boinc crashes with "*** buffer overflow detected ***" on startup

Bug #782496 reported by Swen Kühnlein
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
BOINC
Fix Released
Unknown
boinc (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: boinc

Boinc crashes a few seconds after starting with the following last lines on stdout:

14-May-2011 03:51:32 [---] General prefs: from http://bam.boincstats.com/ (last modified 21-Jul-2010 11:34:01)
14-May-2011 03:51:32 [---] Host location: none
14-May-2011 03:51:32 [---] General prefs: using your defaults
14-May-2011 03:51:32 [---] Reading preferences override file
14-May-2011 03:51:32 [---] Preferences:
14-May-2011 03:51:32 [---] max memory usage when active: 2400.50MB
14-May-2011 03:51:32 [---] max memory usage when idle: 7201.50MB

See attached file for stderr.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: boinc-client 6.10.59+dfsg-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-9.43-generic 2.6.38.4
Uname: Linux 2.6.38-9-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Sat May 14 04:11:49 2011
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Beta amd64 (20110413)
ProcEnviron:
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: boinc
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Swen Kühnlein (swen) wrote :
Revision history for this message
Steffen Möller (moeller-debian) wrote : Re: [Bug 782496] [NEW] boinc crashes with "*** buffer overflow detected ***" on startup

Hi Swen,

have many thanks for your report!

On 05/14/2011 04:21 AM, Swen Kühnlein wrote:
> Public bug reported:
>
> Binary package hint: boinc
>
> Boinc crashes a few seconds after starting with the following last lines
> on stdout:

> ProblemType: Bug
> DistroRelease: Ubuntu 11.04
> Package: boinc-client 6.10.59+dfsg-0ubuntu1

Can you please try the 6.12.x series from Daniel's repository and try with that again?

Upstream will certainly also address something for 6.10.59, which is the current
stable version, but ... it would need to be reproducible. Is it?

Also, I need to say that the debug information I found not so very usable.
Did you also have boinc-dbg installed? This would help.

Many greetings

Steffen

Revision history for this message
Swen Kühnlein (swen) wrote :
Download full text (9.6 KiB)

Hi,

boinc always crashes when it starts; I can provide my /var/lib/boinc-client dir if this is needed to reproduce.

I've installed boinc-dbg now and ran boinc in gdb. Looking at the stack backtrace the problem seems to be related to long paths inside the .wine directory (didn't even know boinc uses wine):

(gdb) bt
#0 0x00007ffff6465d05 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007ffff6469ab6 in abort () at abort.c:92
#2 0x00007ffff649ed7b in __libc_message (do_abort=2, fmt=0x7ffff6585b23 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3 0x00007ffff65301d7 in __fortify_fail (msg=0x7ffff6585aba "buffer overflow detected") at fortify_fail.c:32
#4 0x00007ffff652f0f0 in __chk_fail () at chk_fail.c:29
#5 0x00007ffff652e569 in _IO_str_chk_overflow (fp=0x6f7a, c=28538) at vsprintf_chk.c:35
#6 0x00007ffff64a6b98 in _IO_default_xsputn (f=0x7fffffff9d50, data=<value optimized out>, n=8) at genops.c:485
#7 0x00007ffff647931d in _IO_vfprintf_internal (s=<value optimized out>, format=<value optimized out>, ap=<value optimized out>) at vfprintf.c:1620
#8 0x00007ffff652e604 in ___vsprintf_chk (
    s=0x7fffffff9f60 "./.wine/dosdevices/z:/sys/devices/platform/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsyst"..., flags=1, slen=256, format=0x472171 "%s/%s", args=0x7fffffff9e70) at vsprintf_chk.c:86
#9 0x00007ffff652e54a in ___sprintf_chk (s=<value optimized out>, flags=<value optimized out>, slen=<value optimized out>, format=<value optimized out>)
    at sprintf_chk.c:33
#10 0x0000000000462503 in sprintf (
    dirpath=0x7fffffffa1b0 "./.wine/dosdevices/z:/sys/devices/platform/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsyst"..., size=@0x7fffffffa1a8, recurse=true) at /usr/include/bits/stdio2.h:35
#11 dir_size (
    dirpath=0x7fffffffa1b0 "./.wine/dosdevices/z:/sys/devices/platform/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsyst"..., size=@0x7fffffffa1a8, recurse=true) at filesys.cpp:385
#12 0x000000000046252a in dir_size (
    dirpath=0x7fffffffa400 "./.wine/dosdevices/z:/sys/devices/platform/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsyst"..., size=@0x7fffffffa3f8, recurse=true) at filesys.cpp:389
#13 0x000000000046252a in dir_size (
    dirpath=0x7fffffffa650 "./.wine/dosdevices/z:/sys/devices/platform/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsyst"..., size=@0x7fffffffa648, recurse=true) at filesys.cpp:389
#14 0x000000000046252a in dir_size (
    dirpath=0x7fffffffa8a0 "./.wine/dosdevices/z:/sys/devices/platform/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/device...

Read more...

Revision history for this message
Swen Kühnlein (swen) wrote :
Download full text (14.4 KiB)

Hi again,

the problem also affects 6.12.18:

boinc@cassiopeia:~$ boinc --dir /var/lib/boinc-client
14-May-2011 14:52:35 [---] Starting BOINC client version 6.12.18 for x86_64-pc-linux-gnu
14-May-2011 14:52:35 [---] Config: GUI RPC allowed from:
14-May-2011 14:52:35 [---] log flags: file_xfer, sched_ops, task
14-May-2011 14:52:35 [---] Libraries: libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
14-May-2011 14:52:35 [---] Data directory: /var/lib/boinc-client
14-May-2011 14:52:35 [---] Processor: 4 AuthenticAMD AMD Phenom(tm) II X4 840 Processor [Family 16 Model 5 Stepping 3]
14-May-2011 14:52:35 [---] Processor: 512.00 KB cache
14-May-2011 14:52:35 [---] Processor features: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm 3dnowext 3dnow constant_tsc rep_good nopl nonstop_tsc extd_apicid pni monitor cx16 popcnt lahf_lm cm
14-May-2011 14:52:35 [---] OS: Linux: 2.6.38-9-generic
14-May-2011 14:52:35 [---] Memory: 7.81 GB physical, 0 bytes virtual
14-May-2011 14:52:35 [---] Disk: 220.11 GB total, 84.12 GB free
14-May-2011 14:52:35 [---] Local time is UTC +2 hours
14-May-2011 14:52:35 [---] VirtualBox version: 4.0.6r71344
14-May-2011 14:52:35 [---] No usable GPUs found
14-May-2011 14:52:35 [ABC@home] URL http://abcathome.com/; Computer ID 165782; resource share 100
14-May-2011 14:52:35 [AQUA@home] URL http://aqua.dwavesys.com/; Computer ID 111054; resource share 20
14-May-2011 14:52:35 [Docking] URL http://docking.cis.udel.edu/; Computer ID 90961; resource share 100
14-May-2011 14:52:35 [NFS@Home] URL http://escatter11.fullerton.edu/nfs/; Computer ID 16801; resource share 100
14-May-2011 14:52:35 [chess960@home alpha] URL http://www.chess960athome.org/alpha/; Computer ID 66612; resource share 20
14-May-2011 14:52:35 [climateprediction.net] URL http://climateprediction.net/; Computer ID 1144873; resource share 100
14-May-2011 14:52:35 [RNA World] URL http://www.rnaworld.de/rnaworld/; Computer ID 11066; resource share 100
14-May-2011 14:52:35 [FreeHAL@home] URL http://www.freehal.net/freehal_at_home/; Computer ID 51488; resource share 25
14-May-2011 14:52:35 [Quake-Catcher Network] URL http://qcn.stanford.edu/sensor/; Computer ID 14604; resource share 100
14-May-2011 14:52:35 [superlinkattechnion] URL http://cbl-boinc-server2.cs.technion.ac.il/superlinkattechnion/; Computer ID 96426; resource share 100
14-May-2011 14:52:35 [Goldbach's Conjecture Project] URL http://goldbach.pl/; Computer ID 4888; resource share 100
14-May-2011 14:52:35 [SZTAKI Desktop Grid] URL http://szdg.lpds.sztaki.hu/szdg/; Computer ID 330601; resource share 100
14-May-2011 14:52:35 [http://isaac.ssl.berkeley.edu/alpha/] URL http://isaac.ssl.berkeley.edu/alpha/; Computer ID not assigned yet; resource share 100
14-May-2011 14:52:35 [QMC@HOME] URL http://qah.uni-muenster.de/; Computer ID 189208; resource share 200
14-May-2011 14:52:35 [boincsimap] URL http://boincsimap.org/boincsimap/; Computer ID 195182; resource share 200
14-May-2011 14:52:35 [Collatz Conjecture] URL http://boinc.thesonntags.com/collatz/; Computer ID 62975; resource share 200
14-May-2011 14:52:35 [orbit@home] UR...

Revision history for this message
Swen Kühnlein (swen) wrote :

http://boinc.berkeley.edu/trac/ticket/1108 is probably the same bug, but I can't add information to their trac ticket.

Changed in boinc:
status: Unknown → New
Revision history for this message
Steffen Möller (moeller-debian) wrote : Re: [Bug 782496] Re: boinc crashes with "*** buffer overflow detected ***" on startup
Download full text (10.4 KiB)

Hi Swen, have many thanks for rerunning with symbols.

@David: It's two bugs, confirmed on both 6.12.18 and
6.12.59 with Ubuntu.

It is apparently caused by a circular path below /sys
leading to an exceeded length of some internal path
representation. The first bug is that the recursion was
not noted (ten years ago I contributed that for WINE by
collecting the inodes that have been visited, there may
be better ideas now).

The second bug is that BOINC should just spot the long
path before there memory issue happens.

Best regards,

Steffen

On 05/14/2011 02:34 PM, Swen Kühnlein wrote:
> Hi,
>
> boinc always crashes when it starts; I can provide my /var/lib/boinc-
> client dir if this is needed to reproduce.
>
> I've installed boinc-dbg now and ran boinc in gdb. Looking at the stack
> backtrace the problem seems to be related to long paths inside the .wine
> directory (didn't even know boinc uses wine):
>
> (gdb) bt
> #0 0x00007ffff6465d05 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> #1 0x00007ffff6469ab6 in abort () at abort.c:92
> #2 0x00007ffff649ed7b in __libc_message (do_abort=2, fmt=0x7ffff6585b23 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
> #3 0x00007ffff65301d7 in __fortify_fail (msg=0x7ffff6585aba "buffer overflow detected") at fortify_fail.c:32
> #4 0x00007ffff652f0f0 in __chk_fail () at chk_fail.c:29
> #5 0x00007ffff652e569 in _IO_str_chk_overflow (fp=0x6f7a, c=28538) at vsprintf_chk.c:35
> #6 0x00007ffff64a6b98 in _IO_default_xsputn (f=0x7fffffff9d50, data=<value optimized out>, n=8) at genops.c:485
> #7 0x00007ffff647931d in _IO_vfprintf_internal (s=<value optimized out>, format=<value optimized out>, ap=<value optimized out>) at vfprintf.c:1620
> #8 0x00007ffff652e604 in ___vsprintf_chk (
> s=0x7fffffff9f60 "./.wine/dosdevices/z:/sys/devices/platform/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsyst"..., flags=1, slen=256, format=0x472171 "%s/%s", args=0x7fffffff9e70) at vsprintf_chk.c:86
> #9 0x00007ffff652e54a in ___sprintf_chk (s=<value optimized out>, flags=<value optimized out>, slen=<value optimized out>, format=<value optimized out>)
> at sprintf_chk.c:33
> #10 0x0000000000462503 in sprintf (
> dirpath=0x7fffffffa1b0 "./.wine/dosdevices/z:/sys/devices/platform/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsyst"..., size=@0x7fffffffa1a8, recurse=true) at /usr/include/bits/stdio2.h:35
> #11 dir_size (
> dirpath=0x7fffffffa1b0 "./.wine/dosdevices/z:/sys/devices/platform/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsyst"..., size=@0x7fffffffa1a8, recurse=true) at filesys.cpp:385
> #12 0x000000000046252a in dir_size (
> dirpath=0x7fffffffa400 "./.wine/dosdevices/z:/sys/devices/platform/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/devices/reg-dummy/subsystem/device...

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

this bug seems to be fixed here.

http://boinc.berkeley.edu/trac/changeset/23529

the new version is going to be pushed to public release really soon,
in the meantime if you want to see it you can download it here.

http://boinc.berkeley.edu/dl/?C=M;O=D

Changed in boinc (Ubuntu):
status: New → Fix Released
Changed in boinc:
status: New → Fix Released
Revision history for this message
Steffen Möller (moeller-debian) wrote :

On 05/15/2011 09:41 AM, LocutusOfBorg wrote:
> this bug seems to be fixed here.
>
> http://boinc.berkeley.edu/trac/changeset/23529
>
Confirmed. I'll upload a new version as soon as
I see it announced on the download site.

Steffen

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

The new version has been announced and released yesterday.

Revision history for this message
mlx (myxal-mxl) wrote :

Any idea where I can get a fixed version for Maverick (10.10)? Currently running 6.10.58+dfsg3

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

The new version has been removed from the download site because of a showstopper bug found some days ago.

@mlx if you really want to install it you can install from debian UNSTABLE [1] or manually from the boinc ALPHA download site: [2]

[1] http://packages.debian.org/search?keywords=boinc&searchon=names&suite=all&section=all
[2] http://boinc.berkeley.edu/dl/?C=M;O=D

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.