Bug 151040

Created attachment 111971 [details]
Partial output from starting 'snmpd -D -f' on the SMP system

Created attachment 111972 [details]
A partial 'strace' of snmpd -f (with no other options) on the SMP system

Created attachment 111973 [details]
partial output from running 'snmpd -D -f' from the UP system

Created attachment 111974 [details]
Partial strace from starting 'snmpd -f' on the UP system

Can you please try latest net-snmp-5.2.1 from rawhide?

Installing net-snmp-5.2.1 through yum from 'development' pulls in a
larger number of upgrades of other packages than I'd be willing to
install (almost everything :). So I took the 5.2.1 src.rpm and
--rebuilt that on one of the affected systems. 

The results are below; snmpd -D log and snmpd partial strace
(separated by ---cut). It appears to be segfaulting in a different
place, now.

---cut 
trace: _ioctl_get(): if-mib/data_access/interface_ioctl.c, 42:
verbose:access:interface:ioctl: ioctl 35111 for sit0
trace: netsnmp_access_interface_ioctl_flags_get():
if-mib/data_access/interface_ioctl.c, 229:
access:interface:ioctl: flags_get
trace: _ioctl_get(): if-mib/data_access/interface_ioctl.c, 42:
verbose:access:interface:ioctl: ioctl 35091 for sit0
trace: netsnmp_access_interface_ioctl_mtu_get():
if-mib/data_access/interface_ioctl.c, 349:
access:interface:ioctl: mtu_get
trace: _ioctl_get(): if-mib/data_access/interface_ioctl.c, 42:
verbose:access:interface:ioctl: ioctl 35105 for sit0
trace: netsnmp_access_interface_container_free():
if-mib/data_access/interface_common.c, 167:
access:interface:container: free
trace: netsnmp_access_interface_entry_free():
if-mib/data_access/interface_common.c, 314:
access:interface:entry: free
trace: netsnmp_access_interface_entry_free():
if-mib/data_access/interface_common.c, 314:
access:interface:entry: free
trace: netsnmp_access_interface_entry_free():
if-mib/data_access/interface_common.c, 314:
access:interface:entry: free
trace: should_init(): mib_modules.c, 127:
mib_init: initializing: lmSensors

---cut 
read(10, "ISA main adapter\n", 4096)    = 17
close(10)                               = 0
munmap(0xb7ffe000, 4096)                = 0
getdents64(9, /* 0 entries */, 4096)    = 0
close(9)                                = 0
open("/sys/class/i2c-adapter",
O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 9
fstat64(9, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(9, F_SETFD, FD_CLOEXEC)         = 0
getdents64(9, /* 4 entries */, 4096)    = 112
open("/sys/class/i2c-adapter/i2c-1/device/name", O_RDONLY) = 10
fstat64(10, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7ffe000
read(10, "SMBus PIIX4 adapter at e800\n", 4096) = 28
close(10)                               = 0
munmap(0xb7ffe000, 4096)                = 0
open("/sys/class/i2c-adapter/i2c-0/device/name", O_RDONLY) = 10
fstat64(10, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7ffe000
read(10, "ISA main adapter\n", 4096)    = 17
close(10)                               = 0
munmap(0xb7ffe000, 4096)                = 0
getdents64(9, /* 0 entries */, 4096)    = 0
close(9)                                = 0
ioctl(8, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbffd6c48) = -1 ENOTTY
(Inappropriate ioctl for device)
fstat64(8, {st_mode=S_IFREG|0644, st_size=64783, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7ffe000
read(8, "# Sensors configuration file use"..., 8192) = 8192
read(8, " SMBus adapter\"\n#\n# If we refer "..., 8192) = 8192
read(8, "nsistor;\n# 3435 = thermistor wit"..., 8192) = 8192
read(8, " temperatures settled like that:"..., 8192) = 8192
read(8, "he absolute values\n# of the read"..., 8192) = 8192
read(8, "2 \"-5V\"\n#   set AIN1_min -12 * 0"..., 8192) = 8192
read(8, "Fan2/CPU0\"\n    label  fan3      "..., 8192) = 8192
read(8, "         253 - (210 / (1 + (1 / "..., 8192) = 7439
read(8, "", 4096)                       = 0
read(8, "", 8192)                       = 0
ioctl(8, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbffd6c58) = -1 ENOTTY
(Inappropriate ioctl for device)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---

(In reply to comment #5)
> Can you please try latest net-snmp-5.2.1 from rawhide?

When I rebuild this src.rpm on one of the problem systems, the problem persists.
When I rebuild it on one of the systems that isn't affected, and then install
the resulting binary rpms on the affected systems, snmpd does not crash.

That seems to lead somewhere. Can you compare the lmsensors-devel versions that
you have on both systems? 

(In reply to comment #8)
> That seems to lead somewhere. Can you compare the lmsensors-devel versions that
> you have on both systems? 

Both are 2.8.8-5, taken from the rawhide source RPM and rebuilt on each of the
hosts. 

so the affected host currently has 

net-snmp-5.2.1-5 built on _non_ affected host and lm-sensors 2.8.8-5 built on
_affected_ host.

non-affected host has
net-snmp-5.2.1-5 built on _non_ affected host and lm-sensors 2.8.8-5 built on
_non_ affected host (itself).

Does that answer your question?

It answers my question, but doesn't shed much light on the problem :) There has
to be some build difference between an _affected_ system on the other one. I
assume that /etc/snmpd.conf files are same. It seems like the bug is caused by
some lm_sensors call (does `sensors` show correct output on both machines?) 

I saw few crashes with net-snmp-5.1.2 due to limited number of sensors (the
maximum was only 32). In net-snmp-5.2.1 the sensors maximum is 128 so I suppose
there's another problem and thanks for testing it with new net-snmp as well. 

I've pushed out new net-snmp update for FC3. Is this bug still present with the
latest version?