Description of problem: Zarafa is crashing due to wrong/broken file descriptors check in GLIBC: > if (d >= FD_SETSIZE) > __chk_fail (); > glibc/debug/fdelt_chk.c This check is wrong according to the Zarafa developers. See also bug #760888 for more technical details. If needed, there is also a virtual machine with Fedora 16 and Zarafa including gdb and valgrind where the issue can be reproduced on-the-fly. Just let me know, if it's needed. Version-Release number of selected component (if applicable): glibc-2.14.90-21.x86_64 zarafa-7.0.3-2.x86_64 How reproducible: Everytime, see above and below. Steps to Reproduce: 1. Fedora 16 minimal installation with all updates 2. yum install --enablerepo=fedora-updates-testing "zarafa*" mysql-server 3. Configure Zarafa 4. service mysqld start 5. service zarafa-server start 6. zarafa-admin -l 7. Find the crash in /var/log/zarafa/server.log Actual results: Zarafa is crashing due to wrong/broken file descriptors check in GLIBC. Expected results: Zarafa should not crash like in older Fedora or RHEL releases. Additional info: [root@localhost ~]# gdb zarafa-server GNU gdb (GDB) Fedora (7.3.50.20110722-10.fc16) Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/zarafa-server...Reading symbols from /usr/lib/debug/usr/bin/zarafa-server.debug...done. done. (gdb) run -F Starting program: /usr/bin/zarafa-server -F warning: "/usr/lib/debug/usr/lib64/libicudata.so.46.0.debug": separate debug info file has no debug info [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Detaching after fork from child process 2135. [New Thread 0x7fffec5ea700 (LWP 2136)] [Thread 0x7fffec5ea700 (LWP 2136) exited] [New Thread 0x7fffec5ea700 (LWP 2138)] [New Thread 0x7fffebde9700 (LWP 2140)] [New Thread 0x7fffeb5e8700 (LWP 2141)] [New Thread 0x7fffeade7700 (LWP 2142)] [New Thread 0x7fffea5e6700 (LWP 2144)] [New Thread 0x7fffe9de5700 (LWP 2146)] [New Thread 0x7fffe95e4700 (LWP 2147)] [New Thread 0x7fffe8de3700 (LWP 2148)] [New Thread 0x7fffe3fff700 (LWP 2149)] [New Thread 0x7fffe37fe700 (LWP 2150)] [New Thread 0x7fffe2ffd700 (LWP 2151)] [New Thread 0x7fffe27fc700 (LWP 2152)] [New Thread 0x7fffe1ffb700 (LWP 2153)] [New Thread 0x7fffe17fa700 (LWP 2154)] [New Thread 0x7fffe0ff9700 (LWP 2155)] *** buffer overflow detected ***: /usr/bin/zarafa-server terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7ffff3783f77] /lib64/libc.so.6(+0x104ef0)[0x7ffff3781ef0] /lib64/libc.so.6(+0x106f2e)[0x7ffff3783f2e] /usr/bin/zarafa-server[0x5fa6a1] /usr/bin/zarafa-server(soap_recv_raw+0xc8)[0x5fa9c8] /usr/bin/zarafa-server(soap_getchar+0x4d)[0x5fb33d] /usr/bin/zarafa-server(soap_begin_recv+0x1fa)[0x60d56a] /usr/bin/zarafa-server(_ZN14ECWorkerThread4WorkEPv+0x95)[0x4c0245] /lib64/libpthread.so.0(+0x7d90)[0x7ffff594cd90] /lib64/libc.so.6(clone+0x6d)[0x7ffff376c3dd] ======= Memory map: ======== 00400000-007ad000 r-xp 00000000 fd:01 18197 /usr/bin/zarafa-server 009ac000-009b7000 rw-p 003ac000 fd:01 18197 /usr/bin/zarafa-server 009b7000-00ab1000 rw-p 00000000 00:00 0 [heap] 7fffdc000000-7fffdc021000 rw-p 00000000 00:00 0 7fffdc021000-7fffe0000000 ---p 00000000 00:00 0 7fffe07f9000-7fffe07fa000 ---p 00000000 00:00 0 7fffe07fa000-7fffe0ffa000 rw-p 00000000 00:00 0 7fffe0ffa000-7fffe0ffb000 ---p 00000000 00:00 0 7fffe0ffb000-7fffe17fb000 rw-p 00000000 00:00 0 7fffe17fb000-7fffe17fc000 ---p 00000000 00:00 0 7fffe17fc000-7fffe1ffc000 rw-p 00000000 00:00 0 7fffe1ffc000-7fffe1ffd000 ---p 00000000 00:00 0 7fffe1ffd000-7fffe27fd000 rw-p 00000000 00:00 0 7fffe27fd000-7fffe27fe000 ---p 00000000 00:00 0 7fffe27fe000-7fffe2ffe000 rw-p 00000000 00:00 0 7fffe2ffe000-7fffe2fff000 ---p 00000000 00:00 0 7fffe2fff000-7fffe37ff000 rw-p 00000000 00:00 0 7fffe37ff000-7fffe3800000 ---p 00000000 00:00 0 7fffe3800000-7fffe4000000 rw-p 00000000 00:00 0 7fffe4000000-7fffe4021000 rw-p 00000000 00:00 0 7fffe4021000-7fffe8000000 ---p 00000000 00:00 0 7fffe85e3000-7fffe85e4000 ---p 00000000 00:00 0 7fffe85e4000-7fffe8de4000 rw-p 00000000 00:00 0 7fffe8de4000-7fffe8de5000 ---p 00000000 00:00 0 7fffe8de5000-7fffe95e5000 rw-p 00000000 00:00 0 7fffe95e5000-7fffe95e6000 ---p 00000000 00:00 0 7fffe95e6000-7fffe9de6000 rw-p 00000000 00:00 0 7fffe9de6000-7fffe9de7000 ---p 00000000 00:00 0 7fffe9de7000-7fffea5e7000 rw-p 00000000 00:00 0 7fffea5e7000-7fffea5e8000 ---p 00000000 00:00 0 7fffea5e8000-7fffeade8000 rw-p 00000000 00:00 0 7fffeade8000-7fffeade9000 ---p 00000000 00:00 0 7fffeade9000-7fffeb5e9000 rw-p 00000000 00:00 0 7fffeb5e9000-7fffeb5ea000 ---p 00000000 00:00 0 7fffeb5ea000-7fffebdea000 rw-p 00000000 00:00 0 7fffebdea000-7fffebdeb000 ---p 00000000 00:00 0 7fffebdeb000-7fffec5eb000 rw-p 00000000 00:00 0 7fffec5eb000-7fffec5f7000 r-xp 00000000 fd:01 3944 /lib64/libnss_files-2.14.90.so 7fffec5f7000-7fffec7f6000 ---p 0000c000 fd:01 3944 /lib64/libnss_files-2.14.90.so 7fffec7f6000-7fffec7f7000 r--p 0000b000 fd:01 3944 /lib64/libnss_files-2.14.90.so 7fffec7f7000-7fffec7f8000 rw-p 0000c000 fd:01 3944 /lib64/libnss_files-2.14.90.so 7fffec7f8000-7ffff2c1b000 r--p 00000000 fd:01 4243 /usr/lib/locale/locale-archive 7ffff2c1b000-7ffff2c38000 r-xp 00000000 fd:01 4359 /lib64/libselinux.so.1 7ffff2c38000-7ffff2e38000 ---p 0001d000 fd:01 4359 /lib64/libselinux.so.1 7ffff2e38000-7ffff2e39000 r--p 0001d000 fd:01 4359 /lib64/libselinux.so.1 7ffff2e39000-7ffff2e3a000 rw-p 0001e000 fd:01 4359 /lib64/libselinux.so.1 7ffff2e3a000-7ffff2e3b000 rw-p 00000000 00:00 0 7ffff2e3b000-7ffff2e53000 r-xp 00000000 fd:01 3954 /lib64/libresolv-2.14.90.so 7ffff2e53000-7ffff3053000 ---p 00018000 fd:01 3954 /lib64/libresolv-2.14.90.so 7ffff3053000-7ffff3054000 r--p 00018000 fd:01 3954 /lib64/libresolv-2.14.90.so 7ffff3054000-7ffff3055000 rw-p 00019000 fd:01 3954 /lib64/libresolv-2.14.90.so 7ffff3055000-7ffff3057000 rw-p 00000000 00:00 0 7ffff3057000-7ffff3059000 r-xp 00000000 fd:01 4986 /lib64/libkeyutils.so.1.4 7ffff3059000-7ffff3259000 ---p 00002000 fd:01 4986 /lib64/libkeyutils.so.1.4 7ffff3259000-7ffff325a000 rw-p 00002000 fd:01 4986 /lib64/libkeyutils.so.1.4 7ffff325a000-7ffff3264000 r-xp 00000000 fd:01 4998 /lib64/libkrb5support.so.0.1 7ffff3264000-7ffff3463000 ---p 0000a000 fd:01 4998 /lib64/libkrb5support.so.0.1 7ffff3463000-7ffff3464000 r--p 00009000 fd:01 4998 /lib64/libkrb5support.so.0.1 7ffff3464000-7ffff3465000 rw-p 0000a000 fd:01 4998 /lib64/libkrb5support.so.0.1 7ffff3465000-7ffff347c000 r-xp 00000000 fd:01 4424 /lib64/libaudit.so.1.0.0 7ffff347c000-7ffff367b000 ---p 00017000 fd:01 4424 /lib64/libaudit.so.1.0.0 7ffff367b000-7ffff367c000 r--p 00016000 fd:01 4424 /lib64/libaudit.so.1.0.0 7ffff367c000-7ffff367d000 rw-p 00017000 fd:01 4424 /lib64/libaudit.so.1.0.0 7ffff367d000-7ffff3828000 r-xp 00000000 fd:01 3926 /lib64/libc-2.14.90.so 7ffff3828000-7ffff3a28000 ---p 001ab000 fd:01 3926 /lib64/libc-2.14.90.so 7ffff3a28000-7ffff3a2c000 r--p 001ab000 fd:01 3926 /lib64/libc-2.14.90.so 7ffff3a2c000-7ffff3a2e000 rw-p 001af000 fd:01 3926 /lib64/libc-2.14.90.so 7ffff3a2e000-7ffff3a33000 rw-p 00000000 00:00 0 7ffff3a33000-7ffff3a48000 r-xp 00000000 fd:01 308 /lib64/libgcc_s-4.6.2-20111027.so.1 7ffff3a48000-7ffff3c47000 ---p 00015000 fd:01 308 /lib64/libgcc_s-4.6.2-20111027.so.1 7ffff3c47000-7ffff3c48000 rw-p 00014000 fd:01 308 /lib64/libgcc_s-4.6.2-20111027.so.1 7ffff3c48000-7ffff3ccb000 r-xp 00000000 fd:01 3934 /lib64/libm-2.14.90.so 7ffff3ccb000-7ffff3eca000 ---p 00083000 fd:01 3934 /lib64/libm-2.14.90.so 7ffff3eca000-7ffff3ecb000 r--p 00082000 fd:01 3934 /lib64/libm-2.14.90.so 7ffff3ecb000-7ffff3ecc000 rw-p 00083000 fd:01 3934 /lib64/libm-2.14.90.so 7ffff3ecc000-7ffff3fb5000 r-xp 00000000 fd:01 4864 /usr/lib64/libstdc++.so.6.0.16 7ffff3fb5000-7ffff41b4000 ---p 000e9000 fd:01 4864 /usr/lib64/libstdc++.so.6.0.16 7ffff41b4000-7ffff41bc000 r--p 000e8000 fd:01 4864 /usr/lib64/libstdc++.so.6.0.16 7ffff41bc000-7ffff41be000 rw-p 000f0000 fd:01 4864 /usr/lib64/libstdc++.so.6.0.16 7ffff41be000-7ffff41d3000 rw-p 00000000 00:00 0 Program received signal SIGABRT, Aborted. [Switching to Thread 0x7fffe2ffd700 (LWP 2151)] 0x00007ffff36b3285 in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); (gdb) bt full #0 0x00007ffff36b3285 in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 resultvar = 0 pid = <optimized out> selftid = 2151 #1 0x00007ffff36b4b9b in __GI_abort () at abort.c:91 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x4, sa_sigaction = 0x4}, sa_mask = {__val = {5, 140737354065072, 16, 140737278565759, 1, 140737277128913, 5, 140737278569985, 3, 140737001799422, 2, 140737278565706, 1, 140737278574539, 3, 140737001799396}}, sa_flags = 12, sa_restorer = 0x7ffff37effcf} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007ffff36f2fae in __libc_message (do_abort=2, fmt=0x7ffff37f003b "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198 ap = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffe2ffc7e0, reg_save_area = 0x7fffe2ffc6f0}} ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffe2ffc7e0, reg_save_area = 0x7fffe2ffc6f0}} fd = 14 on_2 = <optimized out> list = <optimized out> nlist = <optimized out> cp = <optimized out> written = <optimized out> #3 0x00007ffff3783f77 in __GI___fortify_fail (msg=0x7ffff37effd2 "buffer overflow detected") at fortify_fail.c:32 No locals. #4 0x00007ffff3781ef0 in __GI___chk_fail () at chk_fail.c:29 No locals. #5 0x00007ffff3783f2e in __fdelt_chk (d=<optimized out>) at fdelt_chk.c:26 No locals. #6 0x00000000005fa6a1 in frecv (soap=0xa74f30, s=0xa7b060 "", n=65536) at stdsoap2.cpp:887 __d = <optimized out> timeout = {tv_sec = 60, tv_usec = 0} fd = {fds_bits = {0 <repeats 128 times>}} err = 0 r = <optimized out> #7 0x00000000005fa9c8 in soap_recv_raw (soap=0xa74f30) at stdsoap2.cpp:1167 ret = <optimized out> #8 0x00000000005fb33d in soap_getchar (soap=0xa74f30) at stdsoap2.cpp:1303 No locals. #9 soap_getchar (soap=0xa74f30) at stdsoap2.cpp:1295 No locals. #10 0x000000000060d56a in soap_begin_recv (soap=0xa74f30) at stdsoap2.cpp:12929 c = <optimized out> #11 0x00000000004c0245 in ECWorkerThread::Work (lpParam=0xa74670) at ECThreadManager.cpp:189 dblStart = 1324415053.9046531 lpThis = 0xa74670 lpWorkItem = 0xa90800 err = 0 er = <optimized out> fStop = false #12 0x00007ffff594cd90 in start_thread (arg=0x7fffe2ffd700) at pthread_create.c:309 __res = <optimized out> pd = 0x7fffe2ffd700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1, 1677272379085254327, 140737313595424, 140737001806272, 0, 3, -1677278977823904073, -1677250570931179849}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #13 0x00007ffff376c3dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. (gdb)
*** This bug has been marked as a duplicate of bug 76088 ***
It's 760888, not 76088 ;-) *** This bug has been marked as a duplicate of bug 760888 ***