Bug 677583 – *** buffer overflow detected ***: corosync-fplay terminated

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 677583 - *** buffer overflow detected ***: corosync-fplay terminated

Summary:	* buffer overflow detected *: corosync-fplay terminated

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	corosync (Show other bugs)
Sub Component:
Version:	6.0
Hardware:	Unspecified Unspecified

Priority	low Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	Jan Friesse
QA Contact:	Cluster QE
Docs Contact:

URL:
Whiteboard:
Keywords:

Duplicates:	685154 (view as bug list)
Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2011-02-15 04:58 EST by Jaroslav Kortus
Modified:	2013-02-01 07:48 EST (History)
CC List:	5 users (show)

See Also:
Fixed In Version:	corosync-1.4.0-1.el6
Doc Type:	Bug Fix
Doc Text:	Cause Sometimes when running corosync-blackbox. Consequence The command produces backtrace early in the output and is terminated. Fix - prevent corosync to create incorrect fdata (of course if not something really bad happen) - prevent corosync-fplay to play objectively bad data files. Result corosync-blackbox is no longer terminated.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-12-06 06:50:08 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
corefile (215.74 KB, application/x-bzip2) 2011-02-15 05:00 EST, Jaroslav Kortus	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:1515	normal	SHIPPED_LIVE	corosync bug fix and enhancement update	2011-12-05 19:38:47 EST

Groups: None (edit)

Description Jaroslav Kortus 2011-02-15 04:58:50 EST

Description of problem:
When running corosync-blackbox the command produces backtrace early in the output and is terminated.

Version-Release number of selected component (if applicable):
corosync-1.2.3-21.el6.x86_64

How reproducible:
70%

Steps to Reproduce:
1. run heavy traffic among nodes (I ran cpgbench from 2 of 3 nodes)
2. run corosync-blackbox | tail -n200
3.
  
Actual results:
Most of the time the core file is generated

Expected results:
No buffer overflow, no cores

Additional info:
[root@mrg-04 ~]# corosync-blackbox  | tail -n 200
*** buffer overflow detected ***: corosync-fplay terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x3414afb2c7]
/lib64/libc.so.6[0x3414af91c0]
corosync-fplay[0x400ed3]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x3414a1ec5d]
corosync-fplay[0x400869]
======= Memory map: ========
00400000-00402000 r-xp 00000000 fd:00 797771                             /usr/sbin/corosync-fplay
00602000-00603000 rw-p 00002000 fd:00 797771                             /usr/sbin/corosync-fplay
00603000-0060d000 rw-p 00000000 00:00 0 
0089b000-008bc000 rw-p 00000000 00:00 0                                  [heap]
3414200000-341421e000 r-xp 00000000 fd:00 2359667                        /lib64/ld-2.12.so
341441e000-341441f000 r--p 0001e000 fd:00 2359667                        /lib64/ld-2.12.so
341441f000-3414420000 rw-p 0001f000 fd:00 2359667                        /lib64/ld-2.12.so
3414420000-3414421000 rw-p 00000000 00:00 0 
3414600000-3414602000 r-xp 00000000 fd:00 2359669                        /lib64/libdl-2.12.so
3414602000-3414802000 ---p 00002000 fd:00 2359669                        /lib64/libdl-2.12.so
3414802000-3414803000 r--p 00002000 fd:00 2359669                        /lib64/libdl-2.12.so
3414803000-3414804000 rw-p 00003000 fd:00 2359669                        /lib64/libdl-2.12.so
3414a00000-3414b75000 r-xp 00000000 fd:00 2359668                        /lib64/libc-2.12.so
3414b75000-3414d75000 ---p 00175000 fd:00 2359668                        /lib64/libc-2.12.so
3414d75000-3414d79000 r--p 00175000 fd:00 2359668                        /lib64/libc-2.12.so
3414d79000-3414d7a000 rw-p 00179000 fd:00 2359668                        /lib64/libc-2.12.so
3414d7a000-3414d7f000 rw-p 00000000 00:00 0 
3414e00000-3414e17000 r-xp 00000000 fd:00 2359680                        /lib64/libpthread-2.12.so
3414e17000-3415017000 ---p 00017000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415017000-3415018000 r--p 00017000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415018000-3415019000 rw-p 00018000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415019000-341501d000 rw-p 00000000 00:00 0 
3415a00000-3415a07000 r-xp 00000000 fd:00 2359684                        /lib64/librt-2.12.so
3415a07000-3415c06000 ---p 00007000 fd:00 2359684                        /lib64/librt-2.12.so
3415c06000-3415c07000 r--p 00006000 fd:00 2359684                        /lib64/librt-2.12.so
3415c07000-3415c08000 rw-p 00007000 fd:00 2359684                        /lib64/librt-2.12.so
3418e00000-3418e16000 r-xp 00000000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
3418e16000-3419015000 ---p 00016000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
3419015000-3419016000 rw-p 00015000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
7f3af3804000-7f3af3bdd000 rw-p 00000000 00:00 0 
7f3af3be4000-7f3af3be6000 rw-p 00000000 00:00 0 
7fff52a08000-7fff52a1d000 rw-p 00000000 00:00 0                          [stack]
7fff52b57000-7fff52b58000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
/usr/bin/corosync-blackbox: line 34: 28652 Aborted                 (core dumped) corosync-fplay
rec=[52928739] Log Message=Delivering ff8f0a to ff8f1a
rec=[52928740] Log Message=Delivering MCAST message with seq ff8f0b to pending delivery queue
rec=[52928741] Log Message=Delivering MCAST message with seq ff8f0c to pending delivery queue
rec=[52928742] Log Message=Delivering MCAST message with seq ff8f0d to pending delivery queue
rec=[52928743] Log Message=Delivering MCAST message with seq ff8f0e to pending delivery queue
rec=[52928744] Log Message=Delivering MCAST message with seq ff8f0f to pending delivery queue
rec=[52928745] Log Message=Delivering MCAST message with seq ff8f10 to pending delivery queue
[...]

Comment 1 Jaroslav Kortus 2011-02-15 05:00:11 EST

Created attachment 478832 [details]
corefile

Comment 4 Jan Friesse 2011-02-23 07:46:46 EST

Series of patches which fixes bug are in upstream as a

88515e3d20d9b34cc7a15e8da717aeb0a9965900
c5e823732504e0c6e9e0eb66870bcacafde080c9
7b0517f5e97af89ecb0a1c3145ad1db2a35475f5
d3e9382d57e02724b44ea5f5736f42deb6c65a82
12163b62d2d84ec438f35f5b942d3e8525585755

Comment 7 Steven Dake 2011-03-15 12:57:21 EDT

*** Bug 685154 has been marked as a duplicate of this bug. ***

Comment 12 Jan Friesse 2011-10-31 04:02:37 EDT

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
Sometimes when running corosync-blackbox.

Consequence
The command produces backtrace early in the
output and is terminated.

Fix
- prevent corosync to create incorrect fdata (of course if not something really bad happen)
- prevent corosync-fplay to play objectively bad data files.

Result
corosync-blackbox is no longer terminated.

Comment 13 errata-xmlrpc 2011-12-06 06:50:08 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1515.html

Note You need to log in before you can comment on or make changes to this bug.