Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 677583

Summary: *** buffer overflow detected ***: corosync-fplay terminated
Product: Red Hat Enterprise Linux 6 Reporter: Jaroslav Kortus <jkortus>
Component: corosyncAssignee: Jan Friesse <jfriesse>
Status: CLOSED ERRATA QA Contact: Cluster QE <mspqa-list>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: cluster-maint, djansa, dkutalek, maruthi.inukonda, sdake
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: corosync-1.4.0-1.el6 Doc Type: Bug Fix
Doc Text:
Cause Sometimes when running corosync-blackbox. Consequence The command produces backtrace early in the output and is terminated. Fix - prevent corosync to create incorrect fdata (of course if not something really bad happen) - prevent corosync-fplay to play objectively bad data files. Result corosync-blackbox is no longer terminated.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 11:50:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
corefile none

Description Jaroslav Kortus 2011-02-15 09:58:50 UTC 
Description of problem:
When running corosync-blackbox the command produces backtrace early in the output and is terminated.

Version-Release number of selected component (if applicable):
corosync-1.2.3-21.el6.x86_64

How reproducible:
70%

Steps to Reproduce:
1. run heavy traffic among nodes (I ran cpgbench from 2 of 3 nodes)
2. run corosync-blackbox | tail -n200
3.
  
Actual results:
Most of the time the core file is generated

Expected results:
No buffer overflow, no cores

Additional info:
[root@mrg-04 ~]# corosync-blackbox  | tail -n 200
*** buffer overflow detected ***: corosync-fplay terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x3414afb2c7]
/lib64/libc.so.6[0x3414af91c0]
corosync-fplay[0x400ed3]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x3414a1ec5d]
corosync-fplay[0x400869]
======= Memory map: ========
00400000-00402000 r-xp 00000000 fd:00 797771                             /usr/sbin/corosync-fplay
00602000-00603000 rw-p 00002000 fd:00 797771                             /usr/sbin/corosync-fplay
00603000-0060d000 rw-p 00000000 00:00 0 
0089b000-008bc000 rw-p 00000000 00:00 0                                  [heap]
3414200000-341421e000 r-xp 00000000 fd:00 2359667                        /lib64/ld-2.12.so
341441e000-341441f000 r--p 0001e000 fd:00 2359667                        /lib64/ld-2.12.so
341441f000-3414420000 rw-p 0001f000 fd:00 2359667                        /lib64/ld-2.12.so
3414420000-3414421000 rw-p 00000000 00:00 0 
3414600000-3414602000 r-xp 00000000 fd:00 2359669                        /lib64/libdl-2.12.so
3414602000-3414802000 ---p 00002000 fd:00 2359669                        /lib64/libdl-2.12.so
3414802000-3414803000 r--p 00002000 fd:00 2359669                        /lib64/libdl-2.12.so
3414803000-3414804000 rw-p 00003000 fd:00 2359669                        /lib64/libdl-2.12.so
3414a00000-3414b75000 r-xp 00000000 fd:00 2359668                        /lib64/libc-2.12.so
3414b75000-3414d75000 ---p 00175000 fd:00 2359668                        /lib64/libc-2.12.so
3414d75000-3414d79000 r--p 00175000 fd:00 2359668                        /lib64/libc-2.12.so
3414d79000-3414d7a000 rw-p 00179000 fd:00 2359668                        /lib64/libc-2.12.so
3414d7a000-3414d7f000 rw-p 00000000 00:00 0 
3414e00000-3414e17000 r-xp 00000000 fd:00 2359680                        /lib64/libpthread-2.12.so
3414e17000-3415017000 ---p 00017000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415017000-3415018000 r--p 00017000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415018000-3415019000 rw-p 00018000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415019000-341501d000 rw-p 00000000 00:00 0 
3415a00000-3415a07000 r-xp 00000000 fd:00 2359684                        /lib64/librt-2.12.so
3415a07000-3415c06000 ---p 00007000 fd:00 2359684                        /lib64/librt-2.12.so
3415c06000-3415c07000 r--p 00006000 fd:00 2359684                        /lib64/librt-2.12.so
3415c07000-3415c08000 rw-p 00007000 fd:00 2359684                        /lib64/librt-2.12.so
3418e00000-3418e16000 r-xp 00000000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
3418e16000-3419015000 ---p 00016000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
3419015000-3419016000 rw-p 00015000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
7f3af3804000-7f3af3bdd000 rw-p 00000000 00:00 0 
7f3af3be4000-7f3af3be6000 rw-p 00000000 00:00 0 
7fff52a08000-7fff52a1d000 rw-p 00000000 00:00 0                          [stack]
7fff52b57000-7fff52b58000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
/usr/bin/corosync-blackbox: line 34: 28652 Aborted                 (core dumped) corosync-fplay
rec=[52928739] Log Message=Delivering ff8f0a to ff8f1a
rec=[52928740] Log Message=Delivering MCAST message with seq ff8f0b to pending delivery queue
rec=[52928741] Log Message=Delivering MCAST message with seq ff8f0c to pending delivery queue
rec=[52928742] Log Message=Delivering MCAST message with seq ff8f0d to pending delivery queue
rec=[52928743] Log Message=Delivering MCAST message with seq ff8f0e to pending delivery queue
rec=[52928744] Log Message=Delivering MCAST message with seq ff8f0f to pending delivery queue
rec=[52928745] Log Message=Delivering MCAST message with seq ff8f10 to pending delivery queue
[...]
Comment 1 Jaroslav Kortus 2011-02-15 10:00:11 UTC 
Created attachment 478832 [details]
corefile
Comment 4 Jan Friesse 2011-02-23 12:46:46 UTC 
Series of patches which fixes bug are in upstream as a

88515e3d20d9b34cc7a15e8da717aeb0a9965900
c5e823732504e0c6e9e0eb66870bcacafde080c9
7b0517f5e97af89ecb0a1c3145ad1db2a35475f5
d3e9382d57e02724b44ea5f5736f42deb6c65a82
12163b62d2d84ec438f35f5b942d3e8525585755
Comment 7 Steven Dake 2011-03-15 16:57:21 UTC 
*** Bug 685154 has been marked as a duplicate of this bug. ***
Comment 12 Jan Friesse 2011-10-31 08:02:37 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
Sometimes when running corosync-blackbox.

Consequence
The command produces backtrace early in the
output and is terminated.

Fix
- prevent corosync to create incorrect fdata (of course if not something really bad happen)
- prevent corosync-fplay to play objectively bad data files.

Result
corosync-blackbox is no longer terminated.
Comment 13 errata-xmlrpc 2011-12-06 11:50:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1515.html