** Description changed: - While running Samba as an Active Directory Domain Controller, I have - observed a memory leak occurring in scenarios where DRS replication - fails. + While running Samba as an Active Directory Domain Controller, I observed + a memory leak occurring in scenarios where DRS replication fails. - During troubleshooting, the environment was modified several times, and - at some points the two DCs were not seeing each other correctly (split- - brain situation). However, that behavior is not the focus of this - report. The main issue here is the memory leak that occurs when - replication fails. + The timeline was as follows: while experimenting with the environment, + the setup entered an inconsistent state and replication between the two + DCs broke (at times they could not see each other, a split-brain + situation). After the replication failure, the memory leak started to + appear only on dc-01, in dc-02 we do not observe replication issues. - Unfortunately, I have not been able to reproduce the issue - deterministically, but when the failure occurs, the Samba process - continues to consume memory until the system triggers the OOM killer. + Although the environment manipulations may have contributed to the + replication failure, the main focus of this report is the memory leak + itself: once replication fails, Samba continues to consume memory until + the system triggers the OOM killer. [Steps to Reproduce] The issue is not consistently reproducible. It appears during replication failures between DCs. [Expected Result] Samba should properly handle replication errors without leaking memory. [Actual Result] When replication fails, memory usage grows without limit, eventually leading to an OOM kill of the Samba process. [Fix / Workarround] The replication problem seems to be fixed by performing a dead peer removal of dc-02, rejoining dc-02 and restarting samba-ad-dc in both servers dc-01 & dc-02 [Testing Environment] Package: samba Pakcage Version: 4.19.5+dfsg-4ubuntu9 Kernel: 6.8.0-45-generic Distribution: Ubuntu 24.04.1 LTS Architecture: x64 [Replication logs] root@dc-01:~# samba-tool drs showrepl Default-First-Site-Name\dc-01 DSA Options: 0x00000001 DSA object GUID: 9eb744bc-f286-4a8e-9b64-fcdf07c762ae DSA invocationId: 65e0fac6-b1ce-4c3e-9afa-aed4224f7976 ==== INBOUND NEIGHBORS ==== CN=Schema,CN=Configuration,DC=testdomain,DC=lan Default-First-Site-Name\dc-02 via RPC DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE) 2276 consecutive failure(s). Last success @ Tue Aug 12 11:54:40 2025 CEST DC=testdomain,DC=lan Default-First-Site-Name\dc-02 via RPC DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE) 2277 consecutive failure(s). Last success @ Tue Aug 12 11:54:40 2025 CEST CN=Configuration,DC=testdomain,DC=lan Default-First-Site-Name\dc-02 via RPC DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd Last attempt @ Wed Aug 20 09:17:38 2025 CEST failed, result 31 (WERR_GEN_FAILURE) 2276 consecutive failure(s). Last success @ Tue Aug 12 11:54:40 2025 CEST DC=DomainDnsZones,DC=testdomain,DC=lan Default-First-Site-Name\dc-02 via RPC DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE) 2276 consecutive failure(s). Last success @ Tue Aug 12 11:54:39 2025 CEST DC=ForestDnsZones,DC=testdomain,DC=lan Default-First-Site-Name\dc-02 via RPC DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE) 2278 consecutive failure(s). Last success @ Tue Aug 12 11:54:39 2025 CEST ==== OUTBOUND NEIGHBORS ==== CN=Schema,CN=Configuration,DC=testdomain,DC=lan Default-First-Site-Name\dc-02 via RPC DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE) 49 consecutive failure(s). Last success @ NTTIME(0) DC=testdomain,DC=lan Default-First-Site-Name\dc-02 via RPC DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE) 49 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=testdomain,DC=lan Default-First-Site-Name\dc-02 via RPC DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE) 49 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=testdomain,DC=lan Default-First-Site-Name\dc-02 via RPC DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE) 48 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=testdomain,DC=lan Default-First-Site-Name\dc-02 via RPC DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE) 48 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: d7e0aa05-1611-4ec0-b20f-3fa343530fb3 Enabled : TRUE Server DNS name : dc-02.testdomain.lan Server DN name : CN=NTDS Settings,CN=dc-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=lan TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! [Samba logs] /var/log/samba/log.samba [2025/08/20 09:25:07.842720, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL [2025/08/20 09:25:12.547272, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL [2025/08/20 09:25:12.620812, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL [Syslog OOM-kill excerption] 2025-08-19T17:17:03.147620+02:00 dc-01 kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/samba-ad-dc.service,task=drepl[master],pid=1205252,uid=0 2025-08-19T17:17:03.147623+02:00 dc-01 kernel: Out of memory: Killed process 1205252 (drepl[master]) total-vm:3845896kB, anon-rss:3422528kB, file-rss:2452kB, shmem-rss:0kB, UID:0 pgtables:7484kB oom_score_adj:0 2025-08-19T17:17:03.579770+02:00 dc-01 systemd[1]: samba-ad-dc.service: Failed with result 'oom-kill'.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2121024 Title: Memory leak in Samba when DRS replication fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2121024/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
