Segmentation fault (core dumped) on Red Hat Enterprise Linux (RHEL) 9, AlmaLinux 9 and Centos Stream 9

[dlonghi]

Tried versions 0.24.4 and 0.25.0-rc1, rpm and x86_64.tar.gz.

[lab@devbox-1:~]$ ./gnmic
Segmentation fault (core dumped)

[lab@devbox-1:~]$ cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="9.0 (Plow)"
ID="rhel"
VERSION_ID="9.0"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)"

[karimra]

What cpu architecture are you getting this error on?

[dlonghi]

x86_64

[karimra]

Sadly I'm not able to reproduce this issue:

[root@ba546b0cf68b /]# bash -c "$(curl -sL https://get-gnmic.kmrd.dev)"
Downloading https://github.com/karimra/gnmic/releases/download/v0.25.0-rc1/gnmic_0.25.0-rc1_linux_x86_64.tar.gz
Preparing to install gnmic 0.25.0-rc1 into /usr/local/bin
gnmic installed into /usr/local/bin/gnmic
version : 0.25.0-rc1
 commit : b1881e5
   date : 2022-04-26T06:22:16Z
 gitURL : https://github.com/karimra/gnmic
   docs : https://gnmic.kmrd.dev
[root@ba546b0cf68b /]# gnmic
run gnmi rpcs from the terminal (https://gnmic.kmrd.dev)

Usage:
  gnmic [command]

Available Commands:
  capabilities query targets gnmi capabilities
  completion   generate completion script
  diff         run a diff comparison between targets
  generate     generate paths or JSON/YAML objects from YANG
  get          run gnmi get on targets
  getset       run gnmi get then set on targets
  help         Help about any command
  listen       listens for telemetry dialout updates from the node
  path         generate gnmi or xpath style from yang file
  prompt       enter the interactive gnmic prompt mode
  set          run gnmi set on targets
  subscribe    subscribe to gnmi updates on targets
  version      show gnmic version

Flags:
  -a, --address strings          comma separated gnmi targets addresses
      --api string               gnmic api address
      --cluster-name string      cluster name the gnmic instance belongs to, this is used for target loadsharing via a locker (default "default-cluster")
      --config string            config file (default is $HOME/gnmic.yaml)
  -d, --debug                    debug mode
      --dir stringArray          YANG dir(s)
  -e, --encoding string          one of ["json" "bytes" "proto" "ascii" "json_ietf"]. Case insensitive (default "json")
      --exclude stringArray      YANG module names to be excluded
      --file stringArray         YANG file(s)
      --format string            output format, one of: ["json" "protojson" "prototext" "event" "proto" "flat"]
      --gzip                     enable gzip compression on gRPC connections
  -h, --help                     help for gnmic
      --insecure                 insecure connection
      --instance-name string     gnmic instance name
      --log                      write log messages to stderr
      --log-file string          log file path
      --log-tls-secret           enable logging of a TLS pre-master secret to a file
      --max-msg-size int         max grpc msg size (default 536870912)
      --no-prefix                do not add [ip:port] prefix to print output in case of multiple targets
  -p, --password string          password
      --port string              gRPC port (default "57400")
      --print-request            print request as well as the response(s)
      --proto-dir stringArray    directory to look for proto files specified with --proto-file
      --proto-file stringArray   proto file(s) name(s)
      --proxy-from-env           use proxy from environment
      --retry duration           retry timer for RPCs (default 10s)
      --skip-verify              skip verify tls connection
      --targets-file string      path to file with targets configuration
      --timeout duration         grpc timeout, valid formats: 10s, 1m30s, 1h (default 10s)
      --tls-ca string            tls certificate authority
      --tls-cert string          tls certificate
      --tls-key string           tls key
      --tls-max-version string   maximum TLS supported version, one of ["1.3" "1.2" "1.1" "1.0" "1"]
      --tls-min-version string   minimum TLS supported version, one of ["1.3" "1.2" "1.1" "1.0" "1"]
      --tls-version string       set TLS version. Overwrites --tls-min-version and --tls-max-version, one of ["1.3" "1.2" "1.1" "1.0" "1"]
      --token string             token value, used for gRPC token based authentication
      --use-tunnel-server        use tunnel server to dial targets
  -u, --username string          username

Use "gnmic [command] --help" for more information about a command.
[root@ba546b0cf68b /]# cat /etc/os-release 
NAME="CentOS Stream"
VERSION="9"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="9"
PLATFORM_ID="platform:el9"
PRETTY_NAME="CentOS Stream 9"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:centos:centos:9"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"
[root@ba546b0cf68b /]# 

I tried on rhel9 as well, same result.
Is there something specific about your host?

[dlonghi]

Tried again with a brand new VM running on hyper-v. No success.
I have been running inside a container and it works fine.

Downloading https://github.com/karimra/gnmic/releases/download/v0.25.0-rc1/gnmic_0.25.0-rc1_linux_x86_64.tar.gz
Preparing to install gnmic 0.25.0-rc1 into /usr/local/bin
gnmic installed into /usr/local/bin/gnmic
environment: line 219:  1647 Segmentation fault      (core dumped) $BIN_INSTALL_DIR/$BINARY_NAME version


[root@devbox-rhel:~]# /usr/local/bin/gnmic
Segmentation fault (core dumped)


[root@devbox-rhel:~]# hostnamectl
 Static hostname: devbox-rhel
       Icon name: computer-vm
         Chassis: vm
      Machine ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
         Boot ID: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
  Virtualization: microsoft
Operating System: Red Hat Enterprise Linux 9.0 (Plow)
     CPE OS Name: cpe:/o:redhat:enterprise_linux:9::baseos
          Kernel: Linux 5.14.0-70.13.1.el9_0.x86_64
    Architecture: x86-64
 Hardware Vendor: Microsoft Corporation
  Hardware Model: Virtual Machine```

[Hobbydos]

I had the same issue @dlonghi, for my case it was selinux:

SELinux is preventing /usr/local/bin/gnmic from execmod access on the file /usr/local/bin/gnmic. For complete SELinux messages run: sealert -l 7ccb13a0-9f5e-499f-8324-711cfe0fb0d6

After disabling selinux, it was fine.

[Hobbydos]

If you don't want to outright disable SELinux, you could try the following:

➜  ~ sudo setsebool -P selinuxuser_execmod 1
➜  ~ getenforce                             
Enforcing
➜  ~ gnmic versionversion : 0.25.1
 commit : 188b023
   date : 2022-06-14T02:22:58Z
 gitURL : https://github.com/karimra/gnmic
   docs : https://gnmic.kmrd.dev

centos9stream:

cat /etc/*release*  
CentOS Stream release 9
NAME="CentOS Stream"
VERSION="9"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="9"
PLATFORM_ID="platform:el9"
PRETTY_NAME="CentOS Stream 9"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:centos:centos:9"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"
CentOS Stream release 9
CentOS Stream release 9
cpe:/o:centos:centos:9

[karimra]

Dug a bit more in selinux direction, this happens because the binary needs to be unpacked, written to disk before being executed. AFAIU, selinux prevents gnmic from making the mapped file executable (execmod 0).

A few possible workarounds:

1 - Unpack the binary using upx: download upx and run upx -d ./gnmic
2 - Allow execmod (@Hobbydos solution above)
3 - Allow gnmic to make a file mapping executable using these commands:

sudo semanage fcontext -a -t textrel_shlib_t $(which gnmic)
sudo restorecon $(which gnmic)

In the next release there will be non compressed binaries you can use without modifying selinux.

[karimra]

@dlonghi v0.26.0 should work properly now

[dlonghi]

Thank you guys.

Moving my devbox to "Rocky Linux 9" as soon it is released.