Package: slapd Version: 2.4.57+dfsg-3+deb11u1 Severity: important Dear Maintainer,
When many clients connect to a slapd in a short period of time we noticed to different versions of a crash: * slapd crashes with following error: slapd: ../../../../servers/slapd/daemon.c:1957: slap_listener: \ Assertion `SLAP_SOCK_NOT_ACTIVE( tid, sfd )' failed. * sometimes slapd does not crash, but transforms into a zombie state: * New connections are not accepted * some established connections seem to work, some don't * when sending a SIGTERM the process prints: slapd shutdown: waiting for 129 operations/tasks to finish * ...but it never stops and has to be killed by SIGKILL We first observed this within our production environment. We created a python script to stress the slapd and could reproduce the behaviour in our DEV environment as well. The script can be found here: https://paste.debian.net/hidden/dbf61b60/ We were able to reliably crash the slapd by running the script from 3 machines at the same time. * What led up to the situation? We installed slapd in the following environment: * We use cn=config approach * We are using GSSAPI/kerberos auth with startTLS * Problem appears both on a slapd master and on a syncrepl host * Appears both with included init script and custom unitfile * openfiles limit for slapd has been raised to 16k * Loaded Modules: syncprov and back_mdb * We only modified/set the following settings: * olcSaslHost * olcSaslRealm * olcSaslSecProps * olcTLS* * Current slapd commandline (through systemd unitfile): * /usr/sbin/slapd -d0 -h ldap:/// ldapi:/// -g openldap \ -u openldap -F /etc/ldap/slapd.d * What exactly did you do (or not do) that was effective (or ineffective)? * Update to bullseye backports version behaves the same -- System Information: Debian Release: 11.5 APT prefers stable-security APT policy: (550, 'stable-security'), (550, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-18-amd64 (SMP w/2 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages slapd depends on: ii adduser 3.118 ii coreutils 8.32-4+b1 ii debconf [debconf-2.0] 1.5.77 ii libc6 2.31-13+deb11u4 ii libcrypt1 1:4.4.18-4 ii libdb5.3 5.3.28+dfsg1-0.8 ii libldap-2.4-2 2.4.57+dfsg-3+deb11u1 ii libltdl7 2.4.6-15 ii libodbc1 2.3.6-0.1+b1 ii libperl5.32 5.32.1-4+deb11u2 ii libsasl2-2 2.1.27+dfsg-2.1+deb11u1 ii libwrap0 7.6.q-31 ii lsb-base 11.1.0 ii perl [libmime-base64-perl] 5.32.1-4+deb11u2 ii psmisc 23.4-2 Versions of packages slapd recommends: ii ldap-utils 2.4.57+dfsg-3+deb11u1 Versions of packages slapd suggests: ii libsasl2-modules 2.1.27+dfsg-2.1+deb11u1 ii libsasl2-modules-gssapi-heimdal 2.1.27+dfsg-2.1+deb11u1 -- Configuration Files: /etc/default/slapd changed [not included] /etc/ldap/schema/nis.ldif changed [not included] /etc/ldap/schema/nis.schema changed [not included] -- debconf information excluded