Since upgrading to 4.2.8 I've started seeing my ntpd crash regularly
with an "out of memory" error. It's not caused by 4.2.8, as going back
to the previous version I was using (4.2.7p421) still shows the same
behavior, as does 4.2.8p1-beta2, but it started happening right after I
upgraded to 4.2.8. It always crashes within a few hours of being added
to the pool.
I ran under strace once to see what the "killer packet" was, but the
preceding packet before it died looks like a normal query, so I don't
think it's due to some kind of exploit. My current suspicion is
something to do with the "discard" directive but I don't know why this
would just now be popping up.
The server is running Fedora 20, with ntpd built from source. Anyone
seeing anything like this?
Full ntpd.conf:
driftfile /var/lib/ntp/drift
restrict default kod limited nomodify notrap nopeer
restrict -6 default kod limited nomodify notrap nopeer
discard average 4 minimum 1
restrict 127.0.0.1
restrict -6 ::1
restrict 172.24.0.0 mask 255.255.0.0 nomodify
server 172.24.0.6 iburst minpoll 3 maxpoll 5
server 172.24.0.7 iburst minpoll 3 maxpoll 5
server 128.118.25.5
server utcnist.colorado.edu
server 152.2.21.1 iburst
server rolex.usg.edu iburst
server ntp-4.vt.edu iburst
server clock02.mifl01.burst.net iburst
server time.nist.gov iburst
statistics clockstats cryptostats loopstats peerstats
statsdir /var/log/ntpstats
disable monitor
strace before it dies:
select(26, [16 17 18 19 20 21 22 23 24 25], NULL, NULL, {0, 0}) = 1 (in
[19], left {0, 0})
recvmsg(19, {msg_name(16)={sa_family=AF_INET, sin_port=htons(47375),
sin_addr=inet_addr("174.xx.xx.xx")},
msg_iov(1)=[{"\33\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\330E\7\340\3\225\201\20",
2120}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_SOCKET,
cmsg_type=0x23 /* SCM_??? */, ...}, msg_flags=0}, 0) = 48
recvmsg(19, 0x7fffd88709f0, 0) = -1 EAGAIN (Resource
temporarily unavailable)
brk(0) = 0x25e8000
brk(0x2609000) = 0x25e8000
mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = -1 EAGAIN (Resource temporarily unavailable)
mmap(NULL, 134217728, PROT_NONE,
MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 EAGAIN (Resource
temporarily unavailable)
mmap(NULL, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE,
-1, 0) = -1 EAGAIN (Resource temporarily unavailable)
mmap(NULL, 134217728, PROT_NONE,
MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 EAGAIN (Resource
temporarily unavailable)
mmap(NULL, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE,
-1, 0) = -1 EAGAIN (Resource temporarily unavailable)
brk(0) = 0x25e8000
brk(0x2609000) = 0x25e8000
mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = -1 EAGAIN (Resource temporarily unavailable)
mmap(NULL, 134217728, PROT_NONE,
MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 EAGAIN (Resource
temporarily unavailable)
mmap(NULL, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE,
-1, 0) = -1 EAGAIN (Resource temporarily unavailable)
mmap(NULL, 134217728, PROT_NONE,
MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 EAGAIN (Resource
temporarily unavailable)
mmap(NULL, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE,
-1, 0) = -1 EAGAIN (Resource temporarily unavailable)
sendto(3, "out of memory [61130]", 21, MSG_NOSIGNAL, NULL, 0) = 21
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
write(2, "24 Dec 04:37:36 ", 16) = -1 EBADF (Bad file descriptor)
write(2, "\0", 1) = -1 EBADF (Bad file descriptor)
write(2, "ntpd[61130]: ", 13) = -1 EBADF (Bad file descriptor)
write(2, "3", 1) = -1 EBADF (Bad file descriptor)
write(2, "fatal out of memory (4048 bytes)\n", 33) = -1 EBADF (Bad file
descriptor)
write(2, "\0", 1) = -1 EBADF (Bad file descriptor)
exit_group(1) = ?
+++ exited with 1 +++
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
