Ubuntu
net-snmp package

segfault when querying

Bug #65047 reported by Chris Jones on 2006-10-10

Affects		Status	Importance	Assigned to	Milestone
	Net-SNMP	Fix Released	Unknown	debbugs #370132
	net-snmp (Ubuntu)	Fix Released	High	Soren Hansen

Bug Description

Installed net-snmp on a server (itanium) and enabled disk/load checks. When I query the server with snmpwalk (or cricket), snmpd segfaults. Below is a gdb backtrace from such a segfault, triggered by snmpwalk.

halley:~# gdb /usr/sbin/snmpd
GNU gdb 6.4-debian
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "ia64-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".

(gdb) run -f -Lsd -Lf /dev/null -u snmp -p /var/run/snmpd.pid
Starting program: /usr/sbin/snmpd -f -Lsd -Lf /dev/null -u snmp -p /var/run/snmpd.pid
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)

Program received signal SIGSEGV, Segmentation fault.
0x2000000000136760 in _mfd_ifTable_get_values ()
   from /usr/lib/libnetsnmpmibs.so.9
(gdb) bt
#0 0x2000000000136760 in _mfd_ifTable_get_values ()
   from /usr/lib/libnetsnmpmibs.so.9
#1 0x20000000002d59e0 in _baby_steps_access_multiplexer ()
   from /usr/lib/libnetsnmphelpers.so.9
#2 0x200000000027d910 in netsnmp_call_handler ()
   from /usr/lib/libnetsnmpagent.so.9
#3 0x200000000027e5f0 in netsnmp_call_next_handler ()
   from /usr/lib/libnetsnmpagent.so.9
#4 0x20000000002d4b50 in _baby_steps_helper ()
   from /usr/lib/libnetsnmphelpers.so.9
#5 0x200000000027d910 in netsnmp_call_handler ()
   from /usr/lib/libnetsnmpagent.so.9
#6 0x200000000027e5f0 in netsnmp_call_next_handler ()
   from /usr/lib/libnetsnmpagent.so.9
#7 0x20000000002e2e60 in netsnmp_row_merge_helper_handler ()
   from /usr/lib/libnetsnmphelpers.so.9
#8 0x200000000027d910 in netsnmp_call_handler ()
   from /usr/lib/libnetsnmpagent.so.9
#9 0x200000000027e5f0 in netsnmp_call_next_handler ()
   from /usr/lib/libnetsnmpagent.so.9
#10 0x20000000002e85a0 in _container_table_handler ()
   from /usr/lib/libnetsnmphelpers.so.9
#11 0x200000000027d910 in netsnmp_call_handler ()
   from /usr/lib/libnetsnmpagent.so.9
#12 0x200000000027e5f0 in netsnmp_call_next_handler ()
   from /usr/lib/libnetsnmpagent.so.9
#13 0x20000000002f2e80 in table_helper_handler ()
   from /usr/lib/libnetsnmphelpers.so.9
---Type <return> to continue, or q <return> to quit---
#14 0x200000000027d910 in netsnmp_call_handler ()
   from /usr/lib/libnetsnmpagent.so.9
#15 0x200000000027e100 in netsnmp_call_handlers ()
   from /usr/lib/libnetsnmpagent.so.9
#16 0x2000000000265450 in handle_var_requests ()
   from /usr/lib/libnetsnmpagent.so.9
#17 0x2000000000265e60 in handle_getnext_loop ()
   from /usr/lib/libnetsnmpagent.so.9
#18 0x2000000000267010 in handle_pdu () from /usr/lib/libnetsnmpagent.so.9
#19 0x2000000000269430 in netsnmp_handle_request ()
   from /usr/lib/libnetsnmpagent.so.9
#20 0x2000000000269ff0 in handle_snmp_packet ()
   from /usr/lib/libnetsnmpagent.so.9
#21 0x200000000039d5d0 in snmp_create_sess_pdu () from /usr/lib/libnetsnmp.so.9
#22 0x0000000000000000 in ?? ()
(gdb) quit

Revision history for this message

Chris Jones (cmsj) wrote on 2006-10-10:

Observed on a second ia64 server. Both are running dapper.

Changed in net-snmp:
importance:	Undecided → High
status:	Unconfirmed → Confirmed

Bug Watch Updater (bug-watch-updater) on 2006-10-19

Changed in netsnmp:
status:	Unknown → Unconfirmed

Bug Watch Updater (bug-watch-updater) on 2006-12-20

Changed in netsnmp:
status:	Unconfirmed → Confirmed

Bug Watch Updater (bug-watch-updater) on 2006-12-27

Changed in netsnmp:
status:	Confirmed → Fix Released

Revision history for this message

nil (slerena) wrote on 2007-05-07:

Download full text (5.2 KiB)

I have similar problems running libsnmp-perl binding. I was doing a simple SNMP-GET request.

System: Intel Centrino Core Dup 1.8Ghz, ubuntu feisty, kernel 2.6.20-15-lowlatency #2 SMP PREEMPT, updated at 07 May 2007.

I have similar problems running libsnmp-perl binding. I was doing a simple SNMP-GET request.

System: Intel Centrino Core Dup 1.8Ghz, ubuntu feisty, kernel 2.6.20-15-lowlatency #2 SMP PREEMPT, updated at 07 May 2007.

*** glibc detected *** /usr/bin/perl: double free or corruption (!prev): 0xb33ce888 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7ea17cd]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7ea4e30]
/usr/lib/libnetsnmp.so.9(snmp_free_var+0x82)[0xb7c105f2]
/usr/lib/libnetsnmp.so.9(snmp_free_varbind+0x2a)[0xb7c1064a]
/usr/lib/libnetsnmp.so.9(snmp_free_pdu+0x44)[0xb7c10b44]
/usr/lib/libnetsnmp.so.9(snmp_sess_timeout+0x105)[0xb7c1c005]
/usr/lib/libnetsnmp.so.9(snmp_timeout+0x28)[0xb7c1c148]
/usr/lib/libnetsnmp.so.9(snmp_synch_response_cb+0x175)[0xb7bf5965]
/usr/lib/libnetsnmp.so.9(snmp_synch_response+0x35)[0xb7bf5a05]
/usr/lib/perl5/auto/SNMP/SNMP.so[0xb7a58fbe]
/usr/lib/perl5/auto/SNMP/SNMP.so(XS_SNMP__getnext+0xf4f)[0xb7a6676f]
/usr/bin/perl(Perl_pp_entersub+0x3ab)[0x80c23eb]
/usr/bin/perl(Perl_runops_standard+0x19)[0x80c0d49]
/usr/bin/perl[0x8065d7e]
/usr/bin/perl(Perl_call_sv+0x5b1)[0x80669a1]
/usr/lib/perl/5.8/auto/threads/threads.so(Perl_ithread_run+0x1ae)[0xb7c995fe]
/lib/tls/i686/cmov/libpthread.so.0[0xb7f8031b]
/lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0xb7f0957e]
======= Memory map: ========
08048000-0814c000 r-xp 00000000 08:05 2212704    /usr/bin/perl
0814c000-08150000 rw-p 00103000 08:05 2212704    /usr/bin/perl
08150000-08e8b000 rw-p 08150000 00:00 0          [heap]
affff000-b0000000 ---p affff000 00:00 0
b0000000-b08fd000 rw-p b0000000 00:00 0
b08fd000-b0900000 ---p b08fd000 00:00 0
b0a00000-b0c00000 rw-p b0a00000 00:00 0
b0c00000-b0d00000 rw-p b0c00000 00:00 0
b0dff000-b0e00000 ---p b0dff000 00:00 0
b0e00000-b1700000 rw-p b0e00000 00:00 0
b1700000-b1800000 rw-p b1700000 00:00 0
b1900000-b1b00000 rw-p b1900000 00:00 0
b1b00000-b1c00000 rw-p b1b00000 00:00 0
b1cff000-b1d00000 ---p b1cff000 00:00 0
b1d00000-b2700000 rw-p b1d00000 00:00 0
b2700000-b2789000 rw-p b2700000 00:00 0
b2789000-b2800000 ---p b2789000 00:00 0
b2800000-b2900000 rw-p b2800000 00:00 0
b2900000-b2931000 rw-p b2900000 00:00 0
b2931000-b2a00000 ---p b2931000 00:00 0
b2aff000-b2b00000 ---p b2aff000 00:00 0
b2b00000-b33ff000 rw-p b2b00000 00:00 0
b33ff000-b3400000 ---p b33ff000 00:00 0
b3400000-b3500000 rw-p b3400000 00:00 0
b3500000-b3700000 rw-p b3500000 00:00 0
b3700000-b3800000 rw-p b3700000 00:00 0
b38ff000-b3900000 ---p b38ff000 00:00 0
b3900000-b4300000 rw-p b3900000 00:00 0
b4300000-b4500000 rw-p b4300000 00:00 0
b4500000-b4600000 rw-p b4500000 00:00 0
b46ff000-b4700000 ---p b46ff000 00:00 0
b4700000-b5100000 rw-p b4700000 00:00 0
b5100000-b5200000 rw-p b5100000 00:00 0
b52ff000-b5300000 ---p b52ff000 00:00 0
b5300000-b5bf4000 rw-p b5300000 00:00 0
b5bf4000-b5c00000 ---p b5bf4000 00:00 0
b5c00000-b5d00000 rw-p b5c00000 00:00 0
b5d00000-b5f00000 rw-p b5d00000 00:00 0
b5f00000-b6000000 rw-p b5f00000 00:00 0
b60ff000-b6100000 ---p b60ff000 00:00 0
b6100000-b6a00000 rw-p b6100000 00:00 0
b6abe000-b6c00000 rw-p b6abe000 00:00 0
b6c00000-b6e00000 rw-p b6c00000 00:00 0
b6e00000-b6f00000 rw-p b6e00000 00:00 0
b6f01000-b6f0c000 r-xp 00000000 08:05 4522046    /lib/libgcc_s.so.1
b6f0c000-b6f0d000 rw-p 0000a000 08:05 4522046    /lib/libgcc_s.so.1
b6f0d000-b6fd3000 rw-p b6f0d000 00:00 0
b6fd3000-b6fd4000 ---p b6fd3000 00:00 0
b6fd4000-b77f5000 rw-p b6fd4000 00:00 0
b77f5000-b7991000 r-xp 00000000 08:05 2213961    /usr/lib/libmysqlclient.so.15.0.0
b7991000-b79d5000 rw-p 0019c000 08:05 2213961    /usr/lib/libmysqlclient.so.15.0.0
b79d5000-b79d6000 rw-p b79d5000 00:00 0
b79d6000-b79f0000 r-xp 00000000 08:05 2719845    /usr/lib/perl5/auto/DBD/mysql/mysql.so
b79f0000-b79f2000 rw-p 00019000 08:05 2719845    /usr/lib/perl5/auto/DBD/mysql/mysql.so
b79f2000-b79fb000 r-xp 00000000 08:05 4556051    /lib/tls/i686/cmov/libnss_files-2.5.so
b79fb000-b79fd000 rw-p 00008000 08:05 4556051    /lib/tls/i686/cmov/libnss_files-2.5.so
b79fd000-b7a05000 r-xp 00000000 08:05 4556055    /lib/tls/i686/cmov/libnss_nis-2.5.so
b7a05000-b7a07000 rw-p 00007000 08:05 4556055    /lib/tls/i686/cmov/libnss_nis-2.5.so
b7a07000-b7a0e000 r-xp 00000000 08:05 4556047    /lib/tls/i686/cmov/libnss_compat-2.5.so
b7a0e000-b7a10000 rw-p 00006000 08:05 4556047    /lib/tls/i686/cmov/libnss_compat-2.5.so
b7a26000-b7a2f000 r-xp 00000000 08:05 2344116    /usr/lib/perl/5.8.8/auto/List/Util/Util.so
b7a2f000-b7a30000 rw-p 00008000 08:05 2344116    /usr/lib/perl/5.8.8/auto/List/Util/Util.so
b7a30000-b7a4c000 r-xp 00000000 08:05 2719797    /usr/lib/perl5/auto/DBI/DBI.so
b7a4c000-b7a4d000 rw-p 0001b000 08:05 2719797    /usr/lib/perl5/auto/DBI/DBI.so
b7a4d000-b7a6f000 r-xp 00000000 08:05 3181899    /usr/lib/perl5/auto/SNMP/SNMP.so
b7a6f000-b7a70000 rw-p 00021000 08:05 3181899    /usr/lib/perl5/auto/SNMP/SNMP.so
b7a70000-b7a83000 r-xp 00000000 08:05 2214173    /usr/lib/libz.so.1.2.3
b7a83000-b7a84000 rw-p 00012000 08:05 2214173    /usr/lib/libz.so.1.2.3
b7a84000-b7a97000 r-xp 00000000 08:05 4556045    /lib/tls/i686/cmov/libnsl-2.5.so
b7a97000-b7a99000 rw-p 00012000 08:05 4556045    /lib/tls/i686/cmov/libnsl-2.5.so
b7a99000-b7a9b000 rw-p b7a99000 00:00 0
b7a9b000-b7bc5000 r-xp 00000000 08:05 2277710    /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7bc5000-b7bd9000 rw-p 00129000 08:05 2277710   Cancelado

Revision history for this message

Soren Hansen (soren) wrote on 2007-06-12:

The linked debian bug report hints that it might be disk checks that fail (although the build logs for our net-snmp package suggests that that should not be an issue for us). Could you try disabling any disk checks from the config and see if it still fails?

Changed in net-snmp:
assignee:	nobody → shawarma
status:	Confirmed → Needs Info

Revision history for this message

Soren Hansen (soren) wrote on 2007-06-12:

nil: I'm confident you're experiencing another issue. Chris is on ia64 on Dapper, which you clearly are not :) Feel free to open a new bug report (or comment on an existing one, if applicable) about your issue.

Revision history for this message

James Troup (elmo) wrote on 2007-06-12: Re: [Bug 65047] Re: segfault when querying

Soren Hansen <email address hidden> writes:

> The linked debian bug report hints that it might be disk checks that
> fail (although the build logs for our net-snmp package suggests that
> that should not be an issue for us). Could you try disabling any disk
> checks from the config and see if it still fails?

It still segfaults even with disks checks disabled in snmpd.conf.

--
James

Revision history for this message

Wouter Stomp (wouterstomp-deactivatedaccount) wrote on 2008-01-29:

This was fixed in 5.3.1-3

Changed in net-snmp:
status:	Incomplete → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #48245

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #370132
[done serious moreinfo help] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntunet-snmp package

segfault when querying

Bug Description

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntu
net-snmp package