Bug 677583

Summary: *** buffer overflow detected ***: corosync-fplay terminated
Product: Red Hat Enterprise Linux 6 Reporter: Jaroslav Kortus <jkortus>
Component: corosyncAssignee: Jan Friesse <jfriesse>
Status: CLOSED ERRATA QA Contact: Cluster QE <mspqa-list>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: cluster-maint, djansa, dkutalek, maruthi.inukonda, sdake
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: corosync-1.4.0-1.el6 Doc Type: Bug Fix
Doc Text:
Cause Sometimes when running corosync-blackbox. Consequence The command produces backtrace early in the output and is terminated. Fix - prevent corosync to create incorrect fdata (of course if not something really bad happen) - prevent corosync-fplay to play objectively bad data files. Result corosync-blackbox is no longer terminated.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 11:50:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
corefile none

Description Jaroslav Kortus 2011-02-15 09:58:50 UTC 
Description of problem:
When running corosync-blackbox the command produces backtrace early in the output and is terminated.

Version-Release number of selected component (if applicable):
corosync-1.2.3-21.el6.x86_64

How reproducible:
70%

Steps to Reproduce:
1. run heavy traffic among nodes (I ran cpgbench from 2 of 3 nodes)
2. run corosync-blackbox | tail -n200
3.
  
Actual results:
Most of the time the core file is generated

Expected results:
No buffer overflow, no cores

Additional info:
[root@mrg-04 ~]# corosync-blackbox  | tail -n 200
*** buffer overflow detected ***: corosync-fplay terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x3414afb2c7]
/lib64/libc.so.6[0x3414af91c0]
corosync-fplay[0x400ed3]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x3414a1ec5d]
corosync-fplay[0x400869]
======= Memory map: ========
00400000-00402000 r-xp 00000000 fd:00 797771                             /usr/sbin/corosync-fplay
00602000-00603000 rw-p 00002000 fd:00 797771                             /usr/sbin/corosync-fplay
00603000-0060d000 rw-p 00000000 00:00 0 
0089b000-008bc000 rw-p 00000000 00:00 0                                  [heap]
3414200000-341421e000 r-xp 00000000 fd:00 2359667                        /lib64/ld-2.12.so
341441e000-341441f000 r--p 0001e000 fd:00 2359667                        /lib64/ld-2.12.so
341441f000-3414420000 rw-p 0001f000 fd:00 2359667                        /lib64/ld-2.12.so
3414420000-3414421000 rw-p 00000000 00:00 0 
3414600000-3414602000 r-xp 00000000 fd:00 2359669                        /lib64/libdl-2.12.so
3414602000-3414802000 ---p 00002000 fd:00 2359669                        /lib64/libdl-2.12.so
3414802000-3414803000 r--p 00002000 fd:00 2359669                        /lib64/libdl-2.12.so
3414803000-3414804000 rw-p 00003000 fd:00 2359669                        /lib64/libdl-2.12.so
3414a00000-3414b75000 r-xp 00000000 fd:00 2359668                        /lib64/libc-2.12.so
3414b75000-3414d75000 ---p 00175000 fd:00 2359668                        /lib64/libc-2.12.so
3414d75000-3414d79000 r--p 00175000 fd:00 2359668                        /lib64/libc-2.12.so
3414d79000-3414d7a000 rw-p 00179000 fd:00 2359668                        /lib64/libc-2.12.so
3414d7a000-3414d7f000 rw-p 00000000 00:00 0 
3414e00000-3414e17000 r-xp 00000000 fd:00 2359680                        /lib64/libpthread-2.12.so
3414e17000-3415017000 ---p 00017000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415017000-3415018000 r--p 00017000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415018000-3415019000 rw-p 00018000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415019000-341501d000 rw-p 00000000 00:00 0 
3415a00000-3415a07000 r-xp 00000000 fd:00 2359684                        /lib64/librt-2.12.so
3415a07000-3415c06000 ---p 00007000 fd:00 2359684                        /lib64/librt-2.12.so
3415c06000-3415c07000 r--p 00006000 fd:00 2359684                        /lib64/librt-2.12.so
3415c07000-3415c08000 rw-p 00007000 fd:00 2359684                        /lib64/librt-2.12.so
3418e00000-3418e16000 r-xp 00000000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
3418e16000-3419015000 ---p 00016000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
3419015000-3419016000 rw-p 00015000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
7f3af3804000-7f3af3bdd000 rw-p 00000000 00:00 0 
7f3af3be4000-7f3af3be6000 rw-p 00000000 00:00 0 
7fff52a08000-7fff52a1d000 rw-p 00000000 00:00 0                          [stack]
7fff52b57000-7fff52b58000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
/usr/bin/corosync-blackbox: line 34: 28652 Aborted                 (core dumped) corosync-fplay
rec=[52928739] Log Message=Delivering ff8f0a to ff8f1a
rec=[52928740] Log Message=Delivering MCAST message with seq ff8f0b to pending delivery queue
rec=[52928741] Log Message=Delivering MCAST message with seq ff8f0c to pending delivery queue
rec=[52928742] Log Message=Delivering MCAST message with seq ff8f0d to pending delivery queue
rec=[52928743] Log Message=Delivering MCAST message with seq ff8f0e to pending delivery queue
rec=[52928744] Log Message=Delivering MCAST message with seq ff8f0f to pending delivery queue
rec=[52928745] Log Message=Delivering MCAST message with seq ff8f10 to pending delivery queue
[...]
Comment 1 Jaroslav Kortus 2011-02-15 10:00:11 UTC 
Created attachment 478832 [details]
corefile
Comment 4 Jan Friesse 2011-02-23 12:46:46 UTC 
Series of patches which fixes bug are in upstream as a

88515e3d20d9b34cc7a15e8da717aeb0a9965900
c5e823732504e0c6e9e0eb66870bcacafde080c9
7b0517f5e97af89ecb0a1c3145ad1db2a35475f5
d3e9382d57e02724b44ea5f5736f42deb6c65a82
12163b62d2d84ec438f35f5b942d3e8525585755
Comment 7 Steven Dake 2011-03-15 16:57:21 UTC 
*** Bug 685154 has been marked as a duplicate of this bug. ***
Comment 12 Jan Friesse 2011-10-31 08:02:37 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
Sometimes when running corosync-blackbox.

Consequence
The command produces backtrace early in the
output and is terminated.

Fix
- prevent corosync to create incorrect fdata (of course if not something really bad happen)
- prevent corosync-fplay to play objectively bad data files.

Result
corosync-blackbox is no longer terminated.
Comment 13 errata-xmlrpc 2011-12-06 11:50:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1515.html