Bug 120 (snmpd_segfault_tun)
| Summary: | snmpd segmentation faults in libc 2.11.1 at launch, when openvpn is running and there are tun* interfaces | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Server | Reporter: | Administrator <root> | ||||||||||||
| Component: | General | Assignee: | Administrator <root> | ||||||||||||
| Status: | VERIFIED FIXED | QA Contact: | Administrator <root> | ||||||||||||
| Severity: | blocker | ||||||||||||||
| Priority: | Very High (P1) | ||||||||||||||
| Version: | cvs | ||||||||||||||
| Target Milestone: | Future | ||||||||||||||
| Hardware: | PC | ||||||||||||||
| OS: | Linux | ||||||||||||||
| Whiteboard: | |||||||||||||||
| My Bug ID: | My description: | ||||||||||||||
| My date: | My choice: | ||||||||||||||
| My selection: | --- | ||||||||||||||
| Attachments: |
|
||||||||||||||
Increase priority and add reference to Linux-BG forum topic. Created attachment 127 [details]
The topic from Linux-bg.org
Here is the back trace provided by gdb: $ gdb /usr/sbin/snmpd GNU gdb (GDB) 7.1 Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-slackware-linux". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/sbin/snmpd...done. (gdb) run Starting program: /usr/sbin/snmpd [Thread debugging using libthread_db enabled] [New Thread 0xb78cab70 (LWP 9759)] Program received signal SIGSEGV, Segmentation fault. 0xb7b6c760 in strcmp () from /lib/libc.so.6 (gdb) bt #0 0xb7b6c760 in strcmp () from /lib/libc.so.6 #1 0xb7ab1a13 in netsnmp_remove_list_node (realhead=0x8051abc, name=0xb7d91bcc "ioctl_extras") at data_list.c:198 #2 0xb7d834f0 in netsnmp_ioctl_ipaddress_entry_cleanup (entry=0x8051a88) at ip-mib/data_access/ipaddress_ioctl.c:86 #3 0xb7d7fdb4 in netsnmp_arch_ipaddress_entry_cleanup (entry=0x8051a88) at ip-mib/data_access/ipaddress_linux.c:80 #4 0xb7d7f611 in netsnmp_access_ipaddress_entry_free (entry=0x8051a88) at ip-mib/data_access/ipaddress_common.c:189 #5 0xb7d7fb19 in _access_ipaddress_entry_release (entry=0x8051a88, context=0x0) at ip-mib/data_access/ipaddress_common.c:427 #6 0xb7ac4a5d in netsnmp_binary_array_clear (c=0x80515c0, fe=0xb7d7fafc <_access_ipaddress_entry_release>, context=0x0) at container_binary_array.c:327 #7 0xb7ac4f00 in _ba_clear (container=0x80515c0, f=0xb7d7fafc <_access_ipaddress_entry_release>, context=0x0) at container_binary_array.c:518 #8 0xb7d7f366 in CONTAINER_CLEAR (x=0x80515c0, f=0xb7d7fafc <_access_ipaddress_entry_release>, c=0x0) at ../../include/net-snmp/library/container.h:475 #9 0xb7d7f540 in netsnmp_access_ipaddress_container_free (container=0x80515c0, free_flags=0) at ip-mib/data_access/ipaddress_common.c:136 #10 0xb7d7dc4a in netsnmp_arch_interface_container_load (container=0x80513c8, load_flags=0) at if-mib/data_access/interface_linux.c:763 #11 0xb7d62df3 in netsnmp_access_interface_container_load (container=0x80513c8, load_flags=0) at if-mib/data_access/interface.c:159 #12 0xb7d62cc8 in netsnmp_access_interface_init () at if-mib/data_access/interface.c:88 #13 0xb7d84399 in init_mib_modules () at mib_modules.c:76 #14 0x0804b376 in main (argc=1, argv=0xbffff3b4) at snmpd.c:913 (gdb) up #1 0xb7ab1a13 in netsnmp_remove_list_node (realhead=0x8051abc, name=0xb7d91bcc "ioctl_extras") at data_list.c:198 198 if (head->name && strcmp(head->name, name) == 0) { (gdb) p *head $2 = {next = 0x0, name = 0x1d139 <Address 0x1d139 out of bounds>, data = 0x0, free_func = 0} Created attachment 128 [details]
Similar debugger trace and problem found in Mandriva
Created attachment 129 [details]
The configuration file and machine information
$ uname -a
Linux sotirov-bg 2.6.33.5 #2 Fri Jun 18 02:10:40 EEST 2010 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz GenuineIntel GNU/Linux
Created attachment 130 [details]
The same issue on RedHat's Bugzilla
Created attachment 131 [details]
Link to the upstream patch
As it seems the problem has been solved from more than 8 months with a patch to 5.5 revision (released on 2009-09-24).
The upstream patch works and the problem is solved. The results of the investigations and the findings from this bug are included the new package [http://sotirov-bg.net/slackpack/pack.cgi?id=906] for Slackware 13.1 provided on the SlackPack repository [http://sotirov-bg.net/slackpack/]. |
From /var/log/messages kernel: snmpd[1728]: segfault at 1d1e9 ip b73be760 sp bff96eb0 error 4 in libc-2.11.1.so[b7345000+15c000] Last few lines from strace: ... [many lines removed] open("/proc/net/dev", O_RDONLY|O_LARGEFILE) = 6 read(6, "Inter-| Receive "..., 1024) = 833 ... [many lines removed] open("/proc/sys/net/ipv4/neigh/tun0/retrans_time_ms", O_RDONLY|O_LARGEFILE) = 8 fstat64(8, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77a5000 read(8, "1000\n"..., 1024) = 5 close(8) = 0 munmap(0xb77a5000, 4096) = 0 read(6, ""..., 1024) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ There is no such problem at all on a clean installation of Slackware 13.1