[Pkg-net-snmp-devel] Bug#961789: snmpd: 100% CPU utilisation of snmpd after subagents are disconnecting

Danny Smit danny.smit.0 at gmail.com
Fri May 29 10:52:06 BST 2020 

Package: snmpd
Version: 5.7.3+dfsg-1.7+deb9u1
Severity: important
Tags: upstream patch

Dear Maintainer,

   * What led up to the situation?
     The snmpd is configured to allow AgentX subagent to connect.
     When on or more of the subagents are restart, the snmpd
     sometimes ends up in a state where it utilizes 100% of the CPU.
     Afterwards communication between subagents and snmp doesn't work
     anymore.

     The following upstream bugreport seems to describe the same behaviour:
     https://sourceforge.net/p/net-snmp/bugs/2411/

     The 'agentofdeath', attached to the above bugreport, can be used to
     reproduce the problem. It can be compiled as follows:

       make subagent
       while true; do ./subagent; done

     When the snmp-crashme.sh script, attached to the bugreport, is
     started as follows:

       sh ./snmp-crashme.sh localhost

     The 100% CPU utilization of snmp occurs within minutes.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

     Both reports:
     - https://sourceforge.net/p/net-snmp/bugs/2411/
     - https://sourceforge.net/p/net-snmp/patches/1237/
     point at net-snmp code revision 793d596838ff7cb48a73b675d62897c56c9e62df,
     which is the expected fix according to the issues. The second bug report
     describes that it is only applied to net-snmp 5.8, because it is breaks
     the API. Unfortunately Debian 9 still uses verson 5.7.3 (and Debian 10
     as well, which also shows this issue!).

     I did a test by retrieving the Debian 9 net-snmp source package, applying
     revision 793d596838ff7cb48a73b675d62897c56c9e62df to it. I also need to
     disable debian/patches/fix_snmpd_hang_bug_2411, as it is an early version
     of the patch (described in
https://sourceforge.net/p/net-snmp/patches/1237/).

     I installed the rebuild net-snmp packages (libsnmp-base libsnmp30, snmpd)
     on 3 hosts, restarted snmpd and repeated the test described above.

   * What was the outcome of this action?

     On all the 3 hosts, snmpd kept running over night without showing the load
     problem or crashing.


-- System Information:
Debian Release: 9.12
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'oldstable-updates'), (500,
'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-12-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages snmpd depends on:
ii  adduser                3.115
ii  debconf [debconf-2.0]  1.5.61
ii  init-system-helpers    1.48
ii  libc6                  2.24-11+deb9u4
ii  libsnmp-base           5.7.3+dfsg-1.7+deb9u1
ii  libsnmp30              5.7.3+dfsg-1.7+deb9u1
ii  lsb-base               9.20161125

snmpd recommends no packages.

Versions of packages snmpd suggests:
ii  snmptrapd  5.7.3+dfsg-1.7+deb9u1

-- Configuration Files:
/etc/snmp/snmpd.conf

    trapcommunity public

    skipNFSInHostResources true

    agentXPerms 777 1777

    sysServices 72

    master agentx


-- debconf information excluded
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix_snmpd_hang_bug_2411_revision_793d596838ff7cb48a73b675d62897c56c9e62df.patch
Type: text/x-patch
Size: 7285 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-net-snmp-devel/attachments/20200529/1cbc9148/attachment.bin>

More information about the Pkg-net-snmp-devel mailing list