Bug 1946950 - Samba RPC daemons leak memory
Summary: Samba RPC daemons leak memory
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: samba
Version: 34
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: AcceptedFreezeException
Depends On:
Blocks: F34FinalFreezeException
TreeView+ depends on / blocked
 
Reported: 2021-04-07 10:39 UTC by Alexander Bokovoy
Modified: 2021-04-16 14:34 UTC (History)
12 users (show)

Fixed In Version: samba-4.14.2-1.fc34 samba-4.13.7-1.fc33
Clone Of:
Environment:
Last Closed: 2021-04-13 01:34:08 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Alexander Bokovoy 2021-04-07 10:39:55 UTC 
When running Samba RPC daemons in FreeIPA environment, EPMAPPER leaks memory due to use of a wrong memory context that has longer lifetime than a connection context where this memory was supposed to be bound to.

This leads to IPA domain controller enabled for trust to Active Directory to eventually exhaust memory and get crashed. After this, no access from Windows side is possible anymore until smb processes are restarted.

Upstream bug https://bugzilla.samba.org/show_bug.cgi?id=14675 covers the same issue with a print server with a lot of print queues, the cause is the same. The issue exists for quite some time in Samba but was only noticed in last few months.

In Fedora 33 it crashes due to oom killer but the same happens with other Fedora versions as Samba code there has the same issue.

Mar 03 17:33:58 id.vda.li systemd[1]: Starting Samba SMB Daemon...
[...]
Mar 03 17:33:59 id.vda.li smbd[1486]: [2021/03/03 17:33:59.486490,  0] ../../lib/util/become_daemon.c:135(daemon_ready)
Mar 03 17:33:59 id.vda.li systemd[1]: Started Samba SMB Daemon.
Mar 03 17:33:59 id.vda.li smbd[1486]:   daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
[...]
Mar 08 03:15:57 id.vda.li systemd[1]: smb.service: A process of this unit has been killed by the OOM killer.
Mar 08 03:15:57 id.vda.li systemd[1]: smb.service: Failed with result 'oom-kill'.
Mar 08 03:15:57 id.vda.li systemd[1]: smb.service: Consumed 2min 51.659s CPU time.

in this case it took a week to exhaust 4GB RAM and some swap on this server.
Comment 1 Fedora Blocker Bugs Application 2021-04-07 10:43:24 UTC 
Proposed as a Freeze Exception for 34-final by Fedora user abbra using the blocker tracking app because:

 Memory exhaustion in Samba may lead to a crash on FreeIPA domain controller, rendering its operations towards trusted Active Directory domains non-working.
Comment 2 Fedora Update System 2021-04-07 19:41:48 UTC 
FEDORA-2021-9e28431266 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e28431266
Comment 3 Fedora Update System 2021-04-08 05:54:13 UTC 
FEDORA-2021-58fd0387e2 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-58fd0387e2
Comment 4 Fedora Update System 2021-04-08 19:05:10 UTC 
FEDORA-2021-9e28431266 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-9e28431266`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e28431266

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2021-04-08 20:58:47 UTC 
FEDORA-2021-58fd0387e2 has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-58fd0387e2`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-58fd0387e2

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 František Zatloukal 2021-04-12 17:42:34 UTC 
Discussed during the 2021-04-12 blocker review meeting: [1]

The decision to classify this bug as an RejectedFreezeException was made:

"No justification has been provided for why this needs a freeze exception and cannot just be a 0-day update."

[1] https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2021-04-12/f34-blocker-review.2021-04-12-16.02.log.txt
Comment 7 František Zatloukal 2021-04-12 17:56:28 UTC 
Discussed during the 2021-04-12 blocker review meeting: [1]

The decision to classify this bug as an AcceptedBlocker was made:

"This is now accepted as an FE due to its impact on FreeIPA deployments, which are part of the Server DVD package set."

[1] https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2021-04-12/f34-blocker-review.2021-04-12-16.02.log.txt
Comment 8 František Zatloukal 2021-04-12 17:57:28 UTC 
There was a typo in my previous comment, this is AcceptedFreezeException and not a AcceptedBlocker, so the correct summary follows.


Discussed during the 2021-04-12 blocker review meeting: [1]

The decision to classify this bug as an AcceptedFreezeException was made:

"This is now accepted as an FE due to its impact on FreeIPA deployments, which are part of the Server DVD package set."

[1] https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2021-04-12/f34-blocker-review.2021-04-12-16.02.log.txt
Comment 9 Fedora Update System 2021-04-13 01:34:08 UTC 
FEDORA-2021-9e28431266 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 10 Fedora Update System 2021-04-16 14:34:40 UTC 
FEDORA-2021-58fd0387e2 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.