Bug 1817190

Summary: In RHEL 8, snmpd using v3 is unable to send out default 60 maxGetbulkResponses when invalid PID specified.
Product: Red Hat Enterprise Linux 8 Reporter: Tom Crider <tcrider>
Component: net-snmpAssignee: Josef Ridky <jridky>
Status: CLOSED ERRATA QA Contact: Evgeny Fedin <efedin>
Severity: medium Docs Contact: Prerana Sharma <presharm>
Priority: urgent    
Version: 8.0CC: efedin, jridky, ovasik, sbroz
Target Milestone: rcKeywords: EasyFix, Patch, Reproducer, Upstream, ZStream
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: net-snmp-5.8-19.el8 Doc Type: Bug Fix
Doc Text:
.`snmpbulkget` now provides valid output for a non-existing PID Previously, the `snmpbulkget` command did not provide valid output for a non-existing PID. Consequently, this command would fail with the output as *no results found*. With this update,`snmpbulkget` provides valid output for a non-existing PID.
 Story Points: ---
Clone Of:
: 1896760 (view as bug list) Environment:
Last Closed: 2021-05-18 14:57:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1896760    
Attachments:
Description Flags
Patch from upstream none

Description Tom Crider 2020-03-25 18:37:43 UTC 
Description of problem:

When you query snmp for multiple requests, the max default it tries to send is 60 results, regardless of whether the PID is valid or invalid. This works fine in RHEL 7. In RHEL 8, when invalid PID specified, the query results as follows:

[root@rhel8tc ~]# snmpbulkget -v3 -l authPriv -u admin -a SHA -A "redhatsnmp" -x AES -X "redhatsnmp" localhost 1.3.6.1.2.1.25.4.2.1.1.1197 1.3.6.1.2.1.25.4.2.1.2.1197 1.3.6.1.2.1.25.5.1.1.1.1197 1.3.6.1.2.1.25.5.1.1.2.1197 1.3.6.1.2.1.25.4.2.1.4.1197 1.3.6.1.2.1.25.4.2.1.5.1197
Error in packet.
Reason: (genError) A general failure occured

Version-Release number of selected component (if applicable):

Any version of net-snmpd in RHEL 8.0+


How reproducible:
On RHEL 8, send the following query to an invalid PID (the PID is 1197):

# snmpbulkget -v3 -l authPriv -u admin -a SHA -A "redhatsnmp" -x AES -X "redhatsnmp" localhost 1.3.6.1.2.1.25.4.2.1.1.1197 1.3.6.1.2.1.25.4.2.1.2.1197 1.3.6.1.2.1.25.5.1.1.1.1197 1.3.6.1.2.1.25.5.1.1.2.1197 1.3.6.1.2.1.25.4.2.1.4.1197 1.3.6.1.2.1.25.4.2.1.5.1197

This will request the following for the next 10 PIDs after the one specified (6x10=60):

hrSWRunIndex
hrSWRunName
hrSWRunPerfCPU
hrSWRunPerfMem
hrSWRunPath
hrSWRunParameters

Steps to Reproduce:
[root@rhel8tc ~]# snmpbulkget -v3 -l authPriv -u admin -a SHA -A "redhatsnmp" -x AES -X "redhatsnmp" localhost 1.3.6.1.2.1.25.4.2.1.1.1197 1.3.6.1.2.1.25.4.2.1.2.1197 1.3.6.1.2.1.25.5.1.1.1.1197 1.3.6.1.2.1.25.5.1.1.2.1197 1.3.6.1.2.1.25.4.2.1.4.1197 1.3.6.1.2.1.25.4.2.1.5.1197

Actual results:
Error in packet.
Reason: (genError) A general failure occured

Packet capture also returns null results:

                        variable-bindings: 6 items
                            1.3.6.1.2.1.25.4.2.1.1.1197: Value (Null) <---- "index 0"
                            1.3.6.1.2.1.25.4.2.1.2.1197: Value (Null)
                            1.3.6.1.2.1.25.5.1.1.1.1197: Value (Null)
                            1.3.6.1.2.1.25.5.1.1.2.1197: Value (Null)
                            1.3.6.1.2.1.25.4.2.1.4.1197: Value (Null)
                            1.3.6.1.2.1.25.4.2.1.5.1197: Value (Null)

if this PID does not exist, or the process has exited, it queries the next PID in the list.

If we look at the /var/log/snmpd.log, we can see 60 results, (I've arranged the results in order by PID). Since 1197 was invalid, it queried the next available 10, starting at 1374. These are the results that are supposed to get sent:

results:        HOST-RESOURCES-MIB::hrSWRunIndex.1374 = INTEGER: 1374
results:        HOST-RESOURCES-MIB::hrSWRunName.1374 = STRING: "sshd"
results:        HOST-RESOURCES-MIB::hrSWRunPerfCPU.1374 = INTEGER: 2
results:        HOST-RESOURCES-MIB::hrSWRunPerfMem.1374 = INTEGER: 9288 KBytes
results:        HOST-RESOURCES-MIB::hrSWRunPath.1374 = STRING: "sshd: root [priv]"
results:        HOST-RESOURCES-MIB::hrSWRunParameters.1374 = ""
results:        HOST-RESOURCES-MIB::hrSWRunIndex.1379 = INTEGER: 1379
results:        HOST-RESOURCES-MIB::hrSWRunName.1379 = STRING: "systemd"
results:        HOST-RESOURCES-MIB::hrSWRunPerfCPU.1379 = INTEGER: 3
results:        HOST-RESOURCES-MIB::hrSWRunPerfMem.1379 = INTEGER: 9648 KBytes
results:        HOST-RESOURCES-MIB::hrSWRunPath.1379 = STRING: "/usr/lib/systemd/systemd"
results:        HOST-RESOURCES-MIB::hrSWRunParameters.1379 = STRING: "--user"
results:        HOST-RESOURCES-MIB::hrSWRunIndex.1383 = INTEGER: 1383
results:        HOST-RESOURCES-MIB::hrSWRunName.1383 = STRING: "(sd-pam)"
results:        HOST-RESOURCES-MIB::hrSWRunPerfCPU.1383 = INTEGER: 0
results:        HOST-RESOURCES-MIB::hrSWRunPerfMem.1383 = INTEGER: 4728 KBytes
results:        HOST-RESOURCES-MIB::hrSWRunPath.1383 = STRING: "(sd-pam)"
results:        HOST-RESOURCES-MIB::hrSWRunParameters.1383 = ""
results:        HOST-RESOURCES-MIB::hrSWRunIndex.1389 = INTEGER: 1389
results:        HOST-RESOURCES-MIB::hrSWRunName.1389 = STRING: "sshd"
results:        HOST-RESOURCES-MIB::hrSWRunPerfCPU.1389 = INTEGER: 8
results:        HOST-RESOURCES-MIB::hrSWRunPerfMem.1389 = INTEGER: 5196 KBytes
results:        HOST-RESOURCES-MIB::hrSWRunPath.1389 = STRING: "sshd: root@pts/0"
results:        HOST-RESOURCES-MIB::hrSWRunParameters.1389 = ""
results:        HOST-RESOURCES-MIB::hrSWRunIndex.1390 = INTEGER: 1390
results:        HOST-RESOURCES-MIB::hrSWRunName.1390 = STRING: "bash"
results:        HOST-RESOURCES-MIB::hrSWRunPerfCPU.1390 = INTEGER: 13
results:        HOST-RESOURCES-MIB::hrSWRunPerfMem.1390 = INTEGER: 5216 KBytes
results:        HOST-RESOURCES-MIB::hrSWRunPath.1390 = STRING: "-bash"
results:        HOST-RESOURCES-MIB::hrSWRunParameters.1390 = ""
results:        HOST-RESOURCES-MIB::hrSWRunIndex.1465 = INTEGER: 1465
results:        HOST-RESOURCES-MIB::hrSWRunName.1465 = STRING: "kworker/u4:0-events_unbound"
results:        HOST-RESOURCES-MIB::hrSWRunPerfCPU.1465 = INTEGER: 0
results:        HOST-RESOURCES-MIB::hrSWRunPerfMem.1465 = INTEGER: 0 KBytes
results:        HOST-RESOURCES-MIB::hrSWRunPath.1465 = ""
results:        HOST-RESOURCES-MIB::hrSWRunParameters.1465 = ""
results:        HOST-RESOURCES-MIB::hrSWRunIndex.1648 = INTEGER: 1648
results:        HOST-RESOURCES-MIB::hrSWRunName.1648 = STRING: "kworker/0:0-xfs-cil/dm-0"
results:        HOST-RESOURCES-MIB::hrSWRunPerfCPU.1648 = INTEGER: 9
results:        HOST-RESOURCES-MIB::hrSWRunPerfMem.1648 = INTEGER: 0 KBytes
results:        HOST-RESOURCES-MIB::hrSWRunPath.1648 = ""
results:        HOST-RESOURCES-MIB::hrSWRunParameters.1648 = ""
results:        HOST-RESOURCES-MIB::hrSWRunIndex.1685 = INTEGER: 1685
results:        HOST-RESOURCES-MIB::hrSWRunName.1685 = STRING: "kworker/1:1-xfs-cil/dm-0"
results:        HOST-RESOURCES-MIB::hrSWRunPerfCPU.1685 = INTEGER: 0
results:        HOST-RESOURCES-MIB::hrSWRunPerfMem.1685 = INTEGER: 0 KBytes
results:        HOST-RESOURCES-MIB::hrSWRunPath.1685 = ""
results:        HOST-RESOURCES-MIB::hrSWRunParameters.1685 = ""
results:        HOST-RESOURCES-MIB::hrSWRunIndex.1738 = INTEGER: 1738
results:        HOST-RESOURCES-MIB::hrSWRunName.1738 = STRING: "kworker/0:2-events"
results:        HOST-RESOURCES-MIB::hrSWRunPerfCPU.1738 = INTEGER: 25
results:        HOST-RESOURCES-MIB::hrSWRunPerfMem.1738 = INTEGER: 0 KBytes
results:        HOST-RESOURCES-MIB::hrSWRunPath.1738 = ""
results:        HOST-RESOURCES-MIB::hrSWRunParameters.1738 = ""
results:        HOST-RESOURCES-MIB::hrSWRunIndex.1755 = INTEGER: 1755
results:        HOST-RESOURCES-MIB::hrSWRunName.1755 = STRING: "anacron"
results:        HOST-RESOURCES-MIB::hrSWRunPerfCPU.1755 = INTEGER: 0
results:        HOST-RESOURCES-MIB::hrSWRunPerfMem.1755 = INTEGER: 2056 KBytes
results:        HOST-RESOURCES-MIB::hrSWRunPath.1755 = STRING: "/usr/sbin/anacron"
results:        HOST-RESOURCES-MIB::hrSWRunParameters.1755 = STRING: "-s"

However, since we queried an invalid PID - our log also only says we got 54/60 results:

results:summary: gathered 54/60 varbinds

this is what tries to get sent in the packet. For whatever reason, it cannot send this and errors out -only- with an invalid PID.

This seems to work fine if we query a valid PID:

[root@rhel8tc ~]# ps aux | tail -n 20
root      1804  0.0  0.0      0     0 ?        I    13:32   0:00 [kworker/1:2-mm_percpu_wq]

[root@rhel8tc ~]# snmpbulkget -v3 -l authPriv -u admin -a SHA -A "redhatsnmp" -x AES -X "redhatsnmp" localhost 1.3.6.1.2.1.25.4.2.1.1.1804 1.3.6.1.2.1.25.4.2.1.2.1804 1.3.6.1.2.1.25.5.1.1.1.1804 1.3.6.1.2.1.25.5.1.1.2.1804 1.3.6.1.2.1.25.4.2.1.4.1804 1.3.6.1.2.1.25.4.2.1.5.1.1804
HOST-RESOURCES-MIB::hrSWRunIndex.1846 = INTEGER: 1846
HOST-RESOURCES-MIB::hrSWRunName.1846 = STRING: "kworker/0:3-xfs-cil/dm-0"
HOST-RESOURCES-MIB::hrSWRunPerfCPU.1846 = INTEGER: 18
HOST-RESOURCES-MIB::hrSWRunPerfMem.1846 = INTEGER: 0 KBytes
HOST-RESOURCES-MIB::hrSWRunPath.1846 = ""
HOST-RESOURCES-MIB::hrSWRunParameters.2 = ""
HOST-RESOURCES-MIB::hrSWRunIndex.1848 = INTEGER: 1848
HOST-RESOURCES-MIB::hrSWRunName.1848 = STRING: "kworker/0:0-xfs-cil/dm-0"
HOST-RESOURCES-MIB::hrSWRunPerfCPU.1848 = INTEGER: 15
HOST-RESOURCES-MIB::hrSWRunPerfMem.1848 = INTEGER: 0 KBytes
HOST-RESOURCES-MIB::hrSWRunPath.1848 = ""
HOST-RESOURCES-MIB::hrSWRunParameters.3 = ""
HOST-RESOURCES-MIB::hrSWRunIndex.1851 = INTEGER: 1851
HOST-RESOURCES-MIB::hrSWRunName.1851 = STRING: "kworker/u4:1-events_unbound"
HOST-RESOURCES-MIB::hrSWRunPerfCPU.1851 = INTEGER: 0
HOST-RESOURCES-MIB::hrSWRunPerfMem.1851 = INTEGER: 0 KBytes
HOST-RESOURCES-MIB::hrSWRunPath.1851 = ""
HOST-RESOURCES-MIB::hrSWRunParameters.4 = ""
HOST-RESOURCES-MIB::hrSWRunIndex.1853 = INTEGER: 1853
HOST-RESOURCES-MIB::hrSWRunName.1853 = STRING: "kworker/1:1-mm_percpu_wq"
HOST-RESOURCES-MIB::hrSWRunPerfCPU.1853 = INTEGER: 1
HOST-RESOURCES-MIB::hrSWRunPerfMem.1853 = INTEGER: 0 KBytes
HOST-RESOURCES-MIB::hrSWRunPath.1853 = ""
HOST-RESOURCES-MIB::hrSWRunParameters.6 = ""
HOST-RESOURCES-MIB::hrSWRunIndex.1868 = INTEGER: 1868
HOST-RESOURCES-MIB::hrSWRunName.1868 = STRING: "kworker/0:1-events"
HOST-RESOURCES-MIB::hrSWRunPerfCPU.1868 = INTEGER: 7
HOST-RESOURCES-MIB::hrSWRunPerfMem.1868 = INTEGER: 0 KBytes
HOST-RESOURCES-MIB::hrSWRunPath.1868 = ""
HOST-RESOURCES-MIB::hrSWRunParameters.8 = ""
HOST-RESOURCES-MIB::hrSWRunIndex.1876 = INTEGER: 1876
HOST-RESOURCES-MIB::hrSWRunName.1876 = STRING: "snmpbulkget"
HOST-RESOURCES-MIB::hrSWRunPerfCPU.1876 = INTEGER: 2
HOST-RESOURCES-MIB::hrSWRunPerfMem.1876 = INTEGER: 6948 KBytes
HOST-RESOURCES-MIB::hrSWRunPath.1876 = STRING: "snmpbulkget"
HOST-RESOURCES-MIB::hrSWRunParameters.9 = ""
HOST-RESOURCES-MIB::hrSWRunName.1 = STRING: "systemd"
HOST-RESOURCES-MIB::hrSWRunID.1 = OID: SNMPv2-SMI::zeroDotZero
HOST-RESOURCES-MIB::hrSWRunPerfMem.1 = INTEGER: 13480 KBytes
HOST-RESOURCES-MIB::hrSWInstalledIndex.1 = INTEGER: 1
HOST-RESOURCES-MIB::hrSWRunParameters.1 = STRING: "--switched-root --system --deserialize 17"
HOST-RESOURCES-MIB::hrSWRunParameters.10 = ""
HOST-RESOURCES-MIB::hrSWRunName.2 = STRING: "kthreadd"
HOST-RESOURCES-MIB::hrSWRunID.2 = OID: SNMPv2-SMI::zeroDotZero
HOST-RESOURCES-MIB::hrSWRunPerfMem.2 = INTEGER: 0 KBytes
HOST-RESOURCES-MIB::hrSWInstalledIndex.2 = INTEGER: 2
HOST-RESOURCES-MIB::hrSWRunParameters.2 = ""
HOST-RESOURCES-MIB::hrSWRunParameters.11 = ""
HOST-RESOURCES-MIB::hrSWRunName.3 = STRING: "rcu_gp"
HOST-RESOURCES-MIB::hrSWRunID.3 = OID: SNMPv2-SMI::zeroDotZero
HOST-RESOURCES-MIB::hrSWRunPerfMem.3 = INTEGER: 0 KBytes
HOST-RESOURCES-MIB::hrSWInstalledIndex.3 = INTEGER: 3
HOST-RESOURCES-MIB::hrSWRunParameters.3 = ""
HOST-RESOURCES-MIB::hrSWRunParameters.12 = ""
HOST-RESOURCES-MIB::hrSWRunName.4 = STRING: "rcu_par_gp"
HOST-RESOURCES-MIB::hrSWRunID.4 = OID: SNMPv2-SMI::zeroDotZero
HOST-RESOURCES-MIB::hrSWRunPerfMem.4 = INTEGER: 0 KBytes
HOST-RESOURCES-MIB::hrSWInstalledIndex.4 = INTEGER: 4
HOST-RESOURCES-MIB::hrSWRunParameters.4 = ""
HOST-RESOURCES-MIB::hrSWRunParameters.13 = ""

We still get the 60 results -AFTER- 1804 as expected, but the results display, and don't error out.

Expected results:
This should return 60 results from the next 10 PIDs in numerical order starting after the PID specified, regardless if the PID specified is valid or invalid, and does so in RHEL 7.

Additional info:

We can workaround this issue by specifying:

maxGetbulkResponses 59

Then request an invalid PID - snmpd returns 54/60 results - which allows the query to work
Comment 4 Josef Ridky 2020-10-01 08:58:25 UTC 
Created attachment 1718072 [details]
Patch from upstream

Solution found. 
This issue was fixed in the latest upstream release 5.9. Following patch is backport of this fix to net-snmp-5.8.
Comment 24 errata-xmlrpc 2021-05-18 14:57:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (net-snmp bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1637