Bug 120 (snmpd_segfault_tun) - snmpd segmentation faults in libc 2.11.1 at launch, when openvpn is running and there are tun* interfaces
Summary: snmpd segmentation faults in libc 2.11.1 at launch, when openvpn is running a...
Status: VERIFIED FIXED
Alias: snmpd_segfault_tun
Product: Server
Classification: Other
Component: General (show other bugs)
Version: cvs
Hardware: PC Linux
: Very High (P1) blocker (vote)
Target Milestone: Future
Assignee: Administrator
QA Contact: Administrator
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-20 11:20 EEST by Administrator
Modified: 2010-09-21 12:10 EEST (History)
0 users

See Also:
My Bug ID:
My description:
My date:
My choice:
My selection: ---


Attachments
The topic from Linux-bg.org (51 bytes, text/plain)
2010-09-15 11:22 EEST, Administrator
no flags Details
Similar debugger trace and problem found in Mandriva (45 bytes, text/plain)
2010-09-20 11:12 EEST, Administrator
no flags Details
The configuration file and machine information (4.60 KB, text/plain)
2010-09-20 11:24 EEST, Administrator
no flags Details
The same issue on RedHat's Bugzilla (50 bytes, text/plain)
2010-09-20 11:30 EEST, Administrator
no flags Details
Link to the upstream patch (80 bytes, text/plain)
2010-09-20 11:41 EEST, Administrator
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Administrator admin 2010-09-15 11:20:46 EEST
From /var/log/messages

kernel: snmpd[1728]: segfault at 1d1e9 ip b73be760 sp bff96eb0 error 4 in libc-2.11.1.so[b7345000+15c000]

Last few lines from strace:

... [many lines removed]
open("/proc/net/dev", O_RDONLY|O_LARGEFILE) = 6
read(6, "Inter-|   Receive                "..., 1024) = 833
... [many lines removed]
open("/proc/sys/net/ipv4/neigh/tun0/retrans_time_ms", O_RDONLY|O_LARGEFILE) = 8
fstat64(8, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77a5000
read(8, "1000\n"..., 1024)              = 5
close(8)                                = 0
munmap(0xb77a5000, 4096)                = 0
read(6, ""..., 1024)                    = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

There is no such problem at all on a clean installation of Slackware 13.1
Comment 1 Administrator admin 2010-09-15 11:22:00 EEST
Increase priority and add reference to Linux-BG forum topic.
Comment 2 Administrator admin 2010-09-15 11:22:49 EEST
Created attachment 127 [details]
The topic from Linux-bg.org
Comment 3 Administrator admin 2010-09-20 11:08:08 EEST
Here is the back trace provided by gdb:

$ gdb /usr/sbin/snmpd
GNU gdb (GDB) 7.1
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-slackware-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/snmpd...done.
(gdb) run
Starting program: /usr/sbin/snmpd 
[Thread debugging using libthread_db enabled]
[New Thread 0xb78cab70 (LWP 9759)]

Program received signal SIGSEGV, Segmentation fault.
0xb7b6c760 in strcmp () from /lib/libc.so.6
(gdb) bt
#0  0xb7b6c760 in strcmp () from /lib/libc.so.6
#1  0xb7ab1a13 in netsnmp_remove_list_node (realhead=0x8051abc, name=0xb7d91bcc "ioctl_extras") at data_list.c:198
#2  0xb7d834f0 in netsnmp_ioctl_ipaddress_entry_cleanup (entry=0x8051a88) at ip-mib/data_access/ipaddress_ioctl.c:86
#3  0xb7d7fdb4 in netsnmp_arch_ipaddress_entry_cleanup (entry=0x8051a88) at ip-mib/data_access/ipaddress_linux.c:80
#4  0xb7d7f611 in netsnmp_access_ipaddress_entry_free (entry=0x8051a88) at ip-mib/data_access/ipaddress_common.c:189
#5  0xb7d7fb19 in _access_ipaddress_entry_release (entry=0x8051a88, context=0x0) at ip-mib/data_access/ipaddress_common.c:427
#6  0xb7ac4a5d in netsnmp_binary_array_clear (c=0x80515c0, fe=0xb7d7fafc <_access_ipaddress_entry_release>, context=0x0) at container_binary_array.c:327
#7  0xb7ac4f00 in _ba_clear (container=0x80515c0, f=0xb7d7fafc <_access_ipaddress_entry_release>, context=0x0) at container_binary_array.c:518
#8  0xb7d7f366 in CONTAINER_CLEAR (x=0x80515c0, f=0xb7d7fafc <_access_ipaddress_entry_release>, c=0x0) at ../../include/net-snmp/library/container.h:475
#9  0xb7d7f540 in netsnmp_access_ipaddress_container_free (container=0x80515c0, free_flags=0) at ip-mib/data_access/ipaddress_common.c:136
#10 0xb7d7dc4a in netsnmp_arch_interface_container_load (container=0x80513c8, load_flags=0) at if-mib/data_access/interface_linux.c:763
#11 0xb7d62df3 in netsnmp_access_interface_container_load (container=0x80513c8, load_flags=0) at if-mib/data_access/interface.c:159
#12 0xb7d62cc8 in netsnmp_access_interface_init () at if-mib/data_access/interface.c:88
#13 0xb7d84399 in init_mib_modules () at mib_modules.c:76
#14 0x0804b376 in main (argc=1, argv=0xbffff3b4) at snmpd.c:913
(gdb) up
#1  0xb7ab1a13 in netsnmp_remove_list_node (realhead=0x8051abc, name=0xb7d91bcc "ioctl_extras") at data_list.c:198
198             if (head->name && strcmp(head->name, name) == 0) {
(gdb) p *head
$2 = {next = 0x0, name = 0x1d139 <Address 0x1d139 out of bounds>, data = 0x0, free_func = 0}
Comment 4 Administrator admin 2010-09-20 11:12:31 EEST
Created attachment 128 [details]
Similar debugger trace and problem found in Mandriva
Comment 5 Administrator admin 2010-09-20 11:24:13 EEST
Created attachment 129 [details]
The configuration file and machine information

$ uname -a     
Linux sotirov-bg 2.6.33.5 #2 Fri Jun 18 02:10:40 EEST 2010 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz GenuineIntel GNU/Linux
Comment 6 Administrator admin 2010-09-20 11:30:27 EEST
Created attachment 130 [details]
The same issue on RedHat's Bugzilla
Comment 7 Administrator admin 2010-09-20 11:41:33 EEST
Created attachment 131 [details]
Link to the upstream patch

As it seems the problem has been solved from more than 8 months with a patch to 5.5 revision (released on 2009-09-24).
Comment 8 Administrator admin 2010-09-20 12:25:29 EEST
The upstream patch works and the problem is solved.
Comment 9 Administrator admin 2010-09-21 12:10:14 EEST
The results of the investigations and the findings from this bug are included the new package [http://sotirov-bg.net/slackpack/pack.cgi?id=906] for Slackware 13.1 provided on the SlackPack repository [http://sotirov-bg.net/slackpack/].


bug/show.html.tmpl processed on Mar 28, 2024 at 16:17:39.
(provided by the Example extension).