On 4/27/2012 11:44 AM, Kurt Roeckx wrote:
On Thu, Apr 26, 2012 at 03:28:17PM -0700, Andris Kalnozols wrote:
Package: openssl
Version: 0.9.8o-4squeeze12
Severity: important
Tags: squeeze
The NTP daemon on our stratum-1 time server `clepsydra.dec.com' keeps
failing with this log message:
Apr 26 12:27:17 clepsydra kernel: [ 635.455671] ntpd[2598]: segfault at 20 ip
00007f727f118ec3 sp 00007fff1ecb9a78 error 4 in
libcrypto.so.0.9.8[7f727f039000+175000]
When linking with libcrypto.a, crashes still occur:
Apr 26 14:20:19 clepsydra kernel: [ 2191.670043] ntpd[2596]: segfault at 20 ip
0000000000470aa3 sp 00007fff49a93e78 error 4 in ntpd[400000+14f000]
Did you try this with 0.9.8o-4squeeze11? I assume
0.9.8o-4squeeze7 didn't have a problem?
I see that the squeeze7 release is still available:
apt-get install openssl=0.9.8o-4squeeze7
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be DOWNGRADED:
openssl
but trying to install the squeeze11 version gives this:
E: Version '0.9.8o-4squeeze11' for 'openssl' was not found
I appears that this is just for the kreebsd-amd64 architecture.
From the changelog, squeeze7 came out in January and I'm pretty
sure that the ntpd process never segfaulted until last month
when subsequent versions of the openssl package were released.
However, apt-get reports that the squeeze{8,9,10} versions are
unavailable to me.
Despite the following:
clepsydra# ulimit -a
core file size (blocks, -c) unlimited
running the process as root instead of uid=ntp
I assume you removed the -u option?
How about starting it in gdb? With the -n option it
should not fork, but I think gdb has an option to
follow the fork.
Yes, I modified the init.d startup script to strip out the "-u"
option and run ntpd as root. After the process aborted, I searched
the entire system for files named "core" and came up empty.
I will try to launch the daemon using gdb(1) and taking advantage
of the "set follow-fork-mode child" option. I'll use ntpd with
the libcrypto library statically linked. After getting a stack
backtrace (I hope), I'll downgrade to the squeeze7 version of
openssl as a baseline test to make sure that my assumption of
it not segfaulting is correct.
Thanks,
Andris
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org