Bug 204046

Summary: ntpq aborts with trap 6
Product: Base System Reporter: Bengt Ahlgren <bahlgren>
Component: binAssignee: FreeBSD Security Officer <security-officer>
Status: Closed FIXED    
Severity: Affects Many People CC: dave, delphij, des, elofu17, falkenbe, glebius, jdc, listat2018, marc, pyo, truckman
Priority: ---    
Version: 9.3-RELEASE   
Hardware: amd64   
OS: Any   

Description Bengt Ahlgren 2015-10-26 21:26:27 UTC 
After the security update to 9.3-RELEASE-p29 with new ntp, the ntpq program does not work:

# ntpq -p
/usr/src/usr.sbin/ntp/libntp/../../../contrib/ntp/lib/isc/unix/net.c:221: fatal error: RUNTIME_CHECK(((pthread_once((&once), (initialize_action)) == 0) ? 0 : 34) == 0) failed
Abort trap: 6 (core dumped)

This is on a source-updated system.

Some more info:

# ldd /usr/bin/ntpq 
/usr/bin/ntpq:
        libedit.so.7 => /lib/libedit.so.7 (0x800856000)
        libm.so.5 => /lib/libm.so.5 (0x800a7e000)
        libcrypto.so.6 => /lib/libcrypto.so.6 (0x800c9f000)
        libc.so.7 => /lib/libc.so.7 (0x801047000)
        libncurses.so.8 => /lib/libncurses.so.8 (0x8013a2000)

This however works:

# LD_PRELOAD=/lib/libthr.so.3 ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+h153n1-th-c-d3. 193.11.166.2     2 u   41   64  377   10.090   -7.601   0.110
+94.246.113.188  192.36.144.23    2 u   41   64  377    6.211   -6.278   0.161
*time4.stupi.se  .PPS.            1 u   30   64  377    0.971   -7.200   0.105
Comment 1 Don Lewis freebsd_committer freebsd_triage 2015-10-26 22:53:37 UTC 
Looks like it needs:
  LDADD+= -lpthread
after the .endif in its Makefile.  I think it has to be added there so that it is at the end of the list of libraries since since the fix to /usr/share/mk/bsd.libnames.mk to enforce the ordering of -lpthread and -lc is not present.
Comment 2 Xin LI freebsd_committer freebsd_triage 2015-10-27 00:20:11 UTC 
Take.
Comment 3 Gleb Smirnoff freebsd_committer freebsd_triage 2015-10-27 07:43:27 UTC 
Don's advice works. Thanks!
Comment 4 commit-hook freebsd_committer freebsd_triage 2015-10-27 12:03:49 UTC 
A commit references this bug:

Author: glebius
Date: Tue Oct 27 12:03:14 UTC 2015
New revision: 290044
URL: https://svnweb.freebsd.org/changeset/base/290044

Log:
  Link ntpq with pthread.

  PR:		204046
  Submitted by:	truckman

Changes:
  stable/9/usr.sbin/ntp/ntpq/Makefile
Comment 5 elofu17 2015-10-27 17:14:11 UTC 
When will this commit reach the freebsd-update servers?
ntpq on all my 9.3-machines crash with signal 6.

~> /usr/sbin/freebsd-update fetch 
Looking up update.FreeBSD.org mirrors... none found.
Fetching metadata signature for 9.3-RELEASE from update.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files are affected by updates, but no changes have
been downloaded because the files have been modified locally:
/etc/ntp.conf

The following files will be removed as part of updating to 9.3-RELEASE-p29:

~> /usr/sbin/freebsd-update install
Installing updates... done.

~> ntpq -pn
/usr/src/usr.sbin/ntp/libntp/../../../contrib/ntp/lib/isc/unix/net.c:221: fatal error: RUNTIME_CHECK(((pthread_once((&once), (initialize_action)) == 0) ? 0 : 34) == 0) failed
Abort trap: 6 (core dumped)



(on FreeBSD 10.1 everything is working fine)
Comment 6 elofu17 2015-10-28 16:21:41 UTC 
Shouldn't this commit have hit the freebsd-update servers by now?

Updating to 9.3-RELEASE-p29.

# ntpq
/usr/src/usr.sbin/ntp/libntp/../../../contrib/ntp/lib/isc/unix/net.c:221: fatal error: RUNTIME_CHECK(((pthread_once((&once), (initialize_action)) == 0) ? 0 : 34) == 0) failed
Abort trap: 6 (core dumped)
Comment 7 elofu17 2015-10-30 09:25:39 UTC 
It's been four days and 'ntpq' and 'ntpdc' both still crash with signal 6.

When will this patch be committed to releng/9.3?
Comment 8 dave 2015-11-01 19:45:24 UTC 
And for that matter, why is "freebsd-upgrade fetch" trying to load the NTP source on a binary-only system?
Comment 9 elofu17 2015-11-02 10:18:33 UTC 
Dave, you can solve that by removing "src" from 'Components' in /etc/freebsd-update.conf :

#Components src world kernel
Components world kernel




Personally I'm more interested in getting rid of the
"The following files are affected by updates, but no changes have
been downloaded because the files have been modified locally:
/etc/ntp.conf"

In my 10+ years of using FreeBSD I've never come across this situation where 'freebsd-update' complain about a conf-file that I've modified.
(I have e.g. modified my sshd_config, so why have I never seen the above complaints for that file?)

Is the solution to this using 'IgnorePaths'?




Regarding the real issue at hand, 'ntpq' and 'ntpdc' _still_ crash.
When will 9.3-RELEASE-p30 be released?
Comment 10 dave 2015-11-03 02:59:14 UTC 
(In reply to elofu17 from comment #9)

That did the trick; thanks!  I wonder why it was just NTP that was being annoying?
Comment 11 elofu17 2015-11-03 13:29:09 UTC 
Still no comments nor any updates to this issue. *sob*

Is releng/9.3 frozen, or what's the holdup?
Comment 12 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2015-11-03 13:58:35 UTC 
(In reply to elofu17 from comment #11)
> Still no comments nor any updates to this issue. *sob*
> 
> Is releng/9.3 frozen, or what's the holdup?

I'm sure the secteam could push out a new update in about five minutes which would fix this bug and introduce three new ones.

Or you can wait until they've had time to test it properly.  Your call.
Comment 13 Gleb Smirnoff freebsd_committer freebsd_triage 2015-11-04 10:42:54 UTC 
*** Bug 204048 has been marked as a duplicate of this bug. ***
Comment 14 commit-hook freebsd_committer freebsd_triage 2015-11-04 11:27:28 UTC 
A commit references this bug:

Author: glebius
Date: Wed Nov  4 11:27:14 UTC 2015
New revision: 290361
URL: https://svnweb.freebsd.org/changeset/base/290361

Log:
  o Fix regressions related to SA-15:25 upgrade of NTP. [1]
  o Fix kqueue write events never fired for files greater 2GB. [2]
  o Fix kpplications exiting due to segmentation violation on a correct
    memory address. [3]

  PR:		204046 [1]
  PR:		204203 [1]
  Errata Notice:	FreeBSD-EN-15:19.kqueue [2]
  Errata Notice:	FreeBSD-EN-15:20.vm [3]
  Approved by:	so

Changes:
_U  releng/10.2/
  releng/10.2/UPDATING
  releng/10.2/sys/conf/newvers.sh
  releng/10.2/sys/sys/vnode.h
  releng/10.2/sys/vm/vm_map.c
  releng/10.2/usr.sbin/ntp/config.h
Comment 15 commit-hook freebsd_committer freebsd_triage 2015-11-04 11:27:35 UTC 
A commit references this bug:

Author: glebius
Date: Wed Nov  4 11:27:22 UTC 2015
New revision: 290362
URL: https://svnweb.freebsd.org/changeset/base/290362

Log:
  o Fix regressions related to SA-15:25 upgrade of NTP. [1]
  o Fix kqueue write events never fired for files greater 2GB. [2]
  o Fix kpplications exiting due to segmentation violation on a correct
    memory address. [3]

  PR:		204046 [1]
  PR:		204203 [1]
  Errata Notice:	FreeBSD-EN-15:19.kqueue [2]
  Errata Notice:	FreeBSD-EN-15:20.vm [3]
  Approved by:	so

Changes:
_U  releng/10.1/
  releng/10.1/UPDATING
  releng/10.1/sys/conf/newvers.sh
  releng/10.1/sys/sys/vnode.h
  releng/10.1/sys/vm/vm_map.c
  releng/10.1/usr.sbin/ntp/config.h
Comment 16 commit-hook freebsd_committer freebsd_triage 2015-11-04 11:28:38 UTC 
A commit references this bug:

Author: glebius
Date: Wed Nov  4 11:27:31 UTC 2015
New revision: 290363
URL: https://svnweb.freebsd.org/changeset/base/290363

Log:
  o Fix regressions related to SA-15:25 upgrade of NTP. [1]
  o Fix kqueue write events never fired for files greater 2GB. [2]
  o Fix kpplications exiting due to segmentation violation on a correct
    memory address. [3]

  PR:		204046 [1]
  PR:		204203 [1]
  Errata Notice:	FreeBSD-EN-15:19.kqueue [2]
  Errata Notice:	FreeBSD-EN-15:20.vm [3]
  Approved by:	so

Changes:
  releng/9.3/UPDATING
_U  releng/9.3/sys/
  releng/9.3/sys/conf/newvers.sh
  releng/9.3/sys/sys/vnode.h
  releng/9.3/sys/vm/vm_map.c
_U  releng/9.3/usr.sbin/ntp/
  releng/9.3/usr.sbin/ntp/config.h
  releng/9.3/usr.sbin/ntp/ntpdc/Makefile
  releng/9.3/usr.sbin/ntp/ntpq/Makefile
Comment 17 commit-hook freebsd_committer freebsd_triage 2015-11-04 11:52:44 UTC 
A commit references this bug:

Author: glebius
Date: Wed Nov  4 11:52:13 UTC 2015
New revision: 47736
URL: https://svnweb.freebsd.org/changeset/doc/47736

Log:
  o Fix regressions related to SA-15:25 upgrade of NTP. [1]
  o Fix kqueue write events never fired for files greater 2GB. [2]
  o Fix kpplications exiting due to segmentation violation on a correct
    memory address. [3]

  PR:		204046 [1]
  PR:		204203 [1]
  Errata Notice:	FreeBSD-EN-15:19.kqueue [2]
  Errata Notice:	FreeBSD-EN-15:20.vm [3]
  Approved by:	so

Changes:
  head/share/security/advisories/FreeBSD-EN-15:19.kqueue.asc
  head/share/security/advisories/FreeBSD-EN-15:20.vm.asc
  head/share/security/advisories/FreeBSD-SA-15:25.ntp.asc
  head/share/security/patches/EN-15:19/
  head/share/security/patches/EN-15:19/kqueue.patch
  head/share/security/patches/EN-15:19/kqueue.patch.asc
  head/share/security/patches/EN-15:20/
  head/share/security/patches/EN-15:20/vm.patch
  head/share/security/patches/EN-15:20/vm.patch.asc
  head/share/security/patches/SA-15:25/ntp-101-inc.patch
  head/share/security/patches/SA-15:25/ntp-101-inc.patch.asc
  head/share/security/patches/SA-15:25/ntp-101.patch.asc
  head/share/security/patches/SA-15:25/ntp-101.patch.bz2
  head/share/security/patches/SA-15:25/ntp-101.patch.xz
  head/share/security/patches/SA-15:25/ntp-102-inc.patch
  head/share/security/patches/SA-15:25/ntp-102-inc.patch.asc
  head/share/security/patches/SA-15:25/ntp-102.patch.asc
  head/share/security/patches/SA-15:25/ntp-102.patch.bz2
  head/share/security/patches/SA-15:25/ntp-102.patch.xz
  head/share/security/patches/SA-15:25/ntp-93-inc.patch
  head/share/security/patches/SA-15:25/ntp-93-inc.patch.asc
  head/share/security/patches/SA-15:25/ntp-93.patch.asc
  head/share/security/patches/SA-15:25/ntp-93.patch.bz2
  head/share/security/patches/SA-15:25/ntp-93.patch.xz
  head/share/xml/notices.xml