root@s4test:~# valgrind /usr/local/samba/sbin/samba -i -M single ==8879== Memcheck, a memory error detector ==8879== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==8879== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==8879== Command: /usr/local/samba/sbin/samba -i -M single ==8879== samba version 4.0.0alpha12-GIT-65ca3e4 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 samba: using 'single' process model FIXME: Using new system session for hdb ../dsdb/dns/dns_update.c:249: Failed DNS update - NT_STATUS_IO_TIMEOUT Testing kcctpl_create_intersite_connections dreplsrv_notify: Failed to send DsReplicaSync to 2c57b094-d4c8-42c9-9502-d73331f792eb._msdcs.x.y.z for CN=Schema,CN=Configuration,DC=x,DC=y,DC=z - NT_STATUS_IO_TIMEOUT : WERR_SEM_TIMEOUT ==8879== Invalid write of size 4 ==8879== at 0x57C6B9F: init_auth_restart (init_sec_context.c:582) ==8879== by 0x57C759D: _gsskrb5_init_sec_context (init_sec_context.c:902) ==8879== by 0x57E04DA: gss_init_sec_context (gss_init_sec_context.c:183) ==8879== by 0x7AA2294: gensec_gssapi_update (gensec_gssapi.c:464) ==8879== by 0x7AAA5FA: gensec_update (gensec.c:988) ==8879== by 0x6E199E7: dcerpc_bind_auth_send (dcerpc_auth.c:325) ==8879== by 0x6E1BD38: dcerpc_pipe_auth_send (dcerpc_util.c:629) ==8879== by 0x6E2132B: continue_pipe_connect (dcerpc_connect.c:684) ==8879== by 0x6E2117C: continue_pipe_connect_ncacn_ip_tcp (dcerpc_connect.c:632) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E206DA: continue_pipe_open_ncacn_ip_tcp (dcerpc_connect.c:297) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== Address 0xd596624 is 116 bytes inside a block of size 240 free'd ==8879== at 0x4C280BD: free (vg_replace_malloc.c:366) ==8879== by 0x745EC3A: _talloc_free_internal (talloc.c:669) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745FC4B: _talloc_free (talloc.c:1148) ==8879== by 0x6E217C1: dcerpc_pipe_connect_b_recv (dcerpc_connect.c:808) ==8879== by 0x589C00: dreplsrv_out_drsuapi_connect_done (drepl_out_helpers.c:107) ==8879== by 0x571800A: composite_error (composite.c:115) ==8879== by 0x6E2142F: dcerpc_connect_timeout_handler (dcerpc_connect.c:714) ==8879== by 0x6BE9925: tevent_common_loop_timer_delay (tevent_timed.c:254) ==8879== by 0x6BE8F4A: std_event_loop_once (tevent_standard.c:537) ==8879== ==8879== Invalid write of size 8 ==8879== at 0x57E0534: gss_init_sec_context (gss_init_sec_context.c:204) ==8879== by 0x7AA2294: gensec_gssapi_update (gensec_gssapi.c:464) ==8879== by 0x7AAA5FA: gensec_update (gensec.c:988) ==8879== by 0x6E199E7: dcerpc_bind_auth_send (dcerpc_auth.c:325) ==8879== by 0x6E1BD38: dcerpc_pipe_auth_send (dcerpc_util.c:629) ==8879== by 0x6E2132B: continue_pipe_connect (dcerpc_connect.c:684) ==8879== by 0x6E2117C: continue_pipe_connect_ncacn_ip_tcp (dcerpc_connect.c:632) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E206DA: continue_pipe_open_ncacn_ip_tcp (dcerpc_connect.c:297) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E1F794: continue_ipv4_open_socket (dcerpc_sock.c:452) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== Address 0xd596600 is 80 bytes inside a block of size 240 free'd ==8879== at 0x4C280BD: free (vg_replace_malloc.c:366) ==8879== by 0x745EC3A: _talloc_free_internal (talloc.c:669) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745FC4B: _talloc_free (talloc.c:1148) ==8879== by 0x6E217C1: dcerpc_pipe_connect_b_recv (dcerpc_connect.c:808) ==8879== by 0x589C00: dreplsrv_out_drsuapi_connect_done (drepl_out_helpers.c:107) ==8879== by 0x571800A: composite_error (composite.c:115) ==8879== by 0x6E2142F: dcerpc_connect_timeout_handler (dcerpc_connect.c:714) ==8879== by 0x6BE9925: tevent_common_loop_timer_delay (tevent_timed.c:254) ==8879== by 0x6BE8F4A: std_event_loop_once (tevent_standard.c:537) ==8879== ==8879== Invalid write of size 8 ==8879== at 0x7AA22AD: gensec_gssapi_update (gensec_gssapi.c:478) ==8879== by 0x7AAA5FA: gensec_update (gensec.c:988) ==8879== by 0x6E199E7: dcerpc_bind_auth_send (dcerpc_auth.c:325) ==8879== by 0x6E1BD38: dcerpc_pipe_auth_send (dcerpc_util.c:629) ==8879== by 0x6E2132B: continue_pipe_connect (dcerpc_connect.c:684) ==8879== by 0x6E2117C: continue_pipe_connect_ncacn_ip_tcp (dcerpc_connect.c:632) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E206DA: continue_pipe_open_ncacn_ip_tcp (dcerpc_connect.c:297) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E1F794: continue_ipv4_open_socket (dcerpc_sock.c:452) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E1F2EA: continue_socket_connect (dcerpc_sock.c:302) ==8879== Address 0xd596628 is 120 bytes inside a block of size 240 free'd ==8879== at 0x4C280BD: free (vg_replace_malloc.c:366) ==8879== by 0x745EC3A: _talloc_free_internal (talloc.c:669) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745FC4B: _talloc_free (talloc.c:1148) ==8879== by 0x6E217C1: dcerpc_pipe_connect_b_recv (dcerpc_connect.c:808) ==8879== by 0x589C00: dreplsrv_out_drsuapi_connect_done (drepl_out_helpers.c:107) ==8879== by 0x571800A: composite_error (composite.c:115) ==8879== by 0x6E2142F: dcerpc_connect_timeout_handler (dcerpc_connect.c:714) ==8879== by 0x6BE9925: tevent_common_loop_timer_delay (tevent_timed.c:254) ==8879== by 0x6BE8F4A: std_event_loop_once (tevent_standard.c:537) ==8879== ==8879== Invalid read of size 4 ==8879== at 0x7AA234B: gensec_gssapi_update (gensec_gssapi.c:505) ==8879== by 0x7AAA5FA: gensec_update (gensec.c:988) ==8879== by 0x6E199E7: dcerpc_bind_auth_send (dcerpc_auth.c:325) ==8879== by 0x6E1BD38: dcerpc_pipe_auth_send (dcerpc_util.c:629) ==8879== by 0x6E2132B: continue_pipe_connect (dcerpc_connect.c:684) ==8879== by 0x6E2117C: continue_pipe_connect_ncacn_ip_tcp (dcerpc_connect.c:632) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E206DA: continue_pipe_open_ncacn_ip_tcp (dcerpc_connect.c:297) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E1F794: continue_ipv4_open_socket (dcerpc_sock.c:452) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E1F2EA: continue_socket_connect (dcerpc_sock.c:302) ==8879== Address 0xd596690 is 224 bytes inside a block of size 240 free'd ==8879== at 0x4C280BD: free (vg_replace_malloc.c:366) ==8879== by 0x745EC3A: _talloc_free_internal (talloc.c:669) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745FC4B: _talloc_free (talloc.c:1148) ==8879== by 0x6E217C1: dcerpc_pipe_connect_b_recv (dcerpc_connect.c:808) ==8879== by 0x589C00: dreplsrv_out_drsuapi_connect_done (drepl_out_helpers.c:107) ==8879== by 0x571800A: composite_error (composite.c:115) ==8879== by 0x6E2142F: dcerpc_connect_timeout_handler (dcerpc_connect.c:714) ==8879== by 0x6BE9925: tevent_common_loop_timer_delay (tevent_timed.c:254) ==8879== by 0x6BE8F4A: std_event_loop_once (tevent_standard.c:537) ==8879== ==8879== Invalid write of size 4 ==8879== at 0x7AA2358: gensec_gssapi_update (gensec_gssapi.c:505) ==8879== by 0x7AAA5FA: gensec_update (gensec.c:988) ==8879== by 0x6E199E7: dcerpc_bind_auth_send (dcerpc_auth.c:325) ==8879== by 0x6E1BD38: dcerpc_pipe_auth_send (dcerpc_util.c:629) ==8879== by 0x6E2132B: continue_pipe_connect (dcerpc_connect.c:684) ==8879== by 0x6E2117C: continue_pipe_connect_ncacn_ip_tcp (dcerpc_connect.c:632) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E206DA: continue_pipe_open_ncacn_ip_tcp (dcerpc_connect.c:297) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E1F794: continue_ipv4_open_socket (dcerpc_sock.c:452) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== by 0x6E1F2EA: continue_socket_connect (dcerpc_sock.c:302) ==8879== Address 0xd596690 is 224 bytes inside a block of size 240 free'd ==8879== at 0x4C280BD: free (vg_replace_malloc.c:366) ==8879== by 0x745EC3A: _talloc_free_internal (talloc.c:669) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745FC4B: _talloc_free (talloc.c:1148) ==8879== by 0x6E217C1: dcerpc_pipe_connect_b_recv (dcerpc_connect.c:808) ==8879== by 0x589C00: dreplsrv_out_drsuapi_connect_done (drepl_out_helpers.c:107) ==8879== by 0x571800A: composite_error (composite.c:115) ==8879== by 0x6E2142F: dcerpc_connect_timeout_handler (dcerpc_connect.c:714) ==8879== by 0x6BE9925: tevent_common_loop_timer_delay (tevent_timed.c:254) ==8879== by 0x6BE8F4A: std_event_loop_once (tevent_standard.c:537) ==8879== ==8879== Invalid read of size 4 ==8879== at 0x745E0AD: talloc_chunk_from_ptr (talloc.c:231) ==8879== by 0x745E350: __talloc (talloc.c:400) ==8879== by 0x745E6D5: _talloc_named_const (talloc.c:516) ==8879== by 0x7460763: _talloc_memdup (talloc.c:1567) ==8879== by 0x6586DAB: data_blob_talloc_named (data_blob.c:52) ==8879== by 0x7AA25C7: gensec_gssapi_update (gensec_gssapi.c:549) ==8879== by 0x7AAA5FA: gensec_update (gensec.c:988) ==8879== by 0x6E199E7: dcerpc_bind_auth_send (dcerpc_auth.c:325) ==8879== by 0x6E1BD38: dcerpc_pipe_auth_send (dcerpc_util.c:629) ==8879== by 0x6E2132B: continue_pipe_connect (dcerpc_connect.c:684) ==8879== by 0x6E2117C: continue_pipe_connect_ncacn_ip_tcp (dcerpc_connect.c:632) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== Address 0xd59a150 is 64 bytes inside a block of size 112 free'd ==8879== at 0x4C280BD: free (vg_replace_malloc.c:366) ==8879== by 0x745EC3A: _talloc_free_internal (talloc.c:669) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745FC4B: _talloc_free (talloc.c:1148) ==8879== by 0x6E217C1: dcerpc_pipe_connect_b_recv (dcerpc_connect.c:808) ==8879== by 0x589C00: dreplsrv_out_drsuapi_connect_done (drepl_out_helpers.c:107) ==8879== by 0x571800A: composite_error (composite.c:115) ==8879== by 0x6E2142F: dcerpc_connect_timeout_handler (dcerpc_connect.c:714) ==8879== by 0x6BE9925: tevent_common_loop_timer_delay (tevent_timed.c:254) ==8879== ==8879== Invalid read of size 4 ==8879== at 0x745E0C7: talloc_chunk_from_ptr (talloc.c:237) ==8879== by 0x745E350: __talloc (talloc.c:400) ==8879== by 0x745E6D5: _talloc_named_const (talloc.c:516) ==8879== by 0x7460763: _talloc_memdup (talloc.c:1567) ==8879== by 0x6586DAB: data_blob_talloc_named (data_blob.c:52) ==8879== by 0x7AA25C7: gensec_gssapi_update (gensec_gssapi.c:549) ==8879== by 0x7AAA5FA: gensec_update (gensec.c:988) ==8879== by 0x6E199E7: dcerpc_bind_auth_send (dcerpc_auth.c:325) ==8879== by 0x6E1BD38: dcerpc_pipe_auth_send (dcerpc_util.c:629) ==8879== by 0x6E2132B: continue_pipe_connect (dcerpc_connect.c:684) ==8879== by 0x6E2117C: continue_pipe_connect_ncacn_ip_tcp (dcerpc_connect.c:632) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== Address 0xd59a150 is 64 bytes inside a block of size 112 free'd ==8879== at 0x4C280BD: free (vg_replace_malloc.c:366) ==8879== by 0x745EC3A: _talloc_free_internal (talloc.c:669) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745FC4B: _talloc_free (talloc.c:1148) ==8879== by 0x6E217C1: dcerpc_pipe_connect_b_recv (dcerpc_connect.c:808) ==8879== by 0x589C00: dreplsrv_out_drsuapi_connect_done (drepl_out_helpers.c:107) ==8879== by 0x571800A: composite_error (composite.c:115) ==8879== by 0x6E2142F: dcerpc_connect_timeout_handler (dcerpc_connect.c:714) ==8879== by 0x6BE9925: tevent_common_loop_timer_delay (tevent_timed.c:254) ==8879== ==8879== Invalid read of size 8 ==8879== at 0x745E0D5: talloc_chunk_from_ptr (talloc.c:238) ==8879== by 0x745E350: __talloc (talloc.c:400) ==8879== by 0x745E6D5: _talloc_named_const (talloc.c:516) ==8879== by 0x7460763: _talloc_memdup (talloc.c:1567) ==8879== by 0x6586DAB: data_blob_talloc_named (data_blob.c:52) ==8879== by 0x7AA25C7: gensec_gssapi_update (gensec_gssapi.c:549) ==8879== by 0x7AAA5FA: gensec_update (gensec.c:988) ==8879== by 0x6E199E7: dcerpc_bind_auth_send (dcerpc_auth.c:325) ==8879== by 0x6E1BD38: dcerpc_pipe_auth_send (dcerpc_util.c:629) ==8879== by 0x6E2132B: continue_pipe_connect (dcerpc_connect.c:684) ==8879== by 0x6E2117C: continue_pipe_connect_ncacn_ip_tcp (dcerpc_connect.c:632) ==8879== by 0x5718149: composite_done (composite.c:144) ==8879== Address 0xd59a140 is 48 bytes inside a block of size 112 free'd ==8879== at 0x4C280BD: free (vg_replace_malloc.c:366) ==8879== by 0x745EC3A: _talloc_free_internal (talloc.c:669) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745EB2B: _talloc_free_internal (talloc.c:631) ==8879== by 0x745FC4B: _talloc_free (talloc.c:1148) ==8879== by 0x6E217C1: dcerpc_pipe_connect_b_recv (dcerpc_connect.c:808) ==8879== by 0x589C00: dreplsrv_out_drsuapi_connect_done (drepl_out_helpers.c:107) ==8879== by 0x571800A: composite_error (composite.c:115) ==8879== by 0x6E2142F: dcerpc_connect_timeout_handler (dcerpc_connect.c:714) ==8879== by 0x6BE9925: tevent_common_loop_timer_delay (tevent_timed.c:254) ==8879== talloc: double free error - first free may be at ../librpc/rpc/dcerpc_connect.c:808 Bad talloc magic value - double free PANIC: Bad talloc magic value - double free BACKTRACE: 32 stack frames: #0 /usr/local/samba/lib/libsamba-util.so.0(call_backtrace+0x1f) [0x6580a1f] #1 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x235) [0x6580d0c] #2 /usr/local/samba/lib/libtalloc-samba4.so.2(+0x1ff9) [0x745dff9] #3 /usr/local/samba/lib/libtalloc-samba4.so.2(+0x2075) [0x745e075] #4 /usr/local/samba/lib/libtalloc-samba4.so.2(+0x20f2) [0x745e0f2] #5 /usr/local/samba/lib/libtalloc-samba4.so.2(+0x2351) [0x745e351] #6 /usr/local/samba/lib/libtalloc-samba4.so.2(+0x26d6) [0x745e6d6] #7 /usr/local/samba/lib/libtalloc-samba4.so.2(_talloc_memdup+0x2f) [0x7460764] #8 /usr/local/samba/lib/libsamba-util.so.0(data_blob_talloc_named+0x77) [0x6586dac] #9 /usr/local/samba/lib/libgensec.so.0(+0x275c8) [0x7aa25c8] #10 /usr/local/samba/lib/libgensec.so.0(gensec_update+0x4b) [0x7aaa5fb] #11 /usr/local/samba/lib/libdcerpc.so.0(dcerpc_bind_auth_send+0x5ce) [0x6e199e8] #12 /usr/local/samba/lib/libdcerpc.so.0(dcerpc_pipe_auth_send+0x44b) [0x6e1bd39] #13 /usr/local/samba/lib/libdcerpc.so.0(+0x3332c) [0x6e2132c] #14 /usr/local/samba/lib/libdcerpc.so.0(+0x3317d) [0x6e2117d] #15 /usr/local/samba/lib/libldb-samba4.so.0(composite_done+0xb8) [0x571814a] #16 /usr/local/samba/lib/libdcerpc.so.0(+0x326db) [0x6e206db] #17 /usr/local/samba/lib/libldb-samba4.so.0(composite_done+0xb8) [0x571814a] #18 /usr/local/samba/lib/libdcerpc.so.0(+0x31795) [0x6e1f795] #19 /usr/local/samba/lib/libldb-samba4.so.0(composite_done+0xb8) [0x571814a] #20 /usr/local/samba/lib/libdcerpc.so.0(+0x312eb) [0x6e1f2eb] #21 /usr/local/samba/lib/libldb-samba4.so.0(composite_done+0xb8) [0x571814a] #22 /usr/local/samba/lib/libldb-samba4.so.0(+0x11a082) [0x5747082] #23 /usr/local/samba/lib/libtevent-samba4.so.0(+0x7833) [0x6be8833] #24 /usr/local/samba/lib/libtevent-samba4.so.0(+0x7f9f) [0x6be8f9f] #25 /usr/local/samba/lib/libtevent-samba4.so.0(_tevent_loop_once+0xe8) [0x6be4bb8] #26 /usr/local/samba/lib/libtevent-samba4.so.0(tevent_common_loop_wait+0x25) [0x6be4df5] #27 /usr/local/samba/lib/libtevent-samba4.so.0(_tevent_loop_wait+0x2b) [0x6be4ec0] #28 /usr/local/samba/sbin/samba() [0x791009] #29 /usr/local/samba/sbin/samba() [0x79104f] #30 /lib/libc.so.6(__libc_start_main+0xfd) [0x9bd4c4d] #31 /usr/local/samba/sbin/samba() [0x439919] ==8879== ==8879== HEAP SUMMARY: ==8879== in use at exit: 3,482,257 bytes in 29,049 blocks ==8879== total heap usage: 5,826,517 allocs, 5,797,468 frees, 846,597,821 bytes allocated ==8879== ==8879== LEAK SUMMARY: ==8879== definitely lost: 4,142 bytes in 7 blocks ==8879== indirectly lost: 2,073 bytes in 37 blocks ==8879== possibly lost: 3,453,988 bytes in 28,569 blocks ==8879== still reachable: 22,054 bytes in 436 blocks ==8879== suppressed: 0 bytes in 0 blocks ==8879== Rerun with --leak-check=full to see details of leaked memory ==8879== ==8879== For counts of detected and suppressed errors, rerun with: -v ==8879== ERROR SUMMARY: 8 errors from 8 contexts (suppressed: 4 from 4) Aborted root@s4test:~# ==8886== ==8886== HEAP SUMMARY: ==8886== in use at exit: 3,476,906 bytes in 29,040 blocks ==8886== total heap usage: 5,825,737 allocs, 5,796,697 frees, 846,667,703 bytes allocated ==8886== ==8886== LEAK SUMMARY: ==8886== definitely lost: 0 bytes in 0 blocks ==8886== indirectly lost: 0 bytes in 0 blocks ==8886== possibly lost: 3,455,040 bytes in 28,568 blocks ==8886== still reachable: 21,866 bytes in 472 blocks ==8886== suppressed: 0 bytes in 0 blocks ==8886== Rerun with --leak-check=full to see details of leaked memory ==8886== ==8886== For counts of detected and suppressed errors, rerun with: -v ==8886== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4)