+++ This bug was initially created as a clone of Bug #668619 +++ --- Additional comment from jmates on 2011-02-10 13:41:41 EST --- No hang on RHEL 5.5 with 1.2.8 a2, but instead segmentation faults when tested with replayed production traffic. Gathering gdb output... --- Additional comment from jmates on 2011-02-10 16:05:13 EST --- Created attachment 478119 [details] gdb logs gdb traces from two crashes of 389-ds-base-1.2.8-0.2.a2.el5 in response to replayed production traffic. --- Additional comment from rmeggins on 2011-02-10 16:21:52 EST --- (In reply to comment #11) > Created attachment 478119 [details] > gdb logs > > gdb traces from two crashes of 389-ds-base-1.2.8-0.2.a2.el5 in response to > replayed production traffic. Thanks. The stack looks corrupted. Are you using SASL/GSSAPI Kerberos authentication? Can you attach the last few lines from your errors and access logs before the crash? --- Additional comment from jmates on 2011-02-10 16:51:54 EST --- Yes, the servers are configured for Kerberos auth (via http://directory.fedoraproject.org/wiki/Howto:Kerberos). Our existing fedora-ds-1.0.4-1.RHEL4 production LDAP servers also use Kerberos auth, and do not exhibit any problems (they were setup well before my time here, though). Errors shows just various peer rests, nothing unique at time of the crash. [10/Feb/2011:18:18:01 +0000] - PR_Write(118) Netscape Portable Runtime error -59 61 (TCP connection reset by peer.) [10/Feb/2011:18:18:02 +0000] - PR_Write(79) Netscape Portable Runtime error -596 1 (TCP connection reset by peer.) Access shows nothing exciting, though that is buffered. Trying again with unbuffered logs and a higher error log level. --- Additional comment from jmates on 2011-02-11 13:26:22 EST --- Unbuffered logging appears to avoid the segmentation faults (for an overnight run of test traffic; buffered logging leads to crashes within minutes), though hobbles performance to the log write speed. If production load is near or beyond that limit, client requests block or timeout, which is not ideal. Shutting down the unbuffered logging ns-slapd took 10 (!) minutes after all test traffic was cut off. --- Additional comment from rmeggins on 2011-02-11 13:36:17 EST --- Yeah, that's why we buffer access logging by default. You can use a named pipe script for the access log instead - http://directory.fedoraproject.org/wiki/Named_Pipe_Log_Script --- Additional comment from jmates on 2011-02-25 20:10:58 EST --- Created attachment 481105 [details] gdb trace from 1.2.8 a3 segfault gdb trace from 1.2.8 a3 segfault added (alpha 3 is harder to segfault than alpha 2). --- Additional comment from rmeggins on 2011-02-25 21:20:40 EST --- Centos5? 32-bit or 64-bit? How are you generating the load? If you are using some scripts or load client, is it possible we could get a copy?
Created attachment 483044 [details] gdb logs Attachment originally from Jeremy Mates: gdb traces from two crashes of 389-ds-base-1.2.8-0.2.a2.el5 in response to replayed production traffic.
Created attachment 483046 [details] gdb trace from 1.2.8 a3 segfault Attachment originally from Jeremy Mates: gdb trace from 1.2.8 a3 segfault added (alpha 3 is harder to segfault than alpha 2).
Is it possible you could attach your tcpdump so we could replay it in our dev environment? If that is not possible, would you be able to install a debug build in your testing environment?
Sorry, the tcpdump contains student account names and other metadata that cannot be shared. I can easily install a debug build.
Ok. I'll build you an el5 32-bit package with full debugging enabled.
Ok. The new rpms are here: http://rmeggins.fedorapeople.org/ download the base and the -libs package - you don't need the other 2. Install them using rpm -ivh (or upgrade using rpm -Uvh). If/when it crashes, and you run gdb, you'll have to use the gdb 'dir' command to tell it where to find the source code, since there is no debuginfo package. (gdb) dir /usr/src/debug/389-ds-base-VERSION you can use the older .a4 version of the source.
Created attachment 483315 [details] gdb trace Crash from http://rmeggins.fedorapeople.org/ packages plus 389-ds-base-1.2.6.a4.tar.bz2 source tree.
Thanks. New packages for testing: http://rmeggins.fedorapeople.org/ try these
Created attachment 483531 [details] 0001-use-a-big-lock-in-saslbind.patch
Created attachment 483607 [details] 0001-Bug-683250-slapd-crashing-when-traffic-replayed.patch
Created attachment 483608 [details] 0001-Bug-683250-slapd-crashing-when-traffic-replayed.patch missed a couple of places where I needed to Unlock
Created attachment 483609 [details] 0001-Bug-683250-slapd-crashing-when-traffic-replayed.patch have to call unlock before send_result
To ssh://git.fedorahosted.org/git/389/ds.git 34f2f30..2c8637c master -> master commit 2c8637c242ace8a7d61474913c861e336a7809cd Author: Rich Megginson <rmeggins> Date: Wed Mar 9 18:27:05 2011 -0700 Reviewed by: nkinder (Thanks!) Branch: master Fix Description: There was a race condition in the saslbind.c code if multip threads and multiple connections were doing gssapi at the same time, with different points of failure. The solution is to increase the size of the mutex section in saslbind.c so that all access of pb->pb_conn are protected. Thanks to Jeremy Mates <jmates> for finding this issue and for his assistance in testing. Platforms tested: RHEL6 x86_64, Fedora 14 i386 Flag Day: no Doc impact: no To ssh://git.fedorahosted.org/git/389/ds.git cc578f1..fb7547f 389-ds-base-1.2.8 -> 389-ds-base-1.2.8
Hi, Request you to please share more information on how to test this bug fix. Thanks, Amita
(In reply to comment #14) > Hi, > > Request you to please share more information on how to test this bug fix. > > Thanks, > Amita We could never reproduce the crash internally, and we don't have access to the reporter's private data he used to reproduce the crash. So I think we can just run our SASL stress and long duration tests and confirm that this fix did not introduce any regressions.
Note: the upstream bug 668619 is verified.
Based on Comment 16, marking this bug verified.