#2493 5.7.2 crashes under FreeBSD when run -u nobody -g nobody
On a system with /dev/kmem or /dev/mem, launching snmpd as follows:
snmpd -u nobody -g nobody
Then, running an snmpwalk against the host, will result in snmpd exiting.
ktrace output:
42623 snmpd CALL open(0x80152dda6,0x100000<o_cloexec>,<unused>0)
42623 snmpd NAMI "/dev/mem"
42623 snmpd RET open -1 errno 13 Permission denied
42623 snmpd CALL write(0x3,0x802808000,0x21)
42623 snmpd GIO fd 3 wrote 33 bytes
"kvm_openfiles: Permission denied
"
42623 snmpd RET write 33/0x21
42623 snmpd CALL write(0x3,0x802808000,0x2b)
42623 snmpd GIO fd 3 wrote 43 bytes
"kvm_openfiles: /dev/mem: Permission denied
"
42623 snmpd RET write 43/0x2b
42623 snmpd CALL sigprocmask(SIG_BLOCK,0x8008214d8,0x7fffffff9dd0)
42623 snmpd RET sigprocmask 0
42623 snmpd CALL sigprocmask(SIG_SETMASK,0x8008214ec,0)
42623 snmpd RET sigprocmask 0
...
42623 snmpd RET sigprocmask 0
42623 snmpd CALL sigprocmask(SIG_BLOCK,0x8008214d8,0x7fffffff9960)
42623 snmpd RET sigprocmask 0
42623 snmpd CALL sigprocmask(SIG_SETMASK,0x8008214ec,0)
42623 snmpd RET sigprocmask 0
42623 snmpd CALL exit(0x1)</unused></o_cloexec>
snmpwalk output:
IF-MIB::ifCounterDiscontinuityTime.1 = Timeticks: (0) 0:00:00.00
IF-MIB::ifCounterDiscontinuityTime.2 = Timeticks: (0) 0:00:00.00
IF-MIB::ifCounterDiscontinuityTime.3 = Timeticks: (0) 0:00:00.00
IF-MIB::ifCounterDiscontinuityTime.4 = Timeticks: (0) 0:00:00.00
IF-MIB::ifCounterDiscontinuityTime.5 = Timeticks: (0) 0:00:00.00
IF-MIB::ifTableLastChange.0 = Timeticks: (0) 0:00:00.00
IPV6-MIB::ipv6Forwarding.0 = INTEGER: notForwarding(2)
IPV6-MIB::ipv6DefaultHopLimit.0 = INTEGER: 64
IPV6-MIB::ipv6Interfaces.0 = Gauge32: 5
IPV6-MIB::ipv6IfDescr.1 = STRING: igb0
IPV6-MIB::ipv6IfDescr.2 = STRING: igb1
IPV6-MIB::ipv6IfDescr.3 = STRING: pflog0
IPV6-MIB::ipv6IfDescr.4 = STRING: lo0
IPV6-MIB::ipv6IfDescr.5 = STRING: lo1
IPV6-MIB::ipv6IfLowerLayer.1 = OID: SNMPv2-SMI::zeroDotZero
IPV6-MIB::ipv6IfLowerLayer.2 = OID: SNMPv2-SMI::zeroDotZero
IPV6-MIB::ipv6IfLowerLayer.3 = OID: SNMPv2-SMI::zeroDotZero
IPV6-MIB::ipv6IfLowerLayer.4 = OID: SNMPv2-SMI::zeroDotZero
IPV6-MIB::ipv6IfLowerLayer.5 = OID: SNMPv2-SMI::zeroDotZero
IPV6-MIB::ipv6IfEffectiveMtu.1 = Gauge32: 1500 octets
IPV6-MIB::ipv6IfEffectiveMtu.2 = Gauge32: 1500 octets
IPV6-MIB::ipv6IfEffectiveMtu.3 = Gauge32: 33152 octets
IPV6-MIB::ipv6IfEffectiveMtu.4 = Gauge32: 16384 octets
IPV6-MIB::ipv6IfEffectiveMtu.5 = Gauge32: 16384 octets
Timeout: No Response from host.test.com
If you have a look at init_nlist() then you will see that this behavior is on purpose. Adding -r to the snmpd argument list will avoid that snmpd exits if kvm_openfiles() fails.
This also happens when snmpd is running with -r.
In my test with the latest version of the master branch adding -r was sufficient. Please retest with the latest version of the v5.7 branch instead of v5.7.2.
root@testhost:/home/zi # service snmpd onestart
Starting snmpd.
root@testhost:/home/zi # ps auxw|grep snmp
nobody 6100 1.0 0.0 35980 8116 - S 2:55PM 0:00.01 /usr/local/sbin/snmpd -p /var/run/net_snmpd.pid -r -u nobody -g nobody 127.0.0.1
root@testhost:/home/zi # snmpwalk localhost
...
IPV6-MIB::ipv6IfLowerLayer.5 = OID: SNMPv2-SMI::zeroDotZero
IPV6-MIB::ipv6IfEffectiveMtu.1 = Gauge32: 1500 octets
IPV6-MIB::ipv6IfEffectiveMtu.2 = Gauge32: 1500 octets
IPV6-MIB::ipv6IfEffectiveMtu.3 = Gauge32: 33152 octets
IPV6-MIB::ipv6IfEffectiveMtu.4 = Gauge32: 16384 octets
IPV6-MIB::ipv6IfEffectiveMtu.5 = Gauge32: 16384 octets
Timeout: No Response from localhost
root@testhost:/home/zi # ps auxw|grep snmp
root 6241 0.0 0.0 18720 1900 1 S+ 2:55PM 0:00.00 grep snmp
Will try that shortly. Do you have an ETA for the next release? It is tough to keep back-porting things into 5.7.2.
Sorry but I don't know when 5.7.3 will be released.
I'm using FreeBSD 9.2 and I'm also getting the same issue with 5.7.2 and with the most recent update 5.7.3.pre1.
For me once it gets to IPV6-MIB::ipv6IfEffectiweMtu.3 = Gauge32: 16384 octets
snmpwalk times out and snmpd is no longer running. I have to start it up again from the rc.d script.