With net-snmp 5.4.2.1, I'm getting a segfault in snmp_free_pdu() from what appears to me to be a dual-free of the pdu. It's a very intermittent problem that I only have 2 core files from.
In snmp_free_pdu() the comment section starting at line 5358 discusses that a dual-free of a pdu with random junk is possible here, and that appears to be exactly what I'm hitting.
Anyone have any suggestions for how to fix or work around this?
The relevant part of the bt from the two cores I have are:
#0 0xb7952ef5 in free () from /lib/libc.so.6
#1 0xb6a144d4 in snmp_free_pdu (pdu=0xadc09640) at snmp_api.c:5035
#2 0xb6a2103c in snmp_sess_timeout (sessp=0x80c1028) at snmp_api.c:6190
#3 0xb69f6960 in snmp_sess_synch_response (sessp=0x80c1028, pdu=0xadc25508, response=0xbf82319c) at snmp_client.c:1107
and
#0 snmp_free_varbind (var=0x312e322e) at snmp_api.c:4993
#1 0xb69f94c5 in snmp_free_pdu (pdu=0xae72a658) at snmp_api.c:5034
#2 0xb6a0603c in snmp_sess_timeout (sessp=0x80acb28) at snmp_api.c:6190
#3 0xb69db960 in snmp_sess_synch_response (sessp=0x80acb28, pdu=0xae75c6b0, response=0xaff301fc) at snmp_client.c:1107
above that is an external program calling into libsnmp.
The contents of the pdu being freed for each core is:
(gdb) print *pdu
$2 = {version = 135295816, command = 135206968, reqid = -1212787020, msgid = 323683447, transid = -1346151180,
sessid = -1346135400, errstat = 0, errindex = 0, time = 0, flags = 3082180276, securityModel = -1212787020,
securityLevel = 134985332, msgParseModel = 135001244, transport_data = 0xff, transport_data_length = 45575,
tDomain = 0xff, tDomainLen = 3082180276, variables = 0x0, community = 0x0, community_len = 255, enterprise = 0x5f504d01,
enterprise_length = 5, trap_type = 0, specific_type = 37, agent_addr = "\001\000\000", contextEngineID = 0xadc1a6b0 "",
contextEngineIDLen = 0, contextName = 0x0, contextNameLen = 2915370808,
securityEngineID = 0xadc1a620 "H���hH\n\b8\aŭP\021ŭ", securityEngineIDLen = 842281267,
securityName = 0x1d <Address 0x1d out of bounds>, securityNameLen = 0, priority = -1379670592, range_subid = -1379590112,
securityStateRef = 0xadc1c0b8}
and
(gdb) print *pdu
$1 = {version = -1368391472, command = -1368391472, reqid = 3211314, msgid = 653517731, transid = 822096640,
sessid = 838873856, errstat = 855652402, errindex = 959512625, time = 3487488, flags = 838874166, securityModel = 48,
securityLevel = 68, msgParseModel = 0, transport_data = 0x29, transport_data_length = -1, tDomain = 0x332e312e,
tDomainLen = 825112110, variables = 0x312e322e, community = 0x2e37312e <Address 0x2e37312e out of bounds>,
community_len = 775106100, enterprise = 0x2e332e31, enterprise_length = 775434802, trap_type = 825110835,
specific_type = 892808761, agent_addr = ".64.", contextEngineID = 0x32 <Address 0x32 out of bounds>,
contextEngineIDLen = 0, contextName = 0x29 <Address 0x29 out of bounds>, contextNameLen = 2926575712,
securityEngineID = 0xae700060 "��u���u�\210ku�\210ku�h", securityEngineIDLen = 0, securityName = 0x0,
securityNameLen = 0, priority = 0, range_subid = 0, securityStateRef = 0x0}
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
