I detected a small memory leak in smbd, I then ran valgrind against nmbd and winbindd. nbmd also suffers from the same problem as smbd, and winbindd seems to have its own. None of these seem critical, considering that I can still browse and interact with the shares without a problem, but memory leaks and invalid reads are still dangerous. smbd: ==30263== 8,519 (48 direct, 8,471 indirect) bytes in 1 blocks are definitely lost in loss record 11 of 22 ==30263== at 0x48114B0: malloc (vg_replace_malloc.c:149) ==30263== by 0x24B7D0: __talloc (talloc.c:209) ==30263== by 0x24B73E: _talloc_named_const (talloc.c:291) ==30263== by 0x24CAEE: talloc_enable_null_tracking (talloc.c:1044) ==30263== by 0x24C20F: talloc_init (talloc.c:660) ==30263== by 0x44BAC: lp_string (loadparm.c:1719) ==30263== by 0x44DBB: lp_logfile (loadparm.c:1778) ==30263== by 0x251EF0: dump_core_setup (fault.c:100) ==30263== by 0x3406E6: main (server.c:912) ==30263== ==30263== LEAK SUMMARY: ==30263== definitely lost: 48 bytes in 1 blocks. ==30263== indirectly lost: 8,471 bytes in 155 blocks. ==30263== possibly lost: 0 bytes in 0 blocks. ==30263== still reachable: 60,561 bytes in 290 blocks. ==30263== suppressed: 0 bytes in 0 blocks. ==30263== Reachable blocks (those to which a pointer was found) are not shown. ==30263== To see them, rerun with: --leak-check=full --show-reachable=yes ==30264== Invalid read of size 4 ==30264== at 0x482CF52: dl_cleanup (in /lib/libdl-0.9.28.so) ==30264== by 0x4000B9C: (within /lib/ld-uClibc-0.9.28.so) ==30264== by 0x4875FB2: exit (in /lib/libuClibc-0.9.28.so) ==30264== by 0x340458: exit_server_common (server.c:771) ==30264== by 0x34048A: exit_server_cleanly (server.c:781) ==30264== by 0x33F9BD: open_sockets_smbd (server.c:485) ==30264== by 0x340D83: main (server.c:1082) ==30264== Address 0x49407C4 is 4 bytes inside a block of size 24 free'd ==30264== at 0x48110CA: free (vg_replace_malloc.c:233) ==30264== by 0x482CA65: (within /lib/libdl-0.9.28.so) ==30264== by 0x482CF51: dl_cleanup (in /lib/libdl-0.9.28.so) ==30264== by 0x4000B9C: (within /lib/ld-uClibc-0.9.28.so) ==30264== by 0x4875FB2: exit (in /lib/libuClibc-0.9.28.so) ==30264== by 0x340458: exit_server_common (server.c:771) ==30264== by 0x34048A: exit_server_cleanly (server.c:781) ==30264== by 0x33F9BD: open_sockets_smbd (server.c:485) ==30264== by 0x340D83: main (server.c:1082) ==30264== ==30264== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) ==30264== malloc/free: in use at exit: 80,837 bytes in 467 blocks. ==30264== malloc/free: 4,348 allocs, 3,881 frees, 1,078,647 bytes allocated. ==30264== For counts of detected errors, rerun with: -v ==30264== searching for pointers to 467 not-freed blocks. ==30264== checked 515,128 bytes. ==30264== ==30264== LEAK SUMMARY: ==30264== definitely lost: 0 bytes in 0 blocks. ==30264== possibly lost: 0 bytes in 0 blocks. ==30264== still reachable: 80,837 bytes in 467 blocks. ==30264== suppressed: 0 bytes in 0 blocks. ==30264== Reachable blocks (those to which a pointer was found) are not shown. ==30264== To see them, rerun with: --leak-check=full --show-reachable=yes ==30267== Invalid read of size 4 ==30267== at 0x482CF52: dl_cleanup (in /lib/libdl-0.9.28.so) ==30267== by 0x4000B9C: (within /lib/ld-uClibc-0.9.28.so) ==30267== by 0x4875FB2: exit (in /lib/libuClibc-0.9.28.so) ==30267== by 0x340458: exit_server_common (server.c:771) ==30267== by 0x34048A: exit_server_cleanly (server.c:781) ==30267== by 0x2951E5: start_background_queue (printing.c:1417) ==30267== by 0x340D5C: main (server.c:1074) ==30267== Address 0x49407C4 is 4 bytes inside a block of size 24 free'd ==30267== at 0x48110CA: free (vg_replace_malloc.c:233) ==30267== by 0x482CA65: (within /lib/libdl-0.9.28.so) ==30267== by 0x482CF51: dl_cleanup (in /lib/libdl-0.9.28.so) ==30267== by 0x4000B9C: (within /lib/ld-uClibc-0.9.28.so) ==30267== by 0x4875FB2: exit (in /lib/libuClibc-0.9.28.so) ==30267== by 0x340458: exit_server_common (server.c:771) ==30267== by 0x34048A: exit_server_cleanly (server.c:781) ==30267== by 0x2951E5: start_background_queue (printing.c:1417) ==30267== by 0x340D5C: main (server.c:1074) ==30267== ==30267== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) ==30267== malloc/free: in use at exit: 90,681 bytes in 638 blocks. ==30267== malloc/free: 4,337 allocs, 3,699 frees, 1,078,947 bytes allocated. ==30267== For counts of detected errors, rerun with: -v ==30267== searching for pointers to 638 not-freed blocks. ==30267== checked 522,216 bytes. ==30267== ==30267== LEAK SUMMARY: ==30267== definitely lost: 0 bytes in 0 blocks. ==30267== possibly lost: 0 bytes in 0 blocks. ==30267== still reachable: 90,681 bytes in 638 blocks. ==30267== suppressed: 0 bytes in 0 blocks. ==30267== Reachable blocks (those to which a pointer was found) are not shown. ==30267== To see them, rerun with: --leak-check=full --show-reachable=yes nmbd: ==32625== 8,293 (48 direct, 8,245 indirect) bytes in 1 blocks are definitely lost in loss record 8 of 14 ==32625== at 0x48114B0: malloc (vg_replace_malloc.c:149) ==32625== by 0x9F3CB: __talloc (talloc.c:209) ==32625== by 0x9F339: _talloc_named_const (talloc.c:291) ==32625== by 0xA06E9: talloc_enable_null_tracking (talloc.c:1044) ==32625== by 0x9FE0A: talloc_init (talloc.c:660) ==32625== by 0x448D0: lp_string (loadparm.c:1719) ==32625== by 0x44ADF: lp_logfile (loadparm.c:1778) ==32625== by 0xA5AEC: dump_core_setup (fault.c:100) ==32625== by 0x1FBDF: main (nmbd.c:662) ==32625== ==32625== LEAK SUMMARY: ==32625== definitely lost: 48 bytes in 1 blocks. ==32625== indirectly lost: 8,245 bytes in 152 blocks. ==32625== possibly lost: 0 bytes in 0 blocks. ==32625== still reachable: 3,187 bytes in 188 blocks. ==32625== suppressed: 0 bytes in 0 blocks. ==32625== Reachable blocks (those to which a pointer was found) are not shown. ==32625== To see them, rerun with: --leak-check=full --show-reachable=yes ==32626== Invalid read of size 4 ==32626== at 0x482CF52: dl_cleanup (in /lib/libdl-0.9.28.so) ==32626== by 0x4000B9C: (within /lib/ld-uClibc-0.9.28.so) ==32626== by 0x4875FB2: exit (in /lib/libuClibc-0.9.28.so) ==32626== by 0x1ECC9: terminate (nmbd.c:72) ==32626== by 0x1F725: process (nmbd.c:382) ==32626== by 0x2036B: main (nmbd.c:804) ==32626== Address 0x494077C is 4 bytes inside a block of size 24 free'd ==32626== at 0x48110CA: free (vg_replace_malloc.c:233) ==32626== by 0x482CA65: (within /lib/libdl-0.9.28.so) ==32626== by 0x482CF51: dl_cleanup (in /lib/libdl-0.9.28.so) ==32626== by 0x4000B9C: (within /lib/ld-uClibc-0.9.28.so) ==32626== by 0x4875FB2: exit (in /lib/libuClibc-0.9.28.so) ==32626== by 0x1ECC9: terminate (nmbd.c:72) ==32626== by 0x1F725: process (nmbd.c:382) ==32626== by 0x2036B: main (nmbd.c:804) ==32626== ==32626== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) ==32626== malloc/free: in use at exit: 26,127 bytes in 300 blocks. ==32626== malloc/free: 1,692 allocs, 1,392 frees, 860,282 bytes allocated. ==32626== For counts of detected errors, rerun with: -v ==32626== searching for pointers to 300 not-freed blocks. ==32626== checked 384,772 bytes. ==32626== ==32626== ==32626== 228 (48 direct, 180 indirect) bytes in 1 blocks are definitely lost in loss record 5 of 24 ==32626== at 0x48114B0: malloc (vg_replace_malloc.c:149) ==32626== by 0x9F3CB: __talloc (talloc.c:209) ==32626== by 0x9F339: _talloc_named_const (talloc.c:291) ==32626== by 0xA06E9: talloc_enable_null_tracking (talloc.c:1044) ==32626== by 0x9FE0A: talloc_init (talloc.c:660) ==32626== by 0x448D0: lp_string (loadparm.c:1719) ==32626== by 0x44ADF: lp_logfile (loadparm.c:1778) ==32626== by 0xA5AEC: dump_core_setup (fault.c:100) ==32626== by 0x1FBDF: main (nmbd.c:662) ==32626== ==32626== LEAK SUMMARY: ==32626== definitely lost: 48 bytes in 1 blocks. ==32626== indirectly lost: 180 bytes in 3 blocks. ==32626== possibly lost: 0 bytes in 0 blocks. ==32626== still reachable: 25,899 bytes in 296 blocks. ==32626== suppressed: 0 bytes in 0 blocks. ==32626== Reachable blocks (those to which a pointer was found) are not shown. ==32626== To see them, rerun with: --leak-check=full --show-reachable=yes winbindd: ==32633== Invalid read of size 4 ==32633== at 0x482CF52: dl_cleanup (in /lib/libdl-0.9.28.so) ==32633== by 0x4000B9C: (within /lib/ld-uClibc-0.9.28.so) ==32633== by 0x4875FB2: exit (in /lib/libuClibc-0.9.28.so) ==32633== by 0x39CCA: terminate (winbindd.c:143) ==32633== by 0x3B61D: process_loop (winbindd.c:886) ==32633== by 0x3BF3A: main (winbindd.c:1103) ==32633== Address 0x49007AC is 4 bytes inside a block of size 24 free'd ==32633== at 0x48110CA: free (vg_replace_malloc.c:233) ==32633== by 0x482CA65: (within /lib/libdl-0.9.28.so) ==32633== by 0x482CF51: dl_cleanup (in /lib/libdl-0.9.28.so) ==32633== by 0x4000B9C: (within /lib/ld-uClibc-0.9.28.so) ==32633== by 0x4875FB2: exit (in /lib/libuClibc-0.9.28.so) ==32633== by 0x39CCA: terminate (winbindd.c:143) ==32633== by 0x3B61D: process_loop (winbindd.c:886) ==32633== by 0x3BF3A: main (winbindd.c:1103) ==32633== ==32633== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) ==32633== malloc/free: in use at exit: 27,958 bytes in 294 blocks. ==32633== malloc/free: 1,030 allocs, 736 frees, 202,816 bytes allocated. ==32633== For counts of detected errors, rerun with: -v ==32633== searching for pointers to 294 not-freed blocks. ==32633== checked 448,868 bytes. ==32633== ==32633== LEAK SUMMARY: ==32633== definitely lost: 0 bytes in 0 blocks. ==32633== possibly lost: 0 bytes in 0 blocks. ==32633== still reachable: 27,958 bytes in 294 blocks. ==32633== suppressed: 0 bytes in 0 blocks. ==32633== Reachable blocks (those to which a pointer was found) are not shown. ==32633== To see them, rerun with: --leak-check=full --show-reachable=yes ==32634== Invalid read of size 4 ==32634== at 0x482CF52: dl_cleanup (in /lib/libdl-0.9.28.so) ==32634== by 0x4000B9C: (within /lib/ld-uClibc-0.9.28.so) ==32634== by 0x4875FB2: exit (in /lib/libuClibc-0.9.28.so) ==32634== by 0x6689B: fork_domain_child (winbindd_dual.c:1051) ==32634== by 0x646CE: schedule_async_request (winbindd_dual.c:296) ==32634== by 0x63F07: async_request (winbindd_dual.c:137) ==32634== by 0x448BD: init_child_connection (winbindd_util.c:387) ==32634== by 0x64891: async_domain_request (winbindd_dual.c:358) ==32634== by 0x441B5: add_trusted_domains (winbindd_util.c:231) ==32634== by 0x445E7: rescan_trusted_domains (winbindd_util.c:325) ==32634== by 0x3B02A: process_loop (winbindd.c:753) ==32634== by 0x3BF3A: main (winbindd.c:1103) ==32634== Address 0x49007AC is 4 bytes inside a block of size 24 free'd ==32634== at 0x48110CA: free (vg_replace_malloc.c:233) ==32634== by 0x482CA65: (within /lib/libdl-0.9.28.so) ==32634== by 0x482CF51: dl_cleanup (in /lib/libdl-0.9.28.so) ==32634== by 0x4000B9C: (within /lib/ld-uClibc-0.9.28.so) ==32634== by 0x4875FB2: exit (in /lib/libuClibc-0.9.28.so) ==32634== by 0x6689B: fork_domain_child (winbindd_dual.c:1051) ==32634== by 0x646CE: schedule_async_request (winbindd_dual.c:296) ==32634== by 0x63F07: async_request (winbindd_dual.c:137) ==32634== by 0x448BD: init_child_connection (winbindd_util.c:387) ==32634== by 0x64891: async_domain_request (winbindd_dual.c:358) ==32634== by 0x441B5: add_trusted_domains (winbindd_util.c:231) ==32634== by 0x445E7: rescan_trusted_domains (winbindd_util.c:325) ==32634== ==32634== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) ==32634== malloc/free: in use at exit: 40,055 bytes in 310 blocks. ==32634== malloc/free: 1,052 allocs, 742 frees, 223,695 bytes allocated. ==32634== For counts of detected errors, rerun with: -v ==32634== searching for pointers to 310 not-freed blocks. ==32634== checked 467,964 bytes. ==32634== ==32634== LEAK SUMMARY: ==32634== definitely lost: 0 bytes in 0 blocks. ==32634== possibly lost: 0 bytes in 0 blocks. ==32634== still reachable: 40,055 bytes in 310 blocks. ==32634== suppressed: 0 bytes in 0 blocks. ==32634== Reachable blocks (those to which a pointer was found) are not shown. ==32634== To see them, rerun with: --leak-check=full --show-reachable=yes
The errors appear to be in the dl_cleanup function inside the libc on this platform. That's not a Samba bug. Jeremy.
This part: ==30263== at 0x48114B0: malloc (vg_replace_malloc.c:149) ==30263== by 0x24B7D0: __talloc (talloc.c:209) ==30263== by 0x24B73E: _talloc_named_const (talloc.c:291) ==30263== by 0x24CAEE: talloc_enable_null_tracking (talloc.c:1044) ==30263== by 0x24C20F: talloc_init (talloc.c:660) ==30263== by 0x44BAC: lp_string (loadparm.c:1719) ==30263== by 0x44DBB: lp_logfile (loadparm.c:1778) ==30263== by 0x251EF0: dump_core_setup (fault.c:100) ==30263== by 0x3406E6: main (server.c:912) Seems to have no relation to dl_cleanup.
The 'leak' here is the intentional memory being allocated to find real leaks in talloc with talloc_enable_null_tracking(). It is actually pretty hard to fix, as both atexit() and library destructors are trouble, and the autofree context is deprecated as a bad idea. However assigning to Andreas as he is trying to eliminate these as much as possible to allow a build with LeakSanitizer. On Samba 4.20.0 on Debian we still see this. valgrind --leak-check=full smbd --version ==4450== 96 bytes in 1 blocks are possibly lost in loss record 8 of 50 ==4450== at 0x4840808: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0x4E29DDD: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.4.2) ==4450== by 0x4E2B195: talloc_enable_null_tracking (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.4.2) ==4450== by 0x10E01F: main (in /usr/sbin/smbd) ==4450==