a remedy. However, I did not yet have the chance to fully evaluate the fix on a large scale, so I can't comment on security or stability aspects. Please also note that the issue might be dependent on specific platform details (e.g. "cpu features", as discussed upstream [1]), which probably explains why I found machines where ntpd started normally, instead of behaving as described above. Best, Frederic [1]: <http://bugs.ntp.org/show_bug.cgi?id=3391> [2]: <http://bugs.ntp.org/attachment.cgi?id=1512> # ulimit -c unlimited # /usr/sbin/ntpd Segmentation fault (core dumped) # dmesg | tail -n 1 [ 66.788751] ntpd[1502]: segfault at 7fb5623e5fa0 ip 00007fb5621d23e5 sp 00007fb5623e5fa0 error 6 in ld-2.24.so[7fb5621c9000+23000] # gdb /usr/sbin/ntpd core ... Reading symbols from /usr/sbin/ntpd...(no debugging symbols found)...done. [New LWP 1502] [New LWP 1501] warning: Unexpected size of section `.reg-xstate/1502' in core file. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/usr/sbin/ntpd'. Program terminated with signal SIGSEGV, Segmentation fault. warning: Unexpected size of section `.reg-xstate/1502' in core file. #0 do_lookup_x (undef_name=undef_name@entry=0x7fb560c35ca2 "strlen", new_hash=new_hash@entry=479443869, old_hash=old_hash@entry=0x7fb5623e60e0, ref=0x7fb560c34770, result=result@entry=0x7fb5623e60f0, scope=0x7fb5623ee428, i=0, version=0x55662cdce7b8, flags=5, skip=0x0, type_class=1, undef_map=0x55662cdce160) at dl-lookup.c:355 355 dl-lookup.c: No such file or directory. [Current thread is 1 (Thread 0x7fb5623e8700 (LWP 1502))] (gdb) backtrace #0 do_lookup_x (undef_name=undef_name@entry=0x7fb560c35ca2 "strlen", new_hash=new_hash@entry=479443869, old_hash=old_hash@entry=0x7fb5623e60e0, ref=0x7fb560c34770, result=result@entry=0x7fb5623e60f0, scope=0x7fb5623ee428, i=0, version=0x55662cdce7b8, flags=5, skip=0x0, type_class=1, undef_map=0x55662cdce160) at dl-lookup.c:355 #1 0x00007fb5621d30c1 in _dl_lookup_symbol_x (undef_name=0x7fb560c35ca2 "strlen", undef_map=0x55662cdce160, ref=ref@entry=0x7fb5623e61a8, symbol_scope=0x55662cdce4b8, version=0x55662cdce7b8, type_class=type_class@entry=1, flags=5, skip_map=0x0) at dl-lookup.c:833 #2 0x00007fb5621d7c54 in _dl_fixup (l=<optimized out>, reloc_arg=<optimized out>) at ../elf/dl-runtime.c:111 #3 0x00007fb5621df35a in _dl_runtime_resolve_xsavec () at ../sysdeps/x86_64/dl-trampoline.h:125 #4 0x00007fb560c44ae5 in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1 #5 0x00007fb560c451da in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1 #6 0x00007fb56116dc04 in __GI___dl_iterate_phdr (callback=0x7fb560c44da0, data=0x7fb5623e6d40) at dl-iteratephdr.c:76 #7 0x00007fb560c4611e in _Unwind_Find_FDE () from /lib/x86_64-linux-gnu/libgcc_s.so.1 #8 0x00007fb560c42b13 in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1 #9 0x00007fb560c43d30 in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1 #10 0x00007fb560c44336 in _Unwind_ForcedUnwind () from /lib/x86_64-linux-gnu/libgcc_s.so.1 #11 0x00007fb5613fdd60 in __GI___pthread_unwind (buf=<optimized out>) at unwind.c:121 #12 0x00007fb5613f3c5a in __do_cancel () at ./pthreadP.h:283 #13 sigcancel_handler (sig=<optimized out>, si=0x7fb5623e7370, ctx=<optimized out>) at nptl-init.c:220 #14 <signal handler called> #15 0x00007fb56110728d in nanosleep () at ../sysdeps/unix/syscall-template.S:84 #16 0x00007fb5611071da in __sleep (seconds=0) at ../sysdeps/posix/sleep.c:55 #17 0x000055662ba1d762 in ?? () #18 0x00007fb5613f5494 in start_thread (arg=0x7fb5623e8700) at pthread_create.c:333 #19 0x00007fb561137acf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-5-amd64 (SMP w/64 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ntp depends on: ii adduser 3.115 ii dpkg 1.18.24 ii libc6 2.24-11+deb9u2 ii libcap2 1:2.25-1 ii libedit2 3.1-20160903-3 ii libopts25 1:5.18.12-3 ii libssl1.1 1.1.0f-3+deb9u1 ii lsb-base 9.20161125 ii netbase 5.4 Versions of packages ntp recommends: ii perl 5.24.1-3+deb9u2 Versions of packages ntp suggests: pn ntp-doc <none> -- no debconf information