toolchain/50939: Bug in GCC optionization causing i386 net-snmpd to crash

To: toolchain-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: toolchain/50939: Bug in GCC optionization causing i386 net-snmpd to crash
From: kivinen%iki.fi@localhost
Date: Fri, 11 Mar 2016 14:20:01 +0000 (UTC)

>Number:         50939
>Category:       toolchain
>Synopsis:       snmpd crashes when compiled with gcc -O2
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    toolchain-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 11 14:20:01 +0000 2016
>Originator:     Tero Kivinen
>Release:        NetBSD 7.0_STABLE
>Organization:
IKI ry
>Environment:
System: NetBSD seuraava.iki.fi 7.0_STABLE NetBSD 7.0_STABLE (GENERIC) #0: Sat Mar 5 20:05:29 EET 2016 kivinen%seuraava.iki.fi@localhost:/usr/obj/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:

	I have maching running net-snmpd and immediately when the
	monitoring script connects to the snmpd and tries to read cpu
	statistics the
	net-snmp-5.7.3/agent/mibgroup/hardware/cpu/cpu_sysctl.c
	crashes. If the net-snmpd is compiled without optimizations it
	does not crash. This only happens on the i386 architecture, it
	does not appear on amd64 architecture.

	Before the crash the system will print error message to the
	syslog saying:

	sysctl vm.vm_meter failed (errno 0)

	Using gdb to debug the code it seems it starts executing
	netsnmp_cpu_arch_load, and does the first few calls nomally,
	i.e. the cpu_stats call (line 200) etc, and then does the
	mem_mib call (line 218), but before actually storing the
	mem_stats output to the cpu->* structure (at line 220) it goes
	on and runs the NetBSD specific code reading kern.cp_time
	(line 233 forward) and after that is done it jumps back to
	check the error status of the mem_mib call (at line 219), thus
	printing out error message about the sysctl vm.vm_meter
	failing (even when it actually did succeed), and then it tries
	to store the data to cpu->* structure (at line 220), but as
	cpu variable has been trashed at this point, it has value of
	0x77 and this will cause crash.

>How-To-Repeat:

	Install NetBSD 7.0 from CVS on i386 machine. Install
	/usr/pkgsrc/net/net-snmp and the net-snmp will crash
	immediately when it calls the netsnmp_cpu_arch_load.

	I.e. start snmpd

	/etc/rc.d/snmpd start

	In our system it crashed in less than minute. 

>Fix:

	cd /usr/pkgsrc/net/net-snmp
	make configure
	<edit all Makefiles, and remove -O2 and -O2 from the CFLAGS>
	make install
	/etc/rc.d/snmpd start

Prev by Date: re: kern/50629: netbsd-7 kernel panic
Next by Date: Re: lib/50936: security/openssh segfaults on NetBSD-current
Previous by Thread: Re: kern/31477 (Heavy disk IO to raid0 locks up system)
Next by Thread: toolchain/50940: cc -ffast-math fails to disable denormals on amd64
Indexes:

Home | Main Index | Thread Index | Old Index