v3.13/main/net-snmp: crashing with Segmentation fault in _refresh_disks
net-snmp-5.9-r3 running on Alpine 3.13 with the following line include in the configuration:
includeAllDisks 90%
is segfaulting
Here is the core dump result:
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/snmpd...
Reading symbols from /usr/lib/debug//usr/sbin/snmpd.debug...
[New LWP 2895]
Core was generated by `/usr/sbin/snmpd -p /var/run/snmpd.pid -LSwd -Lf /dev/null'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 _refresh_disks (minpercent=90) at ucd-snmp/disk_hw.c:240
240 ucd-snmp/disk_hw.c: No such file or directory.
(gdb) bt
#0 _refresh_disks (minpercent=90) at ucd-snmp/disk_hw.c:240
#1 var_extensible_disk (vp=0x7ffe1847b320, name=0x7ffe1847af20, length=0x7ffe1847ab18, exact=1, var_len=0x7ffe1847ab10, write_method=0x7ffe1847ab08) at ucd-snmp/disk_hw.c:324
#2 0x00007f0a878b60be in netsnmp_old_api_helper (handler=<optimized out>, reginfo=0x7f0a872caa90, reqinfo=0x7f0a87113770, requests=0x7f0a871c02b0) at helpers/old_api.c:332
#3 0x00007f0a878c2a0a in netsnmp_call_handler (requests=<optimized out>, reqinfo=<optimized out>, reginfo=<optimized out>, next_handler=0x7f0a872b9ca0) at agent_handler.c:546
#4 netsnmp_call_handler (next_handler=<optimized out>, reginfo=0x7f0a872caa90, reqinfo=0x7f0a87113770, requests=0x7f0a871c02b0) at agent_handler.c:505
#5 0x00007f0a878d06f2 in handle_var_requests (asp=asp@entry=0x7f0a87193db0) at snmp_agent.c:3012
#6 0x00007f0a878d14aa in handle_pdu (asp=asp@entry=0x7f0a87193db0) at snmp_agent.c:3796
#7 0x00007f0a878d18a5 in netsnmp_handle_request (asp=asp@entry=0x7f0a87193db0, status=status@entry=0) at snmp_agent.c:3687
#8 0x00007f0a878d1c39 in handle_snmp_packet (op=1, reqid=<optimized out>, magic=<optimized out>, pdu=<optimized out>, session=<optimized out>) at snmp_agent.c:2294
#9 handle_snmp_packet (op=1, session=<optimized out>, reqid=<optimized out>, pdu=<optimized out>, magic=<optimized out>) at snmp_agent.c:2186
#10 0x00007f0a875d4175 in _sess_process_packet_handle_pdu (transport=0x7f0a871130a0, pdu=0x7f0a871c56f0, isp=0x7f0a871125c0, sp=0x7f0a87127370, sessp=0x7f0a871a8b60) at snmp_api.c:5841
#11 _sess_process_packet (sessp=sessp@entry=0x7f0a871a8b60, sp=sp@entry=0x7f0a87127370, isp=isp@entry=0x7f0a871125c0, transport=transport@entry=0x7f0a871130a0, opaque=<optimized out>,
olength=<optimized out>, packetptr=0x7f0a870e5170 "00\002\001\001\004\nWBEM7WSIST\240\037\002\004-q\027\026\002\001", length=50) at snmp_api.c:5891
#12 0x00007f0a875d5288 in _sess_read (sessp=sessp@entry=0x7f0a871a8b60, fdset=fdset@entry=0x7ffe1847b9e8) at snmp_api.c:6152
#13 0x00007f0a875d52cc in snmp_sess_read2 (sessp=sessp@entry=0x7f0a871a8b60, fdset=fdset@entry=0x7ffe1847b9e8) at snmp_api.c:6425
#14 0x00007f0a875d5306 in snmp_read2 (fdset=fdset@entry=0x7ffe1847b9e8) at snmp_api.c:5940
#15 0x000055afd31bd102 in receive () at snmpd.c:1309
#16 0x000055afd31bc880 in main (argc=<optimized out>, argv=<optimized out>) at snmpd.c:1087
(gdb)
Running in valgrind gives the following result:
==3052== Invalid write of size 8
==3052== at 0x494F4B4: _refresh_disks (disk_hw.c:244)
==3052== by 0x494F4B4: var_extensible_disk (disk_hw.c:324)
==3052== by 0x48C70BD: netsnmp_old_api_helper (old_api.c:332)
==3052== by 0x48D3A09: netsnmp_call_handler (agent_handler.c:546)
==3052== by 0x48D3A09: netsnmp_call_handler (agent_handler.c:505)
==3052== by 0x48E16F1: handle_var_requests (snmp_agent.c:3012)
==3052== by 0x48E24A9: handle_pdu (snmp_agent.c:3796)
==3052== by 0x48E28A4: netsnmp_handle_request (snmp_agent.c:3687)
==3052== by 0x48E2C38: handle_snmp_packet (snmp_agent.c:2294)
==3052== by 0x48E2C38: handle_snmp_packet (snmp_agent.c:2186)
==3052== by 0x4BAB174: _sess_process_packet_handle_pdu (snmp_api.c:5841)
==3052== by 0x4BAB174: _sess_process_packet (snmp_api.c:5891)
==3052== by 0x4BAC287: _sess_read (snmp_api.c:6152)
==3052== by 0x4BAC2CB: snmp_sess_read2 (snmp_api.c:6425)
==3052== by 0x4BAC305: snmp_read2 (snmp_api.c:5940)
==3052== by 0x10C101: receive.isra.0 (snmpd.c:1309)
==3052== Address 0x55f32a0 is 800 bytes inside an unallocated block of size 675,936 in arena "client"
==3052==
==3052== Invalid write of size 4
==3052== at 0x494F4C2: _refresh_disks (disk_hw.c:243)
==3052== by 0x494F4C2: var_extensible_disk (disk_hw.c:324)
==3052== by 0x48C70BD: netsnmp_old_api_helper (old_api.c:332)
==3052== by 0x48D3A09: netsnmp_call_handler (agent_handler.c:546)
==3052== by 0x48D3A09: netsnmp_call_handler (agent_handler.c:505)
==3052== by 0x48E16F1: handle_var_requests (snmp_agent.c:3012)
==3052== by 0x48E24A9: handle_pdu (snmp_agent.c:3796)
==3052== by 0x48E28A4: netsnmp_handle_request (snmp_agent.c:3687)
==3052== by 0x48E2C38: handle_snmp_packet (snmp_agent.c:2294)
==3052== by 0x48E2C38: handle_snmp_packet (snmp_agent.c:2186)
==3052== by 0x4BAB174: _sess_process_packet_handle_pdu (snmp_api.c:5841)
==3052== by 0x4BAB174: _sess_process_packet (snmp_api.c:5891)
==3052== by 0x4BAC287: _sess_read (snmp_api.c:6152)
==3052== by 0x4BAC2CB: snmp_sess_read2 (snmp_api.c:6425)
==3052== by 0x4BAC305: snmp_read2 (snmp_api.c:5940)
==3052== by 0x10C101: receive.isra.0 (snmpd.c:1309)
==3052== Address 0x55f329c is 796 bytes inside an unallocated block of size 675,936 in arena "client"