Your message dated Sat, 18 Mar 2017 17:32:29 +1100
with message-id <[email protected]>
and subject line Unable to confirm now
has caused the Debian Bug report #565635,
regarding Crashes when queried
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
565635: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565635
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: snmpd
Version: 5.4.2.1~dfsg-5
Severity: grave
Hi,
since the last upgrade, about any GETNEXT request makes snmpd crash,
first logging an assertion failure, then stumbling over what looks like
a null pointer dereference (address 0x20c).
To reproduce, try querying IP-MIB::ipAddressTable:
snmpgetnext -v2c -c private 127.0.0.1 1.3.6.1.2.1.4.34.1 1.3.6.1.2.1.4.34.2
1.3.6.1.2.1.4.34.3
The bug is not specific to IP-MIB, however -- there are a few problems
in this module too, but the crash happens later.
Valgrind log is attached.
Simon
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.32-trunk-powerpc
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages snmpd depends on:
ii adduser 3.112 add and remove users and groups
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii libc6 2.10.2-5 Embedded GNU C Library: Shared lib
ii libsnmp15 5.4.2.1~dfsg-4 SNMP (Simple Network Management Pr
ii libwrap0 7.6.q-18 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip
snmpd recommends no packages.
snmpd suggests no packages.
-- debconf information:
snmpd/upgradefrom521:
==23677== Memcheck, a memory error detector
==23677== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==23677== Using Valgrind-3.5.0-Debian and LibVEX; rerun with -h for copyright
info
==23677== Command: snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p
/var/run/snmpd.pid 127.0.0.1
==23677== Parent PID: 23646
==23677==
==23677== Source and destination overlap in strncpy(0xfd56ea9, 0xfd56ea9, 64)
==23677== at 0xFFBB4C8: strncpy (mc_replace_strmem.c:329)
==23677== by 0xFCFD9E3: snmp_log_syslogname (in
/usr/lib/libnetsnmp.so.15.1.2)
==23677== by 0xFCFDA5B: snmp_enable_syslog_ident (in
/usr/lib/libnetsnmp.so.15.1.2)
==23677== by 0xFCFE0FF: snmp_log_options (in /usr/lib/libnetsnmp.so.15.1.2)
==23677== by 0x10002713: main (in /usr/sbin/snmpd)
==23677==
==23677==
==23677== HEAP SUMMARY:
==23677== in use at exit: 954 bytes in 34 blocks
==23677== total heap usage: 87 allocs, 53 frees, 7,734 bytes allocated
==23677==
==23677==
==23677== HEAP SUMMARY:
==23677== in use at exit: 954 bytes in 34 blocks
==23677== total heap usage: 87 allocs, 53 frees, 7,734 bytes allocated
==23677==
==23677== LEAK SUMMARY:
==23677== definitely lost: 80 bytes in 2 blocks
==23677== indirectly lost: 240 bytes in 20 blocks
==23677== possibly lost: 0 bytes in 0 blocks
==23677== still reachable: 634 bytes in 12 blocks
==23677== suppressed: 0 bytes in 0 blocks
==23677== Rerun with --leak-check=full to see details of leaked memory
==23677==
==23677== For counts of detected and suppressed errors, rerun with: -v
==23677== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 5 from 3)
==23677== LEAK SUMMARY:
==23677== definitely lost: 80 bytes in 2 blocks
==23677== indirectly lost: 240 bytes in 20 blocks
==23677== possibly lost: 0 bytes in 0 blocks
==23677== still reachable: 634 bytes in 12 blocks
==23677== suppressed: 0 bytes in 0 blocks
==23677== Rerun with --leak-check=full to see details of leaked memory
==23677==
==23677== For counts of detected and suppressed errors, rerun with: -v
==23677== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 5 from 3)
==23677== Conditional jump or move depends on uninitialised value(s)
==23677== at 0xFE7328C: netsnmp_linux_interface_get_if_speed (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE746DB: netsnmp_arch_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE438D3: netsnmp_access_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE43B1B: netsnmp_access_interface_init (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE7C743: init_mib_modules (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0x10002BC3: main (in /usr/sbin/snmpd)
==23677==
==23677== Conditional jump or move depends on uninitialised value(s)
==23677== at 0xFE74374: netsnmp_arch_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE438D3: netsnmp_access_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE43B1B: netsnmp_access_interface_init (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE7C743: init_mib_modules (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0x10002BC3: main (in /usr/sbin/snmpd)
==23677==
==23677== Conditional jump or move depends on uninitialised value(s)
==23677== at 0xFE73294: netsnmp_linux_interface_get_if_speed (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE746DB: netsnmp_arch_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE438D3: netsnmp_access_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE43B1B: netsnmp_access_interface_init (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE7C743: init_mib_modules (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0x10002BC3: main (in /usr/sbin/snmpd)
==23677==
==23677== Conditional jump or move depends on uninitialised value(s)
==23677== at 0xFE7328C: netsnmp_linux_interface_get_if_speed (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE746DB: netsnmp_arch_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE438D3: netsnmp_access_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE48A4F: ifTable_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE4839B: ??? (in /usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFF0A67B: ??? (in /usr/lib/libnetsnmphelpers.so.15.1.2)
==23677== by 0xFF0B027: netsnmp_cache_handler_get (in
/usr/lib/libnetsnmphelpers.so.15.1.2)
==23677== by 0xFE4813B: _ifTable_initialize_interface (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE167EB: initialize_table_ifTable (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE16BFF: init_ifTable (in /usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE7CE53: init_mib_modules (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0x10002BC3: main (in /usr/sbin/snmpd)
==23677==
==23677== Conditional jump or move depends on uninitialised value(s)
==23677== at 0xFE74374: netsnmp_arch_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE438D3: netsnmp_access_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE48A4F: ifTable_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE4839B: ??? (in /usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFF0A67B: ??? (in /usr/lib/libnetsnmphelpers.so.15.1.2)
==23677== by 0xFF0B027: netsnmp_cache_handler_get (in
/usr/lib/libnetsnmphelpers.so.15.1.2)
==23677== by 0xFE4813B: _ifTable_initialize_interface (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE167EB: initialize_table_ifTable (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE16BFF: init_ifTable (in /usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE7CE53: init_mib_modules (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0x10002BC3: main (in /usr/sbin/snmpd)
==23677==
==23677== Conditional jump or move depends on uninitialised value(s)
==23677== at 0xFE73294: netsnmp_linux_interface_get_if_speed (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE746DB: netsnmp_arch_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE438D3: netsnmp_access_interface_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE48A4F: ifTable_container_load (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE4839B: ??? (in /usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFF0A67B: ??? (in /usr/lib/libnetsnmphelpers.so.15.1.2)
==23677== by 0xFF0B027: netsnmp_cache_handler_get (in
/usr/lib/libnetsnmphelpers.so.15.1.2)
==23677== by 0xFE4813B: _ifTable_initialize_interface (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE167EB: initialize_table_ifTable (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE16BFF: init_ifTable (in /usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0xFE7CE53: init_mib_modules (in
/usr/lib/libnetsnmpmibs.so.15.1.2)
==23677== by 0x10002BC3: main (in /usr/sbin/snmpd)
==23677==
==23677== Invalid read of size 4
==23677== at 0xFF18220: ??? (in /usr/lib/libnetsnmphelpers.so.15.1.2)
==23677== by 0xFF6A187: netsnmp_call_next_handler (in
/usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFF13F0F: table_helper_handler (in
/usr/lib/libnetsnmphelpers.so.15.1.2)
==23677== by 0xFF6A6B7: netsnmp_call_handlers (in
/usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFF5859B: handle_var_requests (in
/usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFF5A647: handle_pdu (in /usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFF5D1C7: netsnmp_handle_request (in
/usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFF5DF0B: handle_snmp_packet (in
/usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFCE2B8B: ??? (in /usr/lib/libnetsnmp.so.15.1.2)
==23677== by 0xFCE4ACF: _sess_read (in /usr/lib/libnetsnmp.so.15.1.2)
==23677== by 0xFCE521B: snmp_sess_read (in /usr/lib/libnetsnmp.so.15.1.2)
==23677== by 0xFCE52AB: snmp_read (in /usr/lib/libnetsnmp.so.15.1.2)
==23677== Address 0x20c is not stack'd, malloc'd or (recently) free'd
==23677==
==23677==
==23677== Process terminating with default action of signal 11 (SIGSEGV)
==23677== Access not within mapped region at address 0x20C
==23677== at 0xFF18220: ??? (in /usr/lib/libnetsnmphelpers.so.15.1.2)
==23677== by 0xFF6A187: netsnmp_call_next_handler (in
/usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFF13F0F: table_helper_handler (in
/usr/lib/libnetsnmphelpers.so.15.1.2)
==23677== by 0xFF6A6B7: netsnmp_call_handlers (in
/usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFF5859B: handle_var_requests (in
/usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFF5A647: handle_pdu (in /usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFF5D1C7: netsnmp_handle_request (in
/usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFF5DF0B: handle_snmp_packet (in
/usr/lib/libnetsnmpagent.so.15.1.2)
==23677== by 0xFCE2B8B: ??? (in /usr/lib/libnetsnmp.so.15.1.2)
==23677== by 0xFCE4ACF: _sess_read (in /usr/lib/libnetsnmp.so.15.1.2)
==23677== by 0xFCE521B: snmp_sess_read (in /usr/lib/libnetsnmp.so.15.1.2)
==23677== by 0xFCE52AB: snmp_read (in /usr/lib/libnetsnmp.so.15.1.2)
==23677== If you believe this happened as a result of a stack
==23677== overflow in your program's main thread (unlikely but
==23677== possible), you can try to increase the size of the
==23677== main thread stack using the --main-stacksize= flag.
==23677== The main thread stack size used in this run was 8388608.
==23677==
==23677== HEAP SUMMARY:
==23677== in use at exit: 776,860 bytes in 17,572 blocks
==23677== total heap usage: 20,514 allocs, 2,942 frees, 1,292,896 bytes
allocated
==23677==
==23677== LEAK SUMMARY:
==23677== definitely lost: 764 bytes in 21 blocks
==23677== indirectly lost: 240 bytes in 20 blocks
==23677== possibly lost: 0 bytes in 0 blocks
==23677== still reachable: 775,856 bytes in 17,531 blocks
==23677== suppressed: 0 bytes in 0 blocks
==23677== Rerun with --leak-check=full to see details of leaked memory
==23677==
==23677== For counts of detected and suppressed errors, rerun with: -v
==23677== Use --track-origins=yes to see where uninitialised values come from
==23677== ERROR SUMMARY: 74 errors from 8 contexts (suppressed: 5 from 3)
--- End Message ---
--- Begin Message ---
Hi,
This bug report was reported against version 5.4.2 of snmp. That was
seven years and many versions ago and, probably unsurprisingly, I am
unable to reproduce this bug now.
If you are still seeing this bug in a modern version of snmp then either
re-open this bug report or create a new one showing what you did to make
snmpd crash, if it has changed.
- Craig
--
Craig Small (@smallsees) https://dropbear.xyz/ csmall at : enc.com.au
Debian GNU/Linux https://www.debian.org/ csmall at : debian.org
GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
--- End Message ---
