[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8173) back-ldap slapd crash segfault

To: openldap-its@OpenLDAP.org
Subject: (ITS#8173) back-ldap slapd crash segfault
From: adrian.raemy@vtg.admin.ch
Date: Thu, 18 Jun 2015 16:51:31 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Adrian Raemy
Version: 2.4.40
OS: SLES 11 SP3
URL: 
Submission from: (NULL) (193.5.216.100)


Hi,

The Openldap backend "ldap" slapd crashing under heavy load.
Tested with 2.4.26 and also 2.4.40.
We get an segfault:
Jun 18 00:00:36 serverxx1 kernel: [9079587.309374] slapd[6193]: segfault at 40
ip 00007f184cf6b2c6 sp 00007f1838ff85c0 error 4 in slapd[7f184cdda000+26c000]
Jun 18 09:40:12 serverxx1 kernel: [9114294.985888] slapd[10309]: segfault at 40
ip 00007f3b31f492c6 sp 00007f3b1f7f55c0 error 4 in slapd[7f3b31db8000+26c000]
Jun 18 12:38:29 serverxx1 kernel: [9124971.271300] slapd[15868]: segfault  4 40
ip 00007fc1555512c6 sp 00007fc141ffa5c0 error 4 in slapd[7fc1553c0000+26c000]

OpenLdap Proxy Server has:
Type = VM Guest
mem = 4GB
CPU = 2
Cores = 2

We don't get any other errors or warning before, CPU load and MEM etc all is
green and OK. Also files open etc is set unlimited. 

Scenario: Linux/ Unix Clients and Applications via ssl start_tls and ssl over
Openldap Proxy using on the Proxy the backend "ldap" to proxing to Openldap
Master.
When the Proxy gets heavy load due to activity from clients and Applications,
the slapd crashes unexpected with the above slapd segfault.
This is only happen with the backend-ldap. The Openldap Master doesn't crash and
is stable at all. So it must be the backend ldap which has the problem.
We perform Search-, Modify and add/remove Operations. So the entire funtionality
will be used.

Only with lot of searches sent over proxy to master we couldn't reproduce the
segfault. It needs realy a heavy load generated (read/itite- modify operations
at all) i guess to reproduce this. We don't have this possibility in our very
restricted environment.

We can't provide a core dump of the slapd due to confidentially restrictions.

We would test with the backend "meta" but this backend doesn't support the
"extended operations" like "LDAP Password Modify Extended Operation". So we have
only two possibilities, the one that ldap backend will be fixed or the extended
operations at meta backend will be added.

Please, we need help/ a fix asap, e e authentication at all is compromised and 
the slapd crashes often on the Openldap Proxy.

Thanks for your help

Prev by Date: Re: (ITS#8172) RFE: back-sock CONTINUE to get modified parameters
Next by Date: (ITS#8174) mdb_drop(,MAIN_DBI,) leaks pages of named DBs
Index(es):
- Chronological
- Thread