View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0008947Rocky-Linux-9net-snmppublic2025-01-31 17:282025-02-05 22:11
ReporterBlaine Elzey Assigned ToNeil Hanlon  
PriorityhighSeveritymajorReproducibilityalways
Status acknowledgedResolutionopen 
PlatformLinuxOSRocky LinuxOS Version9.5
Summary0008947: file descriptor leak when reloading snmpd
DescriptionDuring reload, snmpd leaks the number of descriptors equal to the number of trap destinations configured.

[root@localhost ~]# lsof -p $(pidof snmpd) | wc -l
57
[root@localhost ~]# systemctl reload snmpd
[root@localhost ~]# lsof -p $(pidof snmpd) | wc -l
67
[root@localhost ~]# # rpm -qa|grep net-snmp
net-snmp-libs-5.9.1-17.el9.x86_64
net-snmp-agent-libs-5.9.1-17.el9.x86_64
net-snmp-5.9.1-17.el9.x86_64
net-snmp-utils-5.9.1-17.el9.x86_64
[root@localhost ~]# cat /etc/snmp/snmpd.conf
# Config by User
agentaddress udp:161
syslocation Unknown
syscontact root <root@localhost>
trapcommunity public
com2sec notConfigUser default public
trap2sink 127.0.0.1:162 public
trap2sink 135.114.108.48:162 public
view limitedview included .1.3.6.1.4.1.674.10892
view limitedview included .1.3.6.1.4.1.674.10893
smuxpeer .1.3.6.1.4.1.674.10892.1
smuxpeer .1.3.6.1.4.1.674.10892.5 iSMHostSNMPTrapForwarderFPI
# Restricted to edit
view limitedview included mib-2.system
view limitedview included mib-2.snmp
view limitedview included mib-2.interfaces
view limitedview included mib-2.icmp
view limitedview included mib-2.host
view limitedview excluded mib-2.host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunPath
view limitedview excluded mib-2.host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunParameters
view limitedview excluded mib-2.host.hrSWInstalled
view limitedview included private.enterprises.ucdavis.memory
view limitedview included private.enterprises.ucdavis.systemStats
view limitedview included private.enterprises.ucdavis.laTable
view limitedview included private.enterprises.netSnmp.netSnmpObjects
view limitedview included private.enterprises.1751
view limitedview included 1.3.6.1.6.3.10
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
access notConfigGroup "" any noauth exact limitedview none none
access notConfigGroup "" any noauth exact limitedview none none
agentgroup nobody
master agentx
agentXPerms 755 755 snmp snmp
rouser user1
rouser user2

# Extension
# Add trap destinations
trapsess -v 3 -u ammV3usr -l authPriv 127.0.0.1
trapsess -v 3 -u user2 -l authPriv 127.0.0.1
trapsess -v 3 -u ammV3usr -l authPriv 10.114.104.71
trapsess -v 3 -u user2 -l authPriv 10.114.104.71
trapsess -v 3 -u ammV3usr -l authPriv 10.1.0.71
trapsess -v 3 -u user2 -l authPriv 10.1.0.71
trapsess -v 3 -u ammV3usr -l authPriv 10.2.0.71
trapsess -v 3 -u user2 -l authPriv 10.2.0.71
[root@qip1250raid-fab ~]# cat /var/log/snmpd.log
Turning on AgentX master support.
Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
NET-SNMP version 5.9.1
Reconfiguring daemon

NET-SNMP version 5.9.1 restarted
Turning on AgentX master support.
duplicate registration: MIB modules ipAddressTable and ipAddressTable (oid .1.3.6.1.2.1.4.34).
[root@localhost ~]#

Steps To ReproduceUse snmpd config file with at least 1 trap destiation then reload snmpd
Additional InformationThe nightly log rotation jobs leak 10 FD in our case, with the defaul of 1024 FD limit, the snmpd will become inoperable about every 3 months
TagsNo tags attached.

Activities

Blaine Elzey

Blaine Elzey

2025-01-31 18:03

reporter   ~0009476

[root@localhost ~]# lsof -p $(pidof snmpd)>snmp1.out
[root@localhost ~]# systemctl reload snmpd
[root@localhost ~]# lsof -p $(pidof snmpd)>snmp2.out
[root@localhost ~]# diff snmp1.out snmp2.out
37c37
< snmpd 185338 root 3w REG 253,4 319 426 /var/log/snmpd.log
---
> snmpd 185338 root 3w REG 253,4 503 426 /var/log/snmpd.log
67a68,77
> snmpd 185338 root 35u IPv4 7012248 0t0 UDP *:46271
> snmpd 185338 root 36u IPv4 7012249 0t0 UDP *:49144
> snmpd 185338 root 37u IPv4 7012253 0t0 UDP *:54760
> snmpd 185338 root 38u IPv4 7012254 0t0 UDP *:41654
> snmpd 185338 root 39u IPv4 7012255 0t0 UDP *:44622
> snmpd 185338 root 40u IPv4 7012256 0t0 UDP *:46904
> snmpd 185338 root 41u IPv4 7012257 0t0 UDP *:42636
> snmpd 185338 root 42u IPv4 7012258 0t0 UDP *:46861
> snmpd 185338 root 43u IPv4 7012259 0t0 UDP *:45202
> snmpd 185338 root 44u IPv4 7012260 0t0 UDP *:51814
Blaine Elzey

Blaine Elzey

2025-02-05 16:32

reporter   ~0009505

This looks like the issue is known and fixed in upstream: https://sourceforge.net/p/net-snmp/patches/1244/. Con you confirm this is the same and provide an ETA for rpm availability?
Blaine Elzey

Blaine Elzey

2025-02-05 22:08

reporter   ~0009506

I compiled 5.10 from source on RHEL7 and the leak did not occur with the same configuration/system.

With NET-SNMP version 5.10 the issue appears fixed. Since the issue of fd leak happened the same on both RedHat 7 and Rocky 9, I don’t plan to setup and build a binary to test Rocky9, but I expect the same result. I just would like to know if this is acknowledged and when there will be a fix. The leak results in inoperable monitoring once the fd limit is reached, at least every 3 months.

[root@localhost ~]# ps -ef|grep snmpd
root 8207 1 0 16:11 ? 00:00:00 net-snmp/snmpd -Lo /var/log/snmpd.log -f
[root@localhost ~]# lsof -p 8207 |wc -l
22
[root@localhost ~]# kill -HUP 8207
[root@localhost ~]# lsof -p 8207 |wc -l
22
[root@localhost ~]# kill -HUP 8207
[root@localhost ~]# lsof -p 8207 |wc -l
22
[root@localhost ~]# cat /etc/snmp/snmpd.conf |grep trap
trapcommunity public
trap2sink 127.0.0.1:162 public
trapsess -v 3 -u user1 -l authPriv 127.0.0.1
trapsess -v 3 -u user2 -l authPriv 127.0.0.1
trapsess -v 3 -u user1 -l authPriv 11.0.0.71
trapsess -v 3 -u user2 -l authPriv 10.0.0.71
trapsess -v 3 -u user1 -l authPriv 10.1.0.71
trapsess -v 3 -u user2 -l authPriv 10.1.0.71
trapsess -v 3 -u user1 -l authPriv 10.2.0.71
trapsess -v 3 -u user2 -l authPriv 10.2.0.71
[root@localhost ~]# lsof -p 8207 |wc -l
22
[root@localhost ~]# kill -HUP 8207
[root@localhost ~]# lsof -p 8207 |wc -l
22
[root@localhost ~]# tail /var/log/snmpd.log
NET-SNMP version 5.10
Reconfiguring daemon
NET-SNMP version 5.10 restarted
Reconfiguring daemon
NET-SNMP version 5.10 restarted
Neil Hanlon

Neil Hanlon

2025-02-05 22:11

administrator   ~0009507

Hi,

Thanks for reporting this. As Rocky is a rebuild of Red Hat Enterprise Linux, the best course of action is to attempt to reproduce it on CentOS Stream or RHEL (if you have not yet), and then file a ticket on https://issues.redhat.com for it. I'm happy to provide guidance on that if you'd like, but otherwise Rocky is intended to be in lock-step with RHEL.

Best,
Neil

Issue History

Date Modified Username Field Change
2025-01-31 17:28 Blaine Elzey New Issue
2025-01-31 18:03 Blaine Elzey Note Added: 0009476
2025-02-05 16:32 Blaine Elzey Note Added: 0009505
2025-02-05 22:08 Blaine Elzey Note Added: 0009506
2025-02-05 22:11 Neil Hanlon Note Added: 0009507
2025-02-05 22:11 Neil Hanlon Assigned To => Neil Hanlon
2025-02-05 22:11 Neil Hanlon Status new => acknowledged