#1665 5.3.1 snmpd crashing (disman/event/mteTrigger.c)
when DISMAN event alarms are raised snmpd is crashed
and core file is generated. Debugging with gdb shows
problem in the mteTrigger.c file line number 910.
There has a been official patch released for the
similar crash problem but it hasn't been resolved
completely "fix disman/event monitoring crashes
(official patch 1429059)"
gdb /usr/bin/snmpd core
GNU gdb 6.4
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General
Public License, and you are
welcome to change it and/or distribute copies of it
under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show
warranty" for details.
This GDB was configured as "sparc-sun-solaris2.10"...
Core was generated by `/usr/bin/snmpd'.
Program terminated with signal 11, Segmentation fault.
Error while mapping shared library sections:
/platform/SUNW,A70/lib/libc_psr.so.1: No such file or
directory.
Reading symbols
from /usr/lib/libnetsnmpmibs.so.10...done.
Loaded symbols for /usr/lib/libnetsnmpmibs.so.10
Reading symbols
from /usr/lib/libnetsnmpagent.so.10...done.
Loaded symbols for /usr/lib/libnetsnmpagent.so.10
Reading symbols
from /usr/lib/libnetsnmphelpers.so.10...done.
Loaded symbols for /usr/lib/libnetsnmphelpers.so.10
Reading symbols from /usr/lib/libnetsnmp.so.10...done.
Loaded symbols for /usr/lib/libnetsnmp.so.10
Reading symbols from /lib/libdl.so.1...
warning: Lowest section in /lib/libdl.so.1
is .dynamic at 00000094
done.
Loaded symbols for /lib/libdl.so.1
Reading symbols from /usr/lib/libkvm.so.1...done.
Loaded symbols for /usr/lib/libkvm.so.1
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/libkstat.so.1...done.
Loaded symbols for /lib/libkstat.so.1
Reading symbols from /lib/libelf.so.1...done.
Loaded symbols for /lib/libelf.so.1
Reading symbols from /lib/libm.so.2...done.
Loaded symbols for /lib/libm.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libsocket.so.1...done.
Loaded symbols for /lib/libsocket.so.1
Reading symbols from /usr/lib/libpicl.so.1...done.
Loaded symbols for /usr/lib/libpicl.so.1
Reading symbols from /lib/libadm.so.1...done.
Loaded symbols for /lib/libadm.so.1
Reading symbols from /lib/libc.so.1...done.
warning: rw_common (): unable to read at addr
0x3000a44
warning: sol_thread_new_objfile: td_ta_new: Debugger
service failed
Loaded symbols for /lib/libc.so.1
Reading symbols from /usr/lib/libgcc_s.so.1...done.
warning: rw_common (): unable to read at addr
0x3000a44
warning: sol_thread_new_objfile: td_ta_new: Debugger
service failed
Loaded symbols for /usr/lib/libgcc_s.so.1
Reading symbols from /lib/libdoor.so.1...done.
warning: rw_common (): unable to read at addr
0x3000a44
warning: sol_thread_new_objfile: td_ta_new: Debugger
service failed
Loaded symbols for /lib/libdoor.so.1
Error while reading shared library symbols:
/platform/SUNW,A70/lib/libc_psr.so.1: No such file or
directory.
Reading symbols from /lib/nss_files.so.1...done.
warning: rw_common (): unable to read at addr
0x3000a44
warning: sol_thread_new_objfile: td_ta_new: Debugger
service failed
Loaded symbols for /lib/nss_files.so.1
#0 0xff2e89f4 in mteTrigger_run (reg=0,
clientarg=0x19ee40)
at disman/event/mteTrigger.c:910
910 disman/event/mteTrigger.c: No such file or
directory.
in disman/event/mteTrigger.c
(gdb) bt
#0 0xff2e89f4 in mteTrigger_run (reg=0,
clientarg=0x19ee40)
at disman/event/mteTrigger.c:910
#1 0xff15ede0 in run_alarms () at snmp_alarm.c:252
#2 0x00015240 in main ()
Logged In: NO
(gdb) list
905 in disman/event/mteTrigger.c
Logged In: NO
This problem has been reported from net-snmp 5.3.1 release.
Logged In: YES
user_id=848638
Can you try with a 5.3.x and/or CVS MAIN snapshot from
http://www.net-snmp.org/nightly/tarballs/ and report back,
please?
Under what conditions/configuration does this crash occur?
Is it fully reproducible all time?
Logged In: NO
Under what conditions/configuration does this crash occur?
Is it fully reproducible all time?
-Yes the problem is reproducible all time and it is
occuring when we are continously sending linkup/down
events.
ifconfig bge1 unplumb
ifconfig bge1 plumb
ifconfig bge1 100.0.0.194 netmask 255.255.255.0 up
This are the lines in the snmpd.conf file
------------------------------------------
linkUpDownNotifications yes
notificationEvent linkUpTrap linkUp ifIndex
ifAdminStatus ifOperStatus
notificationEvent linkDownTrap linkDown ifIndex
ifAdminStatus ifOperStatus
monitor -u admin -r 60 -e linkUpTrap "Generate linkUp"
ifOperStatus != 2
monitor -u admin -r 60 -e linkDownTrap "Generate
linkDown" ifOperStatus == 2
Logged In: YES
user_id=1596002
The problem is reproducible even when we comment out the
lines of linkUpDownNotifications in the snmpd.conf file
and do operations of linkup/down.
Logged In: YES
user_id=1596002
There are two places in the code that gdb is showing when
we are doing continuous linkup/linkdown operations.
#0 0xff13ef70 in snmp_oid_compare (in_name1=0x19c18c8,
len1=11, in_name2=0x3, len2=4294967295)
at snmp_api.c:6313
6313 snmp_api.c: No such file or directory.
in snmp_api.c
(gdb) bt
#0 0xff13ef70 in snmp_oid_compare (in_name1=0x19c18c8,
len1=11, in_name2=0x3, len2=4294967295)
at snmp_api.c:6313
#1 0xff2e832c in mteTrigger_run (reg=27007176,
clientarg=0x199e98)
at disman/event/mteTrigger.c:264
#2 0xff15ede0 in run_alarms () at snmp_alarm.c:252
#3 0x00015240 in main ()
(gdb) list
6308 in snmp_api.c
<< Here the problem is triggered from the same file
mteTrigger.c. To the snmp_oid_compare routine the name
length of the net-snmp_variable_list vp2 passed is having
some junk value (4294967295) because of which it is
crashing.
Logged In: YES
user_id=848638
Thanks. What about may other request (trying with 5.3.x or
5.4.x CVS)?
Logged In: NO
Yes I tried with the latest CVS version also, it has same
issues.