the snmpd segfault and exit right after the init script was done, here is the message logged to kernel snmpd[30975]: segfault at 0000000000000001 rip 000036e6dc92e7ad rsp 00007917f599 7ad0 error 4 grsec: From 192.168.0.2: denied resource overstep by requesting 4096 for RLIMIT_ CORE against limit 0 for /usr/sbin/snmpd[snmpd:30975] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 I'm using Dual-Xeon with 64bit system, here is my emerge info Portage 2.0.51.22-r3 (hardened/amd64, gcc-3.4.4, glibc-2.3.5-r2, 2.6.13-hardened x86_64) ================================================================= System uname: 2.6.13-hardened x86_64 Intel(R) Xeon(TM) CPU 2.80GHz Gentoo Base System version 1.6.13 dev-lang/python: 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.20 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -O2 -pipe -fforce-addr -pipe -msse3 -msse2 -mfpmath=sse -D NDEBUG -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X1 1/xkb /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=nocona -O2 -pipe -fforce-addr -pipe -msse3 -msse2 -mfpmath=sse -DNDEBUG -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://192.168.0.1 http://mirror.datapipe.net/pub/gentoo http:// mirror.datapipe.net/pub/gentoo" LC_ALL="en_US.UTF-8" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://owl.gentoo.org/gentoo-portage" USE="X Xaw3d a52 aac aalib accessibility acl acpi adns aim alsa amd64 apache2 ap m atlas authdaemond avi bash-completion bcmath berkdb bidi bitmap-fonts bluetoot h bmp bonobo bzip2 bzlib calendar canna caps cdparanoia cdr cjk crypt cscope cty pe cups curl curlwrappers dbase dbm dbx dedicated dio dmx dv dvd dvdr dvdread em acs-w3 encode esd ethereal evo exif expat fam fastcgi fbcon ffmpeg flac flash fl atfile foomaticdb fortran freetds freetype freewnn ftp gb gd gdbm geoip gif gimp print ginac glut gmp gnome gnustep gnutls gphoto2 gpm gps gstreamer gtk gtk2 gtk html guile hal hardened icc-pgo iconv icq idn imagemagick imap imlib inifile inn odb ipv6 ithreads jabber java javascript jikes joystick jpeg junit justify kde k erberos ladcca lcms ldap leim lesstif libedit libg++ libgda libwww lirc lm_senso rs logrotate m17n-lib maildir mailwrapper matroska mcal mcve memlimit mhash mikm od milter mime ming mmap mng motif mp3 mpeg mpi msn mule mysql mysqli ncurses ne Xt netcdf nhc98 nis nls nocardbus nocd nptl nptlonly odbc offensive ofx openal o pengl oscar pam pcmcia pcntl pcre pda pdflib perl php pic pie plotutils png pnp posix postgres ppds prelude profile python qt quicktime readline recode ruby sam ba sasl scanner session sftplogging sharedext sharedmem shorten simplexml skey s lang slp snmp soap sockets socks5 sox speex spell spl sqlite ssl svg symlink sys fs sysvipc szip tcltk tcpd tetex theora threads tidy tiff tokenizer truetype tru sted unicode usb v4l vcd vhosts videos voodoo3 wavelan wddx wifi wmf wxwindows x face xine xinerama xml xml2 xmlrpc xosd xpm xprint xsl xv xvid yahoo yaz zeo zli b userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LDFLAGS, LINGUAS, PORTDIR_OVERLAY note, the 2.6.13 kernel was used because 2.6.11 also segfault. Reproducible: Always Steps to Reproduce: 1. 2. 3.
You must remove -DNDEBUG from your CFLAGS before and recompile before anybody will check this bug. I'd suggest relaxing the other cflags also. (sse2/3 are known to misbehave) but the NDEBUG in CFLAGS is probably one of the worst ideas you could ever do.
no difference, I changed my cflags as these: CFLAGS="-march=nocona -O2 -pipe -fforce-addr -pipe -fomit-frame-pointer" and the use flag: [ebuild R ] net-analyzer/net-snmp-5.2.1.2-r1 +X -doc -elf +ipv6 +lm_sensors -minimal +perl -rpm (-selinux) +smux +ssl +tcpd 0 kB after I rebuild snmpd without -DNDEBUG there is no segfault any more, but, It still not work, show me this: Oct 21 16:54:38 [kernel] grsec: From 192.168.0.2: denied resource overstep by re questing 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/snmpd[snmpd:30585] u id/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
I don't own an amd64 so please try to pinpoint it down to which CFLAG/USE= flag
no, after I set CFLAGS="" and set USE=elf, USE="-elf -dmux", snmpd still report RLIMIT_CORE thing like above, I've tried snmp-5.1x, also killed by grsec. ct 25 14:38:18 [kernel] grsec: From 192.168.0.2: denied resource overstep by re questing 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/snmpd[snmpd:31944] u id/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 and, I don't think this problem is related to CFLAGS/USE, just like glibc-2.3.5-r1 problem on hardened system.
I get the same error with net-snmp-5.2.1.2-r1on a AMD 64, not hardened, when USE lm_sensors is added to my make.conf. If i remove lm_sensors the snmpd process runs perfectly. emerge --info: Portage 2.0.53_rc6 (default-linux/amd64/2005.0, gcc-3.4.4, glibc-2.3.5-r3, 2.6.13-gentoo-r5-devil x86_64) ================================================================= System uname: 2.6.13-gentoo-r5-devil x86_64 AMD Athlon(tm) 64 Processor 3800+ Gentoo Base System version 1.12.0_pre9 dev-lang/python: 2.3.5, 2.4.2 sys-apps/sandbox: 1.2.13 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.20 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64 ~amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O3 -march=athlon64 -ffast-math -funroll-loops -funit-at-a-time -fpeel-loops -ftracer -funswitch-loops -fomit-frame-pointer -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib64/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -march=athlon64 -ffast-math -funroll-loops -funit-at-a-time -fpeel-loops -ftracer -funswitch-loops -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://ftp.du.se/pub/os/gentoo/ http://mirror.pudas.net/gentoo/ http://gentoo.eliteitminds.com http://gentoo.mirror.icd.hu/ ftp://mir.zyrianes.net/gentoo/" LDFLAGS="-Wl,-O1 -Wl,--enable-new-dtags -Wl,--sort-common -Wl,--strip-all" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X alsa amd64 avi bash-completion bitmap-fonts browserplugin bzlib cdr crypt cups curl dvd dvdr eds emboss encode esd fam fbcon flac foomaticdb fortran gd gif gnome gpm gstreamer gtk gtk2 hal howl imlib imlib2 ipv6 java jpeg lzw lzw-tiff mad mfd-rewrites mozilla mp3 mpeg ncurses nls nptl nvidia ogg opengl pam pdflib perl png python quicktime readline samba sdl snmp spell sqlite ssl sysvipc tcpd tiff truetype truetype-fonts type1-fonts udev usb userlocales vorbis xine xml xml2 xmms xpm xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LINGUAS
Removing hardened from CC as comment #5 explains this is in lm_sensors. Note netmon herd: Dont be overly shocked about bugs on 64bit systems. I talked with the net-snmp author some time ago and the story I got was that 64bit support is limited and improper results can happen when polling OID's.
so should we drop the lm_sensors use flag for amd64 then?
Some days ago I dropped lm_sensors support in all ebuilds. The patch we have has a memory leak, etc. This is bug 109785. A user just pointed out that lm_sensors works without our patch, so perhaps we can just drop the patch and use net-snmp's built-in lm_sensors support. Maybe it fixes this bug, too.
Is this still an issue?
Feel free to reopen if it is still an issue with latest version in tree