[Pkg-samba-maint] Bug#520794: samba: smbd memory usage always increase - memory leak

Massimiliano Ferrero m.ferrero at midhgard.it
Sun Mar 22 19:16:24 UTC 2009

Package: samba
Version: 2:3.2.5-4
Severity: important

Short description: after upgrade from etch to lenny we are experiencing a memory
leak in smbd processes.

We have a production system made of two samba server, pdc and bdc for a domain;
user backend is in openldap, managed through ldap-account-manager
The pdc acts as file server for about 50 clients, clients are mixed operating
systems: there are still about 10 Win95/98, about 35 Windows XP, one Windows 2000
server and three Windows 2003 servers, almost all into the domain.
Until two weeks ago the two samba server were on debian etch and the system was
stable, no problems reported, we had upgraded to etch around september 2007, so
the system has been stable for at least one and a half year.

We use munin to monitor server memory and other counters: we discovered that since
samba upgrade to 3.2.5 memory usage has started to increase linearly. Before memory
usage was constant.
There is one pc with an application active 24/7 and the smbd correspondig to this
process is using about 350 MB ram and increasing

ps auxn|grep smbd
    1000  7296  0.0  0.0   3144   764 pts/1    S+   20:04   0:00 grep smbd
       0  8528  0.0  0.3  16668  3772 ?        Ss   Mar18   0:19 /usr/sbin/smbd -D
       0  8534  0.0  0.2  16360  2084 ?        S    Mar18   0:01 /usr/sbin/smbd -D
    1000  8535  2.7 33.7 362000 349932 ?       S    Mar18 191:14 /usr/sbin/smbd -D
       0  9251  0.0  0.4  17616  4176 ?        S    Mar18   0:04 /usr/sbin/smbd -D
       0  9415  0.0  1.3  25740 14252 ?        S    Mar18   4:47 /usr/sbin/smbd -D
   10024 13280  0.0  0.6  18520  6992 ?        S    Mar20   0:07 /usr/sbin/smbd -D
       0 16733  0.0  0.5  18252  5864 ?        S    Mar18   0:10 /usr/sbin/smbd -D
       0 23226  0.0  0.6  18376  6596 ?        S    Mar18   0:07 /usr/sbin/smbd -D

The fourth process is the one that is using 350 MB ram
The process has used 191 minutes of cpu, this is consistent with the client application
being active for about one week without shutdown.
I suppose we do not see other processes in such a situation because there are no other
clients running 24 hours a day.

We are using vfs_full_audit, I read in mainstream samba changelog for 3.2.8:

* Fix a bad memleak in vfs_full_audit.

Has this bug been fixed in 3.2.5-4 for lenny? Could we be experiencing this bug?
If so is it possible to backport the relevant patch to lenny source?

If it is necessary to verify if the bug is this one I can disable vfs_full_audit and run the server
in this condition for a week.

Thanks for your help
Best regards
Massimiliano Ferrero

Here is /etc/samba/smb.conf

        workgroup = DOMAIN
        netbios name = PDC
        server string = %h (Linux Server)
        encrypt passwords = true                        
        lanman auth = Yes                               

        passdb backend = ldapsam:ldap://
        ldap admin dn = cn=admin,dc=domain,dc=com
        ldap suffix = dc=domain,dc=com           
        ldap group suffix = ou=Groups                   
        ldap user suffix = ou=Users                     
        ldap machine suffix = ou=Computers              
        ldap ssl = No                                   

        ldap passwd sync = Yes
        unix password sync = Yes
        passwd program = /usr/bin/passwd %u

        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"   
        ldap delete dn = Yes                                        
        #delete user script = /usr/local/sbin/smbldap-userdel "%u"  
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g" 
        #delete group script = /usr/local/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"      

        Dos charset = 850
        Unix charset = ISO8859-1

        syslog = 0
        log level = 0
        log file = /var/log/samba/log.client
        max log size = 1000                 
        unix extensions = Yes               
        logon script = scripts\logon.bat    
        logon path =                        
        preferred master = Yes              
        domain master = Yes                 
        domain logons = Yes                 
        os level = 85                       
        dns proxy = No                      
        wins support = Yes                  

        vfs objects = full_audit
        full_audit:prefix = %u|%I
        full_audit:success = chdir chmod chmod_acl chown close connect disconnect fchmod fchmod_acl fchown 
mkdir open opendir read rename rmdir sendfile unlink write                                                               
        full_audit:failure = chdir chmod chmod_acl chown close connect disconnect fchmod fchmod_acl fchown 
mkdir open opendir read rename rmdir sendfile unlink write                                                               
        full_audit:facility = LOCAL3                                                                              
        full_audit:priority = INFO                                                                                

        load printers = yes
        printing = cups    
        printcap name = cups
        use client driver = No

        # Do something sensible when Samba crashes: mail the admin a backtrace
        panic action = /usr/share/samba/panic-action %d                       

        map to guest = Bad User
        guest account = username
#       invalid users = root      

        path = /home/netlogon
        write list = @"Domain Admins"
        msdfs root = Yes             

... other shares follow

-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages samba depends on:
ii  adduser              3.110               add and remove users and groups
ii  debconf [debconf-2.0 1.5.24              Debian configuration management sy
ii  libacl1              2.2.47-2            Access control list shared library
ii  libattr1             1:2.4.43-2          Extended attribute shared library
ii  libc6                2.7-18              GNU C Library: Shared libraries
ii  libcomerr2           1.41.3-1            common error description library
ii  libcups2             1.3.8-1lenny4.1     Common UNIX Printing System(tm) - 
ii  libgnutls26          2.4.2-6+lenny1      the GNU TLS library - runtime libr
ii  libkrb53             1.6.dfsg.4~beta1-5  MIT Kerberos runtime libraries
ii  libldap-2.4-2        2.4.11-1~midhgard+1 OpenLDAP libraries
ii  libpam-modules       1.0.1-5             Pluggable Authentication Modules f
ii  libpam-runtime       1.0.1-5             Runtime support for the PAM librar
ii  libpam0g             1.0.1-5             Pluggable Authentication Modules l
ii  libpopt0             1.14-4              lib for parsing cmdline parameters
ii  libtalloc1           1.2.0~git20080616-1 hierarchical pool based memory all
ii  libwbclient0         2:3.2.5-4           client library for interfacing wit
ii  logrotate            3.7.1-5             Log rotation utility
ii  lsb-base             3.2-20              Linux Standard Base 3.2 init scrip
ii  procps               1:3.2.7-11          /proc file system utilities
ii  samba-common         2:3.2.5-4           Samba common files used by both th
ii  update-inetd         4.31                inetd configuration file updater
ii  zlib1g               1:   compression library - runtime

samba recommends no packages.

Versions of packages samba suggests:
pn  ldb-tools                   <none>       (no description available)
ii  openbsd-inetd [inet-superse 0.20080125-2 The OpenBSD Internet Superserver
ii  smbldap-tools               0.9.4-1      Scripts to manage Unix and Samba a

-- debconf information:
  samba/tdbsam: false
* samba/generate_smbpasswd: true
* samba/run_mode: daemons

More information about the Pkg-samba-maint mailing list