Bug 15979 - possible memory leak on rpc_spoolss
Summary: possible memory leak on rpc_spoolss
Status: ASSIGNED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Printing (show other bugs)
Version: 4.21.0
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba release manager
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on:
Blocks:
 
Reported: 2026-01-22 19:16 UTC by Franz Pförtsch
Modified: 2026-02-06 14:16 UTC (History)
4 users (show)

See Also:

Attachments
pidstat winbind processes since 2026-01-20 (3.86 MB, text/plain)
2026-01-22 19:16 UTC, Franz Pförtsch 		no flags Details
smbcontrol 121990 pool-usage from 2026-01-20 17:37 (585.24 KB, text/plain)
2026-01-22 19:17 UTC, Franz Pförtsch 		no flags Details
smbcontrol 121990 pool-usage from 2026-01-22 19:44 (deleted)
2026-01-22 19:17 UTC, Franz Pförtsch 		no flags Details
backports for v4.22-test => v4.24-test (3.53 KB, patch)
2026-02-03 11:18 UTC, Noel Power 		no flags Details
backports for v4.22-test => v4.24-test PART 1 (1.35 KB, patch)
2026-02-03 14:49 UTC, Noel Power 		vl: review+
Details
backports for v4.22-test => v4.24-test PART 2 (2.38 KB, patch)
2026-02-03 14:49 UTC, Noel Power 		gary: review+
Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Franz Pförtsch 2026-01-22 19:16:06 UTC 
Created attachment 18807 [details]
pidstat winbind processes since 2026-01-20

we are running a bunch samba servers on sles15sp7 as office spoolservers for different location.

there three servers with approx 200 printerqueues and more then 300 windows 11 clients.

after some day (2-3) the server get instable and the cpu-load is high.
Printing stopps, so we have to restart winbind and smbd. 

After this everything is running again for two days.
We already installed a cronjob to restart daily.

Now my findings:

I run a 'pidstat -r 60 | grep "rpc\|winbi\|bgqd\|VSZ" >pidstat_winbind.out'
to monitor the memory usage.

priu0002:~ # grep "121990" pidstat_winbind.20260120 | head -1 ; grep "121990"  pidstat_winbind.20260120 | tail -1
17:36:22        0    121990      7.96      0.00  137680   45456   0.39  rpcd_spoolss
19:55:22        0    121990      4.18      0.00  681536  585568   4.97  rpcd_spoolss

In this moment the first line show the process rpcd_spoolss 121990 started on 2026-01-20 at 17:35.

the second line is the same process from today 2026-01-22 at 19:55.

the memory consumtion grows from 0.39% to 4.97% of the hole memory.
the server is a virtual machine with 12GB-Ram and 6 CPUs


I also did a smbcontrol 121990 pool-usage on 2026-01-20T1737 and on 2026-01-22T1944

smbcontrol 121990 pool-usage >rpcd_spoolss_pool-usage_121990_$(date +"%Y-%m-%dT%H%M").out

the output file grows from:
ls -lh rpcd_spoolss_pool-usage_121990_2026-01-20T1737.out rpcd_spoolss_pool-usage_121990_2026-01-22T1944.out
-rw-r--r-- 1 root root 586K Jan 20 17:37 rpcd_spoolss_pool-usage_121990_2026-01-20T1737.out
-rw-r--r-- 1 root root  43M Jan 22 19:44 rpcd_spoolss_pool-usage_121990_2026-01-22T1944.out

the smb.conf look like:
----
# Global parameters
[global]
        client signing = required
        kerberos method = secrets and keytab
        log file = /var/log/samba/log.%M
        passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb
        realm = BROSE.NET
        restrict anonymous = 2
        security = ADS
        server string = %h Samba %v
        smb1 unix extensions = No
        socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=10 TCP_KEEPCNT=3 TCP_KEEPINTVL=3
        template shell = /bin/bash
        winbind expand groups = 2
        winbind max clients = 400
        winbind max domain connections = 5
        winbind refresh tickets = Yes
        winbind separator = +
        winbind use default domain = Yes
        workgroup = BROSE
        idmap config brose : range = 2000000-500000000
        idmap config brose : backend = rid
        idmap config * : range = 500000001-500009999
        rpcd_spoolss:num_workers = 6
        rpcd_spoolss:idle_seconds = 300
        idmap config * : backend = tdb
        include = /etc/samba/smb.shares.conf
        read only = No


[printers]
        browseable = No
        comment = All Printers
        create mask = 0600
        path = /var/tmp
        printable = Yes


[print$]
        comment = Printer Drivers
        create mask = 0664
        directory mask = 0775
        force group = ntadmin
        force user = root
        path = /var/lib/samba/drivers
        write list = @BROSE+pri_cups_printer_admin @ntadmin root


[pdf]
        comment = generated PDF-Files
        path = /srv/smb/pdf
        write list = @BROSE+pri_cups_printer_admin


[_pdf]
        comment = Acrobat Distiller 3011.104
        cups options = raw
        include = /etc/samba/smb.local.conf
        path = /var/tmp
        printable = Yes
priu0002:~ # testparm -s > testparm.out
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)

'winbind separator = +' might cause problems with group membership.

SUGGESTION: You may want to use 'sync machine password to keytab' parameter instead of 'kerberos method'.

Server role: ROLE_DOMAIN_MEMBER

priu0002:~ # vi testparm.out
priu0002:~ # vi testparm.out
priu0002:~ # cat testparm.out
# Global parameters
[global]
        client signing = required
        kerberos method = secrets and keytab
        log file = /var/log/samba/log.%M
        passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb
        realm = EXAMPLE.NET
        restrict anonymous = 2
        security = ADS
        server string = %h Samba %v
        smb1 unix extensions = No
        socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=10 TCP_KEEPCNT=3 TCP_KEEPINTVL=3
        template shell = /bin/bash
        winbind expand groups = 2
        winbind max clients = 400
        winbind max domain connections = 5
        winbind refresh tickets = Yes
        winbind separator = +
        winbind use default domain = Yes
        workgroup = EXAMPLE
        idmap config example : range = 2000000-500000000
        idmap config example : backend = rid
        idmap config * : range = 500000001-500009999
        rpcd_spoolss:num_workers = 6
        rpcd_spoolss:idle_seconds = 300
        idmap config * : backend = tdb
        include = /etc/samba/smb.shares.conf
        read only = No


[printers]
        browseable = No
        comment = All Printers
        create mask = 0600
        path = /var/tmp
        printable = Yes


[print$]
        comment = Printer Drivers
        create mask = 0664
        directory mask = 0775
        force group = ntadmin
        force user = root
        path = /var/lib/samba/drivers
        write list = @EXAMPLE+pri_cups_printer_admin @ntadmin root


[pdf]
        comment = generated PDF-Files
        path = /srv/smb/pdf
        write list = @EXAMPLE+pri_cups_printer_admin


[_pdf]
        comment = Acrobat Distiller 3011.104
        cups options = raw
        include = /etc/samba/smb.local.conf
        path = /var/tmp
        printable = Yes
----

please fix this or help me do digging deaper.

regards
Franz
Comment 1 Franz Pförtsch 2026-01-22 19:17:04 UTC 
Created attachment 18808 [details]
smbcontrol 121990 pool-usage from 2026-01-20 17:37
Comment 2 Franz Pförtsch 2026-01-22 19:17:39 UTC 
Created attachment 18809 [details]
smbcontrol 121990 pool-usage from 2026-01-22 19:44
Comment 3 Franz Pförtsch 2026-01-22 19:20:26 UTC 
samba-bgqd is enabled but did not help.

sorry I copied smb.conf twice
Comment 4 David Disseldorp 2026-01-22 19:39:27 UTC 
(In reply to Franz Pförtsch from comment #2)
> Created attachment 18809 [details]
> smbcontrol 121990 pool-usage from 2026-01-22 19:44

It looks as though the leaked memory carries the hostname:

awk '{ if ($4 == "bytes" && $5 == "in") { keys[$1] += $3 } } END { for (k in keys) { print keys[k],k } }' attachment.cgi\?id\=18809|sort -n|tail -n 4
909160 librpc/gen_ndr/ndr_security.c:1924
912680 librpc/gen_ndr/ndr_auth.c:875
960178 librpc/gen_ndr/ndr_auth.c:1016
4187538 priu0002
Comment 6 Björn Jacke 2026-01-26 17:15:56 UTC 
The content of attachment 18809 [details] has been deleted for the following reason:

de-duplicate attachment 18808 [details]
Comment 7 Samba QA Contact 2026-01-27 10:14:03 UTC 
This bug was referenced in samba master:

24dc455362fb49ef81c99d95880e106a234ce29a
Comment 8 Samba QA Contact 2026-01-30 11:10:04 UTC 
This bug was referenced in samba master:

5ba76344ef807577ea1fd4265d585285eb633971
22021dbfa7a94007a511d05f25e49ab73dacbcf5
Comment 9 Noel Power 2026-02-03 11:18:36 UTC 
Created attachment 18817 [details]
backports for v4.22-test => v4.24-test

backports for samba-4-22 (not sure if that is eol or not) all the way through to upcoming samba-4.24
Comment 10 Noel Power 2026-02-03 11:19:11 UTC 
reassign for backporting
Comment 11 Björn Jacke 2026-02-03 13:14:13 UTC 
review is missing
Comment 12 Noel Power 2026-02-03 14:49:10 UTC 
Created attachment 18820 [details]
backports for v4.22-test => v4.24-test PART 1
Comment 13 Noel Power 2026-02-03 14:49:59 UTC 
Created attachment 18821 [details]
backports for v4.22-test => v4.24-test PART 2
Comment 14 Volker Lendecke 2026-02-03 15:39:54 UTC 
Comment on attachment 18820 [details]
backports for v4.22-test => v4.24-test PART 1

Applies to 4.24, 4.23 and 4.22 cleanly
Comment 15 Samba QA Contact 2026-02-04 16:19:03 UTC 
This bug was referenced in samba v4-24-test:

03fe9902cea94a37865414579aa1e0eb4e74283f
ef9bde01a05b2d561cde72eb4202e87015dd22f0
241748870f783d6c1b31389bd422ed73c0be19a4
Comment 16 Samba QA Contact 2026-02-06 14:16:49 UTC 
This bug was referenced in samba v4-24-stable (Release samba-4.24.0rc2):

03fe9902cea94a37865414579aa1e0eb4e74283f
ef9bde01a05b2d561cde72eb4202e87015dd22f0
241748870f783d6c1b31389bd422ed73c0be19a4