Bug 233431

Summary: [bsnmpd] regression on 12-STABLE: crash on start
Product: Base System Reporter: emz
Component: binAssignee: Shteryana Shopova <syrinx>
Status: Closed FIXED    
Severity: Affects Some People CC: admin, ae, ed, emaste, eugene, markj
Priority: --- Keywords: regression
Version: 12.0-STABLE   
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221487
Bug Depends on:    
Bug Blocks: 228911    

Description emz 2018-11-23 09:19:41 UTC 
bsnmpd crashes right after start, was working on 11.x, regression happened after upgrade to 12.x. 100% reproducible, multiple instances:

FreeBSD san01.bsh-ru.playkey.net 12.0-PRERELEASE FreeBSD 12.0-PRERELEASE r340754 GENERIC  amd64
FreeBSD san01.boston.playkey.net 12.0-PRERELEASE FreeBSD 12.0-PRERELEASE r340673 GENERIC  amd6

Backtrace:

# gdb /usr/sbin/bsnmpd bsnmpd.core 
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `/usr/sbin/bsnmpd -p /var/run/snmpd.pid'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libbegemot.so.4...Reading symbols from /usr/lib/debug//lib/libbegemot.so.4.debug...done.
done.
Loaded symbols for /lib/libbegemot.so.4
Reading symbols from /usr/lib/libbsnmp.so.6...Reading symbols from /usr/lib/debug//usr/lib/libbsnmp.so.6.debug...done.
done.
Loaded symbols for /usr/lib/libbsnmp.so.6
Reading symbols from /usr/lib/libwrap.so.6...Reading symbols from /usr/lib/debug//usr/lib/libwrap.so.6.debug...done.
done.
Loaded symbols for /usr/lib/libwrap.so.6
Reading symbols from /lib/libc.so.7...Reading symbols from /usr/lib/debug//lib/libc.so.7.debug...done.
done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /lib/libcrypto.so.111...Reading symbols from /usr/lib/debug//lib/libcrypto.so.111.debug...done.
done.
Loaded symbols for /lib/libcrypto.so.111
Reading symbols from /lib/libthr.so.3...Reading symbols from /usr/lib/debug//lib/libthr.so.3.debug...done.
done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /libexec/ld-elf.so.1...Reading symbols from /usr/lib/debug//libexec/ld-elf.so.1.debug...done.
done.
Loaded symbols for /libexec/ld-elf.so.1
#0  strlen (str=0x801062223 <Address 0x801062223 out of bounds>) at /usr/src/lib/libc/string/strlen.c:101
101             va = (*lp - mask01);
[New Thread 8009e5000 (LWP 110269/<unknown>)]
(gdb) bt
#0  strlen (str=0x801062223 <Address 0x801062223 out of bounds>) at /usr/src/lib/libc/string/strlen.c:101
#1  0x00000008003d95a9 in __vfprintf (fp=<value optimized out>, locale=0x80044a4e8, fmt0=<value optimized out>, 
    ap=<value optimized out>) at /usr/src/lib/libc/stdio/vfprintf.c:854
#2  0x00000008003d71b4 in vfprintf_l (fp=0x80067bec0, locale=<value optimized out>, fmt0=0x80028e62f "%s %d - - ", 
    ap=0x7fffffffb5b0) at /usr/src/lib/libc/stdio/vfprintf.c:285
#3  0x00000008003deedb in fprintf (fp=0x80067bec0, fmt=0x80028e62f "%s %d - - ")
    at /usr/src/lib/libc/stdio/fprintf.c:57
#4  0x000000080041e16b in vsyslog (pri=<value optimized out>, fmt=0x200963 "error in config file", ap=0x7fffffffc510)
    at /usr/src/lib/libc/gen/syslog.c:210
#5  0x000000080041de8d in syslog (pri=<value optimized out>, fmt=<value optimized out>)
    at /usr/src/lib/libc/gen/syslog.c:129
#6  0x0000000000213bb1 in main (argc=0, argv=<value optimized out>)
Current language:  auto; currently minimal
(gdb) bt full
#0  strlen (str=0x801062223 <Address 0x801062223 out of bounds>) at /usr/src/lib/libc/string/strlen.c:101
        p = 0x801062223 <Address 0x801062223 out of bounds>
        lp = (const long unsigned int *) 0x801062220
        va = <value optimized out>
        vb = <value optimized out>
#1  0x00000008003d95a9 in __vfprintf (fp=<value optimized out>, locale=0x80044a4e8, fmt0=<value optimized out>, 
    ap=<value optimized out>) at /usr/src/lib/libc/stdio/vfprintf.c:854
        mbs = {__mbstate8 = 0x7fffffffb3c0 "\230����\177", _mbstateL = 140737488335768}
        mbseqlen = <value optimized out>
        xdigs_lower = 0x80029b7e0 "0123456789abcdef0123456789ABCDEF", ' ' <repeats 16 times>, '0' <repeats 16 times>, "��\023"
        xdigs_upper = 0x80029b7f0 "0123456789ABCDEF", ' ' <repeats 16 times>, '0' <repeats 16 times>, "��\023"
        expstr = 0x7fffffffb3b8 "p"
        buf = 0x7fffffffb300 ""
        ox = 0x7fffffffb258 ""
        statargtable = 0x7fffffffb280
        orgap = 0x7fffffffb260
        fmt = <value optimized out>
        nextarg = <value optimized out>
        saved_errno = 2
        ret = 0
        decimal_point = 0x80028c072 "."
        decpt_len = 1
        cp = 0x801062223 <Address 0x801062223 out of bounds>
        dtoaresult = <value optimized out>
        realsz = 24
        size = <value optimized out>
        flags = 17179171
        ch = <value optimized out>
        n = <value optimized out>
        dprec = Cannot access memory at address 0x0
(gdb)
Comment 1 Andrey V. Elsukov freebsd_committer freebsd_triage 2019-03-19 12:36:48 UTC 
Ed, can you take a look at this? It looks very like the problem appears after r332100. Also, Eugene or Vladislav, can you try revert r332100, rebuild/reinstall the world and try to reproduce the problem?
Comment 2 commit-hook freebsd_committer freebsd_triage 2019-06-21 07:46:06 UTC 
A commit references this bug:

Author: syrinx
Date: Fri Jun 21 07:45:59 UTC 2019
New revision: 349265
URL: https://svnweb.freebsd.org/changeset/base/349265

Log:
  No need for each bsnmpd(1) module to open connection to syslog

  bsnmpd(1) main does that early on init and the connection is available
  to all loaded modules

  Event:		Vienna Hackathon 2019
  PR:		233431 , 221487
  MFC after:	2 weeks

Changes:
  head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-01-18 10:55:42 UTC 
A commit references this bug:

Author: syrinx
Date: Sat Jan 18 10:55:38 UTC 2020
New revision: 356865
URL: https://svnweb.freebsd.org/changeset/base/356865

Log:
  MFC r349265: No need for each bsnmpd(1) module to open connection to syslog

  bsnmpd(1) main does that early on init and the connection is available
  to all loaded modules

  PR:		233431 , 221487
  Event:		Vienna Hackathon 2019

Changes:
_U  stable/12/
  stable/12/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c
Comment 4 Mark Johnston freebsd_committer freebsd_triage 2020-09-25 14:54:36 UTC 
Is this resolved now?
Comment 5 Mark Johnston freebsd_committer freebsd_triage 2020-09-25 14:54:47 UTC 
*** Bug 221487 has been marked as a duplicate of this bug. ***
Comment 6 Ed Maste freebsd_committer freebsd_triage 2020-09-25 15:28:59 UTC 
I can start bsnmpd without issue on -CURRENT, with no non-default config or with pf enabled as described in PR221487.

Confirmation from the original reporter or ae@ would be useful, ideally against the 12.2 BETA/RC images.
Comment 7 Eugene M. Zheganin 2020-09-28 09:22:58 UTC 
Yeah, seems to be working from some point for me too, thanks.
Comment 8 Mark Johnston freebsd_committer freebsd_triage 2020-09-28 11:54:02 UTC 
(In reply to Eugene M. Zheganin from comment #7)
Thanks for the update.