[Pkg-samba-maint] Bug#860743: samba: smbd fails to reap a few zombie processes
Will Aoki
waoki at umnh.utah.edu
Wed Apr 19 15:42:43 UTC 2017
Package: samba
Version: 2:4.2.14+dfsg-0+deb8u5
Severity: normal
It's unclear whether this is a duplicate of bug #816725, so I filed a separate
report. #816725 shows smbd repeatedly starting, failing to delete a pidfile,
and presumably terminating, but this is not happening at my site. It may also
describe a much higher rate of zombie generation than I'm seeing.
After upgrading a busy server from wheezy with 2:4.1.17+dfsg-1~bpo70+1 to
jessie, I'm starting to see zombie smbd processes accumulate at a rate of one
to two a day.
The server was up for a few weeks before processes started accumulating:
> $ ps auxw | grep defunct | grep -v grep ; date; uptime
> root 3550 0.0 0.0 0 0 ? Z Apr17 0:00 [smbd] <defunct>
> root 3557 0.0 0.0 0 0 ? Z Apr17 0:00 [smbd] <defunct>
> root 4842 0.0 0.0 0 0 ? Z Apr14 0:00 [smbd] <defunct>
> root 5880 0.0 0.0 0 0 ? Z Apr12 0:00 [smbd] <defunct>
> root 7466 0.0 0.0 0 0 ? Z Apr16 0:00 [smbd] <defunct>
> root 15920 0.0 0.0 0 0 ? Z Apr14 0:00 [smbd] <defunct>
> root 16200 0.0 0.0 0 0 ? Z Apr14 0:08 [smbd] <defunct>
> root 17238 0.0 0.0 0 0 ? Z Apr18 0:01 [smbd] <defunct>
> root 18990 0.0 0.0 0 0 ? Z Apr17 0:00 [smbd] <defunct>
> root 29334 0.0 0.0 0 0 ? Z Apr17 0:02 [smbd] <defunct>
> Wed Apr 19 09:00:09 MDT 2017
> 09:00:09 up 21 days, 14:12, 2 users, load average: 1.24, 1.07, 0.85
The server in question is, for awkward historical reasons, an LDAP-backed
NT4-style PDC and a fileserver. Zombie process accumulation has not been
observed on other fileservers (NT4 or AD-joined) or on NT4-style BDCs.
The server is a VM running on hardware with ECC RAM, so random memory
corruption is unlikely. None of the physical servers it could be running on
have reported any ECC errors.
The server's smb.conf follows. This installation dates back to 2001, so there
may be some cruft present: for example, it still uses 'idamp backend', which is
deprecated but not removed, and it explicitly sets 'mangling method'.
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic
# errors.
#
#======================= Global Settings =======================
[global]
# Change this for the workgroup/NT-domain name your Samba server will part of
workgroup = [redacted]
# server string is the equivalent of the NT Description field
server string = [redacted]
netbios name = [redacted]
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
;printcap name = cups
;printcap name = /etc/printcap.cups
printing = cups
printcap = cups
invalid users = root
# Put a capping on the size of the log files (in Kb).
#max log size = 1000
# no limit
max log size = 0
# If you want Samba to log though syslog only then set the following
# parameter to 'yes'. Please note that logging through syslog in
# Samba is still experimental.
; syslog only = no
syslog = 1 passdb:2 auth:2
log level = 1 passdb:1 auth:3
hosts allow = [redacted]
interfaces = [redacted]
bind interfaces only = yes
# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# security_level.txt for details.
security = user
# You may wish to use password encryption. Please read ENCRYPTION.txt,
# Win95.txt and WinNT.txt in the Samba documentation. Do not enable this
# option unless you have read those documents
encrypt passwords = yes
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
domain logons = yes
logon drive = [redacted]
logon path = [redacted]
logon home = [redacted]
# lie to Samba
#dfree command = /usr/local/sbin/samba-dfree
# Debian panic-action
# don't know what version this showed up, but let's see how much it spams
# me with name_to_8_3 crashes:
panic action = /usr/share/samba/panic-action %d
enhanced browsing = yes
# an experiment
# worked with 3.4.8, does not work with 3.5.5
# See eg: <http://engardelinux.org/modules/index/list_archives.cgi?list=samba-users&page=0004.html&month=2010-06>
# and: <http://lists.samba.org/archive/samba/2004-February/080788.html>
#server signing = auto
kerberos method = secrets and keytab
# --- ldap ---
passdb backend = ldapsam:"[server list redacted]"
idmap backend = ldap:"[server list redacted]"
# Note: Either use ldaps:// or "ldap ssl = start tls", but not both
# ldap ssl defaults to start tls
ldap ssl = start tls
ldap suffix = [redacted]
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
# 1.5 seconds, instead of the default 1 second
ldap replication sleep = 1500
ldap passwd sync = Yes
check password script = [redacted]
ldap admin dn = "[redacted]"
add machine script = [redacted]
# Improves performance, as all group data are in LDAP
#ldapsam:trusted = yes
# --- Browser Control Options ---
# Please _read_ BROWSING.txt and set the next four parameters according
# to your network setup. The defaults are specified below (commented
# out.) It's important that you read BROWSING.txt so you don't break
# browsing in your network!
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 20
# WINDOWS 2003 STOP CLAIMING TO BE MASTER BROWSER
os level=255
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = auto
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; preferred master = auto
preferred master = yes
# --- End of Browser Control Options ---
wins support = yes
dns proxy = no
# For Unix password sync. to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Augustin Luton <aluton at hybrigenics.fr> for
# sending the correct chat script for the passwd program in Debian Potato).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
obey pam restrictions = yes
# Deprecated as of 3.0.20 - use 'net rpc rights' to grant appropriate access instead
#printer admin = [redacted]
deadtime = 15
host msdfs = yes
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
# This was here because this was originally a Samba 2.2 installation
# changed from hash to hash2 because hash keeps making smbd crash
mangling method = hash2
map archive=no
#======================= Share Definitions =======================
browseable = yes
# not picking this up from ldap!
logon script = %U.bat
[homes]
comment = Your home directory
browseable = no
csc policy = disable
#nt acl support = no
msdfs root = no
writable = yes
create mask = 0660
directory mask = 0770
hide files = /desktop.ini/
veto oplock files = /*.pst/*.PST/*.mdb/*.MDB/
[netlogon]
comment = Network Logon Service
path = [redacted]
guest ok = yes
writable = no
veto files = /lost+found/
csc policy = disable
[redacted1]
comment = Home directories
browseable = yes
writeable = yes
path = /home
veto files = /lost+found/.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
hide unreadable = no
create mask = 0640
directory mask = 0750
veto oplock files = /*.pst/*.PST/*.mdb/*.MDB/
[redacted2]
comment = Redacted
browseable = yes
writeable = no
path = [redacted]
hide unreadable = no
write list = [redacted]
csc policy = programs
[redacted3]
comment = Redacted
path = [redacted]
hide unreadable = no
guest ok = yes
writable = no
csc policy = disable
[redacted4]
comment = Redacted
browseable = yes
writeable = no
path = [redacted]
hide unreadable = no
csc policy = disable
[redacted5]
comment = Redacted
browseable = yes
writeable = yes
path = [redacted]
hide unreadable = no
create mask = 0770
directory mask = 2770
csc policy = disable
veto oplock files = /*.pst/*.PST/*.mdb/*.MDB/
map read only = permissions
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
public = no
writable = no
create mode = 0700
[print$]
path = /etc/samba/drivers
guest ok = yes
browseable = yes
read only = yes
comment = Printer Driver Download Area
write list = [redacted]
-- System Information:
Debian Release: 8.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages samba depends on:
ii adduser 3.113+nmu3
ii dpkg 1.17.27
ii libbsd0 0.7.0-2
ii libc6 2.19-18+deb8u7
ii libhdb9-heimdal [heimdal-hdb-api-8] 1.6~rc2+dfsg-9
ii libldb1 2:1.1.20-0+deb8u1
ii libpam-modules 1.1.8-3.1+deb8u2
ii libpam-runtime 1.1.8-3.1+deb8u2
ii libpopt0 1.16-10
ii libpython2.7 2.7.9-2+deb8u1
ii libtalloc2 2.1.2-0+deb8u1
ii libtdb1 1.3.6-0+deb8u1
ii libtevent0 0.9.28-0+deb8u1
ii lsb-base 4.1+Debian13+nmu1
ii multiarch-support 2.19-18+deb8u7
ii procps 2:3.3.9-9
ii python 2.7.9-1
ii python-dnspython 1.12.0-1
ii python-ntdb 1.0-5
ii python-samba 2:4.2.14+dfsg-0+deb8u5
pn python2.7:any <none>
ii samba-common 2:4.2.14+dfsg-0+deb8u5
ii samba-common-bin 2:4.2.14+dfsg-0+deb8u5
ii samba-dsdb-modules 2:4.2.14+dfsg-0+deb8u5
ii samba-libs 2:4.2.14+dfsg-0+deb8u5
ii tdb-tools 1.3.6-0+deb8u1
ii update-inetd 4.43
Versions of packages samba recommends:
ii attr 1:2.4.47-2
ii logrotate 3.8.7-1+b1
ii samba-vfs-modules 2:4.2.14+dfsg-0+deb8u5
Versions of packages samba suggests:
pn bind9 <none>
pn bind9utils <none>
pn ctdb <none>
pn ldb-tools <none>
ii ntp 1:4.2.6.p5+dfsg-7+deb8u2
pn smbldap-tools <none>
pn winbind <none>
-- debconf information:
samba-common/title:
* samba/run_mode: daemons
* samba/log_files_moved:
samba/nmbd_from_inetd:
samba/tdbsam: false
* samba/generate_smbpasswd: true
More information about the Pkg-samba-maint
mailing list