Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NTPD crashes "ntpd[13706]: mlockall(): Cannot allocate memory" #1785

Closed
W-M-D opened this issue Aug 25, 2017 · 10 comments
Closed

NTPD crashes "ntpd[13706]: mlockall(): Cannot allocate memory" #1785

W-M-D opened this issue Aug 25, 2017 · 10 comments
Labels
support Community support

Comments

@W-M-D
Copy link

W-M-D commented Aug 25, 2017

Hello i have a GPSDO that i wanted to set up with opnsense but every time it's plugged in NTPD crashes after this message.

ntpd -q
25 Aug 18:43:33 ntpd[97025]: ntpd 4.2.8p10@1.3728-o Wed Jul 26 06:44:42 UTC 2017 (1): Starting
25 Aug 18:43:33 ntpd[97025]: Command line: ntpd -q
25 Aug 18:43:33 ntpd[97025]: proto: precision = 0.063 usec (-24)
25 Aug 18:43:33 ntpd[97025]: Listen normally on 0 re0 192.168.1.8:123
25 Aug 18:43:33 ntpd[97025]: Listen normally on 1 lo0 [::1]:123
25 Aug 18:43:33 ntpd[97025]: Listen normally on 2 lo0 127.0.0.1:123
25 Aug 18:43:33 ntpd[97025]: Listening on routing socket on fd #23 for interface updates
25 Aug 18:43:33 ntpd[97025]: mlockall(): Cannot allocate memory
25 Aug 18:43:33 ntpd[97025]: ntpd exiting on signal 15 (Terminated)
@fichtner
Copy link
Member

Some old bugs exist for ntpd regarding mlockall() across BSDs... how much memory do you have in your system? is it enough? doesn't look like something we could fix from here.

@fichtner fichtner added the support Community support label Sep 19, 2017
@Heathy65
Copy link

I have this on a PC Engines board with 4GB RAM (at 33% usage). Am running OPNsense 17.7.5-amd64.

@jmatraszek
Copy link

Hi, I am having exactly the same issue (OPNsense 17.7.7_1-amd64 on PC Engines APU2 / 15% out of 4GB taken).

@fraenki
Copy link
Member

fraenki commented Nov 14, 2017

I've never seen this issue, maybe post your ntpd configurations to make it easier to reproduce this issue.

@jmatraszek
Copy link

That's mine config

% cat /var/etc/ntpd.conf                                                                                                                                          
#                                                                                                                                                                                
# Autogenerated configuration file                                                                                                                                               
#                                                                                                                                                                                
                                                                                                                                                                                 
tinker panic 0                                                                                                                                                                   
# Orphan mode stratum
tos orphan 12


# Upstream Servers
server 0.pl.pool.ntp.org iburst maxpoll 9


disable monitor
statsdir /var/log/ntp
logconfig =syncall +clockall
driftfile /var/db/ntpd.drift
restrict default kod limited nomodify nopeer notrap
restrict -6 default kod limited nomodify nopeer notrap

interface ignore all
interface listen igb0

@fichtner
Copy link
Member

@lattera had a thing to say about this regarding g ASLR if I recall correctly?

@lattera
Copy link
Contributor

lattera commented Nov 16, 2017

The mlockall error is not a fatal error. ntpd simply tries to ensure that its pages don't get swapped out to disk in low-memory situations[1]. If the call to mlockall fails, ntpd continues business as usual. The reason you're seeing the mlockall error is because HardenedBSD's stack randomization is really aggressive.

On 64-bit systems, the hardening.pax.aslr.stack_len tunable is set to 42 by default. Meaning, 42 bits of entropy is introduced into randomizing the location of the stack. You can change the tunable by placing the following in /boot/loader.conf.local:

hardening.pax.aslr.stack_len="some number here, less than 42"

With all that said, however, ntpd exiting is due to something else. Signal 15 is SIGTERM, which is not a crash, but a signal that normally and gracefully terminates ntpd.

1: https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/master/contrib/ntp/ntpd/ntpd.c#L916

@lattera
Copy link
Contributor

lattera commented Nov 16, 2017

(Also, note that modifying /boot/loader.conf.local requires a reboot for changes to take effect.)

@lattera
Copy link
Contributor

lattera commented Nov 16, 2017

(Also also, there's really no need to modify the stack entropy. Doing so leaves the ASLR implementation in a weak and potentially bruteforceable state.)

@fichtner fichtner mentioned this issue Jan 20, 2018
Closed
@AdSchellevis
Copy link
Member

timeout

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support Community support
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jmatraszek @lattera @fraenki @fichtner @W-M-D @AdSchellevis @Heathy65