Bug 3962 - smbd memory consumption when winXP spooler goes into a loop
Summary: smbd memory consumption when winXP spooler goes into a loop
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Printing (show other bugs)
Version: 3.0.23
Hardware: x86 Linux
: P3 minor
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
Depends on:
Reported: 2006-07-25 10:37 UTC by Roel van Meer
Modified: 2006-07-26 18:58 UTC (History)
0 users

See Also:

Patch (2.79 KB, patch)
2006-07-25 16:21 UTC, Jeremy Allison
no flags Details
Patch (2.92 KB, patch)
2006-07-25 16:31 UTC, Jeremy Allison
no flags Details
Level 3 and 10 log of the smbd process (110.29 KB, application/octet-stream)
2006-07-26 03:02 UTC, Roel van Meer
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Roel van Meer 2006-07-25 10:37:55 UTC
In a setup with samba, windows XP and a printer configured with drivers on the print$ share (point'n'print) it sometimes happens that the memory consumption of an smbd process increases without limit.

There seems to be a bug in some versions of the windows XP spooler that causes it to go into a loop in which it repeatedly and frequently issues the rpc calls SPOOLSS_OPENPRINTEREX, SPOOLSS_ENUMJOBS, SPOOLSS_GETPRINTERDATA and SPOOLSS_CLOSEPRINTER (not necessarily in this order).

A printout of the memory usage of such a process, acquired with smbcontrol <pid> pool-usage, shows that most of this memory is tied up in references to NT_PRINTER_INFO_LEVEL. In this specific case the number of references increases with about 230 per minute, causing the virtual memory usage to increase by about 4 MiB per minute.
Comment 1 Roel van Meer 2006-07-25 10:47:07 UTC
As an example:

root@server:~# ps axfuw | grep 3100
user  3100  0.9 24.7 695188 255404 ?   S  17:04   0:18  \_ /usr/sbin/smbd -D

smbcontrol 3100 pool-usage | grep -cw NT_PRINTER_INFO_LEVEL                      7605
Comment 2 Roel van Meer 2006-07-25 10:49:32 UTC
And some additional information:
running on slackware 10.1, kernel 2.4.32, glibc 2.3.4, cups 1.1.23

configured with
CFLAGS="-O2 -march=i486 -mcpu=i686" ./configure \
  --enable-cups \
  --enable-static=no \
  --enable-shared=yes \
  --with-fhs \
  --with-acl-support \
  --with-automount \
  --prefix=/usr \
  --localstatedir=/var \
  --bindir=/usr/bin \
  --sbindir=/usr/sbin \
  --with-lockdir=/var/cache/samba \
  --sysconfdir=/etc \
  --with-configdir=/etc/samba \
  --with-privatedir=/etc/samba/private \
  --with-swatdir=/usr/share/swat \
  --with-smbmount \
  --with-quotas \
  --with-syslog \
  --with-utmp \
  --with-libsmbclient \
  --with-winbind \
  --with-ldapsam \
Comment 3 Jeremy Allison 2006-07-25 14:55:21 UTC
Can you add either a debug level 10 or an ethereal trace of smbd when the client is doing this ? I'm hoping to track down where we're leaking the NT_PRINTER_INFO_LEVEL structs.
Comment 4 Jeremy Allison 2006-07-25 16:21:00 UTC
Created attachment 2062 [details]

There were some error paths where the NT_PRINTER_INFO_LEVEL wasn't being freed. Please try this patch.
Comment 5 Jeremy Allison 2006-07-25 16:31:28 UTC
Created attachment 2063 [details]

Here's an additional one that stops a double-free in the info level 2 case.
Now we do the frees in the same place.
Comment 6 Roel van Meer 2006-07-26 03:02:38 UTC
Created attachment 2065 [details]
Level 3 and 10 log of the smbd process

This is a log file with logs from the process that is logging the memory. It starts with log level 3 and changes to log level 10 after some time.
Comment 7 Roel van Meer 2006-07-26 03:06:16 UTC
I am testing samba 3.0.23a with both patches, and so far I can see no memory increase (nor references to NT_PRINTER_INFO_LEVEL structs in a pool-usage output) while a level 3 log still shows the continous access to the printer.

It seems the patches solve the problem.
Comment 8 Jeremy Allison 2006-07-26 18:58:39 UTC
Fixed for 3.0.23b.