Big samba memory leak fixed upstream

Bug #1814532 reported by Mikael Hartzell on 2019-02-04
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Andreas Hasenack

Bug Description


There is a memory leak in vfswrap_getwd() that, depending on the server usage, can become severe and trigger an OOM killer.

[Test Case]
It's hard to come up with a test case for memory leaks, because they can take a while to manifest.

[Regression Potential]
Patch is sane and has been applied upstream. It's already present in cosmic and later. The code that frees the pointer is only reached if the pointer isn't NULL.

[Other Info]
None at this time.

[Original Description]

There is a big memory leak bug in Samba 4.1 - 4.7.6. Depending on the circumstances all memory of the Ubuntu server will be eaten by Samba sooner or later. Then Linux Oom - killer will kill Samba which will either restart or hang.

On our Ubuntu Server 14.04.5 I need to restart Samba 1 - 2 times a week. This bug probably affects also Ubuntu 18.04 if this fix has not yet been backported.

This bug has been fixed upstream in Samba 4.7.7. The fix is only two lines of code and the bug is caused by a single misplaced "if" when releasing memory.

This upstream commit fixes the bug:

This is the Samba bug report:

And here the author apologizes for the bug :)

Please backport this fix to Ubuntu 14.04 and 18.04, thanks :)

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: samba 2:4.3.11+dfsg-0ubuntu0.14.04.19
ProcVersionSignature: Ubuntu 3.13.0-164.214-generic 3.13.11-ckt39
Uname: Linux 3.13.0-164-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.29
Architecture: amd64
BothFailedConnect: Yes
Date: Mon Feb 4 11:34:06 2019
InstallationDate: Installed on 2014-09-25 (1592 days ago)
InstallationMedia: Ubuntu-Server 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.3)
SambaServerRegression: Yes
SmbConfIncluded: No
SourcePackage: samba
UpgradeStatus: No upgrade log present (probably fresh install)
upstart.samba-ad-dc.override: manual

Related branches

Mikael Hartzell (mhartzel) wrote :
Changed in samba (Ubuntu):
importance: Undecided → High
Sebastien Bacher (seb128) wrote :

Thank you for your bug report, according to the upstream discussion the issue was create by that commit and looks like a good candidate for a bionic SRU, it shouldn't apply/be an issue on trusty though which has 4.1/4.3 samba series

description: updated
Mikael Hartzell (mhartzel) wrote :

On top of the original Samba bug report ( it says this affects *Samba 4.1 and newer* or am I interpreting it incorrectly ?

At least I am experiencing the same behavior on Ubuntu 14.04.5 Server with Samba 4.3.11. Sad if it won't help us with our problem.

The offending code was submitted to Samba at 29th Jun 2017, you can find the commit here: If you search for the source file name: source3/modules/vfs_default.c on the page.

Maybe the date when the bug appeared sheds some light which releases really are affected.

Mikael Hartzell (mhartzel) wrote :

Ok, I see that you already found the date information :)

Sebastien Bacher (seb128) wrote :

"4.1 and newer" is only what their bugzilla has register as product, the list is

they seem to use it to classify bugs that impact "not too ancien" samba versions, it doesn't mean 4.1 is impacted

Sebastien Bacher (seb128) wrote :

(so yeah, it's not likely to be the same issue you are having on trusty)

Andreas Hasenack (ahasenack) wrote :

Fixed in cosmic and later.

no longer affects: samba (Ubuntu Cosmic)
Changed in samba (Ubuntu):
status: New → Fix Released
Changed in samba (Ubuntu Bionic):
status: New → Triaged
importance: Undecided → High
tags: added: server-next
description: updated
description: updated
Andreas Hasenack (ahasenack) wrote :

I'm not sure this is robust enough as a test case, that's why I'm adding it here instead of in the test caseh, but I ran smbd under valgrind before and after the update, and less bytes were lost for the same smbclient connection:

==3977== LEAK SUMMARY:
==3977== definitely lost: 72 bytes in 7 blocks

==5438== LEAK SUMMARY:
==5438== definitely lost: 24 bytes in 1 blocks

The client command was (with a suitable smb.conf and /pub directory):
smbclient //localhost/pub -U ubuntu%ubuntu -c "pwd;dir;cd dir1;dir;pwd;cd dir11; pwd; dir; cd /; cd dir2; pwd; dir; cd /"

Changed in samba (Ubuntu Bionic):
assignee: nobody → Andreas Hasenack (ahasenack)
status: Triaged → In Progress
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.