Hello,
I was testing compatibility with some (old) tape drives, including a
Tandberg TDC 3600 QIC tape drive. Whith this drive (and only this
one), SD crashes under certain conditions with a core dump when I run
any command that requests the status from the SD (like "status all"
or "status storage"). It crashes when no cartridge is loaded in the
drive *and* "AutomaticMount = yes" is set in the bacula-sd.conf file.
When a cartridge is loaded when SD starts, or when I remove
"AutomaticMount = yes" from the config file, SD works fine. This
happens exactly in the same way and always reproducible with 1.38.3
(22Dec05), 1.38.2 (20Nov05) and 1.39.2 (13Dec05) so it seems to be a
generic problem. This is on a x86 Fedora Core 4 system.
If I try to trace the SD I see:
...
29657 clone(child_stack=0xb695f4c4,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLO
NE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|CLONE_DETACHED,
parent_tidptr=0xb695f
bf8, {entry_number:6, base_addr:0xb695fbb0, limit:1048575, seg_32bit:1,
contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}, child_tidptr=0xb695fbf8) =
29691
29657 select(4, [3], NULL, NULL, NULL <unfinished ...>
29691 gettimeofday({1136240988, 656149}, {4294967236, 0}) = 0
29691 read(6, "\0\0\0!", 4) = 4
29691 read(6, "Hello Director diddl-dir calling"..., 33) = 33
29691 time(NULL) = 1136240988
29691 rt_sigaction(SIGUSR2, {0x807aadc, ~[RTMIN RT_1], 0}, NULL, 8) = 0
29691 futex(0x80a9464, FUTEX_WAKE, 1 <unfinished ...>
29660 <... futex resumed> ) = 0
29691 <... futex resumed> ) = 1
29660 futex(0x80a9460, FUTEX_WAIT, 2, NULL <unfinished ...>
29691 futex(0x80a9460, FUTEX_WAKE, 1 <unfinished ...>
29660 <... futex resumed> ) = 0
29691 <... futex resumed> ) = 1
29660 futex(0x80a9460, FUTEX_WAKE, 1) = 0
29660 futex(0x80a9490, FUTEX_WAIT, 2, NULL <unfinished ...>
29691 futex(0x80a9490, FUTEX_WAKE, 1 <unfinished ...>
29660 <... futex resumed> ) = 0
29691 <... futex resumed> ) = 1
29660 futex(0x80a9490, FUTEX_WAKE, 1) = 0
29660 time(NULL) = 1136240988
29660 gettimeofday({1136240988, 656525}, {4294967236, 0}) = 0
29660 time(NULL) = 1136240988
29660 clock_gettime(CLOCK_REALTIME, {1136240988, 656577000}) = 0
29660 futex(0x80a9464, FUTEX_WAIT, 15, {22, 999948000} <unfinished ...>
29691 gettimeofday({1136240988, 656625}, {4294967236, 0}) = 0
29691 gettimeofday({1136240988, 656652}, {4294967236, 0}) = 0
29691 gettimeofday({1136240988, 656680}, {4294967236, 0}) = 0
29691 gettimeofday({1136240988, 656707}, {4294967236, 0}) = 0
29691 gettimeofday({1136240988, 656734}, {4294967236, 0}) = 0
29691 uname({sys="Linux", node="diddl.denx.de", ...}) = 0
29691 time(NULL) = 1136240988
29691 write(6, "\0\0\0005", 4) = 4
29691 write(6, "auth cram-md5 <1276548845.113624"..., 53) = 53
29691 select(7, [6], NULL, NULL, {180, 0}) = 1 (in [6], left {180, 0})
29691 read(6, "\0\0\0\27", 4) = 4
29691 read(6, "TkRLL34px++/g6/nLV/s5C\0", 23) = 23
29691 write(6, "\0\0\0\r", 4) = 4
29691 write(6, "1000 OK auth\n", 13) = 13
29691 read(6, "\0\0\0006", 4) = 4
29691 read(6, "auth cram-md5 <1009096081.113624"..., 54) = 54
29691 write(6, "\0\0\0\27", 4) = 4
29691 write(6, "72FbnzlCzTgHE0ADdg5RoA\0", 23) = 23
29691 select(7, [6], NULL, NULL, {180, 0}
<crash here>
*** buffer overflow detected ***: strace terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xa73c45]
/lib/libc.so.6(__vsprintf_chk+0x0)[0xa73510]
/lib/libc.so.6(_IO_default_xsputn+0x97)[0x9f6858]
/lib/libc.so.6(_IO_vfprintf+0xd92)[0x9d1894]
/lib/libc.so.6(__vsprintf_chk+0xa1)[0xa735b1]
/lib/libc.so.6(__sprintf_chk+0x30)[0xa73504]
strace[0x804f497]
strace[0x804c879]
strace[0x804ba80]
/lib/libc.so.6(__libc_start_main+0xdf)[0x9aad5f]
strace[0x80495d1]
======= Memory map: ========
00117000-00120000 r-xp 00000000 08:01 4295783
/lib/libgcc_s-4.0.2-20051126.so.1
00120000-00121000 rwxp 00009000 08:01 4295783
/lib/libgcc_s-4.0.2-20051126.so.1
00974000-0098e000 r-xp 00000000 08:01 4293722 /lib/ld-2.3.5.so
0098e000-0098f000 r-xp 00019000 08:01 4293722 /lib/ld-2.3.5.so
0098f000-00990000 rwxp 0001a000 08:01 4293722 /lib/ld-2.3.5.so
00996000-00ab9000 r-xp 00000000 08:01 4293723 /lib/libc-2.3.5.so
00ab9000-00abb000 r-xp 00123000 08:01 4293723 /lib/libc-2.3.5.so
00abb000-00abd000 rwxp 00125000 08:01 4293723 /lib/libc-2.3.5.so
00abd000-00abf000 rwxp 00abd000 00:00 0
00d51000-00d52000 r-xp 00d51000 00:00 0 [vdso]
08047000-08071000 r-xp 00000000 08:01 2336571 /usr/bin/strace
08071000-08072000 rw-p 0002a000 08:01 2336571 /usr/bin/strace
08072000-08079000 rw-p 08072000 00:00 0
08783000-087a4000 rw-p 08783000 00:00 0 [heap]
b7f95000-b7f96000 rw-p b7f95000 00:00 0
b7fb2000-b7fbb000 rw-p b7fb2000 00:00 0
bfea5000-bfebb000 rw-p bfea5000 00:00 0 [stack]
Aborted (core dumped)
Any ideas what might go wrong?
Best regards,
Wolfgang Denk
--
Software Engineering: Embedded and Realtime Systems, Embedded Linux
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: [EMAIL PROTECTED]
There's no future in time travel.
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id�865&op=click
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
