Mondarchive crashes with "buffer overflow detected" while building catalog

[melevittfl@…]

Hi,

I'm trying to use mondoarchive on a Fedora Core 5 system to backup the system to an ext2 partition on an external usb hard disk.

While creating the catalog, Mondoarchive gets to about 93% done and then crashes. Output of stack trace and log to follow:

*** buffer overflow detected ***: mondoarchive terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xb442b1]
/lib/libc.so.6[0xb43826]
mondoarchive[0x805dbcf]
mondoarchive[0x805de3d]
mondoarchive[0x805de3d]
mondoarchive[0x805de3d]
mondoarchive[0x805de3d]
mondoarchive[0x805de3d]
mondoarchive[0x805de3d]
mondoarchive[0x805de3d]
mondoarchive[0x805de3d]
mondoarchive[0x805de3d]
mondoarchive[0x805e551]
mondoarchive[0x805e889]
mondoarchive[0x8056a83]
mondoarchive[0x804adbc]
/lib/libc.so.6(__libc_start_main+0xdc)[0xa7d724]
mondoarchive[0x804a251]
======= Memory map: ========
00101000-001a2000 r-xp 00000000 08:02 1212726    /usr/lib/libslang.so.2.0.6
001a2000-001b2000 rwxp 000a0000 08:02 1212726    /usr/lib/libslang.so.2.0.6
001b2000-001d1000 rwxp 001b2000 00:00 0 
001da000-001db000 r-xp 001da000 00:00 0          [vdso]
001db000-001f4000 r-xp 00000000 08:02 737292     /lib/ld-2.4.so
001f4000-001f5000 r-xp 00018000 08:02 737292     /lib/ld-2.4.so
001f5000-001f6000 rwxp 00019000 08:02 737292     /lib/ld-2.4.so
001f8000-00209000 r-xp 00000000 08:02 1212918    /usr/lib/libnewt.so.0.52.1
00209000-0020a000 rwxp 00010000 08:02 1212918    /usr/lib/libnewt.so.0.52.1
00a68000-00b95000 r-xp 00000000 08:02 737296     /lib/libc-2.4.so
00b95000-00b97000 r-xp 0012d000 08:02 737296     /lib/libc-2.4.so
00b97000-00b98000 rwxp 0012f000 08:02 737296     /lib/libc-2.4.so
00b98000-00b9b000 rwxp 00b98000 00:00 0 
00b9d000-00b9f000 r-xp 00000000 08:02 737326     /lib/libdl-2.4.so
00b9f000-00ba0000 r-xp 00001000 08:02 737326     /lib/libdl-2.4.so
00ba0000-00ba1000 rwxp 00002000 08:02 737326     /lib/libdl-2.4.so
00ba3000-00bc6000 r-xp 00000000 08:02 737321     /lib/libm-2.4.so
00bc6000-00bc7000 r-xp 00022000 08:02 737321     /lib/libm-2.4.so
00bc7000-00bc8000 rwxp 00023000 08:02 737321     /lib/libm-2.4.so
00bdf000-00bef000 r-xp 00000000 08:02 737330     /lib/libpthread-2.4.so
00bef000-00bf0000 r-xp 0000f000 08:02 737330     /lib/libpthread-2.4.so
00bf0000-00bf1000 rwxp 00010000 08:02 737330     /lib/libpthread-2.4.so
00bf1000-00bf3000 rwxp 00bf1000 00:00 0 
00cfc000-00d07000 r-xp 00000000 08:02 737338     /lib/libgcc_s-4.1.1-20060525.so.1
00d07000-00d08000 rwxp 0000a000 08:02 737338     /lib/libgcc_s-4.1.1-20060525.so.1
08048000-080a1000 r-xp 00000000 08:02 754014     /usr/sbin/mondoarchive
080a1000-080a3000 rw-p 00059000 08:02 754014     /usr/sbin/mondoarchive
080a3000-080a7000 rw-p 080a3000 00:00 0 
08fd8000-0e5ac000 rw-p 08fd8000 00:00 0          [heap]
b7fbc000-b7fbf000 rw-p b7fbc000 00:00 0 
b7fce000-b7fd0000 rw-p b7fce000 00:00 0 
bfc20000-bfc35000 rw-p bfc20000 00:00 0          [stack]
SIGABRT signal received from OS
Abort - probably failed assertion. I'm sleeping for a few seconds so you can rea
Fatal error... Mondoarchive is terminating in response to a signal from the OS
---FATALERROR--- Mondoarchive is terminating in response to a signal from the OS
If you require technical support, please contact the mailing list.
See http://www.mondorescue.org for details.
The list's members can help you, if you attach that file to your e-mail.
Log file: /var/log/mondo-archive.log
FYI, I have gzipped the log and saved it to /tmp/MA.log.gz
Mondo has aborted.
Execution run ended; result=254
Type 'less /var/log/mondo-archive.log' to see the output log





running: dmesg -n1 > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran just fine. :-)
Mondo Archive v2.0.9-780 --- http://www.mondorescue.org
running on i386 architecture
-----------------------------------------------------------
NB: Mondo logs almost everything, so don't panic if you see
some error messages.  Please read them carefully before you
decide to break out in a cold sweat.    Despite (or perhaps
because of) the wealth of messages. some users are inclined
to stop reading this log. If Mondo stopped for some reason,
chances are it's detailed here.  More than likely there's a
message at the very end of this log that will tell you what
is wrong. Please read it!                          -Devteam
-----------------------------------------------------------
Zero...
[Main] main.c->welcome_to_mondoarchive#179: One...
        [Main] main.c->welcome_to_mondoarchive#180: Two...
                [Main] main.c->welcome_to_mondoarchive#181: Three...
                        [Main] main.c->welcome_to_mondoarchive#182: Four...
        [Main] main.c->distro_specific_kludges_at_start_of_mondoarchive#199: Unmounting old ramdisks if necessary
running: umount `mount | grep shm | grep mondo | cut -d' ' -f3` > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
Usage: umount [-hV]
umount -a [-f] [-r] [-n] [-v] [-t vfstypes] [-O opts]
umount [-f] [-r] [-n] [-v] special | node...
--------------------------------end of output------------------------------
...ran with res=512
running: mount | grep cdrom | grep super > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran with res=256
running: mount | grep floppy | grep super > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran with res=256
[Main] libmondo-tools.c->mount_boot_if_necessary#1393: Started sub
                        [Main] libmondo-tools.c->mount_boot_if_necessary#1394: About to set g_boot_mountpt[0] to '\0'
                        [Main] libmondo-tools.c->mount_boot_if_necessary#1396: Done. Great. Seeting command to something
                        [Main] libmondo-tools.c->mount_boot_if_necessary#1399: Cool. Command = 'grep -v ":" /etc/fstab | grep -vx "#.*" | grep -w "/boot" | tr -s ' ' ' ' | cut -f1 | head -n1'
                        [Main] libmondo-tools.c->mount_boot_if_necessary#1401: tmp = 'LABEL=/boot'
        [Main] libmondo-tools.c->mount_boot_if_necessary#1403: /boot is at LABEL=/boot according to /etc/fstab
        [Main] libmondo-tools.c->mount_boot_if_necessary#1409: ...ignored cos it's a label :-)
[Main] libmondo-tools.c->mount_boot_if_necessary#1435: Ended sub
[Main] libmondo-tools.c->get_kernel_version#394: g_kernel_version = 2.617000
[Main] libmondo-tools.c->reset_bkpinfo#954: Hi
root is mounted at /dev/sda

No, Schlomo, that doesn't mean /dev/sda is the root partition. It's just a debugging message. Relax. It's part of am_I_in_disaster_recovery_mode().
[Main] libmondo-devices.c->am_I_in_disaster_recovery_mode#363: Is this a ramdisk? result = 0
running: rm -Rf /tmp/changed.files* > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran just fine. :-)
Checking sanity of your Linux distribution
        [Main] libmondo-tools.c->some_basic_system_sanity_checks#1088: Free space on given partition = 16477 MB
running: grep ramdisk /proc/devices > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
1 ramdisk
--------------------------------end of output------------------------------
...ran just fine. :-)
running: mount | grep -w vfat | grep -vE "/dev/fd|nexdisk" > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran with res=256
running: mount | grep -w dos | grep -vE "/dev/fd|nexdisk" > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran with res=256
                        [Main] libmondo-files.c->find_home_of_exe#431: find_home_of_exe () --- Found cmp at /usr/bin/cmp
running: mindi -V > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
mindi v1.0.9-r780
--------------------------------end of output------------------------------
...ran just fine. :-)
running: parted2fdisk -l | grep -i raid > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran with res=256
Done.
        [Main] libmondo-devices.c->sensibly_set_tmpdir_and_scratchdir#2544: bkpinfo->tmpdir is being set to /mnt/maxtor/tmp.mondo.16943
        [Main] libmondo-devices.c->sensibly_set_tmpdir_and_scratchdir#2548: bkpinfo->scratchdir is being set to /mnt/maxtor/mondo.scratch.27565
                        [Main] libmondo-files.c->find_home_of_exe#431: find_home_of_exe () --- Found afio at /usr/bin/afio
running: ls -l /mnt/maxtor > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
total 16
drwx------ 2 root root 16384 Sep  9 09:23 lost+found
--------------------------------end of output------------------------------
...ran just fine. :-)
running: grep -Ei suse /etc/issue.net | grep -E '9.0' | grep 64 > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran with res=256
running: which mkfs.vfat > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
/sbin/mkfs.vfat
--------------------------------end of output------------------------------
...ran just fine. :-)
                [Main] mondo-cli.c->handle_incoming_parameters#266: Switches:-
                [Main] mondo-cli.c->handle_incoming_parameters#270: -3 
                [Main] mondo-cli.c->handle_incoming_parameters#270: -E /mnt/maxtor /misc /.automount
                [Main] mondo-cli.c->handle_incoming_parameters#270: -O 
                [Main] mondo-cli.c->handle_incoming_parameters#270: -d /mnt/maxtor
                [Main] mondo-cli.c->handle_incoming_parameters#270: -i 
                [Main] mondo-cli.c->handle_incoming_parameters#270: -s 700m
[Main] libmondo-tools.c->post_param_configuration#591: Foo
        [Main] libmondo-tools.c->post_param_configuration#645: It doesn't seem you have enough swap to use tmpfs. Fine.
        [Main] libmondo-tools.c->post_param_configuration#800: isodir = /mnt/maxtor
        [Main] libmondo-tools.c->post_param_configuration#803: command = df -P /mnt/maxtor | tail -n1 | cut -d' ' -f1
        [Main] libmondo-tools.c->post_param_configuration#805: res of it = /dev/sdb1
        [Main] libmondo-tools.c->post_param_configuration#815: command = mount | grep -w /dev/sdb1 | tail -n1 | cut -d' ' -f3
        [Main] libmondo-tools.c->post_param_configuration#817: res of it = /mnt/maxtor
        [Main] libmondo-tools.c->post_param_configuration#824: isomnt: /mnt/maxtor, 11
        [Main] libmondo-tools.c->post_param_configuration#833: isodir: 
        [Main] libmondo-tools.c->post_param_configuration#836: iso-prefix: mondorescue
        [Main] libmondo-tools.c->post_param_configuration#867: Finished processing incoming params
BusyBox's sources are available from http://www.busybox.net
        [Main] libmondo-filelist.c->prepare_filelist#1443: tmpdir=/mnt/maxtor/tmp.mondo.16943/tmp.mondo.27397; scratchdir=/mnt/maxtor/mondo.scratch.27565/mondo.scratch.21738
Making catalog of files to be backed up
                [Main] libmondo-filelist.c->mondo_makefilelist#1716: Trying to write test string to exclude_paths
                [Main] libmondo-filelist.c->mondo_makefilelist#1718: ...Success!
running: cp -f /var/cache/mondo-archive/difflevel.0.aborted /var/cache/mondo-archive/difflevel.0 > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran just fine. :-)
        [Main] libmondo-filelist.c->mondo_makefilelist#1764: include_paths = '/'
[Main] libmondo-filelist.c->mondo_makefilelist#1765: Calculating filelist
        [Main] libmondo-filelist.c->mondo_makefilelist#1770: Excluding paths = ' /mnt/maxtor /misc /.automount    /mnt/maxtor/tmp.mondo.16943/tmp.mondo.27397 /mnt/maxtor/mondo.scratch.27565/mondo.scratch.21738 . .. /mnt/cdrom /mnt/floppy /media/cdrom /media/cdrecorder /proc /sys /root/images/mondo /root/images/mindi '
        [Main] libmondo-filelist.c->mondo_makefilelist#1772: Generating skeleton filelist so that we can track our progress
                        [Main] libmondo-filelist.c->mondo_makefilelist#1775: g_skeleton_entries = 0
        [Main] libmondo-filelist.c->mondo_makefilelist#1776: Opening out filelist to /mnt/maxtor/tmp.mondo.16943/tmp.mondo.27397/tmpfs/filelist.full
[Main] libmondo-filelist.c->mondo_makefilelist#1789: Including / in filelist /mnt/maxtor/tmp.mondo.16943/tmp.mondo.27397/tmpfs/filelist.full
Making catalog of /
         Making catalog of /
SIGABRT signal received from OS
Abort - probably failed assertion. I'm sleeping for a few seconds so you can read the message.
        [Main] libmondo-fifo.c->kill_buffer#246: kill_buffer() --- command = ps wwax | grep -F "" | grep -Fv grep | awk '{print $1;}' | grep -v PID | tr -s '
' ' ' | awk '{ print $1; }'
        [Main] libmondo-fifo.c->kill_buffer#249: kill_buffer() --- command = kill 1
running: kill 1 > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran just fine. :-)
[Main] newt-specific.c->fatal_error#366: Fatal error received - 'Mondoarchive is terminating in response to a signal from the OS'
                [Main] newt-specific.c->fatal_error#384: OK, I think I'm the main PID.
        [Main] newt-specific.c->fatal_error#392: I'm going to do some cleaning up now.
                        [Main] newt-specific.c->fatal_error#393: killall mindi 2> /dev/null
running: kill `ps wax | grep "/mondo/do-not" | awk '{print $1;}' | grep -vx "\?"` > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran with res=15
running: kill `ps wax | grep "tmp.mondo" | awk '{print $1;}' | grep -vx "\?"` > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran with res=15
running: kill `ps wax | grep "ntfsclone" | awk '{print $1;}' | grep -vx "\?"` > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran with res=15
        [Main] newt-specific.c->fatal_error#401: Waiting for child processes to terminate
        [Main] newt-specific.c->fatal_error#401: Waiting for child processes to terminate
        [Main] newt-specific.c->fatal_error#401: Waiting for child processes to terminate
        [Main] newt-specific.c->fatal_error#401: Waiting for child processes to terminate
        [Main] newt-specific.c->fatal_error#401: Waiting for child processes to terminate
        [Main] newt-specific.c->fatal_error#401: Waiting for child processes to terminate
        [Main] newt-specific.c->fatal_error#401: Waiting for child processes to terminate
        [Main] newt-specific.c->fatal_error#401: Waiting for child processes to terminate
        [Main] newt-specific.c->fatal_error#401: Waiting for child processes to terminate
        [Main] newt-specific.c->fatal_error#401: Waiting for child processes to terminate
        [Main] libmondo-files.c->register_pid#812: Unregistering PID
        [Main] libmondo-files.c->register_pid#812: Unregistering PID
        [Main] libmondo-files.c->register_pid#814: Error unregistering PID
running: umount /mnt/cdrom > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
umount: /mnt/cdrom: not mounted
--------------------------------end of output------------------------------
...ran with res=256
running: rm -Rf /mondo.scratch.* /tmp.mondo.* > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran just fine. :-)
running: rm -Rf /mnt/maxtor/tmp.mondo.16943/tmp.mondo.27397 /mnt/maxtor/mondo.scratch.27565/mondo.scratch.21738 > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err
--------------------------------start of output-----------------------------
--------------------------------end of output------------------------------
...ran just fine. :-)
        [Main] libmondo-tools.c->do_libmondo_global_strings_thing#1586: libmondo-tools.c, do_libmondo_global_strings_thing, 1586: Freeing globals

[Bruno Cornec]

The other time I've seen this problem it was due to a circular reference on the system. Try to find them with find|ls to see if there are (circular links).

[Bruno Cornec]

Could you try invoking mondoarchive with -K 99 to have full debuging ?

[Bruno Cornec]

Could you try again with the latest 2.2.0 ? If it still Seg. fault, I'd like to get the result with option -K 99.

[melevittfl]

Hi,

I tried with 2.2.0 and it crashes in the same way.

[melevittfl]

Mondo archive log with -K 99.

[Bruno Cornec]

Ok, I don't see the issue just reading the code, and your logs sorry.

Could you edit libmondo-filelist.c and remove the infront of all log_msg function calls in the function open_and_list_dir (line 1486 and following). Then rebuild mondo and relaunch it si that we get more debug.

There is something with your directory tree which causes that crash.

[Bruno Cornec]

Maybe related to debianBTS(379938)

[Bruno Cornec]

Could you check which version of newt you have please, and also if you have any fribidi package installed ?

[melevittfl]

The version of Newt is: newt-0.52.2-6.i386.rpm

I don't have any fribidi package installed.

Sorry I haven't had a chance to recompile with your logging changes. I'll try and do that soon.

[Bruno Cornec]

>  The version of Newt is:
>  newt-0.52.2-6.i386.rpm
> 
>  I don't have any fribidi package installed.

On Debian there is an issue with that version of newt which requires the
installation of the fribidi package. So I'd suggest you do the same on
your distro, without touching to the rest and report back.

[Bruno Cornec]

Could you use the latest 2.2.1 version of mondo (+ 1.2.1 for mindi and 1.2.2 for mindi-busybox) and report back ? And also install the fribidi package for your distribution.

[Bruno Cornec]

Now that 2.2.2 is officially published on ​ftp://ftp.mondorescue.org could you check again if this has been solved for good or not ? I'd like to close the bug asap.

[Bruno Cornec]

Now that 2.2.3 is officially published on ​ftp://ftp.mondorescue.org could you check again if this has been solved for good or not ? I'd like to close the bug asap. (Do not use 2.2.2 it has a nasty bug on bzip2 compression)