[Nagiosplug-devel] [ nagiosplug-Bugs-1862300 ] check_ntp_time segfault in 1.4.11
SourceForge.net
noreply at sourceforge.net
Fri Jan 4 07:54:03 CET 2008
Bugs item #1862300, was opened at 2008-01-02 11:39
Message generated for change (Comment added) made by dermoth
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1862300&group_id=29880
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: Release (specify)
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: digitalruin (digitalruin)
Assigned to: Thomas Guyot (dermoth)
Summary: check_ntp_time segfault in 1.4.11
Initial Comment:
Hi, I'm running 1.4.11 on a Solaris 9 setup and check_ntp_time seems to have a segfault issue. This only happens when running it against an ntp pool, not an individual host. See below:
/usr/local/nagios/libexec$ ./check_ntp_time -H 0.us.pool.ntp.org -w 60 -c 120
Segmentation Fault
/usr/local/nagios/libexec$ ./check_ntp_time -v -H 0.us.pool.ntp.org -w 60 -c 120
sending request to peer 0
sending request to peer 1
response from peer 0: offset 54.24633014
sending request to peer 0
response from peer 1: offset 54.23421776
.
. <snip>
.
response from peer 4: offset 54.23087406
sending request to peer 4
response from peer 4: offset 54.23018897
sending request to peer 4
response from peer 4: offset 54.23138392
Segmentation Fault
Here's the truss output:
sending request to peer 4
write(1, " s e n d i n g r e q u".., 26) = 26
write(8, "E3\004FA\001\0\0\001\0\0".., 48) = 48
poll(0x00034298, 5, 100) = 1
read(8, " $0104ED\0\0\0\0\0\0\011".., 48) = 48
response from peer 4: offset 54.24180388
write(1, " r e s p o n s e f r o".., 41) = 41
Incurred fault #6, FLTBOUNDS %pc = 0x00015FB4
siginfo: SIGSEGV SEGV_MAPERR addr=0x7FC1E3A4
Received signal #11, SIGSEGV [default]
siginfo: SIGSEGV SEGV_MAPERR addr=0x7FC1E3A4
And the traceback:
/usr/local/nagios/libexec# dbx /usr/local/nagios/libexec/check_ntp_time
Reading check_ntp_time
Reading ld.so.1
Reading libresolv.so.2
Reading libm.so.1
Reading libnsl.so.1
Reading libsocket.so.1
Reading libc.so.1
Reading libdl.so.1
Reading libmp.so.2
Reading libc_psr.so.1
(dbx) run -H 0.us.pool.ntp.org -w 60 -c 120
Running: check_ntp_time -H 0.us.pool.ntp.org -w 60 -c 120
(process id 12120)
signal SEGV (no mapping at the fault address) in offset_request at line 427 in file "check_ntp_time.c"
(dbx) where
=>[1] offset_request(host = 0x354b0 "0.us.pool.ntp.org", status = 0xffbffae4), line 427 in "check_ntp_time.c"
[2] main(argc = 7, argv = 0xffbffb54), line 554 in "check_ntp_time.c"
----------------------------------------------------------------------
>Comment By: Thomas Guyot (dermoth)
Date: 2008-01-04 01:54
Message:
Logged In: YES
user_id=375623
Originator: NO
> best server selected: peer 1273064242
This is plain wrong. This should be between 0 and 5 and is definitely why
you get a segfault. How you end up with that value is mystery though. Can
you please apply the attached patch (check_ntp_time.mega_debug.patch) and
send again the full output of -vvv? The patch basically trace every
operation in best_offset_server and print out what's going on.
Thanks
File Added: check_ntp_time.mega_debug.patch
----------------------------------------------------------------------
Comment By: digitalruin (digitalruin)
Date: 2008-01-03 11:41
Message:
Logged In: YES
user_id=1609785
Originator: YES
Here, I was able to pull a more detailed traceback with the core dump.
Definitely the function that selects the best server:
=>[1] best_offset_server(slist = 0x354a8, nservers = 5), line 310 in
"check_ntp.c"
[2] offset_request(host = 0x36aa0 "1.us.pool.ntp.org", status =
0xffbffb5c), line 477 in "check_ntp.c"
[3] main(argc = 8, argv = 0xffbffbcc), line 778 in "check_ntp.c"
----------------------------------------------------------------------
Comment By: digitalruin (digitalruin)
Date: 2008-01-03 11:38
Message:
Logged In: YES
user_id=1609785
Originator: YES
No problem. Yeah it's the same in check_ntp. I actually had it pass once
without failing, but I think it was due to the server only having a two or
three choices. With full verbose I can see that it segfaults when choosing
the best server to go with. If it has x<n servers to choose from it's ok,
x>n it segfaults during the decision. So to simplify, no segfault when
runnng the check against one ntp server. Possibly no segfault when running
it against a pool that only consists of three or four. Always segfaults
when hitting a large pool server like ntp.org. Here's the info... I ran it
twice with both two different ntp hubs and it failed:
# ./check_ntp -vvv -H 1.us.pool.ntp.org -w 60 -c 120
sending request to peer 0
response from peer 0: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.02667236328125
rtdisp = 0.0340576171875
refid = 4524e00f
refts = 1199377286.33416
origts = 1199377653.767585
rxts = 1199377710.512649
txts = 1199377710.512664
offset 56.70649898
sending request to peer 0
response from peer 0: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.02667236328125
rtdisp = 0.0340576171875
refid = 4524e00f
refts = 1199377286.33416
origts = 1199377653.850921
rxts = 1199377710.594606
txts = 1199377710.594627
offset 56.70579767
sending request to peer 0
response from peer 0: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.02667236328125
rtdisp = 0.0340576171875
refid = 4524e00f
refts = 1199377286.33416
origts = 1199377653.927373
rxts = 1199377710.670819
txts = 1199377710.670839
offset 56.70584822
sending request to peer 0
response from peer 0: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.02667236328125
rtdisp = 0.0340576171875
refid = 4524e00f
refts = 1199377286.33416
origts = 1199377654.003221
rxts = 1199377710.747487
txts = 1199377710.747508
offset 56.70499885
sending request to peer 1
response from peer 1: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 1.90735e-06
rtdelay = 0.011322021484375
rtdisp = 0.034637451171875
refid = d8dafeca
refts = 1199376447.026551
origts = 1199377654.082479
rxts = 1199377710.829896
txts = 1199377710.82992
offset 56.70595193
sending request to peer 1
response from peer 1: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 1.90735e-06
rtdelay = 0.011322021484375
rtdisp = 0.034637451171875
refid = d8dafeca
refts = 1199376447.026551
origts = 1199377654.166106
rxts = 1199377710.913108
txts = 1199377710.913127
offset 56.70589066
sending request to peer 1
response from peer 1: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 1.90735e-06
rtdelay = 0.011322021484375
rtdisp = 0.034637451171875
refid = d8dafeca
refts = 1199376447.026551
origts = 1199377654.248994
rxts = 1199377710.996055
txts = 1199377710.996118
offset 56.70593584
sending request to peer 1
response from peer 1: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 1.90735e-06
rtdelay = 0.011322021484375
rtdisp = 0.0346527099609375
refid = d8dafeca
refts = 1199376447.026551
origts = 1199377654.331923
rxts = 1199377711.078835
txts = 1199377711.078882
offset 56.70586824
sending request to peer 2
response from peer 2: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.008636474609375
rtdisp = 0.0222625732421875
refid = 84ef0106
refts = 1199377322.977451
origts = 1199377654.414673
rxts = 1199377711.154322
txts = 1199377711.154334
offset 56.69950116
sending request to peer 2
response from peer 2: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.008636474609375
rtdisp = 0.0222625732421875
refid = 84ef0106
refts = 1199377322.977451
origts = 1199377654.495628
rxts = 1199377711.234703
txts = 1199377711.234713
offset 56.6990782
sending request to peer 2
response from peer 2: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.008636474609375
rtdisp = 0.0222625732421875
refid = 84ef0106
refts = 1199377322.977451
origts = 1199377654.576271
rxts = 1199377711.31571
txts = 1199377711.315721
offset 56.69919193
sending request to peer 2
response from peer 2: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.008636474609375
rtdisp = 0.0222625732421875
refid = 84ef0106
refts = 1199377322.977451
origts = 1199377654.657396
rxts = 1199377711.396339
txts = 1199377711.39635
offset 56.69902682
sending request to peer 3
response from peer 3: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.0074005126953125
rtdisp = 0.028106689453125
refid = 121a0469
refts = 1199376997.261332
origts = 1199377654.737869
rxts = 1199377711.4489
txts = 1199377711.448967
offset 56.70623863
sending request to peer 3
response from peer 3: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.0074005126953125
rtdisp = 0.028106689453125
refid = 121a0469
refts = 1199376997.261332
origts = 1199377654.748154
rxts = 1199377711.45769
txts = 1199377711.457742
offset 56.70598435
sending request to peer 3
response from peer 3: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.0074005126953125
rtdisp = 0.028106689453125
refid = 121a0469
refts = 1199376997.261332
origts = 1199377654.755922
rxts = 1199377711.466313
txts = 1199377711.466348
offset 56.7064172
sending request to peer 3
response from peer 3: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.0074005126953125
rtdisp = 0.028106689453125
refid = 121a0469
refts = 1199376997.261332
origts = 1199377654.76451
rxts = 1199377711.473845
txts = 1199377711.47388
offset 56.70550835
sending request to peer 4
response from peer 4: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.0049896240234375
rtdisp = 0.0347747802734375
refid = d133a1ee
refts = 1199376808.487007
origts = 1199377654.772819
rxts = 1199377711.483832
txts = 1199377711.483859
offset 56.70550382
sending request to peer 4
response from peer 4: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.0049896240234375
rtdisp = 0.0347747802734375
refid = d133a1ee
refts = 1199376808.487007
origts = 1199377654.784468
rxts = 1199377711.496182
txts = 1199377711.496194
offset 56.70548892
sending request to peer 4
response from peer 4: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.0049896240234375
rtdisp = 0.0347747802734375
refid = d133a1ee
refts = 1199376808.487007
origts = 1199377654.797513
rxts = 1199377711.508051
txts = 1199377711.508061
offset 56.70531833
sending request to peer 4
response from peer 4: packet contents:
flags: 0x24
li=0 (0x00)
vn=4 (0x20)
mode=4 (0x04)
stratum = 2
poll = 16
precision = 9.53674e-07
rtdelay = 0.0049896240234375
rtdisp = 0.0347747802734375
refid = d133a1ee
refts = 1199376808.487007
origts = 1199377654.808561
rxts = 1199377711.522168
txts = 1199377711.52218
offset 56.70665574
best server selected: peer 1273064242
Segmentation Fault (core dumped)
Here's the dbx traceback from check_ntp:
=>[1] offset_request(host = 0x36aa0 "1.us.pool.ntp.org", status =
0xffbffad4), line 482 in "check_ntp.c"
[2] main(argc = 6, argv = 0xffbffb44), line 778 in "check_ntp.c"
----------------------------------------------------------------------
Comment By: Thomas Guyot (dermoth)
Date: 2008-01-03 07:39
Message:
Logged In: YES
user_id=375623
Originator: NO
Hi,
I'm the author of check_ntp_time and it's mostly based on check_ntp
(written by Sean Finney). The specific place where it segfaults
(offset_request function) hasn't been modified so this should apply to
check_ntp.c as well. Could you confirm running check_ntp with the same
arguments does the same segfault?
Also I can't reproduce the bug on my Linux and Solaris boxes and FreeBSD
VM. Does it happens all the time? Is it's still happening?
To debug further I will need the full verbose output of the plug-in
("-vvv" instead of "-v").
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1862300&group_id=29880
More information about the Devel
mailing list