François Lafont
2013-Apr-14 00:08 UTC
[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
Hi, I used Samba 4.0.5 in Wheezy. Here is that I have done: --------------------------------------------------------------- samba-tool domain provision --realm=CHEZMOI.PRIV --domain=CHEZMOI \ --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass='+toto123' echo "nameserver 192.168.0.21" > /etc/resolv.conf samba ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 # I put "winbind" in the nsswitch.conf file. sed -i -r -e 's/^(passwd:.*)$/\1 winbind/g' -e 's/^(group:.*)$/\1 winbind/g' /etc/nsswitch.conf samba-tool user add test1 "+test123" --------------------------------------------------------------- That's all. Here is my smb.conf after this commands: --------------------------------------------------------------- # Global parameters [global] workgroup = CHEZMOI realm = CHEZMOI.PRIV netbios name = WHEEZY-1 server role = active directory domain controller dns forwarder = 212.27.40.241 [netlogon] path = /usr/local/samba/var/locks/sysvol/chezmoi.priv/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No --------------------------------------------------------------- It seems to work well: --------------------------------------------------------------- ~# getent passwd [couic...] CHEZMOI\Administrator:*:0:100::/home/CHEZMOI/Administrator:/bin/false CHEZMOI\Guest:*:3000011:3000012::/home/CHEZMOI/Guest:/bin/false CHEZMOI\krbtgt:*:3000016:100::/home/CHEZMOI/krbtgt:/bin/false CHEZMOI\test1:*:3000017:100::/home/CHEZMOI/test1:/bin/false ~# wbinfo -u Administrator Guest krbtgt test1 # wbinfo -g Enterprise Read-Only Domain Controllers Domain Admins Domain Users Domain Guests Domain Computers Domain Controllers Schema Admins Enterprise Admins Group Policy Creator Owners Read-Only Domain Controllers DnsUpdateProxy --------------------------------------------------------------- But there is something curious with the /usr/local/samba/var/locks/sysvol/ directory: --------------------------------------------------------------- # ls -n /usr/local/samba/var/locks/sysvol/ total 8 drwxrws---+ 4 0 3000000 4096 Apr 14 01:40 chezmoi.priv --------------------------------------------------------------- Which group has the gid 3000000? --------------------------------------------------------------- # wbinfo -g | tr '\n' '\0' | xargs -0 -n 1 wbinfo --group-info CHEZMOI\Enterprise Read-Only Domain Controllers:*:3000018: CHEZMOI\Domain Admins:*:3000008: CHEZMOI\Domain Users:*:100: CHEZMOI\Domain Guests:*:3000012: CHEZMOI\Domain Computers:*:3000019: CHEZMOI\Domain Controllers:*:3000020: CHEZMOI\Schema Admins:*:3000007: CHEZMOI\Enterprise Admins:*:3000006: CHEZMOI\Group Policy Creator Owners:*:3000004: CHEZMOI\Read-Only Domain Controllers:*:3000021: CHEZMOI\DnsUpdateProxy:*:3000022: --------------------------------------------------------------- There is no 3000000 gid. And, a bit more embarrassing, if I use "ls -l" to resolv the gid to a name, winbind is crashing: --------------------------------------------------------------- # time ls -l /usr/local/samba/var/locks/sysvol total 8 drwxrws---+ 4 root 3000000 4096 Apr 14 01:40 chezmoi.priv real 0m33.483s # <---- 33 seconds ! user 0m0.012s sys 0m0.000s # wbinfo -u Error looking up domain users # wbinfo -g failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE Error looking up domain groups # wbinfo -i Guest failed to call wbcGetpwnam: WBC_ERR_WINBIND_NOT_AVAILABLE Could not get info for user Guest # wbinfo -p Ping to winbindd failed could not ping winbindd! --------------------------------------------------------------- I have to restart samba: --------------------------------------------------------------- # killall samba; sleep 2; samba # wbinfo -u Administrator Guest krbtgt test1 # wbinfo -g Enterprise Read-Only Domain Controllers Domain Admins Domain Users Domain Guests Domain Computers Domain Controllers Schema Admins Enterprise Admins Group Policy Creator Owners Read-Only Domain Controllers DnsUpdateProxy # wbinfo -p Ping to winbindd succeeded --------------------------------------------------------------- Have I made a mistake? Where is the problem? Thanks in advande. -- Fran?ois Lafont
Andrew Bartlett
2013-Apr-14 06:30 UTC
[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
On Sun, 2013-04-14 at 02:08 +0200, Fran?ois Lafont wrote:> Hi, > > I used Samba 4.0.5 in Wheezy. Here is that I have done:> But there is something curious with the /usr/local/samba/var/locks/sysvol/ directory: > > --------------------------------------------------------------- > # ls -n /usr/local/samba/var/locks/sysvol/ > total 8 > drwxrws---+ 4 0 3000000 4096 Apr 14 01:40 chezmoi.priv > --------------------------------------------------------------- > > Which group has the gid 3000000?The files are owned by the domain administrators group. Winbind doesn't know how to make up a 'user' record for that group yet.> --------------------------------------------------------------- > # wbinfo -g | tr '\n' '\0' | xargs -0 -n 1 wbinfo --group-info > CHEZMOI\Enterprise Read-Only Domain Controllers:*:3000018: > CHEZMOI\Domain Admins:*:3000008: > CHEZMOI\Domain Users:*:100: > CHEZMOI\Domain Guests:*:3000012: > CHEZMOI\Domain Computers:*:3000019: > CHEZMOI\Domain Controllers:*:3000020: > CHEZMOI\Schema Admins:*:3000007: > CHEZMOI\Enterprise Admins:*:3000006: > CHEZMOI\Group Policy Creator Owners:*:3000004: > CHEZMOI\Read-Only Domain Controllers:*:3000021: > CHEZMOI\DnsUpdateProxy:*:3000022: > --------------------------------------------------------------- > > There is no 3000000 gid. And, a bit more embarrassing, if I use "ls -l" to resolv the gid to a name, winbind is crashing:Can you please try to get a gdb backtrace, or better still run 'samba' under valgrind? We would very much like to fix that. You could also file these details in a bug, if we don't sort it out quickly. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
samba at nisx.de
2013-Apr-20 12:00 UTC
[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
Hi, same problem here on all running systems. I would like to help too to get the problem out of the way. Mit freundlichen Gr??en ? Thomas Nolte -- Nolte Infosysteme,? Im Sikfeld 8, 38304 Wolfenbuettel Tel 05331-946210, Fax 05331-946211, Handy 0170-5508198 Computer, Netzwerk, Kommunikation www.nisx.de -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Fran?ois Lafont Gesendet: Freitag, 19. April 2013 23:08 An: samba at lists.samba.org Betreff: Re: [Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol" Hi, I go back to this thread (the title is explicit) just to have news. I have seen in other threads that other people have similar problems. Should we consider this problem as a bug (in Samba 4.0.5) or is it a wrong installation from my part? In the first case, are information that I have given enough or should I provide other things? In the second case, I'm interesting by clues. Thanks. -- Fran?ois Lafont -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
samba at nisx.de
2013-Apr-24 10:51 UTC
[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
Hi there, I have done this: useradd -d /tmp -M -s /bin/false -u 3000000 -g 100 -o -l samba4-workaround0 and also for users from 3000001 up to 3000008. groupadd -g 516 -o samba4-workaround-group 516 and also for groups from 517 up to 561. Now all group and user ids are masked, which let winbind crashes: root at leela:~# ll /opt/samba/var/locks/sysvol insgesamt 4 drwxrws---+ 4 root samba4-workaround-group544 35 M?r 18 00:41 futurama.loc Regards ? Thomas Nolte -- Nolte Infosysteme,? Im Sikfeld 8, 38304 Wolfenbuettel Tel 05331-946210, Fax 05331-946211, Handy 0170-5508198 Computer, Netzwerk, Kommunikation www.nisx.de -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Fran?ois Lafont Gesendet: Dienstag, 23. April 2013 01:37 An: samba at lists.samba.org Cc: Andrew Bartlett Betreff: Re: [Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol" [Ooops, sorry Michael for my first message, I have made a mistake with the recipients] Hello, Le 22/04/2013 13:29, Michael Wood a ?crit :> Did winbind also crash when you ran it under valgrind?Yes, I think so. I have done 2 tests with "valgrind --leak-check=full samba -i M single > out 2>&1" and for the 2 tests I have the same problem: ------------------------------------------ ~# wbinfo -u Administrator Guest krbtgt test1 ~# time ls -l /usr/local/samba/var/locks/sysvol/ total 8 drwxrws---+ 4 root 3000000 4096 Apr 21 13:00 chezmoi.priv real 1m13.350s user 0m0.000s sys 0m0.068s ~# wbinfo -u Error looking up domain users ------------------------------------------> Perhaps you should attach the two logs directly to the bug instead of > just linking to them.Ok, it's done.> One of the Samba developers will have to let you know if the > information you have provided is enough.Ok, thanks for your help Michael. :) -- Fran?ois Lafont -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
samba at nisx.de
2013-Apr-24 10:57 UTC
[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
Hi again, sorry only this groups: 517,518,519,520,533,544,545,546,547,548,549,550,551,552,554,555,556,557,558,559,560,561 Mit freundlichen Gr??en ? Thomas Nolte -- Nolte Infosysteme,? Im Sikfeld 8, 38304 Wolfenbuettel Tel 05331-946210, Fax 05331-946211, Handy 0170-5508198 Computer, Netzwerk, Kommunikation www.nisx.de -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Thomas Nolte Gesendet: Mittwoch, 24. April 2013 12:52 An: samba at lists.samba.org Betreff: Re: [Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol" Hi there, I have done this: useradd -d /tmp -M -s /bin/false -u 3000000 -g 100 -o -l samba4-workaround0 and also for users from 3000001 up to 3000008. groupadd -g 516 -o samba4-workaround-group 516 and also for groups from 517 up to 561. Now all group and user ids are masked, which let winbind crashes: root at leela:~# ll /opt/samba/var/locks/sysvol insgesamt 4 drwxrws---+ 4 root samba4-workaround-group544 35 M?r 18 00:41 drwxrws---+ futurama.loc Regards ? Thomas Nolte -- Nolte Infosysteme,? Im Sikfeld 8, 38304 Wolfenbuettel Tel 05331-946210, Fax 05331-946211, Handy 0170-5508198 Computer, Netzwerk, Kommunikation www.nisx.de -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Fran?ois Lafont Gesendet: Dienstag, 23. April 2013 01:37 An: samba at lists.samba.org Cc: Andrew Bartlett Betreff: Re: [Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol" [Ooops, sorry Michael for my first message, I have made a mistake with the recipients] Hello, Le 22/04/2013 13:29, Michael Wood a ?crit :> Did winbind also crash when you ran it under valgrind?Yes, I think so. I have done 2 tests with "valgrind --leak-check=full samba -i M single > out 2>&1" and for the 2 tests I have the same problem: ------------------------------------------ ~# wbinfo -u Administrator Guest krbtgt test1 ~# time ls -l /usr/local/samba/var/locks/sysvol/ total 8 drwxrws---+ 4 root 3000000 4096 Apr 21 13:00 chezmoi.priv real 1m13.350s user 0m0.000s sys 0m0.068s ~# wbinfo -u Error looking up domain users ------------------------------------------> Perhaps you should attach the two logs directly to the bug instead of > just linking to them.Ok, it's done.> One of the Samba developers will have to let you know if the > information you have provided is enough.Ok, thanks for your help Michael. :) -- Fran?ois Lafont -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
samba at nisx.de
2013-Apr-24 12:03 UTC
[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
Hi, could you or anyone tell me how to do this? I have never used gdb. Mit freundlichen Gr??en ? Thomas Nolte -- Nolte Infosysteme,? Im Sikfeld 8, 38304 Wolfenbuettel Tel 05331-946210, Fax 05331-946211, Handy 0170-5508198 Computer, Netzwerk, Kommunikation www.nisx.de -----Urspr?ngliche Nachricht----- Von: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] Gesendet: Mittwoch, 24. April 2013 13:35 An: Thomas Nolte Betreff: Re: [Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol" On Wed, Apr 24, 2013 at 12:51:51PM +0200, samba at nisx.de wrote:> Hi there, > > I have done this: > useradd -d /tmp -M -s /bin/false -u 3000000 -g 100 -o -l > samba4-workaround0 and also for users from 3000001 up to 3000008. > > groupadd -g 516 -o samba4-workaround-group 516 and also for groups > from 517 up to 561. > > Now all group and user ids are masked, which let winbind crashes: > > root at leela:~# ll /opt/samba/var/locks/sysvol insgesamt 4 > drwxrws---+ 4 root samba4-workaround-group544 35 M?r 18 00:41 > drwxrws---+ futurama.locWenn da irgend ein Prozess stirbt, brauchen wir von diesem Prozess ein "bt full" backtrace von gdb. Viele Gr??e, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kontakt at sernet.de
philippe.simonet
2013-Apr-25 10:32 UTC
[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
Hi all, just as info, i can reproduce this crash with debian wheezy with 4.0.5, by just doing wbinfo --uid-info 3000000 and only when the nssswitch.conf have "compat winbind" i didn't have this crash with 4.0.4. best regards philippe -- View this message in context: http://samba.2283325.n4.nabble.com/samba4-crash-of-winbind-after-ls-l-usr-local-samba-var-locks-sysvol-tp4646715p4647257.html Sent from the Samba - General mailing list archive at Nabble.com.
samba at nisx.de
2013-Apr-26 17:47 UTC
[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
Hi, same problem here: root at leela:~# valgrind samba -i -M single > out 2>&1 root at leela:~# cat out ==4450== Memcheck, a memory error detector ==4450== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==4450== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==4450== Command: samba -i -M single ==4450== samba version 4.0.5 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /opt/samba/sbin/smbd: sh: Zeile 0: test: Zu viele Argumente. /opt/samba/sbin/smbd: sh: Zeile 0: test: Zu viele Argumente. ==4450== Invalid read of size 8 ==4450== at 0xA20F1A0: krb5_cc_store_cred (cache.c:684) ==4450== by 0xA22487A: krb5_get_credentials_with_flags (get_cred.c:1207) ==4450== by 0xA2248C5: krb5_get_credentials (get_cred.c:1220) ==4450== by 0x956E1B7: gsskrb5_get_creds (init_sec_context.c:246) ==4450== by 0x956E73D: init_auth (init_sec_context.c:455) ==4450== by 0x956F52F: _gsskrb5_init_sec_context (init_sec_context.c:942) ==4450== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== Address 0x26a8ac50 is 0 bytes inside a block of size 24 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0xA20F182: krb5_cc_close (cache.c:666) ==4450== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==4450== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==4450== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==4450== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid read of size 8 ==4450== at 0xA236D90: mcc_store_cred (mcache.c:239) ==4450== by 0xA20F1BB: krb5_cc_store_cred (cache.c:684) ==4450== by 0xA22487A: krb5_get_credentials_with_flags (get_cred.c:1207) ==4450== by 0xA2248C5: krb5_get_credentials (get_cred.c:1220) ==4450== by 0x956E1B7: gsskrb5_get_creds (init_sec_context.c:246) ==4450== by 0x956E73D: init_auth (init_sec_context.c:455) ==4450== by 0x956F52F: _gsskrb5_init_sec_context (init_sec_context.c:942) ==4450== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== Address 0x26a8ac60 is 16 bytes inside a block of size 24 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0xA20F182: krb5_cc_close (cache.c:666) ==4450== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==4450== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==4450== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==4450== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid read of size 4 ==4450== at 0xA236D9C: mcc_store_cred (mcache.c:243) ==4450== by 0xA20F1BB: krb5_cc_store_cred (cache.c:684) ==4450== by 0xA22487A: krb5_get_credentials_with_flags (get_cred.c:1207) ==4450== by 0xA2248C5: krb5_get_credentials (get_cred.c:1220) ==4450== by 0x956E1B7: gsskrb5_get_creds (init_sec_context.c:246) ==4450== by 0x956E73D: init_auth (init_sec_context.c:455) ==4450== by 0x956F52F: _gsskrb5_init_sec_context (init_sec_context.c:942) ==4450== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== Address 0x24f01e1c is 12 bytes inside a block of size 56 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0xA21DF11: krb5_data_free (data.c:66) ==4450== by 0xA236C3C: mcc_close (mcache.c:189) ==4450== by 0xA20F173: krb5_cc_close (cache.c:665) ==4450== by 0xA20F143: krb5_cc_destroy (cache.c:647) ==4450== by 0x5491FA6: free_mccache (credentials_krb5.c:127) ==4450== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== ==4450== Invalid read of size 8 ==4450== at 0xA20F2C6: krb5_cc_get_principal (cache.c:748) ==4450== by 0x956E3FA: do_delegation (init_sec_context.c:328) ==4450== by 0x956EA54: init_auth_restart (init_sec_context.c:571) ==4450== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==4450== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==4450== Address 0x26a8ac50 is 0 bytes inside a block of size 24 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0xA20F182: krb5_cc_close (cache.c:666) ==4450== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==4450== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==4450== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==4450== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid read of size 8 ==4450== at 0xA236F18: mcc_get_principal (mcache.c:270) ==4450== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) ==4450== by 0x956E3FA: do_delegation (init_sec_context.c:328) ==4450== by 0x956EA54: init_auth_restart (init_sec_context.c:571) ==4450== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==4450== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== Address 0x26a8ac60 is 16 bytes inside a block of size 24 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0xA20F182: krb5_cc_close (cache.c:666) ==4450== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==4450== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==4450== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==4450== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid read of size 4 ==4450== at 0xA236F24: mcc_get_principal (mcache.c:272) ==4450== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) ==4450== by 0x956E3FA: do_delegation (init_sec_context.c:328) ==4450== by 0x956EA54: init_auth_restart (init_sec_context.c:571) ==4450== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==4450== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== Address 0x24f01e1c is 12 bytes inside a block of size 56 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0xA21DF11: krb5_data_free (data.c:66) ==4450== by 0xA236C3C: mcc_close (mcache.c:189) ==4450== by 0xA20F173: krb5_cc_close (cache.c:665) ==4450== by 0xA20F143: krb5_cc_destroy (cache.c:647) ==4450== by 0x5491FA6: free_mccache (credentials_krb5.c:127) ==4450== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== ==4450== Invalid read of size 4 ==4450== at 0x956EB26: init_auth_restart (init_sec_context.c:606) ==4450== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==4450== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==4450== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==4450== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==4450== Address 0x25afc648 is 8 bytes inside a block of size 64 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0x957E5FA: _gsskrb5_release_cred (release_cred.c:73) ==4450== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==4450== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==4450== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== ==4450== Invalid write of size 4 ==4450== at 0x956EB59: init_auth_restart (init_sec_context.c:613) ==4450== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==4450== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==4450== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==4450== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==4450== Address 0x24d8ab5c is 108 bytes inside a block of size 224 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid read of size 8 ==4450== at 0xA20F2C6: krb5_cc_get_principal (cache.c:748) ==4450== by 0xA20FE05: build_conf_principals (cache.c:1226) ==4450== by 0xA21011A: krb5_cc_get_config (cache.c:1347) ==4450== by 0x956EC06: init_auth_restart (init_sec_context.c:628) ==4450== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==4450== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== Address 0x26a8ac50 is 0 bytes inside a block of size 24 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0xA20F182: krb5_cc_close (cache.c:666) ==4450== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==4450== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==4450== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==4450== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid read of size 8 ==4450== at 0xA236F18: mcc_get_principal (mcache.c:270) ==4450== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) ==4450== by 0xA20FE05: build_conf_principals (cache.c:1226) ==4450== by 0xA21011A: krb5_cc_get_config (cache.c:1347) ==4450== by 0x956EC06: init_auth_restart (init_sec_context.c:628) ==4450== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==4450== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== Address 0x26a8ac60 is 16 bytes inside a block of size 24 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0xA20F182: krb5_cc_close (cache.c:666) ==4450== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==4450== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==4450== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==4450== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid read of size 4 ==4450== at 0xA236F24: mcc_get_principal (mcache.c:272) ==4450== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) ==4450== by 0xA20FE05: build_conf_principals (cache.c:1226) ==4450== by 0xA21011A: krb5_cc_get_config (cache.c:1347) ==4450== by 0x956EC06: init_auth_restart (init_sec_context.c:628) ==4450== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==4450== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== Address 0x24f01e1c is 12 bytes inside a block of size 56 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0xA21DF11: krb5_data_free (data.c:66) ==4450== by 0xA236C3C: mcc_close (mcache.c:189) ==4450== by 0xA20F173: krb5_cc_close (cache.c:665) ==4450== by 0xA20F143: krb5_cc_destroy (cache.c:647) ==4450== by 0x5491FA6: free_mccache (credentials_krb5.c:127) ==4450== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== ==4450== Invalid write of size 8 ==4450== at 0x9587EE7: gss_init_sec_context (gss_init_sec_context.c:208) ==4450== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==4450== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==4450== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==4450== by 0xB8002CC: composite_done (composite.c:143) ==4450== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==4450== Address 0x24d8ab40 is 80 bytes inside a block of size 224 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid write of size 8 ==4450== at 0x613BB3E: gensec_gssapi_update (gensec_gssapi.c:478) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==4450== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==4450== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==4450== by 0xB8002CC: composite_done (composite.c:143) ==4450== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==4450== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==4450== Address 0x24d8ab78 is 136 bytes inside a block of size 224 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid read of size 4 ==4450== at 0x613BC67: gensec_gssapi_update (gensec_gssapi.c:516) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==4450== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==4450== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==4450== by 0xB8002CC: composite_done (composite.c:143) ==4450== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==4450== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==4450== Address 0x24d8abb8 is 200 bytes inside a block of size 224 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid write of size 4 ==4450== at 0x613BC71: gensec_gssapi_update (gensec_gssapi.c:516) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==4450== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==4450== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==4450== by 0xB8002CC: composite_done (composite.c:143) ==4450== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==4450== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==4450== Address 0x24d8abb8 is 200 bytes inside a block of size 224 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid read of size 4 ==4450== at 0x67A0033: talloc_chunk_from_ptr (talloc.c:349) ==4450== by 0x67A0368: __talloc (talloc.c:556) ==4450== by 0x67A074A: _talloc_named_const (talloc.c:676) ==4450== by 0x67A2F14: _talloc_memdup (talloc.c:1910) ==4450== by 0x635FED0: data_blob_talloc_named (data_blob.c:52) ==4450== by 0x613BF81: gensec_gssapi_update (gensec_gssapi.c:550) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==4450== Address 0x24c354a0 is 64 bytes inside a block of size 184 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid read of size 4 ==4450== at 0x67A004D: talloc_chunk_from_ptr (talloc.c:355) ==4450== by 0x67A0368: __talloc (talloc.c:556) ==4450== by 0x67A074A: _talloc_named_const (talloc.c:676) ==4450== by 0x67A2F14: _talloc_memdup (talloc.c:1910) ==4450== by 0x635FED0: data_blob_talloc_named (data_blob.c:52) ==4450== by 0x613BF81: gensec_gssapi_update (gensec_gssapi.c:550) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==4450== Address 0x24c354a0 is 64 bytes inside a block of size 184 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== ==4450== Invalid read of size 8 ==4450== at 0x67A005B: talloc_chunk_from_ptr (talloc.c:356) ==4450== by 0x67A0368: __talloc (talloc.c:556) ==4450== by 0x67A074A: _talloc_named_const (talloc.c:676) ==4450== by 0x67A2F14: _talloc_memdup (talloc.c:1910) ==4450== by 0x635FED0: data_blob_talloc_named (data_blob.c:52) ==4450== by 0x613BF81: gensec_gssapi_update (gensec_gssapi.c:550) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==4450== by 0x6133891: gensec_spnego_update (spnego.c:842) ==4450== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==4450== by 0x61354B5: gensec_update (gensec.c:220) ==4450== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==4450== Address 0x24c35490 is 48 bytes inside a block of size 184 free'd ==4450== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4450== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==4450== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==4450== talloc: access after free error - first free may be at ../source4/smbd/service_stream.c:82 Bad talloc magic value - access after free smb_panic(): calling panic action [/usr/bin/screen -d -m /etc/nolteinfosysteme/tsamba4restart.cron] smb_panic(): action returned status 0 PANIC: Bad talloc magic value - access after free ==4450== ==4450== HEAP SUMMARY: ==4450== in use at exit: 6,774,152 bytes in 59,826 blocks ==4450== total heap usage: 3,298,796 allocs, 3,238,970 frees, 483,059,421 bytes allocated ==4450== ==4450== LEAK SUMMARY: ==4450== definitely lost: 184 bytes in 3 blocks ==4450== indirectly lost: 2,222 bytes in 42 blocks ==4450== possibly lost: 135,341 bytes in 1,214 blocks ==4450== still reachable: 6,636,405 bytes in 58,567 blocks ==4450== suppressed: 0 bytes in 0 blocks ==4450== Rerun with --leak-check=full to see details of leaked memory ==4450== ==4450== For counts of detected and suppressed errors, rerun with: -v ==4450== ERROR SUMMARY: 18 errors from 18 contexts (suppressed: 2 from 2) Mit freundlichen Gr??en ? Thomas Nolte -- Nolte Infosysteme,? Im Sikfeld 8, 38304 Wolfenbuettel Tel 05331-946210, Fax 05331-946211, Handy 0170-5508198 Computer, Netzwerk, Kommunikation www.nisx.de -----Urspr?ngliche Nachricht----- [...] Can you try that again with: valgrind samba -i -M single > out 2>&1 [...]
samba at nisx.de
2013-Apr-27 12:50 UTC
[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
Hi, no problem but max --num-callers is 50. root at leela:~# valgrind --num-callers=64 samba -i -M single valgrind: Bad option: --num-callers=64 valgrind: '--num-callers' argument must be between 1 and 50 So this came when I execute ' getent group': root at leela:~# valgrind --num-callers=50 /opt/samba/sbin/samba -i -M single > out 2>&1 root at leela:~# cat out ==1970== Memcheck, a memory error detector ==1970== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==1970== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==1970== Command: /opt/samba/sbin/samba -i -M single ==1970== samba version 4.0.5 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /opt/samba/sbin/smbd: sh: Zeile 0: test: Zu viele Argumente. /opt/samba/sbin/smbd: sh: Zeile 0: test: Zu viele Argumente. ==1970== Invalid read of size 4 ==1970== at 0x198B294C: cmd_setgrent_recv_group_list (wb_cmd_setgrent.c:143) ==1970== by 0xB8002CC: composite_done (composite.c:143) ==1970== by 0x19AEE2C6: continue_groups_enumerated (libnet_group.c:682) ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==1970== by 0xE3D0F25: dcerpc_samr_EnumDomainGroups_r_done (ndr_samr_c.c:2462) ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==1970== by 0x897E0F0: dcerpc_binding_handle_call_done (binding_handle.c:492) ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==1970== by 0x897D5D8: dcerpc_binding_handle_raw_call_done (binding_handle.c:163) ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==1970== by 0x6592A22: tevent_req_trigger (tevent_req.c:166) ==1970== by 0x6591E37: tevent_common_loop_immediate (tevent_immediate.c:135) ==1970== by 0x6599A55: epoll_event_loop_once (tevent_epoll.c:912) ==1970== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==1970== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==1970== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==1970== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==1970== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==1970== by 0x40B590: binary_smbd_main (server.c:486) ==1970== by 0x40B5D6: main (server.c:497) ==1970== Address 0x2715de24 is 100 bytes inside a block of size 120 free'd ==1970== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1970== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==1970== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==1970== by 0x198B28C0: cmd_setgrent_recv_group_list (wb_cmd_setgrent.c:133) ==1970== by 0xB8002CC: composite_done (composite.c:143) ==1970== by 0x19AEE2C6: continue_groups_enumerated (libnet_group.c:682) ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==1970== by 0xE3D0F25: dcerpc_samr_EnumDomainGroups_r_done (ndr_samr_c.c:2462) ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==1970== by 0x897E0F0: dcerpc_binding_handle_call_done (binding_handle.c:492) ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==1970== by 0x897D5D8: dcerpc_binding_handle_raw_call_done (binding_handle.c:163) ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==1970== by 0x6592A22: tevent_req_trigger (tevent_req.c:166) ==1970== by 0x6591E37: tevent_common_loop_immediate (tevent_immediate.c:135) ==1970== by 0x6599A55: epoll_event_loop_once (tevent_epoll.c:912) ==1970== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==1970== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==1970== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==1970== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==1970== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==1970== by 0x40B590: binary_smbd_main (server.c:486) ==1970== by 0x40B5D6: main (server.c:497) ==1970== ==1970== ==1970== HEAP SUMMARY: ==1970== in use at exit: 7,731,815 bytes in 68,293 blocks ==1970== total heap usage: 4,137,801 allocs, 4,069,508 frees, 587,838,662 bytes allocated ==1970== ==1970== LEAK SUMMARY: ==1970== definitely lost: 0 bytes in 0 blocks ==1970== indirectly lost: 0 bytes in 0 blocks ==1970== possibly lost: 126,722 bytes in 1,160 blocks ==1970== still reachable: 7,605,093 bytes in 67,133 blocks ==1970== suppressed: 0 bytes in 0 blocks ==1970== Rerun with --leak-check=full to see details of leaked memory ==1970== ==1970== For counts of detected and suppressed errors, rerun with: -v ==1970== ERROR SUMMARY: 7 errors from 1 contexts (suppressed: 2 from 2) And this on ' ll /opt/samba/var/locks/sysvol/': root at leela:~# valgrind --num-callers=50 /opt/samba/sbin/samba -i -M single > out 2>&1 root at leela:~# cat out ==2165== Memcheck, a memory error detector ==2165== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==2165== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==2165== Command: /opt/samba/sbin/samba -i -M single ==2165== samba version 4.0.5 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /opt/samba/sbin/smbd: sh: Zeile 0: test: Zu viele Argumente. /opt/samba/sbin/smbd: sh: Zeile 0: test: Zu viele Argumente. ==2165== Invalid read of size 8 ==2165== at 0xA20F1A0: krb5_cc_store_cred (cache.c:684) ==2165== by 0xA22487A: krb5_get_credentials_with_flags (get_cred.c:1207) ==2165== by 0xA2248C5: krb5_get_credentials (get_cred.c:1220) ==2165== by 0x956E1B7: gsskrb5_get_creds (init_sec_context.c:246) ==2165== by 0x956E73D: init_auth (init_sec_context.c:455) ==2165== by 0x956F52F: _gsskrb5_init_sec_context (init_sec_context.c:942) ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x2572eb50 is 0 bytes inside a block of size 24 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) ==2165== ==2165== Invalid read of size 8 ==2165== at 0xA236D90: mcc_store_cred (mcache.c:239) ==2165== by 0xA20F1BB: krb5_cc_store_cred (cache.c:684) ==2165== by 0xA22487A: krb5_get_credentials_with_flags (get_cred.c:1207) ==2165== by 0xA2248C5: krb5_get_credentials (get_cred.c:1220) ==2165== by 0x956E1B7: gsskrb5_get_creds (init_sec_context.c:246) ==2165== by 0x956E73D: init_auth (init_sec_context.c:455) ==2165== by 0x956F52F: _gsskrb5_init_sec_context (init_sec_context.c:942) ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x2572eb60 is 16 bytes inside a block of size 24 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) ==2165== ==2165== Invalid read of size 4 ==2165== at 0xA236D9C: mcc_store_cred (mcache.c:243) ==2165== by 0xA20F1BB: krb5_cc_store_cred (cache.c:684) ==2165== by 0xA22487A: krb5_get_credentials_with_flags (get_cred.c:1207) ==2165== by 0xA2248C5: krb5_get_credentials (get_cred.c:1220) ==2165== by 0x956E1B7: gsskrb5_get_creds (init_sec_context.c:246) ==2165== by 0x956E73D: init_auth (init_sec_context.c:455) ==2165== by 0x956F52F: _gsskrb5_init_sec_context (init_sec_context.c:942) ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x1155902c is 12 bytes inside a block of size 56 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0xA21DF11: krb5_data_free (data.c:66) ==2165== by 0xA236C3C: mcc_close (mcache.c:189) ==2165== by 0xA20F173: krb5_cc_close (cache.c:665) ==2165== by 0xA20F143: krb5_cc_destroy (cache.c:647) ==2165== by 0x5491FA6: free_mccache (credentials_krb5.c:127) ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== ==2165== Invalid read of size 8 ==2165== at 0xA20F2C6: krb5_cc_get_principal (cache.c:748) ==2165== by 0x956E3FA: do_delegation (init_sec_context.c:328) ==2165== by 0x956EA54: init_auth_restart (init_sec_context.c:571) ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x2572eb50 is 0 bytes inside a block of size 24 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) ==2165== ==2165== Invalid read of size 8 ==2165== at 0xA236F18: mcc_get_principal (mcache.c:270) ==2165== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) ==2165== by 0x956E3FA: do_delegation (init_sec_context.c:328) ==2165== by 0x956EA54: init_auth_restart (init_sec_context.c:571) ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x2572eb60 is 16 bytes inside a block of size 24 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) ==2165== ==2165== Invalid read of size 4 ==2165== at 0xA236F24: mcc_get_principal (mcache.c:272) ==2165== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) ==2165== by 0x956E3FA: do_delegation (init_sec_context.c:328) ==2165== by 0x956EA54: init_auth_restart (init_sec_context.c:571) ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x1155902c is 12 bytes inside a block of size 56 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0xA21DF11: krb5_data_free (data.c:66) ==2165== by 0xA236C3C: mcc_close (mcache.c:189) ==2165== by 0xA20F173: krb5_cc_close (cache.c:665) ==2165== by 0xA20F143: krb5_cc_destroy (cache.c:647) ==2165== by 0x5491FA6: free_mccache (credentials_krb5.c:127) ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== ==2165== Invalid read of size 4 ==2165== at 0x956EB26: init_auth_restart (init_sec_context.c:606) ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x255d1718 is 8 bytes inside a block of size 64 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0x957E5FA: _gsskrb5_release_cred (release_cred.c:73) ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== ==2165== Invalid write of size 4 ==2165== at 0x956EB59: init_auth_restart (init_sec_context.c:613) ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x114d63ac is 108 bytes inside a block of size 224 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== ==2165== Invalid read of size 8 ==2165== at 0xA20F2C6: krb5_cc_get_principal (cache.c:748) ==2165== by 0xA20FE05: build_conf_principals (cache.c:1226) ==2165== by 0xA21011A: krb5_cc_get_config (cache.c:1347) ==2165== by 0x956EC06: init_auth_restart (init_sec_context.c:628) ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x2572eb50 is 0 bytes inside a block of size 24 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) ==2165== ==2165== Invalid read of size 8 ==2165== at 0xA236F18: mcc_get_principal (mcache.c:270) ==2165== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) ==2165== by 0xA20FE05: build_conf_principals (cache.c:1226) ==2165== by 0xA21011A: krb5_cc_get_config (cache.c:1347) ==2165== by 0x956EC06: init_auth_restart (init_sec_context.c:628) ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x2572eb60 is 16 bytes inside a block of size 24 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) ==2165== ==2165== Invalid read of size 4 ==2165== at 0xA236F24: mcc_get_principal (mcache.c:272) ==2165== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) ==2165== by 0xA20FE05: build_conf_principals (cache.c:1226) ==2165== by 0xA21011A: krb5_cc_get_config (cache.c:1347) ==2165== by 0x956EC06: init_auth_restart (init_sec_context.c:628) ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x1155902c is 12 bytes inside a block of size 56 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0xA21DF11: krb5_data_free (data.c:66) ==2165== by 0xA236C3C: mcc_close (mcache.c:189) ==2165== by 0xA20F173: krb5_cc_close (cache.c:665) ==2165== by 0xA20F143: krb5_cc_destroy (cache.c:647) ==2165== by 0x5491FA6: free_mccache (credentials_krb5.c:127) ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== ==2165== Invalid write of size 8 ==2165== at 0x9587EE7: gss_init_sec_context (gss_init_sec_context.c:208) ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x114d6390 is 80 bytes inside a block of size 224 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== ==2165== Invalid write of size 8 ==2165== at 0x613BB3E: gensec_gssapi_update (gensec_gssapi.c:478) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x114d63c8 is 136 bytes inside a block of size 224 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== ==2165== Invalid read of size 4 ==2165== at 0x613BC67: gensec_gssapi_update (gensec_gssapi.c:516) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x114d6408 is 200 bytes inside a block of size 224 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== ==2165== Invalid write of size 4 ==2165== at 0x613BC71: gensec_gssapi_update (gensec_gssapi.c:516) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x114d6408 is 200 bytes inside a block of size 224 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== ==2165== Invalid read of size 4 ==2165== at 0x67A0033: talloc_chunk_from_ptr (talloc.c:349) ==2165== by 0x67A0368: __talloc (talloc.c:556) ==2165== by 0x67A074A: _talloc_named_const (talloc.c:676) ==2165== by 0x67A2F14: _talloc_memdup (talloc.c:1910) ==2165== by 0x635FED0: data_blob_talloc_named (data_blob.c:52) ==2165== by 0x613BF81: gensec_gssapi_update (gensec_gssapi.c:550) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x25f07950 is 64 bytes inside a block of size 184 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) ==2165== ==2165== Invalid read of size 4 ==2165== at 0x67A004D: talloc_chunk_from_ptr (talloc.c:355) ==2165== by 0x67A0368: __talloc (talloc.c:556) ==2165== by 0x67A074A: _talloc_named_const (talloc.c:676) ==2165== by 0x67A2F14: _talloc_memdup (talloc.c:1910) ==2165== by 0x635FED0: data_blob_talloc_named (data_blob.c:52) ==2165== by 0x613BF81: gensec_gssapi_update (gensec_gssapi.c:550) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x25f07950 is 64 bytes inside a block of size 184 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) ==2165== ==2165== Invalid read of size 8 ==2165== at 0x67A005B: talloc_chunk_from_ptr (talloc.c:356) ==2165== by 0x67A0368: __talloc (talloc.c:556) ==2165== by 0x67A074A: _talloc_named_const (talloc.c:676) ==2165== by 0x67A2F14: _talloc_memdup (talloc.c:1910) ==2165== by 0x635FED0: data_blob_talloc_named (data_blob.c:52) ==2165== by 0x613BF81: gensec_gssapi_update (gensec_gssapi.c:550) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) ==2165== by 0x61354B5: gensec_update (gensec.c:220) ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) ==2165== by 0xB8002CC: composite_done (composite.c:143) ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) ==2165== by 0x40B590: binary_smbd_main (server.c:486) ==2165== by 0x40B5D6: main (server.c:497) ==2165== Address 0x25f07940 is 48 bytes inside a block of size 184 free'd ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) ==2165== talloc: access after free error - first free may be at ../source4/smbd/service_stream.c:82 Bad talloc magic value - access after free smb_panic(): calling panic action [/usr/bin/screen -d -m /etc/nolteinfosysteme/tsamba4restart.cron] smb_panic(): action returned status 0 PANIC: Bad talloc magic value - access after free ==2165== ==2165== HEAP SUMMARY: ==2165== in use at exit: 4,753,311 bytes in 40,174 blocks ==2165== total heap usage: 808,049 allocs, 767,875 frees, 129,676,034 bytes allocated ==2165== ==2165== LEAK SUMMARY: ==2165== definitely lost: 76 bytes in 2 blocks ==2165== indirectly lost: 2,222 bytes in 42 blocks ==2165== possibly lost: 135,341 bytes in 1,214 blocks ==2165== still reachable: 4,615,672 bytes in 38,916 blocks ==2165== suppressed: 0 bytes in 0 blocks ==2165== Rerun with --leak-check=full to see details of leaked memory ==2165== ==2165== For counts of detected and suppressed errors, rerun with: -v ==2165== ERROR SUMMARY: 18 errors from 18 contexts (suppressed: 2 from 2) Mit freundlichen Gr??en ? Thomas Nolte -- Nolte Infosysteme,? Im Sikfeld 8, 38304 Wolfenbuettel Tel 05331-946210, Fax 05331-946211, Handy 0170-5508198 Computer, Netzwerk, Kommunikation www.nisx.de -----Urspr?ngliche Nachricht----- Von: Andrew Bartlett [mailto:abartlet at samba.org] Gesendet: Freitag, 26. April 2013 23:59 An: Thomas Nolte Cc: samba at lists.samba.org Betreff: Re: AW: [Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol" On Fri, 2013-04-26 at 19:47 +0200, samba at nisx.de wrote:> Hi, > > same problem here:We need to know where that free is coming from, can you add --num-callers=64? eg valgrind --num-callers=64 samba -i -M single > out 2>&1 [...] -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
Andrew Bartlett
2013-Apr-28 09:27 UTC
[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
On Sat, 2013-04-27 at 14:50 +0200, samba at nisx.de wrote:> Hi, > > no problem but max --num-callers is 50.Thanks, this gives me enough detail. It won't be trivial to fix (we have been plagued by some similar issues for some time), but at least it is now clear what is going on.> root at leela:~# valgrind --num-callers=64 samba -i -M single > valgrind: Bad option: --num-callers=64 > valgrind: '--num-callers' argument must be between 1 and 50 > > So this came when I execute ' getent group': > > root at leela:~# valgrind --num-callers=50 /opt/samba/sbin/samba -i -M single > out 2>&1 > root at leela:~# cat out > ==1970== Memcheck, a memory error detector > ==1970== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. > ==1970== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info > ==1970== Command: /opt/samba/sbin/samba -i -M single > ==1970== > samba version 4.0.5 started. > Copyright Andrew Tridgell and the Samba Team 1992-2012 > samba: using 'single' process model > /opt/samba/sbin/smbd: sh: Zeile 0: test: Zu viele Argumente. > /opt/samba/sbin/smbd: sh: Zeile 0: test: Zu viele Argumente. > ==1970== Invalid read of size 4 > ==1970== at 0x198B294C: cmd_setgrent_recv_group_list (wb_cmd_setgrent.c:143) > ==1970== by 0xB8002CC: composite_done (composite.c:143) > ==1970== by 0x19AEE2C6: continue_groups_enumerated (libnet_group.c:682) > ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==1970== by 0xE3D0F25: dcerpc_samr_EnumDomainGroups_r_done (ndr_samr_c.c:2462) > ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==1970== by 0x897E0F0: dcerpc_binding_handle_call_done (binding_handle.c:492) > ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==1970== by 0x897D5D8: dcerpc_binding_handle_raw_call_done (binding_handle.c:163) > ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==1970== by 0x6592A22: tevent_req_trigger (tevent_req.c:166) > ==1970== by 0x6591E37: tevent_common_loop_immediate (tevent_immediate.c:135) > ==1970== by 0x6599A55: epoll_event_loop_once (tevent_epoll.c:912) > ==1970== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==1970== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==1970== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==1970== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==1970== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==1970== by 0x40B590: binary_smbd_main (server.c:486) > ==1970== by 0x40B5D6: main (server.c:497) > ==1970== Address 0x2715de24 is 100 bytes inside a block of size 120 free'd > ==1970== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==1970== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) > ==1970== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==1970== by 0x198B28C0: cmd_setgrent_recv_group_list (wb_cmd_setgrent.c:133) > ==1970== by 0xB8002CC: composite_done (composite.c:143) > ==1970== by 0x19AEE2C6: continue_groups_enumerated (libnet_group.c:682) > ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==1970== by 0xE3D0F25: dcerpc_samr_EnumDomainGroups_r_done (ndr_samr_c.c:2462) > ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==1970== by 0x897E0F0: dcerpc_binding_handle_call_done (binding_handle.c:492) > ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==1970== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==1970== by 0x897D5D8: dcerpc_binding_handle_raw_call_done (binding_handle.c:163) > ==1970== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==1970== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==1970== by 0x6592A22: tevent_req_trigger (tevent_req.c:166) > ==1970== by 0x6591E37: tevent_common_loop_immediate (tevent_immediate.c:135) > ==1970== by 0x6599A55: epoll_event_loop_once (tevent_epoll.c:912) > ==1970== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==1970== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==1970== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==1970== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==1970== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==1970== by 0x40B590: binary_smbd_main (server.c:486) > ==1970== by 0x40B5D6: main (server.c:497) > ==1970== > ==1970== > ==1970== HEAP SUMMARY: > ==1970== in use at exit: 7,731,815 bytes in 68,293 blocks > ==1970== total heap usage: 4,137,801 allocs, 4,069,508 frees, 587,838,662 bytes allocated > ==1970== > ==1970== LEAK SUMMARY: > ==1970== definitely lost: 0 bytes in 0 blocks > ==1970== indirectly lost: 0 bytes in 0 blocks > ==1970== possibly lost: 126,722 bytes in 1,160 blocks > ==1970== still reachable: 7,605,093 bytes in 67,133 blocks > ==1970== suppressed: 0 bytes in 0 blocks > ==1970== Rerun with --leak-check=full to see details of leaked memory > ==1970== > ==1970== For counts of detected and suppressed errors, rerun with: -v > ==1970== ERROR SUMMARY: 7 errors from 1 contexts (suppressed: 2 from 2) > > And this on ' ll /opt/samba/var/locks/sysvol/': > > root at leela:~# valgrind --num-callers=50 /opt/samba/sbin/samba -i -M single > out 2>&1 > root at leela:~# cat out > ==2165== Memcheck, a memory error detector > ==2165== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. > ==2165== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info > ==2165== Command: /opt/samba/sbin/samba -i -M single > ==2165== > samba version 4.0.5 started. > Copyright Andrew Tridgell and the Samba Team 1992-2012 > samba: using 'single' process model > /opt/samba/sbin/smbd: sh: Zeile 0: test: Zu viele Argumente. > /opt/samba/sbin/smbd: sh: Zeile 0: test: Zu viele Argumente. > ==2165== Invalid read of size 8 > ==2165== at 0xA20F1A0: krb5_cc_store_cred (cache.c:684) > ==2165== by 0xA22487A: krb5_get_credentials_with_flags (get_cred.c:1207) > ==2165== by 0xA2248C5: krb5_get_credentials (get_cred.c:1220) > ==2165== by 0x956E1B7: gsskrb5_get_creds (init_sec_context.c:246) > ==2165== by 0x956E73D: init_auth (init_sec_context.c:455) > ==2165== by 0x956F52F: _gsskrb5_init_sec_context (init_sec_context.c:942) > ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x2572eb50 is 0 bytes inside a block of size 24 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) > ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) > ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) > ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) > ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) > ==2165== > ==2165== Invalid read of size 8 > ==2165== at 0xA236D90: mcc_store_cred (mcache.c:239) > ==2165== by 0xA20F1BB: krb5_cc_store_cred (cache.c:684) > ==2165== by 0xA22487A: krb5_get_credentials_with_flags (get_cred.c:1207) > ==2165== by 0xA2248C5: krb5_get_credentials (get_cred.c:1220) > ==2165== by 0x956E1B7: gsskrb5_get_creds (init_sec_context.c:246) > ==2165== by 0x956E73D: init_auth (init_sec_context.c:455) > ==2165== by 0x956F52F: _gsskrb5_init_sec_context (init_sec_context.c:942) > ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x2572eb60 is 16 bytes inside a block of size 24 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) > ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) > ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) > ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) > ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) > ==2165== > ==2165== Invalid read of size 4 > ==2165== at 0xA236D9C: mcc_store_cred (mcache.c:243) > ==2165== by 0xA20F1BB: krb5_cc_store_cred (cache.c:684) > ==2165== by 0xA22487A: krb5_get_credentials_with_flags (get_cred.c:1207) > ==2165== by 0xA2248C5: krb5_get_credentials (get_cred.c:1220) > ==2165== by 0x956E1B7: gsskrb5_get_creds (init_sec_context.c:246) > ==2165== by 0x956E73D: init_auth (init_sec_context.c:455) > ==2165== by 0x956F52F: _gsskrb5_init_sec_context (init_sec_context.c:942) > ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x1155902c is 12 bytes inside a block of size 56 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0xA21DF11: krb5_data_free (data.c:66) > ==2165== by 0xA236C3C: mcc_close (mcache.c:189) > ==2165== by 0xA20F173: krb5_cc_close (cache.c:665) > ==2165== by 0xA20F143: krb5_cc_destroy (cache.c:647) > ==2165== by 0x5491FA6: free_mccache (credentials_krb5.c:127) > ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== > ==2165== Invalid read of size 8 > ==2165== at 0xA20F2C6: krb5_cc_get_principal (cache.c:748) > ==2165== by 0x956E3FA: do_delegation (init_sec_context.c:328) > ==2165== by 0x956EA54: init_auth_restart (init_sec_context.c:571) > ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) > ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x2572eb50 is 0 bytes inside a block of size 24 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) > ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) > ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) > ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) > ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) > ==2165== > ==2165== Invalid read of size 8 > ==2165== at 0xA236F18: mcc_get_principal (mcache.c:270) > ==2165== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) > ==2165== by 0x956E3FA: do_delegation (init_sec_context.c:328) > ==2165== by 0x956EA54: init_auth_restart (init_sec_context.c:571) > ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) > ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x2572eb60 is 16 bytes inside a block of size 24 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) > ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) > ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) > ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) > ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) > ==2165== > ==2165== Invalid read of size 4 > ==2165== at 0xA236F24: mcc_get_principal (mcache.c:272) > ==2165== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) > ==2165== by 0x956E3FA: do_delegation (init_sec_context.c:328) > ==2165== by 0x956EA54: init_auth_restart (init_sec_context.c:571) > ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) > ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x1155902c is 12 bytes inside a block of size 56 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0xA21DF11: krb5_data_free (data.c:66) > ==2165== by 0xA236C3C: mcc_close (mcache.c:189) > ==2165== by 0xA20F173: krb5_cc_close (cache.c:665) > ==2165== by 0xA20F143: krb5_cc_destroy (cache.c:647) > ==2165== by 0x5491FA6: free_mccache (credentials_krb5.c:127) > ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== > ==2165== Invalid read of size 4 > ==2165== at 0x956EB26: init_auth_restart (init_sec_context.c:606) > ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) > ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x255d1718 is 8 bytes inside a block of size 64 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0x957E5FA: _gsskrb5_release_cred (release_cred.c:73) > ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) > ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) > ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== > ==2165== Invalid write of size 4 > ==2165== at 0x956EB59: init_auth_restart (init_sec_context.c:613) > ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) > ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x114d63ac is 108 bytes inside a block of size 224 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== > ==2165== Invalid read of size 8 > ==2165== at 0xA20F2C6: krb5_cc_get_principal (cache.c:748) > ==2165== by 0xA20FE05: build_conf_principals (cache.c:1226) > ==2165== by 0xA21011A: krb5_cc_get_config (cache.c:1347) > ==2165== by 0x956EC06: init_auth_restart (init_sec_context.c:628) > ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) > ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x2572eb50 is 0 bytes inside a block of size 24 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) > ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) > ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) > ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) > ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) > ==2165== > ==2165== Invalid read of size 8 > ==2165== at 0xA236F18: mcc_get_principal (mcache.c:270) > ==2165== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) > ==2165== by 0xA20FE05: build_conf_principals (cache.c:1226) > ==2165== by 0xA21011A: krb5_cc_get_config (cache.c:1347) > ==2165== by 0x956EC06: init_auth_restart (init_sec_context.c:628) > ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) > ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x2572eb60 is 16 bytes inside a block of size 24 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0xA20F182: krb5_cc_close (cache.c:666) > ==2165== by 0x957E52E: _gsskrb5_release_cred (release_cred.c:65) > ==2165== by 0x9586895: gss_release_cred (gss_release_cred.c:65) > ==2165== by 0x5492B63: free_gssapi_creds (credentials_krb5.c:443) > ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) > ==2165== > ==2165== Invalid read of size 4 > ==2165== at 0xA236F24: mcc_get_principal (mcache.c:272) > ==2165== by 0xA20F2E1: krb5_cc_get_principal (cache.c:748) > ==2165== by 0xA20FE05: build_conf_principals (cache.c:1226) > ==2165== by 0xA21011A: krb5_cc_get_config (cache.c:1347) > ==2165== by 0x956EC06: init_auth_restart (init_sec_context.c:628) > ==2165== by 0x956F588: _gsskrb5_init_sec_context (init_sec_context.c:959) > ==2165== by 0x9587E86: gss_init_sec_context (gss_init_sec_context.c:187) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x1155902c is 12 bytes inside a block of size 56 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0xA21DF11: krb5_data_free (data.c:66) > ==2165== by 0xA236C3C: mcc_close (mcache.c:189) > ==2165== by 0xA20F173: krb5_cc_close (cache.c:665) > ==2165== by 0xA20F143: krb5_cc_destroy (cache.c:647) > ==2165== by 0x5491FA6: free_mccache (credentials_krb5.c:127) > ==2165== by 0x67A0BA8: _talloc_free_internal (talloc.c:831) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== > ==2165== Invalid write of size 8 > ==2165== at 0x9587EE7: gss_init_sec_context (gss_init_sec_context.c:208) > ==2165== by 0x613BB29: gensec_gssapi_update (gensec_gssapi.c:464) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x114d6390 is 80 bytes inside a block of size 224 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== > ==2165== Invalid write of size 8 > ==2165== at 0x613BB3E: gensec_gssapi_update (gensec_gssapi.c:478) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x114d63c8 is 136 bytes inside a block of size 224 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== > ==2165== Invalid read of size 4 > ==2165== at 0x613BC67: gensec_gssapi_update (gensec_gssapi.c:516) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x114d6408 is 200 bytes inside a block of size 224 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== > ==2165== Invalid write of size 4 > ==2165== at 0x613BC71: gensec_gssapi_update (gensec_gssapi.c:516) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x114d6408 is 200 bytes inside a block of size 224 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== > ==2165== Invalid read of size 4 > ==2165== at 0x67A0033: talloc_chunk_from_ptr (talloc.c:349) > ==2165== by 0x67A0368: __talloc (talloc.c:556) > ==2165== by 0x67A074A: _talloc_named_const (talloc.c:676) > ==2165== by 0x67A2F14: _talloc_memdup (talloc.c:1910) > ==2165== by 0x635FED0: data_blob_talloc_named (data_blob.c:52) > ==2165== by 0x613BF81: gensec_gssapi_update (gensec_gssapi.c:550) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x25f07950 is 64 bytes inside a block of size 184 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) > ==2165== > ==2165== Invalid read of size 4 > ==2165== at 0x67A004D: talloc_chunk_from_ptr (talloc.c:355) > ==2165== by 0x67A0368: __talloc (talloc.c:556) > ==2165== by 0x67A074A: _talloc_named_const (talloc.c:676) > ==2165== by 0x67A2F14: _talloc_memdup (talloc.c:1910) > ==2165== by 0x635FED0: data_blob_talloc_named (data_blob.c:52) > ==2165== by 0x613BF81: gensec_gssapi_update (gensec_gssapi.c:550) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x25f07950 is 64 bytes inside a block of size 184 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) > ==2165== > ==2165== Invalid read of size 8 > ==2165== at 0x67A005B: talloc_chunk_from_ptr (talloc.c:356) > ==2165== by 0x67A0368: __talloc (talloc.c:556) > ==2165== by 0x67A074A: _talloc_named_const (talloc.c:676) > ==2165== by 0x67A2F14: _talloc_memdup (talloc.c:1910) > ==2165== by 0x635FED0: data_blob_talloc_named (data_blob.c:52) > ==2165== by 0x613BF81: gensec_gssapi_update (gensec_gssapi.c:550) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x6132E90: gensec_spnego_create_negTokenInit (spnego.c:644) > ==2165== by 0x6133891: gensec_spnego_update (spnego.c:842) > ==2165== by 0x6134DB1: gensec_spnego_update_wrapper (spnego.c:1311) > ==2165== by 0x61354B5: gensec_update (gensec.c:220) > ==2165== by 0x76F715E: dcerpc_bind_auth_send (dcerpc_auth.c:372) > ==2165== by 0x76F9AF5: dcerpc_pipe_auth_send (dcerpc_util.c:621) > ==2165== by 0x770022E: dcerpc_secondary_auth_connection_bind (dcerpc_secondary.c:299) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FFF87: continue_pipe_open (dcerpc_secondary.c:191) > ==2165== by 0x76FFE10: continue_open_smb (dcerpc_secondary.c:140) > ==2165== by 0xB8002CC: composite_done (composite.c:143) > ==2165== by 0x76FB3E0: pipe_open_recv (dcerpc_smb.c:571) > ==2165== by 0xD079F6E: smbcli_request_done (clitransport.c:449) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0xD2BDCAA: smb1cli_conn_dispatch_incoming (smbXcli_base.c:2021) > ==2165== by 0xD2BC774: smbXcli_conn_received (smbXcli_base.c:1581) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0C60: read_smb_done (read_smb.c:98) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x659292B: _tevent_req_done (tevent_req.c:116) > ==2165== by 0x103A0651: read_packet_handler (async_sock.c:639) > ==2165== by 0x65994F1: epoll_event_loop (tevent_epoll.c:736) > ==2165== by 0x6599B05: epoll_event_loop_once (tevent_epoll.c:931) > ==2165== by 0x659688A: std_event_loop_once (tevent_standard.c:112) > ==2165== by 0x6590F4E: _tevent_loop_once (tevent.c:530) > ==2165== by 0x65911AE: tevent_common_loop_wait (tevent.c:634) > ==2165== by 0x659692C: std_event_loop_wait (tevent_standard.c:138) > ==2165== by 0x6591279: _tevent_loop_wait (tevent.c:653) > ==2165== by 0x40B590: binary_smbd_main (server.c:486) > ==2165== by 0x40B5D6: main (server.c:497) > ==2165== Address 0x25f07940 is 48 bytes inside a block of size 184 free'd > ==2165== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2165== by 0x67A0E9A: _talloc_free_internal (talloc.c:878) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1BFF: _talloc_free_children_internal (talloc.c:1256) > ==2165== by 0x67A0D4B: _talloc_free_internal (talloc.c:851) > ==2165== by 0x67A1FF8: _talloc_free (talloc.c:1371) > ==2165== by 0x5D21E58: stream_terminate_connection (service_stream.c:82) > ==2165== by 0x1989FD31: wbsrv_terminate_connection (wb_server.c:34) > ==2165== by 0x1989FE46: wbsrv_call_loop (wb_server.c:66) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB1ECEDC: _tevent_req_nterror (tevent_ntstatus.c:46) > ==2165== by 0x5D2391F: tstream_read_pdu_blob_done (tstream.c:110) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB806512: tstream_readv_done (tsocket.c:598) > ==2165== by 0x65928D2: _tevent_req_notify_callback (tevent_req.c:101) > ==2165== by 0x6592904: tevent_req_finish (tevent_req.c:110) > ==2165== by 0x6592970: _tevent_req_error (tevent_req.c:128) > ==2165== by 0xB80A704: tstream_bsd_readv_handler (tsocket_bsd.c:1749) > ==2165== by 0xB809F8D: tstream_bsd_fde_handler (tsocket_bsd.c:1513) > ==2165== > talloc: access after free error - first free may be at ../source4/smbd/service_stream.c:82 > Bad talloc magic value - access after free > smb_panic(): calling panic action [/usr/bin/screen -d -m /etc/nolteinfosysteme/tsamba4restart.cron] > smb_panic(): action returned status 0 > PANIC: Bad talloc magic value - access after free > ==2165== > ==2165== HEAP SUMMARY: > ==2165== in use at exit: 4,753,311 bytes in 40,174 blocks > ==2165== total heap usage: 808,049 allocs, 767,875 frees, 129,676,034 bytes allocated > ==2165== > ==2165== LEAK SUMMARY: > ==2165== definitely lost: 76 bytes in 2 blocks > ==2165== indirectly lost: 2,222 bytes in 42 blocks > ==2165== possibly lost: 135,341 bytes in 1,214 blocks > ==2165== still reachable: 4,615,672 bytes in 38,916 blocks > ==2165== suppressed: 0 bytes in 0 blocks > ==2165== Rerun with --leak-check=full to see details of leaked memory > ==2165== > ==2165== For counts of detected and suppressed errors, rerun with: -v > ==2165== ERROR SUMMARY: 18 errors from 18 contexts (suppressed: 2 from 2) > > Mit freundlichen Gr??en > Thomas Nolte > -- > Nolte Infosysteme, Im Sikfeld 8, 38304 Wolfenbuettel > Tel 05331-946210, Fax 05331-946211, Handy 0170-5508198 > > Computer, Netzwerk, Kommunikation www.nisx.de > > -----Urspr?ngliche Nachricht----- > Von: Andrew Bartlett [mailto:abartlet at samba.org] > Gesendet: Freitag, 26. April 2013 23:59 > An: Thomas Nolte > Cc: samba at lists.samba.org > Betreff: Re: AW: [Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol" > > On Fri, 2013-04-26 at 19:47 +0200, samba at nisx.de wrote: > > Hi, > > > > same problem here: > > We need to know where that free is coming from, can you add --num-callers=64? > > eg > > valgrind --num-callers=64 samba -i -M single > out 2>&1 > > [...] >-- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
Philippe.Simonet at swisscom.com
2013-Apr-29 08:56 UTC
[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
Hi all, just as info, i also have the same crash with debian wheezy and samba 4.0.5, by just doing wbinfo --uid-info 3000000 and also only when the nssswitch.conf have "compat winbind" but i didn't have this crash with 4.0.4, in this case NO problem. best regards philippe
Seemingly Similar Threads
- Samba 4.9.3 and the "10 hour problem"
- Segmentation Fault when trying to set root samba password, IPA as a backend
- Segmentation Fault when trying to set root samba password, IPA as a backend
- Help with Possible Bug in Samba 4.1.5 on Connection Close
- Bug on PAM_Winbind ?