Bug 172416 - net-snmp causing php segfaults and broken httpd
net-snmp causing php segfaults and broken httpd
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: net-snmp (Show other bugs)
4
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: Radek Vokal
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-04 00:41 EST by Victor Gregorio
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 5.3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-08 04:36:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Strace of segfaulting php (73.51 KB, text/plain)
2005-11-04 00:41 EST, Victor Gregorio
no flags Details
Strace of broken httpd (84.34 KB, text/plain)
2005-11-04 00:43 EST, Victor Gregorio
no flags Details
snmpusm patch for noNameUser (573 bytes, patch)
2005-11-07 04:57 EST, Radek Vokal
no flags Details | Diff

  None (edit)
Description Victor Gregorio 2005-11-04 00:41:38 EST
Description of problem:

When php-snmp is installed, the root user can initially run the php CLI.  After
some use, the CLI begins to segfault. httpd stops working at this time. I
noticed this when running php's cli from root's crontab.

All of these problems go away if php-snmp is removed through yum.

gdb of php (without debugging) ends with:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912500369760 (LWP 32460)]
0x00002aaaadfdf0fc in init_usm_post_config () from /usr/lib64/libnetsnmp.so.5

Debug information will be attached to the bug report.

If PHP's CLI is run as a non-root user, the segfaults go away.  Unfortunately,
HTTPD remains broken and it is impossible to start the server on port 80.

Finally, the same happens with a custom compiled PHP 5.0.4 and Apache 1.3.33. 
This is how I originally discovered the problem.  The only difference is that
with the custom compile, Apache's httpd did not die silently--it also segfaulted.  


Version-Release number of selected component (if applicable):
net-snmp-libs-5.2.1.2-fc4.1 php-snmp-5.0.4-10.4  php-snmp-5.0.4-10.4
php-5.0.4-10.4 httpd-2.0.54-10.2

How reproducible:
Every time.

Steps to Reproduce:
1. # yum install net-snmp* php-snmp
2. # php
3. # service httpd start
  
Actual results:

fc4_x86_64# php
Segmentation fault


fc4_x86_64# service httpd start (shows OK, but does not start)

Expected results:

Working PHP and HTTPD daemon.

Additional info:

I removed httpd* net-snmp* and php* using Yum.  Then I downloaded the most
recent src.rpms for the three packages.  I built and installed the rpms,
including debuginfo.  Here are the packages I used:

httpd-2.0.54-10.2.src.rpm
net-snmp-5.2.1.2-fc4.1.src.rpm
php-5.0.4-10.4.src.rpm

** GDB for PHP with segmentation fault:

fc4_x86_64# gdb php
GNU gdb Red Hat Linux (6.3.0.0-1.21rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db
library "/lib64/libthread_db.so.1".

(gdb) run
Starting program: /usr/bin/php
[Thread debugging using libthread_db enabled]
[New Thread 46912500369760 (LWP 24582)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912500369760 (LWP 24582)]
init_usm_post_config (majorid=Variable "majorid" is not available.
) at snmpusm.c:2818
2818        SNMP_FREE(noNameUser->engineID);
(gdb) bt
#0  init_usm_post_config (majorid=Variable "majorid" is not available.
) at snmpusm.c:2818
#1  0x00002aaaaf980752 in snmp_call_callbacks (major=0, minor=3, caller_arg=0x0)
at callback.c:228
#2  0x00002aaaaf95c989 in init_snmp (type=0x2aaaaf7fafcc "snmpapp") at
snmp_api.c:818
#3  0x00002aaaaf7f8677 in zm_startup_snmp (type=Variable "type" is not available.
) at /usr/src/debug/php-5.0.4/ext/snmp/snmp.c:189
#4  0x000000000052d4b3 in zend_register_module_ex (module=0x83b030) at
/usr/src/debug/php-5.0.4/Zend/zend_API.c:1205
#5  0x000000000049c561 in php_dl (file=0x6f9090, type=1,
return_value=0x7fffffd7a020) at /usr/src/debug/php-5.0.4/ext/standard/dl.c:234
#6  0x00000000004fa0b5 in php_load_function_extension_cb (arg=Variable "arg" is
not available.
) at /usr/src/debug/php-5.0.4/main/php_ini.c:248
#7  0x0000000000521e19 in zend_llist_apply (l=Variable "l" is not available.
) at /usr/src/debug/php-5.0.4/Zend/zend_llist.c:191
#8  0x00000000004fa131 in php_ini_delayed_modules_startup () at
/usr/src/debug/php-5.0.4/main/php_ini.c:552
#9  0x00000000004f5187 in php_module_startup (sf=Variable "sf" is not available.
) at /usr/src/debug/php-5.0.4/main/main.c:1461
#10 0x000000000055e1bd in main (argc=1, argv=0x7fffffd7a4a8) at
/usr/src/debug/php-5.0.4/sapi/cli/php_cli.c:624
(gdb)

** GDB for HTTPD (does not start -- silently):

fc4_x86_64# gdb httpd
GNU gdb Red Hat Linux (6.3.0.0-1.21rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db
library "/lib64/libthread_db.so.1".

(gdb) run
Starting program: /usr/sbin/httpd
[Thread debugging using libthread_db enabled]
[New Thread 46912528940992 (LWP 24608)]
httpd: Could not determine the server's fully qualified domain name, using
127.0.0.1 for ServerName
Detaching after fork from child process 24612.

Program exited normally.
(gdb) quit
fc4_x86_64# ps -aef | grep -i httpd
root     24616 11344  0 21:14 pts/5    00:00:00 grep -i httpd
fc4_x86_64#

** Also, I do not get a core file from httpd:

fc4_x86_64# echo CoreDumpDirectory /tmp > /etc/httpd/conf.d/coredump.conf
fc4_x86_64# ulimit unlimited
fc4_x86_64# service httpd start
Starting httpd: httpd: Could not determine the server's fully qualified domain
name, using 127.0.0.1 for ServerName
                                                           [  OK  ]
fc4_x86_64# ls -l /tmp | grep -i core
fc4_x86_64# ps -aef | grep -i httpd
root     24684 11344  0 21:18 pts/5    00:00:00 grep -i httpd
fc4_x86_64#

** Nothing odd in the error logs:

fc4_x86_64# tail -10 /var/log/httpd/error_log
[Thu Nov 03 21:16:51 2005] [notice] Digest: generating secret for digest
authentication ...
[Thu Nov 03 21:16:51 2005] [notice] Digest: done
[Thu Nov 03 21:16:51 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Thu Nov 03 21:16:51 2005] [notice] LDAP: SSL support unavailable
[Thu Nov 03 21:18:10 2005] [notice] core dump file size limit raised to
18446744073709551615 bytes
[Thu Nov 03 21:18:10 2005] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Thu Nov 03 21:18:10 2005] [notice] Digest: generating secret for digest
authentication ...
[Thu Nov 03 21:18:11 2005] [notice] Digest: done
[Thu Nov 03 21:18:11 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Thu Nov 03 21:18:11 2005] [notice] LDAP: SSL support unavailable
fc4_x86_64#

** If I remove php-snmp, both php and httpd work

** If I re-add php-snmp and run php as a non-root user, php works.
Comment 1 Victor Gregorio 2005-11-04 00:41:38 EST
Created attachment 120714 [details]
Strace of segfaulting php
Comment 2 Victor Gregorio 2005-11-04 00:43:26 EST
Created attachment 120715 [details]
Strace of broken httpd
Comment 3 Victor Gregorio 2005-11-04 00:46:10 EST
I forgot to add: Although php-snmp works initially (fresh install) as root, no
sequence of removal, reinstall or recompile allows PHP with snmp support to work
again. 
Comment 4 Radek Vokal 2005-11-04 07:20:04 EST
Hmm, this works on my x86_64 test box, version are same

# rpm -q net-snmp php httpd
net-snmp-5.2.1.2-fc4.1
php-5.0.4-10.4
httpd-2.0.54-10.2

Jorton, have you already seen this?
Comment 5 Joe Orton 2005-11-04 07:28:03 EST
I don't recall any similar reports, no.

Is that backtrace from the "custom compile" or from the stock RPMs?

You said "After some use, the CLI begins to segfault.", what do you mean? 
Simply that after some time, it stopped working?
Comment 6 Victor Gregorio 2005-11-04 12:12:38 EST
(In reply to comment #5)
> I don't recall any similar reports, no.
>
> Is that backtrace from the "custom compile" or from the stock RPMs?
>
> You said "After some use, the CLI begins to segfault.", what do you mean?
> Simply that after some time, it stopped working?

Hello.  The backtrace and strace logs are from using Fedora SRC RPMs built with
rpmbuild --rebuild.  The SRC RPMs are the most recent:

httpd-2.0.54-10.2.src.rpm
net-snmp-5.2.1.2-fc4.1.src.rpm
php-5.0.4-10.4.src.rpm

The PHP behaviour is a bit odd, so I will try and give you as much detail as
possible.  I originally discovered these problems with a custom compiled PHP
from PHP.net.  I was using Fedora's net-snmp, PHP from PHP.net, Apache from
apache.org.

I had a root cronjob that would call PHP's CLI for Cacti SNMP polling.  It
worked OK at first.  Root could easily run php, and start httpd.  I left this
cronjob running for a few hours.  In this time, nobody logged into the machine
and no RPMs were changed.  The system is not on the Internet, so external
meddling is unlikely.

Suddenly, I noticed that Cacti graphs were no longer being built.  I logged back
into the system and tried running the previously tested cronjob entry.  PHP
segfaulted.  When I tried to start HTTPD as root, I could not.  

So, I removed my compiled versions of PHP and Apache.  This was easy to do since
they were compiled with a custom --prefix. I could not recompile PHP, because
make install would fail when running PHP's CLI to install Pear.

Again, I removed ALL files associated with my custom compiles:
rm -rf /usr/local/apache
rm -rf /etc/httpd
rm -rf /usr/local/php5
rm -rf /usr/local/src/php*
rm -rf /usr/local/src/apache*

I then installed HTTPD and PHP using yum.  PHP worked perfectly until I
installed PHP-SNMP.  Then, I experienced the exact same problem--segfaulting PHP
and broken HTTPD.

To be sure, I uninstalled everything (yum remove snmp* php* httpd*).  Rebooted,
and installed again using Yum ONLY.   No love--same problem: segfaulting PHP.

So, I downloaded the SRC RPMs from Fedora and built them.  SRC RPMs are all the
most recent versions.  I removed everything again, and installed the built RPMs
(including debug RPMs). Then, I filled this bug report using gdb.

This sequence of events happened on two separate systems--both FC4 x86_64.  

I speculate that this is a problem with the net-snmp lib64 library.  The PHP and
Apache behaviour are just symptoms.
Comment 7 Radek Vokal 2005-11-07 04:57:09 EST
Created attachment 120776 [details]
snmpusm patch for noNameUser

Can you please test the attached patch. I guess it's fixing the issue but I
can't prove it.
Comment 8 Victor Gregorio 2005-11-07 22:44:25 EST
I temporarily lost access to the systems that originally experienced this
bug--they are being moved.  In the meantime, I am building a new system and
recreating the bug scenario.  Once that is done, I'll patch, test and report my
results here.  Thank you for the patch.
Comment 9 Radek Vokal 2006-02-08 04:36:08 EST
Ok, I believe this is fixed in rawhide

Note You need to log in before you can comment on or make changes to this bug.