Bug 13633 - Missing fsp_free() calls in error exit paths in close_directory cause valgrind errors.
Summary: Missing fsp_free() calls in error exit paths in close_directory cause valgrin...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-09-27 19:19 UTC by Jeremy Allison
Modified: 2018-10-11 10:14 UTC (History)
1 user (show)

See Also:

Attachments
git-am fix for 4.9.next, 4.8.next, 4.7.next (1.53 KB, patch)
2018-10-01 20:37 UTC, Jeremy Allison 		slow: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2018-09-27 19:19:05 UTC 
I had some valgrind errors whilst testing my SMB2 POSIX extensions branch, so decided to try and reproduce against current master (with no SMB2 POSIX changes).

I get the same errors.

Reproduce by having an smb.conf with:

[global]

        store dos attributes = yes
        map readonly = no
        map system = no
        map archive = no
        map hidden = no
        dos filemode = yes
        host msdfs = yes
        create mode = 07777
        directory mode = 07777


[posix_share]
        path = /tmp/posix
        read only = no
        create mask = 0777
        force create mode = 0
        directory mask = 0777
        force directory mode = 0
        vfs objects = xattr_tdb streams_depot

Then running:

bin/smbtorture3 //127.0.0.1/posix_share -U<user>%<password> POSIX

With smbd run as:

valgrind --trace-children=yes --num-callers=200 /usr/local/samba/sbin/smbd -d10

I get the following:

==29577== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==29583== Invalid read of size 8
==29583==    at 0x5424D3B: file_close_user (files.c:250)
==29583==    by 0x552F7E8: smbXsrv_session_logoff (smbXsrv_session.c:1673)
==29583==    by 0x552E26C: smbXsrv_session_clear_and_logoff (smbXsrv_session.c:1192)
==29583==    by 0x552FE11: smbXsrv_session_logoff_all_callback (smbXsrv_session.c:1826)
==29583==    by 0xBBD10D1: db_rbt_traverse_internal (dbwrap_rbt.c:452)
==29583==    by 0xBBD12BF: db_rbt_traverse (dbwrap_rbt.c:510)
==29583==    by 0xBBCDD01: dbwrap_traverse (dbwrap.c:358)
==29583==    by 0x552FC2B: smbXsrv_session_logoff_all (smbXsrv_session.c:1780)
==29583==    by 0x553811F: exit_server_common (server_exit.c:162)
==29583==    by 0x553841E: smbd_exit_server_cleanly (server_exit.c:252)
==29583==    by 0x802EDD2: exit_server_cleanly (smbd_shim.c:131)
==29583==    by 0x54DB5E8: smbd_server_connection_read_handler (process.c:2600)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Address 0x1e1183a0 is 96 bytes inside a block of size 520 free'd
==29583==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBC1C8: _tc_free_internal (talloc.c:1201)
==29583==    by 0x5FBD199: _tc_free_children_internal (talloc.c:1646)
==29583==    by 0x5FBC00A: _tc_free_internal (talloc.c:1163)
==29583==    by 0x5FBC280: _talloc_free_internal (talloc.c:1227)
==29583==    by 0x5FBD5E6: _talloc_free (talloc.c:1769)
==29583==    by 0xAADD42A: conn_free_internal (conn.c:185)
==29583==    by 0xAADD5F9: conn_free (conn.c:203)
==29583==    by 0x54E40BE: close_cnum (service.c:1168)
==29583==    by 0x5532875: smbXsrv_tcon_disconnect (smbXsrv_tcon.c:922)
==29583==    by 0x5469CE8: reply_tdis (reply.c:5739)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Block was alloc'd at
==29583==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBB184: __talloc_with_prefix (talloc.c:763)
==29583==    by 0x5FBB316: __talloc (talloc.c:804)
==29583==    by 0x5FBB79C: _talloc_named_const (talloc.c:961)
==29583==    by 0x5FBEBF5: _talloc_zero (talloc.c:2402)
==29583==    by 0x5424656: fsp_new (files.c:39)
==29583==    by 0x542482A: file_new (files.c:88)
==29583==    by 0x54B04EA: open_directory (open.c:4131)
==29583==    by 0x54B2D38: create_file_unixpath (open.c:5245)
==29583==    by 0x54B3ADA: create_file_default (open.c:5686)
==29583==    by 0x53C3165: vfswrap_create_file (vfs_default.c:582)
==29583==    by 0x54C0928: smb_vfs_call_create_file (vfs.c:2503)
==29583==    by 0x54933BF: smb_posix_open (trans2.c:8212)
==29583==    by 0x549408D: smbd_do_setfilepathinfo (trans2.c:8665)
==29583==    by 0x5494A12: call_trans2setfilepathinfo (trans2.c:8894)
==29583==    by 0x5496181: handle_trans2 (trans2.c:9434)
==29583==    by 0x5497095: reply_trans2 (trans2.c:9663)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583== 
==29583== Invalid read of size 8
==29583==    at 0x5424D46: file_close_user (files.c:251)
==29583==    by 0x552F7E8: smbXsrv_session_logoff (smbXsrv_session.c:1673)
==29583==    by 0x552E26C: smbXsrv_session_clear_and_logoff (smbXsrv_session.c:1192)
==29583==    by 0x552FE11: smbXsrv_session_logoff_all_callback (smbXsrv_session.c:1826)
==29583==    by 0xBBD10D1: db_rbt_traverse_internal (dbwrap_rbt.c:452)
==29583==    by 0xBBD12BF: db_rbt_traverse (dbwrap_rbt.c:510)
==29583==    by 0xBBCDD01: dbwrap_traverse (dbwrap.c:358)
==29583==    by 0x552FC2B: smbXsrv_session_logoff_all (smbXsrv_session.c:1780)
==29583==    by 0x553811F: exit_server_common (server_exit.c:162)
==29583==    by 0x553841E: smbd_exit_server_cleanly (server_exit.c:252)
==29583==    by 0x802EDD2: exit_server_cleanly (smbd_shim.c:131)
==29583==    by 0x54DB5E8: smbd_server_connection_read_handler (process.c:2600)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Address 0x1e118400 is 192 bytes inside a block of size 520 free'd
==29583==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBC1C8: _tc_free_internal (talloc.c:1201)
==29583==    by 0x5FBD199: _tc_free_children_internal (talloc.c:1646)
==29583==    by 0x5FBC00A: _tc_free_internal (talloc.c:1163)
==29583==    by 0x5FBC280: _talloc_free_internal (talloc.c:1227)
==29583==    by 0x5FBD5E6: _talloc_free (talloc.c:1769)
==29583==    by 0xAADD42A: conn_free_internal (conn.c:185)
==29583==    by 0xAADD5F9: conn_free (conn.c:203)
==29583==    by 0x54E40BE: close_cnum (service.c:1168)
==29583==    by 0x5532875: smbXsrv_tcon_disconnect (smbXsrv_tcon.c:922)
==29583==    by 0x5469CE8: reply_tdis (reply.c:5739)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Block was alloc'd at
==29583==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBB184: __talloc_with_prefix (talloc.c:763)
==29583==    by 0x5FBB316: __talloc (talloc.c:804)
==29583==    by 0x5FBB79C: _talloc_named_const (talloc.c:961)
==29583==    by 0x5FBEBF5: _talloc_zero (talloc.c:2402)
==29583==    by 0x5424656: fsp_new (files.c:39)
==29583==    by 0x542482A: file_new (files.c:88)
==29583==    by 0x54B04EA: open_directory (open.c:4131)
==29583==    by 0x54B2D38: create_file_unixpath (open.c:5245)
==29583==    by 0x54B3ADA: create_file_default (open.c:5686)
==29583==    by 0x53C3165: vfswrap_create_file (vfs_default.c:582)
==29583==    by 0x54C0928: smb_vfs_call_create_file (vfs.c:2503)
==29583==    by 0x54933BF: smb_posix_open (trans2.c:8212)
==29583==    by 0x549408D: smbd_do_setfilepathinfo (trans2.c:8665)
==29583==    by 0x5494A12: call_trans2setfilepathinfo (trans2.c:8894)
==29583==    by 0x5496181: handle_trans2 (trans2.c:9434)
==29583==    by 0x5497095: reply_trans2 (trans2.c:9663)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583== 
==29583== Invalid read of size 8
==29583==    at 0x54B7641: close_file (close.c:1246)
==29583==    by 0x5424D65: file_close_user (files.c:252)
==29583==    by 0x552F7E8: smbXsrv_session_logoff (smbXsrv_session.c:1673)
==29583==    by 0x552E26C: smbXsrv_session_clear_and_logoff (smbXsrv_session.c:1192)
==29583==    by 0x552FE11: smbXsrv_session_logoff_all_callback (smbXsrv_session.c:1826)
==29583==    by 0xBBD10D1: db_rbt_traverse_internal (dbwrap_rbt.c:452)
==29583==    by 0xBBD12BF: db_rbt_traverse (dbwrap_rbt.c:510)
==29583==    by 0xBBCDD01: dbwrap_traverse (dbwrap.c:358)
==29583==    by 0x552FC2B: smbXsrv_session_logoff_all (smbXsrv_session.c:1780)
==29583==    by 0x553811F: exit_server_common (server_exit.c:162)
==29583==    by 0x553841E: smbd_exit_server_cleanly (server_exit.c:252)
==29583==    by 0x802EDD2: exit_server_cleanly (smbd_shim.c:131)
==29583==    by 0x54DB5E8: smbd_server_connection_read_handler (process.c:2600)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Address 0x1e118508 is 456 bytes inside a block of size 520 free'd
==29583==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBC1C8: _tc_free_internal (talloc.c:1201)
==29583==    by 0x5FBD199: _tc_free_children_internal (talloc.c:1646)
==29583==    by 0x5FBC00A: _tc_free_internal (talloc.c:1163)
==29583==    by 0x5FBC280: _talloc_free_internal (talloc.c:1227)
==29583==    by 0x5FBD5E6: _talloc_free (talloc.c:1769)
==29583==    by 0xAADD42A: conn_free_internal (conn.c:185)
==29583==    by 0xAADD5F9: conn_free (conn.c:203)
==29583==    by 0x54E40BE: close_cnum (service.c:1168)
==29583==    by 0x5532875: smbXsrv_tcon_disconnect (smbXsrv_tcon.c:922)
==29583==    by 0x5469CE8: reply_tdis (reply.c:5739)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Block was alloc'd at
==29583==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBB184: __talloc_with_prefix (talloc.c:763)
==29583==    by 0x5FBB316: __talloc (talloc.c:804)
==29583==    by 0x5FBB79C: _talloc_named_const (talloc.c:961)
==29583==    by 0x5FBEBF5: _talloc_zero (talloc.c:2402)
==29583==    by 0x5424656: fsp_new (files.c:39)
==29583==    by 0x542482A: file_new (files.c:88)
==29583==    by 0x54B04EA: open_directory (open.c:4131)
==29583==    by 0x54B2D38: create_file_unixpath (open.c:5245)
==29583==    by 0x54B3ADA: create_file_default (open.c:5686)
==29583==    by 0x53C3165: vfswrap_create_file (vfs_default.c:582)
==29583==    by 0x54C0928: smb_vfs_call_create_file (vfs.c:2503)
==29583==    by 0x54933BF: smb_posix_open (trans2.c:8212)
==29583==    by 0x549408D: smbd_do_setfilepathinfo (trans2.c:8665)
==29583==    by 0x5494A12: call_trans2setfilepathinfo (trans2.c:8894)
==29583==    by 0x5496181: handle_trans2 (trans2.c:9434)
==29583==    by 0x5497095: reply_trans2 (trans2.c:9663)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583== 
==29583== Invalid read of size 1
==29583==    at 0x54B7650: close_file (close.c:1248)
==29583==    by 0x5424D65: file_close_user (files.c:252)
==29583==    by 0x552F7E8: smbXsrv_session_logoff (smbXsrv_session.c:1673)
==29583==    by 0x552E26C: smbXsrv_session_clear_and_logoff (smbXsrv_session.c:1192)
==29583==    by 0x552FE11: smbXsrv_session_logoff_all_callback (smbXsrv_session.c:1826)
==29583==    by 0xBBD10D1: db_rbt_traverse_internal (dbwrap_rbt.c:452)
==29583==    by 0xBBD12BF: db_rbt_traverse (dbwrap_rbt.c:510)
==29583==    by 0xBBCDD01: dbwrap_traverse (dbwrap.c:358)
==29583==    by 0x552FC2B: smbXsrv_session_logoff_all (smbXsrv_session.c:1780)
==29583==    by 0x553811F: exit_server_common (server_exit.c:162)
==29583==    by 0x553841E: smbd_exit_server_cleanly (server_exit.c:252)
==29583==    by 0x802EDD2: exit_server_cleanly (smbd_shim.c:131)
==29583==    by 0x54DB5E8: smbd_server_connection_read_handler (process.c:2600)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Address 0x1e1184c0 is 384 bytes inside a block of size 520 free'd
==29583==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBC1C8: _tc_free_internal (talloc.c:1201)
==29583==    by 0x5FBD199: _tc_free_children_internal (talloc.c:1646)
==29583==    by 0x5FBC00A: _tc_free_internal (talloc.c:1163)
==29583==    by 0x5FBC280: _talloc_free_internal (talloc.c:1227)
==29583==    by 0x5FBD5E6: _talloc_free (talloc.c:1769)
==29583==    by 0xAADD42A: conn_free_internal (conn.c:185)
==29583==    by 0xAADD5F9: conn_free (conn.c:203)
==29583==    by 0x54E40BE: close_cnum (service.c:1168)
==29583==    by 0x5532875: smbXsrv_tcon_disconnect (smbXsrv_tcon.c:922)
==29583==    by 0x5469CE8: reply_tdis (reply.c:5739)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Block was alloc'd at
==29583==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBB184: __talloc_with_prefix (talloc.c:763)
==29583==    by 0x5FBB316: __talloc (talloc.c:804)
==29583==    by 0x5FBB79C: _talloc_named_const (talloc.c:961)
==29583==    by 0x5FBEBF5: _talloc_zero (talloc.c:2402)
==29583==    by 0x5424656: fsp_new (files.c:39)
==29583==    by 0x542482A: file_new (files.c:88)
==29583==    by 0x54B04EA: open_directory (open.c:4131)
==29583==    by 0x54B2D38: create_file_unixpath (open.c:5245)
==29583==    by 0x54B3ADA: create_file_default (open.c:5686)
==29583==    by 0x53C3165: vfswrap_create_file (vfs_default.c:582)
==29583==    by 0x54C0928: smb_vfs_call_create_file (vfs.c:2503)
==29583==    by 0x54933BF: smb_posix_open (trans2.c:8212)
==29583==    by 0x549408D: smbd_do_setfilepathinfo (trans2.c:8665)
==29583==    by 0x5494A12: call_trans2setfilepathinfo (trans2.c:8894)
==29583==    by 0x5496181: handle_trans2 (trans2.c:9434)
==29583==    by 0x5497095: reply_trans2 (trans2.c:9663)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583== 
==29583== Invalid read of size 8
==29583==    at 0x54B6EEF: close_directory (close.c:1078)
==29583==    by 0x54B7670: close_file (close.c:1249)
==29583==    by 0x5424D65: file_close_user (files.c:252)
==29583==    by 0x552F7E8: smbXsrv_session_logoff (smbXsrv_session.c:1673)
==29583==    by 0x552E26C: smbXsrv_session_clear_and_logoff (smbXsrv_session.c:1192)
==29583==    by 0x552FE11: smbXsrv_session_logoff_all_callback (smbXsrv_session.c:1826)
==29583==    by 0xBBD10D1: db_rbt_traverse_internal (dbwrap_rbt.c:452)
==29583==    by 0xBBD12BF: db_rbt_traverse (dbwrap_rbt.c:510)
==29583==    by 0xBBCDD01: dbwrap_traverse (dbwrap.c:358)
==29583==    by 0x552FC2B: smbXsrv_session_logoff_all (smbXsrv_session.c:1780)
==29583==    by 0x553811F: exit_server_common (server_exit.c:162)
==29583==    by 0x553841E: smbd_exit_server_cleanly (server_exit.c:252)
==29583==    by 0x802EDD2: exit_server_cleanly (smbd_shim.c:131)
==29583==    by 0x54DB5E8: smbd_server_connection_read_handler (process.c:2600)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Address 0x1e1183c0 is 128 bytes inside a block of size 520 free'd
==29583==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBC1C8: _tc_free_internal (talloc.c:1201)
==29583==    by 0x5FBD199: _tc_free_children_internal (talloc.c:1646)
==29583==    by 0x5FBC00A: _tc_free_internal (talloc.c:1163)
==29583==    by 0x5FBC280: _talloc_free_internal (talloc.c:1227)
==29583==    by 0x5FBD5E6: _talloc_free (talloc.c:1769)
==29583==    by 0xAADD42A: conn_free_internal (conn.c:185)
==29583==    by 0xAADD5F9: conn_free (conn.c:203)
==29583==    by 0x54E40BE: close_cnum (service.c:1168)
==29583==    by 0x5532875: smbXsrv_tcon_disconnect (smbXsrv_tcon.c:922)
==29583==    by 0x5469CE8: reply_tdis (reply.c:5739)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Block was alloc'd at
==29583==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBB184: __talloc_with_prefix (talloc.c:763)
==29583==    by 0x5FBB316: __talloc (talloc.c:804)
==29583==    by 0x5FBB79C: _talloc_named_const (talloc.c:961)
==29583==    by 0x5FBEBF5: _talloc_zero (talloc.c:2402)
==29583==    by 0x5424656: fsp_new (files.c:39)
==29583==    by 0x542482A: file_new (files.c:88)
==29583==    by 0x54B04EA: open_directory (open.c:4131)
==29583==    by 0x54B2D38: create_file_unixpath (open.c:5245)
==29583==    by 0x54B3ADA: create_file_default (open.c:5686)
==29583==    by 0x53C3165: vfswrap_create_file (vfs_default.c:582)
==29583==    by 0x54C0928: smb_vfs_call_create_file (vfs.c:2503)
==29583==    by 0x54933BF: smb_posix_open (trans2.c:8212)
==29583==    by 0x549408D: smbd_do_setfilepathinfo (trans2.c:8665)
==29583==    by 0x5494A12: call_trans2setfilepathinfo (trans2.c:8894)
==29583==    by 0x5496181: handle_trans2 (trans2.c:9434)
==29583==    by 0x5497095: reply_trans2 (trans2.c:9663)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583== 
==29583== Invalid read of size 8
==29583==    at 0x54B6EF3: close_directory (close.c:1078)
==29583==    by 0x54B7670: close_file (close.c:1249)
==29583==    by 0x5424D65: file_close_user (files.c:252)
==29583==    by 0x552F7E8: smbXsrv_session_logoff (smbXsrv_session.c:1673)
==29583==    by 0x552E26C: smbXsrv_session_clear_and_logoff (smbXsrv_session.c:1192)
==29583==    by 0x552FE11: smbXsrv_session_logoff_all_callback (smbXsrv_session.c:1826)
==29583==    by 0xBBD10D1: db_rbt_traverse_internal (dbwrap_rbt.c:452)
==29583==    by 0xBBD12BF: db_rbt_traverse (dbwrap_rbt.c:510)
==29583==    by 0xBBCDD01: dbwrap_traverse (dbwrap.c:358)
==29583==    by 0x552FC2B: smbXsrv_session_logoff_all (smbXsrv_session.c:1780)
==29583==    by 0x553811F: exit_server_common (server_exit.c:162)
==29583==    by 0x553841E: smbd_exit_server_cleanly (server_exit.c:252)
==29583==    by 0x802EDD2: exit_server_cleanly (smbd_shim.c:131)
==29583==    by 0x54DB5E8: smbd_server_connection_read_handler (process.c:2600)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Address 0x1d267750 is 112 bytes inside a block of size 352 free'd
==29583==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBC1C8: _tc_free_internal (talloc.c:1201)
==29583==    by 0x5FBC280: _talloc_free_internal (talloc.c:1227)
==29583==    by 0x5FBD5E6: _talloc_free (talloc.c:1769)
==29583==    by 0xAADD42A: conn_free_internal (conn.c:185)
==29583==    by 0xAADD5F9: conn_free (conn.c:203)
==29583==    by 0x54E40BE: close_cnum (service.c:1168)
==29583==    by 0x5532875: smbXsrv_tcon_disconnect (smbXsrv_tcon.c:922)
==29583==    by 0x5469CE8: reply_tdis (reply.c:5739)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Block was alloc'd at
==29583==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29583==    by 0x5FBB184: __talloc_with_prefix (talloc.c:763)
==29583==    by 0x5FBB316: __talloc (talloc.c:804)
==29583==    by 0x5FBB79C: _talloc_named_const (talloc.c:961)
==29583==    by 0x5FBEBF5: _talloc_zero (talloc.c:2402)
==29583==    by 0xAADCE57: conn_new (conn.c:64)
==29583==    by 0x54E305B: make_connection_smb1 (service.c:901)
==29583==    by 0x54E3BAF: make_connection (service.c:1104)
==29583==    by 0x545B8B9: reply_tcon_and_X (reply.c:1062)
==29583==    by 0x54D8F87: switch_message (process.c:1723)
==29583==    by 0x54D9174: construct_reply (process.c:1759)
==29583==    by 0x54DA233: process_smb (process.c:2007)
==29583==    by 0x54DB62A: smbd_server_connection_read_handler (process.c:2607)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583== 
==29583== Invalid read of size 8
==29583==    at 0x54B6EF7: close_directory (close.c:1078)
==29583==    by 0x54B7670: close_file (close.c:1249)
==29583==    by 0x5424D65: file_close_user (files.c:252)
==29583==    by 0x552F7E8: smbXsrv_session_logoff (smbXsrv_session.c:1673)
==29583==    by 0x552E26C: smbXsrv_session_clear_and_logoff (smbXsrv_session.c:1192)
==29583==    by 0x552FE11: smbXsrv_session_logoff_all_callback (smbXsrv_session.c:1826)
==29583==    by 0xBBD10D1: db_rbt_traverse_internal (dbwrap_rbt.c:452)
==29583==    by 0xBBD12BF: db_rbt_traverse (dbwrap_rbt.c:510)
==29583==    by 0xBBCDD01: dbwrap_traverse (dbwrap.c:358)
==29583==    by 0x552FC2B: smbXsrv_session_logoff_all (smbXsrv_session.c:1780)
==29583==    by 0x553811F: exit_server_common (server_exit.c:162)
==29583==    by 0x553841E: smbd_exit_server_cleanly (server_exit.c:252)
==29583==    by 0x802EDD2: exit_server_cleanly (smbd_shim.c:131)
==29583==    by 0x54DB5E8: smbd_server_connection_read_handler (process.c:2600)
==29583==    by 0x54DB726: smbd_server_connection_handler (process.c:2634)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x54E0107: smbd_process (process.c:4157)
==29583==    by 0x115474: smbd_accept_connection (server.c:1031)
==29583==    by 0x63CBE33: tevent_common_invoke_fd_handler (tevent_fd.c:137)
==29583==    by 0x63D6705: epoll_event_loop (tevent_epoll.c:736)
==29583==    by 0x63D6DD9: epoll_event_loop_once (tevent_epoll.c:937)
==29583==    by 0x63D35E5: std_event_loop_once (tevent_standard.c:110)
==29583==    by 0x63CB05E: _tevent_loop_once (tevent.c:772)
==29583==    by 0x63CB3B0: tevent_common_loop_wait (tevent.c:895)
==29583==    by 0x63D3687: std_event_loop_wait (tevent_standard.c:141)
==29583==    by 0x63CB453: _tevent_loop_wait (tevent.c:914)
==29583==    by 0x1161A4: smbd_parent_loop (server.c:1383)
==29583==    by 0x1183F8: main (server.c:2153)
==29583==  Address 0x30 is not stack'd, malloc'd or (recently) free'd
==29583==
Comment 1 Jeremy Allison 2018-10-01 20:37:57 UTC 
Created attachment 14506 [details]
git-am fix for 4.9.next, 4.8.next, 4.7.next

Cherry-picked from master.
Comment 2 Ralph Böhme 2018-10-02 08:25:28 UTC 
Reassigning to Karolin for inclusion in 4.7, 4.8 and 4.9.
Comment 3 Karolin Seeger 2018-10-09 09:27:47 UTC 
(In reply to Ralph Böhme from comment #2)
Pushed to autobuild-v4-{7,8,9}-test.
Comment 4 Karolin Seeger 2018-10-11 10:14:17 UTC 
(In reply to Karolin Seeger from comment #3)
Pushed to all branches.
Closing out bug report.

Thanks!