Due to a bug in talloc, the code in smbd_smb2_notify_smbreq_destructor() doesn't do what the author intended. static int smbd_smb2_notify_smbreq_destructor(struct smb_request *smbreq) { struct tevent_req *req = talloc_get_type_abort(smbreq->async_priv, struct tevent_req); struct smbd_smb2_notify_state *state = tevent_req_data(req, struct smbd_smb2_notify_state); /* * Our temporary parent from change_notify_add_request() * goes away. */ state->has_request = false; /* * move it back to its original parent, * which means we no longer need the destructor * to protect it. */ talloc_steal(smbreq->smb2req, smbreq); talloc_set_destructor(smbreq, NULL); /* * We want to keep smbreq! */ return -1; } Existing talloc in 4.0.x, 4.1.x, 4.2.x reparents to the NULL context in this case and leaves the existing destructor in place. Back-port from master will fix this.
Created attachment 10831 [details] Backport from master - bring talloc up to 2.1.2 Ira - this applies cleanly to 4.2.x.
Comment on attachment 10831 [details] Backport from master - bring talloc up to 2.1.2 Metze, the talloc in 4.1.x is only 2.0.8, in 4.0.x it's 2.0.7 so this patch doesn't apply as-is. How do you want to handle back-ports for 4.1.x and 4.0.x ?
Created attachment 10837 [details] Patches for v4-1-test
Created attachment 10838 [details] Patches for v4-0-test
Comment on attachment 10837 [details] Patches for v4-1-test LGTM.
Comment on attachment 10838 [details] Patches for v4-0-test LGTM.
Re-assigning to Karolin for inclusion in 4.0.next, 4.1.next, 4.2.next.
Pushed to v4-[0|1|2]-test. Closing out bug report. Thanks!