677583 – *** buffer overflow detected ***: corosync-fplay terminated

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 677583 - *** buffer overflow detected ***: corosync-fplay terminated

Summary: *** buffer overflow detected ***: corosync-fplay terminated

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	corosync
Sub Component:
Version:	6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Jan Friesse
QA Contact:	Cluster QE
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	685154 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-02-15 09:58 UTC by Jaroslav Kortus
Modified:	2013-02-01 12:48 UTC (History)
CC List:	5 users (show)
Fixed In Version:	corosync-1.4.0-1.el6
Doc Type:	Bug Fix
Doc Text:	Cause Sometimes when running corosync-blackbox. Consequence The command produces backtrace early in the output and is terminated. Fix - prevent corosync to create incorrect fdata (of course if not something really bad happen) - prevent corosync-fplay to play objectively bad data files. Result corosync-blackbox is no longer terminated.
Clone Of:
Environment:
Last Closed:	2011-12-06 11:50:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
corefile (215.74 KB, application/x-bzip2) 2011-02-15 10:00 UTC, Jaroslav Kortus	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:1515	0	normal	SHIPPED_LIVE	corosync bug fix and enhancement update	2011-12-06 00:38:47 UTC

Description Jaroslav Kortus 2011-02-15 09:58:50 UTC

Description of problem:
When running corosync-blackbox the command produces backtrace early in the output and is terminated.

Version-Release number of selected component (if applicable):
corosync-1.2.3-21.el6.x86_64

How reproducible:
70%

Steps to Reproduce:
1. run heavy traffic among nodes (I ran cpgbench from 2 of 3 nodes)
2. run corosync-blackbox | tail -n200
3.
  
Actual results:
Most of the time the core file is generated

Expected results:
No buffer overflow, no cores

Additional info:
[root@mrg-04 ~]# corosync-blackbox  | tail -n 200
*** buffer overflow detected ***: corosync-fplay terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x3414afb2c7]
/lib64/libc.so.6[0x3414af91c0]
corosync-fplay[0x400ed3]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x3414a1ec5d]
corosync-fplay[0x400869]
======= Memory map: ========
00400000-00402000 r-xp 00000000 fd:00 797771                             /usr/sbin/corosync-fplay
00602000-00603000 rw-p 00002000 fd:00 797771                             /usr/sbin/corosync-fplay
00603000-0060d000 rw-p 00000000 00:00 0 
0089b000-008bc000 rw-p 00000000 00:00 0                                  [heap]
3414200000-341421e000 r-xp 00000000 fd:00 2359667                        /lib64/ld-2.12.so
341441e000-341441f000 r--p 0001e000 fd:00 2359667                        /lib64/ld-2.12.so
341441f000-3414420000 rw-p 0001f000 fd:00 2359667                        /lib64/ld-2.12.so
3414420000-3414421000 rw-p 00000000 00:00 0 
3414600000-3414602000 r-xp 00000000 fd:00 2359669                        /lib64/libdl-2.12.so
3414602000-3414802000 ---p 00002000 fd:00 2359669                        /lib64/libdl-2.12.so
3414802000-3414803000 r--p 00002000 fd:00 2359669                        /lib64/libdl-2.12.so
3414803000-3414804000 rw-p 00003000 fd:00 2359669                        /lib64/libdl-2.12.so
3414a00000-3414b75000 r-xp 00000000 fd:00 2359668                        /lib64/libc-2.12.so
3414b75000-3414d75000 ---p 00175000 fd:00 2359668                        /lib64/libc-2.12.so
3414d75000-3414d79000 r--p 00175000 fd:00 2359668                        /lib64/libc-2.12.so
3414d79000-3414d7a000 rw-p 00179000 fd:00 2359668                        /lib64/libc-2.12.so
3414d7a000-3414d7f000 rw-p 00000000 00:00 0 
3414e00000-3414e17000 r-xp 00000000 fd:00 2359680                        /lib64/libpthread-2.12.so
3414e17000-3415017000 ---p 00017000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415017000-3415018000 r--p 00017000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415018000-3415019000 rw-p 00018000 fd:00 2359680                        /lib64/libpthread-2.12.so
3415019000-341501d000 rw-p 00000000 00:00 0 
3415a00000-3415a07000 r-xp 00000000 fd:00 2359684                        /lib64/librt-2.12.so
3415a07000-3415c06000 ---p 00007000 fd:00 2359684                        /lib64/librt-2.12.so
3415c06000-3415c07000 r--p 00006000 fd:00 2359684                        /lib64/librt-2.12.so
3415c07000-3415c08000 rw-p 00007000 fd:00 2359684                        /lib64/librt-2.12.so
3418e00000-3418e16000 r-xp 00000000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
3418e16000-3419015000 ---p 00016000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
3419015000-3419016000 rw-p 00015000 fd:00 2359693                        /lib64/libgcc_s-4.4.4-20100726.so.1
7f3af3804000-7f3af3bdd000 rw-p 00000000 00:00 0 
7f3af3be4000-7f3af3be6000 rw-p 00000000 00:00 0 
7fff52a08000-7fff52a1d000 rw-p 00000000 00:00 0                          [stack]
7fff52b57000-7fff52b58000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
/usr/bin/corosync-blackbox: line 34: 28652 Aborted                 (core dumped) corosync-fplay
rec=[52928739] Log Message=Delivering ff8f0a to ff8f1a
rec=[52928740] Log Message=Delivering MCAST message with seq ff8f0b to pending delivery queue
rec=[52928741] Log Message=Delivering MCAST message with seq ff8f0c to pending delivery queue
rec=[52928742] Log Message=Delivering MCAST message with seq ff8f0d to pending delivery queue
rec=[52928743] Log Message=Delivering MCAST message with seq ff8f0e to pending delivery queue
rec=[52928744] Log Message=Delivering MCAST message with seq ff8f0f to pending delivery queue
rec=[52928745] Log Message=Delivering MCAST message with seq ff8f10 to pending delivery queue
[...]

Comment 1 Jaroslav Kortus 2011-02-15 10:00:11 UTC

Created attachment 478832 [details]
corefile

Comment 4 Jan Friesse 2011-02-23 12:46:46 UTC

Series of patches which fixes bug are in upstream as a

88515e3d20d9b34cc7a15e8da717aeb0a9965900
c5e823732504e0c6e9e0eb66870bcacafde080c9
7b0517f5e97af89ecb0a1c3145ad1db2a35475f5
d3e9382d57e02724b44ea5f5736f42deb6c65a82
12163b62d2d84ec438f35f5b942d3e8525585755

Comment 7 Steven Dake 2011-03-15 16:57:21 UTC

*** Bug 685154 has been marked as a duplicate of this bug. ***

Comment 12 Jan Friesse 2011-10-31 08:02:37 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
Sometimes when running corosync-blackbox.

Consequence
The command produces backtrace early in the
output and is terminated.

Fix
- prevent corosync to create incorrect fdata (of course if not something really bad happen)
- prevent corosync-fplay to play objectively bad data files.

Result
corosync-blackbox is no longer terminated.

Comment 13 errata-xmlrpc 2011-12-06 11:50:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1515.html

Note You need to log in before you can comment on or make changes to this bug.