Bug 10500 - Samba smbd process shutdown failure and high CPU usage
Samba smbd process shutdown failure and high CPU usage
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
4.1.5
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-17 14:39 UTC by John Janosik
Modified: 2014-03-17 14:39 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Janosik 2014-03-17 14:39:06 UTC
After a client closes its connection to the server the smbd process loops forever using CPU in the tevent_loop_once  code.  Tested with Samba 4.1.5 on AIX 7.1 TL2 in a CTDB 2.5.2 cluster.

Example stack of an smbd process in this state:

gettimeofday(??, ??) at 0xd0223d00
GetTimeOfDay(tval = 0x2ff20d80), line 54 in "time.c"
timeval_current(), line 542 in "time.c"
smbXsrv_session_close_loop(subreq = 0x2000cde8), line 243 in "smbXsrv_session.c"
_tevent_req_notify_callback(req = 0x2000cde8, location = "../source3/lib/msg_channel.c:234"), line 101 in "tevent_req.c"
tevent_req_finish(req = 0x2000cde8, state = TEVENT_REQ_USER_ERROR, location = "../source3/lib/msg_channel.c:234"), line 110 in "tevent_req.c"
tevent_req_trigger(ev = 0x2000b2f8, im = 0x200c1528, private_data = 0x2000cde8), line 166 in "tevent_req.c"
tevent_common_loop_immediate(ev = 0x2000b2f8), line 135 in "tevent_immediate.c"
run_events_poll(ev = 0x2000b2f8, pollrtn = 0, pfds = (nil), num_pfds = 0), line 192 in "events.c"
s3_event_loop_once(ev = 0x2000b2f8, location = "../source3/smbd/process.c:3626"), line 303 in "events.c"
_tevent_loop_once(ev = 0x2000b2f8, location = "../source3/smbd/process.c:3626"), line 530 in "tevent.c"
smbd_process(ev_ctx = 0x2000b2f8, msg_ctx = 0x2000b378, sock_fd = 40, interactive = @0x00000000), line 3626 in "process.c"
unnamed block in smbd_accept_connection(ev = 0x2000b2f8, fde = 0x200c1598, flags = 1, private_data = 0x200c1548), line 621 in "server.c"
smbd_accept_connection(ev = 0x2000b2f8, fde = 0x200c1598, flags = 1, private_data = 0x200c1548), line 621 in "server.c"
unnamed block in run_events_poll(ev = 0x2000b2f8, pollrtn = 1, pfds = 0x200148a8, num_pfds = 7), line 257 in "events.c"
run_events_poll(ev = 0x2000b2f8, pollrtn = 1, pfds = 0x200148a8, num_pfds = 7), line 257 in "events.c"
s3_event_loop_once(ev = 0x2000b2f8, location = "../source3/smbd/server.c:943"), line 326 in "events.c"
_tevent_loop_once(ev = 0x2000b2f8, location = "../source3/smbd/server.c:943"), line 530 in "tevent.c"
unnamed block in smbd_parent_loop(ev_ctx = 0x2000b2f8, parent = 0x2000e6e8), line 943 in "server.c"
smbd_parent_loop(ev_ctx = 0x2000b2f8, parent = 0x2000e6e8), line 943 in "server.c"

I can attach a debugger to an smbd process in this state on a system with smbd build with debug symbols and step through the code.  The tevent_loop_once code called in source3/smbd/process.c:smbd_process always hits the case in source3/lib/events.c:run_events_poll that there is an immediate event to process.  I'm not sure how to look at the tevent context in the debugger to determine why the smbd is continually processesing an event.