Bug 683250 - slapd crashing when traffic replayed
Summary: slapd crashing when traffic replayed
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Directory Server
Version: 1.2.8
Hardware: i686
OS: Linux
high
high
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 639035 389_1.2.8 684349
TreeView+ depends on / blocked
 
Reported: 2011-03-08 22:10 UTC by Nathan Kinder
Modified: 2015-12-07 16:54 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 668619
: 684349 (view as bug list)
Environment:
Last Closed: 2015-12-07 16:54:27 UTC
Embargoed:


Attachments (Terms of Use)
gdb logs (8.51 KB, application/x-compressed-tar)
2011-03-08 22:17 UTC, Nathan Kinder
no flags Details
gdb trace from 1.2.8 a3 segfault (89.54 KB, text/plain)
2011-03-08 22:18 UTC, Nathan Kinder
no flags Details
gdb trace (195.07 KB, text/plain)
2011-03-09 21:53 UTC, Jeremy Mates
no flags Details
0001-use-a-big-lock-in-saslbind.patch (5.38 KB, patch)
2011-03-10 18:10 UTC, Rich Megginson
no flags Details | Diff
0001-Bug-683250-slapd-crashing-when-traffic-replayed.patch (6.02 KB, patch)
2011-03-10 23:38 UTC, Rich Megginson
no flags Details | Diff
0001-Bug-683250-slapd-crashing-when-traffic-replayed.patch (6.78 KB, patch)
2011-03-10 23:45 UTC, Rich Megginson
no flags Details | Diff
0001-Bug-683250-slapd-crashing-when-traffic-replayed.patch (6.79 KB, patch)
2011-03-10 23:47 UTC, Rich Megginson
nkinder: review+
Details | Diff

Description Nathan Kinder 2011-03-08 22:10:49 UTC
+++ This bug was initially created as a clone of Bug #668619 +++
--- Additional comment from jmates on 2011-02-10 13:41:41 EST ---

No hang on RHEL 5.5 with 1.2.8 a2, but instead segmentation faults when tested with replayed production traffic. Gathering gdb output...

--- Additional comment from jmates on 2011-02-10 16:05:13 EST ---

Created attachment 478119 [details]
gdb logs

gdb traces from two crashes of 389-ds-base-1.2.8-0.2.a2.el5 in response to replayed production traffic.

--- Additional comment from rmeggins on 2011-02-10 16:21:52 EST ---

(In reply to comment #11)
> Created attachment 478119 [details]
> gdb logs
> 
> gdb traces from two crashes of 389-ds-base-1.2.8-0.2.a2.el5 in response to
> replayed production traffic.

Thanks.  The stack looks corrupted.  Are you using SASL/GSSAPI Kerberos authentication?  Can you attach the last few lines from your errors and access logs before the crash?

--- Additional comment from jmates on 2011-02-10 16:51:54 EST ---

Yes, the servers are configured for Kerberos auth (via http://directory.fedoraproject.org/wiki/Howto:Kerberos). Our existing fedora-ds-1.0.4-1.RHEL4 production LDAP servers also use Kerberos auth, and do not exhibit any problems (they were setup well before my time here, though).

Errors shows just various peer rests, nothing unique at time of the crash.

[10/Feb/2011:18:18:01 +0000] - PR_Write(118) Netscape Portable Runtime error -59
61 (TCP connection reset by peer.)
[10/Feb/2011:18:18:02 +0000] - PR_Write(79) Netscape Portable Runtime error -596
1 (TCP connection reset by peer.)

Access shows nothing exciting, though that is buffered. Trying again with unbuffered logs and a higher error log level.

--- Additional comment from jmates on 2011-02-11 13:26:22 EST ---

Unbuffered logging appears to avoid the segmentation faults (for an overnight run of test traffic; buffered logging leads to crashes within minutes), though hobbles performance to the log write speed. If production load is near or beyond that limit, client requests block or timeout, which is not ideal. Shutting down the unbuffered logging ns-slapd took 10 (!) minutes after all test traffic was cut off.

--- Additional comment from rmeggins on 2011-02-11 13:36:17 EST ---

Yeah, that's why we buffer access logging by default.  You can use a named pipe script for the access log instead - http://directory.fedoraproject.org/wiki/Named_Pipe_Log_Script

--- Additional comment from jmates on 2011-02-25 20:10:58 EST ---

Created attachment 481105 [details]
gdb trace from 1.2.8 a3 segfault

gdb trace from 1.2.8 a3 segfault added (alpha 3 is harder to segfault than alpha 2).

--- Additional comment from rmeggins on 2011-02-25 21:20:40 EST ---

Centos5?  32-bit or 64-bit?  How are you generating the load?  If you are using some scripts or load client, is it possible we could get a copy?

Comment 1 Nathan Kinder 2011-03-08 22:17:09 UTC
Created attachment 483044 [details]
gdb logs

Attachment originally from Jeremy Mates:

gdb traces from two crashes of 389-ds-base-1.2.8-0.2.a2.el5 in response to
replayed production traffic.

Comment 2 Nathan Kinder 2011-03-08 22:18:45 UTC
Created attachment 483046 [details]
gdb trace from 1.2.8 a3 segfault

Attachment originally from Jeremy Mates:

gdb trace from 1.2.8 a3 segfault added (alpha 3 is harder to segfault than
alpha 2).

Comment 3 Rich Megginson 2011-03-09 17:45:02 UTC
Is it possible you could attach your tcpdump so we could replay it in our dev environment?  If that is not possible, would you be able to install a debug build in your testing environment?

Comment 4 Jeremy Mates 2011-03-09 19:11:53 UTC
Sorry, the tcpdump contains student account names and other metadata that cannot be shared. I can easily install a debug build.

Comment 5 Rich Megginson 2011-03-09 19:21:40 UTC
Ok.  I'll build you an el5 32-bit package with full debugging enabled.

Comment 6 Rich Megginson 2011-03-09 20:57:41 UTC
Ok.  The new rpms are here:
http://rmeggins.fedorapeople.org/

download the base and the -libs package - you don't need the other 2.  Install them using rpm -ivh (or upgrade using rpm -Uvh).  If/when it crashes, and you run gdb, you'll have to use the gdb 'dir' command to tell it where to find the source code, since there is no debuginfo package.

(gdb) dir /usr/src/debug/389-ds-base-VERSION

you can use the older .a4 version of the source.

Comment 7 Jeremy Mates 2011-03-09 21:53:22 UTC
Created attachment 483315 [details]
gdb trace

Crash from http://rmeggins.fedorapeople.org/ packages plus 389-ds-base-1.2.6.a4.tar.bz2 source tree.

Comment 8 Rich Megginson 2011-03-10 02:09:40 UTC
Thanks.  New packages for testing:
http://rmeggins.fedorapeople.org/

try these

Comment 9 Rich Megginson 2011-03-10 18:10:39 UTC
Created attachment 483531 [details]
0001-use-a-big-lock-in-saslbind.patch

Comment 10 Rich Megginson 2011-03-10 23:38:29 UTC
Created attachment 483607 [details]
0001-Bug-683250-slapd-crashing-when-traffic-replayed.patch

Comment 11 Rich Megginson 2011-03-10 23:45:24 UTC
Created attachment 483608 [details]
0001-Bug-683250-slapd-crashing-when-traffic-replayed.patch

missed a couple of places where I needed to Unlock

Comment 12 Rich Megginson 2011-03-10 23:47:22 UTC
Created attachment 483609 [details]
0001-Bug-683250-slapd-crashing-when-traffic-replayed.patch

have to call unlock before send_result

Comment 13 Rich Megginson 2011-03-11 21:33:46 UTC
To ssh://git.fedorahosted.org/git/389/ds.git
   34f2f30..2c8637c  master -> master
commit 2c8637c242ace8a7d61474913c861e336a7809cd
Author: Rich Megginson <rmeggins>
Date:   Wed Mar 9 18:27:05 2011 -0700
    Reviewed by: nkinder (Thanks!)
    Branch: master
    Fix Description: There was a race condition in the saslbind.c code if multip
    threads and multiple connections were doing gssapi at the same time, with
    different points of failure.  The solution is to increase the size of the
    mutex section in saslbind.c so that all access of pb->pb_conn are protected.
    Thanks to Jeremy Mates <jmates> for finding this issue and for his
    assistance in testing.
    Platforms tested: RHEL6 x86_64, Fedora 14 i386
    Flag Day: no
    Doc impact: no
To ssh://git.fedorahosted.org/git/389/ds.git
   cc578f1..fb7547f  389-ds-base-1.2.8 -> 389-ds-base-1.2.8

Comment 14 Amita Sharma 2011-04-07 13:59:14 UTC
Hi,

Request you to please share more information on how to test this bug fix.

Thanks,
Amita

Comment 15 Rich Megginson 2011-04-07 14:10:19 UTC
(In reply to comment #14)
> Hi,
> 
> Request you to please share more information on how to test this bug fix.
> 
> Thanks,
> Amita

We could never reproduce the crash internally, and we don't have access to the reporter's private data he used to reproduce the crash.  So I think we can just run our SASL stress and long duration tests and confirm that this fix did not introduce any regressions.

Comment 16 Noriko Hosoi 2011-07-26 21:22:14 UTC
Note: the upstream bug 668619 is verified.

Comment 17 Jenny Severance 2011-12-05 19:55:18 UTC
Based on Comment 16, marking this bug verified.


Note You need to log in before you can comment on or make changes to this bug.