The Samba-Bugzilla – Attachment 17458 Details for
Bug 15128
possible use after free of connection_struct when iterating smbd_server_connection->connections
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
full valgrind output
smbd.valgrind (text/plain), 37.77 KB, created by
Noel Power
on 2022-08-03 16:15:23 UTC
(
hide
)
Description:
full valgrind output
Filename:
MIME Type:
Creator:
Noel Power
Created:
2022-08-03 16:15:23 UTC
Size:
37.77 KB
patch
obsolete
>==6393== Memcheck, a memory error detector >==6393== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. >==6393== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info >==6393== Command: ./bin/smbd --no-process-group >==6393== Parent PID: 4391 >==6393== >==6394== >==6394== HEAP SUMMARY: >==6394== in use at exit: 265,034 bytes in 3,581 blocks >==6394== total heap usage: 4,594 allocs, 1,013 frees, 478,033 bytes allocated >==6394== >==6394== LEAK SUMMARY: >==6394== definitely lost: 0 bytes in 0 blocks >==6394== indirectly lost: 0 bytes in 0 blocks >==6394== possibly lost: 94,403 bytes in 314 blocks >==6394== still reachable: 170,631 bytes in 3,267 blocks >==6394== suppressed: 0 bytes in 0 blocks >==6394== Rerun with --leak-check=full to see details of leaked memory >==6394== >==6394== For lists of detected and suppressed errors, rerun with: -s >==6394== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) >==6393== >==6393== HEAP SUMMARY: >==6393== in use at exit: 266,044 bytes in 3,587 blocks >==6393== total heap usage: 4,604 allocs, 1,017 frees, 479,967 bytes allocated >==6393== >==6393== LEAK SUMMARY: >==6393== definitely lost: 0 bytes in 0 blocks >==6393== indirectly lost: 0 bytes in 0 blocks >==6393== possibly lost: 95,151 bytes in 317 blocks >==6393== still reachable: 170,893 bytes in 3,270 blocks >==6393== suppressed: 0 bytes in 0 blocks >==6393== Rerun with --leak-check=full to see details of leaked memory >==6393== >==6393== For lists of detected and suppressed errors, rerun with: -s >==6393== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) >==6413== >==6413== HEAP SUMMARY: >==6413== in use at exit: 188,960 bytes in 686 blocks >==6413== total heap usage: 11,460 allocs, 10,774 frees, 3,472,572 bytes allocated >==6413== >==6413== LEAK SUMMARY: >==6413== definitely lost: 234 bytes in 2 blocks >==6413== indirectly lost: 742 bytes in 11 blocks >==6413== possibly lost: 166,870 bytes in 490 blocks >==6413== still reachable: 21,114 bytes in 183 blocks >==6413== suppressed: 0 bytes in 0 blocks >==6413== Rerun with --leak-check=full to see details of leaked memory >==6413== >==6413== For lists of detected and suppressed errors, rerun with: -s >==6413== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) >==6432== Invalid read of size 8 >==6432== at 0x52CED3A: conn_lastused_update (conn_idle.c:38) >==6432== by 0x52CEDB1: conn_idle_all (conn_idle.c:54) >==6432== by 0x5329971: deadtime_fn (smb2_process.c:1566) >==6432== by 0x5DA2339: smbd_idle_event_handler (util_event.c:45) >==6432== by 0x685F2F8: tevent_common_invoke_timer_handler (tevent_timed.c:376) >==6432== by 0x685F517: tevent_common_loop_timer_delay (tevent_timed.c:453) >==6432== by 0x68617E4: epoll_event_loop_once (tevent_epoll.c:923) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x112267: smbd_parent_loop (server.c:1381) >==6432== by 0x1141D5: main (server.c:2125) >==6432== Address 0x19074b88 is 232 bytes inside a block of size 328 free'd >==6432== at 0x4C3451B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==6432== by 0x5B38521: _tc_free_internal (talloc.c:1222) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B385C5: _talloc_free_internal (talloc.c:1248) >==6432== by 0x5B3988D: _talloc_free (talloc.c:1792) >==6432== by 0x5349B22: smbd_smb2_flush_send_queue (smb2_server.c:4828) >==6432== by 0x5346A7F: smbd_smb2_request_reply (smb2_server.c:3839) >==6432== by 0x53472BA: smbd_smb2_request_done_ex (smb2_server.c:3993) >==6432== by 0x5351964: smbd_smb2_request_logoff_done (smb2_sesssetup.c:1282) >==6432== by 0x6858372: _tevent_req_notify_callback (tevent_req.c:141) >==6432== by 0x68584D3: tevent_req_finish (tevent_req.c:193) >==6432== by 0x6858500: _tevent_req_done (tevent_req.c:199) >==6432== by 0x5351CBC: smbd_smb2_logoff_shutdown_done (smb2_sesssetup.c:1366) >==6432== by 0x6858372: _tevent_req_notify_callback (tevent_req.c:141) >==6432== by 0x68584D3: tevent_req_finish (tevent_req.c:193) >==6432== by 0x6858600: tevent_req_trigger (tevent_req.c:250) >==6432== by 0x6857159: tevent_common_invoke_immediate_handler (tevent_immediate.c:190) >==6432== by 0x68572A8: tevent_common_loop_immediate (tevent_immediate.c:236) >==6432== by 0x68617CA: epoll_event_loop_once (tevent_epoll.c:919) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== Block was alloc'd at >==6432== at 0x4C332EF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==6432== by 0x5B378D9: __talloc_with_prefix (talloc.c:783) >==6432== by 0x5B37A73: __talloc (talloc.c:825) >==6432== by 0x5B37E0C: _talloc_named_const (talloc.c:982) >==6432== by 0x5B3A8ED: _talloc_zero (talloc.c:2421) >==6432== by 0x539873A: conn_new (conn.c:70) >==6432== by 0x532D692: make_connection_smb2 (smb2_service.c:909) >==6432== by 0x5352B5E: smbd_smb2_tree_connect (smb2_tcon.c:344) >==6432== by 0x5352F96: smbd_smb2_tree_connect_send (smb2_tcon.c:451) >==6432== by 0x5351F97: smbd_smb2_request_process_tcon (smb2_tcon.c:104) >==6432== by 0x53441C2: smbd_smb2_request_dispatch (smb2_server.c:3431) >==6432== by 0x534A5DC: smbd_smb2_io_handler (smb2_server.c:5063) >==6432== by 0x534A6E5: smbd_smb2_connection_handler (smb2_server.c:5101) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x112267: smbd_parent_loop (server.c:1381) >==6432== by 0x1141D5: main (server.c:2125) >==6432== >==6432== Invalid read of size 8 >==6432== at 0x52CED45: conn_lastused_update (conn_idle.c:38) >==6432== by 0x52CEDB1: conn_idle_all (conn_idle.c:54) >==6432== by 0x5329971: deadtime_fn (smb2_process.c:1566) >==6432== by 0x5DA2339: smbd_idle_event_handler (util_event.c:45) >==6432== by 0x685F2F8: tevent_common_invoke_timer_handler (tevent_timed.c:376) >==6432== by 0x685F517: tevent_common_loop_timer_delay (tevent_timed.c:453) >==6432== by 0x68617E4: epoll_event_loop_once (tevent_epoll.c:923) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x112267: smbd_parent_loop (server.c:1381) >==6432== by 0x1141D5: main (server.c:2125) >==6432== Address 0x19074b90 is 240 bytes inside a block of size 328 free'd >==6432== at 0x4C3451B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==6432== by 0x5B38521: _tc_free_internal (talloc.c:1222) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B385C5: _talloc_free_internal (talloc.c:1248) >==6432== by 0x5B3988D: _talloc_free (talloc.c:1792) >==6432== by 0x5349B22: smbd_smb2_flush_send_queue (smb2_server.c:4828) >==6432== by 0x5346A7F: smbd_smb2_request_reply (smb2_server.c:3839) >==6432== by 0x53472BA: smbd_smb2_request_done_ex (smb2_server.c:3993) >==6432== by 0x5351964: smbd_smb2_request_logoff_done (smb2_sesssetup.c:1282) >==6432== by 0x6858372: _tevent_req_notify_callback (tevent_req.c:141) >==6432== by 0x68584D3: tevent_req_finish (tevent_req.c:193) >==6432== by 0x6858500: _tevent_req_done (tevent_req.c:199) >==6432== by 0x5351CBC: smbd_smb2_logoff_shutdown_done (smb2_sesssetup.c:1366) >==6432== by 0x6858372: _tevent_req_notify_callback (tevent_req.c:141) >==6432== by 0x68584D3: tevent_req_finish (tevent_req.c:193) >==6432== by 0x6858600: tevent_req_trigger (tevent_req.c:250) >==6432== by 0x6857159: tevent_common_invoke_immediate_handler (tevent_immediate.c:190) >==6432== by 0x68572A8: tevent_common_loop_immediate (tevent_immediate.c:236) >==6432== by 0x68617CA: epoll_event_loop_once (tevent_epoll.c:919) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== Block was alloc'd at >==6432== at 0x4C332EF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==6432== by 0x5B378D9: __talloc_with_prefix (talloc.c:783) >==6432== by 0x5B37A73: __talloc (talloc.c:825) >==6432== by 0x5B37E0C: _talloc_named_const (talloc.c:982) >==6432== by 0x5B3A8ED: _talloc_zero (talloc.c:2421) >==6432== by 0x539873A: conn_new (conn.c:70) >==6432== by 0x532D692: make_connection_smb2 (smb2_service.c:909) >==6432== by 0x5352B5E: smbd_smb2_tree_connect (smb2_tcon.c:344) >==6432== by 0x5352F96: smbd_smb2_tree_connect_send (smb2_tcon.c:451) >==6432== by 0x5351F97: smbd_smb2_request_process_tcon (smb2_tcon.c:104) >==6432== by 0x53441C2: smbd_smb2_request_dispatch (smb2_server.c:3431) >==6432== by 0x534A5DC: smbd_smb2_io_handler (smb2_server.c:5063) >==6432== by 0x534A6E5: smbd_smb2_connection_handler (smb2_server.c:5101) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x112267: smbd_parent_loop (server.c:1381) >==6432== by 0x1141D5: main (server.c:2125) >==6432== >==6432== Invalid read of size 8 >==6432== at 0x52CED73: conn_lastused_update (conn_idle.c:36) >==6432== by 0x52CEDB1: conn_idle_all (conn_idle.c:54) >==6432== by 0x5329971: deadtime_fn (smb2_process.c:1566) >==6432== by 0x5DA2339: smbd_idle_event_handler (util_event.c:45) >==6432== by 0x685F2F8: tevent_common_invoke_timer_handler (tevent_timed.c:376) >==6432== by 0x685F517: tevent_common_loop_timer_delay (tevent_timed.c:453) >==6432== by 0x68617E4: epoll_event_loop_once (tevent_epoll.c:923) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x112267: smbd_parent_loop (server.c:1381) >==6432== by 0x1141D5: main (server.c:2125) >==6432== Address 0x19074b00 is 96 bytes inside a block of size 328 free'd >==6432== at 0x4C3451B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==6432== by 0x5B38521: _tc_free_internal (talloc.c:1222) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B385C5: _talloc_free_internal (talloc.c:1248) >==6432== by 0x5B3988D: _talloc_free (talloc.c:1792) >==6432== by 0x5349B22: smbd_smb2_flush_send_queue (smb2_server.c:4828) >==6432== by 0x5346A7F: smbd_smb2_request_reply (smb2_server.c:3839) >==6432== by 0x53472BA: smbd_smb2_request_done_ex (smb2_server.c:3993) >==6432== by 0x5351964: smbd_smb2_request_logoff_done (smb2_sesssetup.c:1282) >==6432== by 0x6858372: _tevent_req_notify_callback (tevent_req.c:141) >==6432== by 0x68584D3: tevent_req_finish (tevent_req.c:193) >==6432== by 0x6858500: _tevent_req_done (tevent_req.c:199) >==6432== by 0x5351CBC: smbd_smb2_logoff_shutdown_done (smb2_sesssetup.c:1366) >==6432== by 0x6858372: _tevent_req_notify_callback (tevent_req.c:141) >==6432== by 0x68584D3: tevent_req_finish (tevent_req.c:193) >==6432== by 0x6858600: tevent_req_trigger (tevent_req.c:250) >==6432== by 0x6857159: tevent_common_invoke_immediate_handler (tevent_immediate.c:190) >==6432== by 0x68572A8: tevent_common_loop_immediate (tevent_immediate.c:236) >==6432== by 0x68617CA: epoll_event_loop_once (tevent_epoll.c:919) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== Block was alloc'd at >==6432== at 0x4C332EF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==6432== by 0x5B378D9: __talloc_with_prefix (talloc.c:783) >==6432== by 0x5B37A73: __talloc (talloc.c:825) >==6432== by 0x5B37E0C: _talloc_named_const (talloc.c:982) >==6432== by 0x5B3A8ED: _talloc_zero (talloc.c:2421) >==6432== by 0x539873A: conn_new (conn.c:70) >==6432== by 0x532D692: make_connection_smb2 (smb2_service.c:909) >==6432== by 0x5352B5E: smbd_smb2_tree_connect (smb2_tcon.c:344) >==6432== by 0x5352F96: smbd_smb2_tree_connect_send (smb2_tcon.c:451) >==6432== by 0x5351F97: smbd_smb2_request_process_tcon (smb2_tcon.c:104) >==6432== by 0x53441C2: smbd_smb2_request_dispatch (smb2_server.c:3431) >==6432== by 0x534A5DC: smbd_smb2_io_handler (smb2_server.c:5063) >==6432== by 0x534A6E5: smbd_smb2_connection_handler (smb2_server.c:5101) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x112267: smbd_parent_loop (server.c:1381) >==6432== by 0x1141D5: main (server.c:2125) >==6432== >==6432== Invalid read of size 8 >==6432== at 0x52CEDD1: conn_idle_all (conn_idle.c:61) >==6432== by 0x5329971: deadtime_fn (smb2_process.c:1566) >==6432== by 0x5DA2339: smbd_idle_event_handler (util_event.c:45) >==6432== by 0x685F2F8: tevent_common_invoke_timer_handler (tevent_timed.c:376) >==6432== by 0x685F517: tevent_common_loop_timer_delay (tevent_timed.c:453) >==6432== by 0x68617E4: epoll_event_loop_once (tevent_epoll.c:923) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x112267: smbd_parent_loop (server.c:1381) >==6432== by 0x1141D5: main (server.c:2125) >==6432== Address 0x19074b88 is 232 bytes inside a block of size 328 free'd >==6432== at 0x4C3451B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==6432== by 0x5B38521: _tc_free_internal (talloc.c:1222) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B385C5: _talloc_free_internal (talloc.c:1248) >==6432== by 0x5B3988D: _talloc_free (talloc.c:1792) >==6432== by 0x5349B22: smbd_smb2_flush_send_queue (smb2_server.c:4828) >==6432== by 0x5346A7F: smbd_smb2_request_reply (smb2_server.c:3839) >==6432== by 0x53472BA: smbd_smb2_request_done_ex (smb2_server.c:3993) >==6432== by 0x5351964: smbd_smb2_request_logoff_done (smb2_sesssetup.c:1282) >==6432== by 0x6858372: _tevent_req_notify_callback (tevent_req.c:141) >==6432== by 0x68584D3: tevent_req_finish (tevent_req.c:193) >==6432== by 0x6858500: _tevent_req_done (tevent_req.c:199) >==6432== by 0x5351CBC: smbd_smb2_logoff_shutdown_done (smb2_sesssetup.c:1366) >==6432== by 0x6858372: _tevent_req_notify_callback (tevent_req.c:141) >==6432== by 0x68584D3: tevent_req_finish (tevent_req.c:193) >==6432== by 0x6858600: tevent_req_trigger (tevent_req.c:250) >==6432== by 0x6857159: tevent_common_invoke_immediate_handler (tevent_immediate.c:190) >==6432== by 0x68572A8: tevent_common_loop_immediate (tevent_immediate.c:236) >==6432== by 0x68617CA: epoll_event_loop_once (tevent_epoll.c:919) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== Block was alloc'd at >==6432== at 0x4C332EF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==6432== by 0x5B378D9: __talloc_with_prefix (talloc.c:783) >==6432== by 0x5B37A73: __talloc (talloc.c:825) >==6432== by 0x5B37E0C: _talloc_named_const (talloc.c:982) >==6432== by 0x5B3A8ED: _talloc_zero (talloc.c:2421) >==6432== by 0x539873A: conn_new (conn.c:70) >==6432== by 0x532D692: make_connection_smb2 (smb2_service.c:909) >==6432== by 0x5352B5E: smbd_smb2_tree_connect (smb2_tcon.c:344) >==6432== by 0x5352F96: smbd_smb2_tree_connect_send (smb2_tcon.c:451) >==6432== by 0x5351F97: smbd_smb2_request_process_tcon (smb2_tcon.c:104) >==6432== by 0x53441C2: smbd_smb2_request_dispatch (smb2_server.c:3431) >==6432== by 0x534A5DC: smbd_smb2_io_handler (smb2_server.c:5063) >==6432== by 0x534A6E5: smbd_smb2_connection_handler (smb2_server.c:5101) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x112267: smbd_parent_loop (server.c:1381) >==6432== by 0x1141D5: main (server.c:2125) >==6432== >==6432== Invalid read of size 4 >==6432== at 0x52CEDEA: conn_idle_all (conn_idle.c:63) >==6432== by 0x5329971: deadtime_fn (smb2_process.c:1566) >==6432== by 0x5DA2339: smbd_idle_event_handler (util_event.c:45) >==6432== by 0x685F2F8: tevent_common_invoke_timer_handler (tevent_timed.c:376) >==6432== by 0x685F517: tevent_common_loop_timer_delay (tevent_timed.c:453) >==6432== by 0x68617E4: epoll_event_loop_once (tevent_epoll.c:923) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x112267: smbd_parent_loop (server.c:1381) >==6432== by 0x1141D5: main (server.c:2125) >==6432== Address 0x19074b98 is 248 bytes inside a block of size 328 free'd >==6432== at 0x4C3451B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==6432== by 0x5B38521: _tc_free_internal (talloc.c:1222) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669) >==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184) >==6432== by 0x5B385C5: _talloc_free_internal (talloc.c:1248) >==6432== by 0x5B3988D: _talloc_free (talloc.c:1792) >==6432== by 0x5349B22: smbd_smb2_flush_send_queue (smb2_server.c:4828) >==6432== by 0x5346A7F: smbd_smb2_request_reply (smb2_server.c:3839) >==6432== by 0x53472BA: smbd_smb2_request_done_ex (smb2_server.c:3993) >==6432== by 0x5351964: smbd_smb2_request_logoff_done (smb2_sesssetup.c:1282) >==6432== by 0x6858372: _tevent_req_notify_callback (tevent_req.c:141) >==6432== by 0x68584D3: tevent_req_finish (tevent_req.c:193) >==6432== by 0x6858500: _tevent_req_done (tevent_req.c:199) >==6432== by 0x5351CBC: smbd_smb2_logoff_shutdown_done (smb2_sesssetup.c:1366) >==6432== by 0x6858372: _tevent_req_notify_callback (tevent_req.c:141) >==6432== by 0x68584D3: tevent_req_finish (tevent_req.c:193) >==6432== by 0x6858600: tevent_req_trigger (tevent_req.c:250) >==6432== by 0x6857159: tevent_common_invoke_immediate_handler (tevent_immediate.c:190) >==6432== by 0x68572A8: tevent_common_loop_immediate (tevent_immediate.c:236) >==6432== by 0x68617CA: epoll_event_loop_once (tevent_epoll.c:919) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== Block was alloc'd at >==6432== at 0x4C332EF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==6432== by 0x5B378D9: __talloc_with_prefix (talloc.c:783) >==6432== by 0x5B37A73: __talloc (talloc.c:825) >==6432== by 0x5B37E0C: _talloc_named_const (talloc.c:982) >==6432== by 0x5B3A8ED: _talloc_zero (talloc.c:2421) >==6432== by 0x539873A: conn_new (conn.c:70) >==6432== by 0x532D692: make_connection_smb2 (smb2_service.c:909) >==6432== by 0x5352B5E: smbd_smb2_tree_connect (smb2_tcon.c:344) >==6432== by 0x5352F96: smbd_smb2_tree_connect_send (smb2_tcon.c:451) >==6432== by 0x5351F97: smbd_smb2_request_process_tcon (smb2_tcon.c:104) >==6432== by 0x53441C2: smbd_smb2_request_dispatch (smb2_server.c:3431) >==6432== by 0x534A5DC: smbd_smb2_io_handler (smb2_server.c:5063) >==6432== by 0x534A6E5: smbd_smb2_connection_handler (smb2_server.c:5101) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x532ACCF: smbd_process (smb2_process.c:2016) >==6432== by 0x11159F: smbd_accept_connection (server.c:1037) >==6432== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6432== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6432== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6432== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6432== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6432== by 0x685597C: tevent_common_loop_wait (tevent.c:948) >==6432== by 0x685E2A5: std_event_loop_wait (tevent_standard.c:141) >==6432== by 0x6855A1F: _tevent_loop_wait (tevent.c:967) >==6432== by 0x112267: smbd_parent_loop (server.c:1381) >==6432== by 0x1141D5: main (server.c:2125) >==6432== >==6432== >==6432== HEAP SUMMARY: >==6432== in use at exit: 189,806 bytes in 691 blocks >==6432== total heap usage: 18,416 allocs, 17,725 frees, 12,971,517 bytes allocated >==6432== >==6432== LEAK SUMMARY: >==6432== definitely lost: 234 bytes in 2 blocks >==6432== indirectly lost: 742 bytes in 11 blocks >==6432== possibly lost: 167,458 bytes in 492 blocks >==6432== still reachable: 21,372 bytes in 186 blocks >==6432== suppressed: 0 bytes in 0 blocks >==6432== Rerun with --leak-check=full to see details of leaked memory >==6432== >==6432== For lists of detected and suppressed errors, rerun with: -s >==6432== ERROR SUMMARY: 8 errors from 5 contexts (suppressed: 0 from 0) >==6402== >==6402== Process terminating with default action of signal 15 (SIGTERM) >==6401== >==6401== Process terminating with default action of signal 15 (SIGTERM) >==6401== at 0x89300C7: kill (in /lib64/libc-2.31.so) >==6401== by 0x5DAA561: reinit_after_fork_pipe_handler (util.c:425) >==6401== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6401== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6401== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6401== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6401== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6401== by 0x6858794: tevent_req_poll (tevent_req.c:300) >==6401== by 0x10F4EB: smbd_notifyd_init (server.c:463) >==6401== by 0x1139FC: main (server.c:1970) >==6402== at 0x89300C7: kill (in /lib64/libc-2.31.so) >==6402== by 0x5DAA561: reinit_after_fork_pipe_handler (util.c:425) >==6402== by 0x6856878: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==6402== by 0x686121D: epoll_event_loop (tevent_epoll.c:737) >==6402== by 0x6861864: epoll_event_loop_once (tevent_epoll.c:938) >==6402== by 0x685E203: std_event_loop_once (tevent_standard.c:110) >==6402== by 0x6855661: _tevent_loop_once (tevent.c:825) >==6402== by 0x6858794: tevent_req_poll (tevent_req.c:300) >==6402== by 0x11035C: cleanupd_init (server.c:690) >==6402== by 0x113A35: main (server.c:1977) >==6402== >==6402== HEAP SUMMARY: >==6402== in use at exit: 285,456 bytes in 3,681 blocks >==6402== total heap usage: 4,809 allocs, 1,128 frees, 605,651 bytes allocated >==6402== >==6402== LEAK SUMMARY: >==6402== definitely lost: 34 bytes in 1 blocks >==6402== indirectly lost: 0 bytes in 0 blocks >==6402== possibly lost: 112,212 bytes in 381 blocks >==6402== still reachable: 173,210 bytes in 3,299 blocks >==6402== suppressed: 0 bytes in 0 blocks >==6402== Rerun with --leak-check=full to see details of leaked memory >==6402== >==6402== For lists of detected and suppressed errors, rerun with: -s >==6401== >==6402== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) >==6401== HEAP SUMMARY: >==6401== in use at exit: 285,888 bytes in 3,685 blocks >==6401== total heap usage: 4,856 allocs, 1,171 frees, 605,888 bytes allocated >==6401== >==6401== LEAK SUMMARY: >==6401== definitely lost: 34 bytes in 1 blocks >==6401== indirectly lost: 0 bytes in 0 blocks >==6401== possibly lost: 112,926 bytes in 388 blocks >==6401== still reachable: 172,928 bytes in 3,296 blocks >==6401== suppressed: 0 bytes in 0 blocks >==6401== Rerun with --leak-check=full to see details of leaked memory >==6401== >==6401== For lists of detected and suppressed errors, rerun with: -s >==6401== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17458">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 15128
:
17440
|
17441
|
17442
|
17443
|
17444
|
17457
| 17458 |
17459
|
17478
|
17479
|
17481
|
17482
|
17483