[2(1)/95 at 9s] samba3.rpc.lsa.lookupsids(ad_dc) ================================================================= ==11696==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d0008b5f20 at pc 0x7fc103909695 bp 0x7fff109547c0 sp 0x7fff109547b8 READ of size 1 at 0x60d0008b5f20 thread T0 #0 0x7fc103909694 in strlen_m_ext_handle ../lib/util/charset/util_str.c:226 #1 0x7fc10390988d in strlen_m_ext ../lib/util/charset/util_str.c:290 #2 0x7fc1039098e3 in strlen_m ../lib/util/charset/util_str.c:327 #3 0x7fc0fca617f0 in ndr_push_lsa_String default/librpc/gen_ndr/ndr_lsa.c:13 #4 0x7fc0fca885c2 in ndr_push_lsa_TranslatedName default/librpc/gen_ndr/ndr_lsa.c:2478 #5 0x7fc0fca982f4 in ndr_push_lsa_TransNameArray default/librpc/gen_ndr/ndr_lsa.c:2529 #6 0x7fc0fca98666 in ndr_push_lsa_LookupSids default/librpc/gen_ndr/ndr_lsa.c:7302 #7 0x7fc0f028d4d6 in lsarpc__op_ndr_push default/librpc/gen_ndr/ndr_lsa_s.c:2074 #8 0x7fc0f01ad4d2 in dcesrv_reply ../source4/rpc_server/common/reply.c:183 #9 0x7fc0f027bccc in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1890 #10 0x7fc0f027bccc in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196 #11 0x7fc0f027bccc in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774 #12 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #13 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #14 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #15 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835 #16 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #17 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #18 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #19 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245 #20 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319 #21 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #22 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #23 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #24 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604 #25 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #26 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #27 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219 #28 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135 #29 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911 #30 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114 #31 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725 #32 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848 #33 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145 #34 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867 #35 0x563dc39b86ee in binary_smbd_main ../source4/smbd/server.c:700 #36 0x563dc39b93cd in main ../source4/smbd/server.c:713 #37 0x7fc101ca22e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0) #38 0x563dc39b6499 in _start (/data/samba/git/samba8/bin/default/source4/smbd/samba+0x7499) 0x60d0008b5f20 is located 96 bytes inside of 142-byte region [0x60d0008b5ec0,0x60d0008b5f4e) freed by thread T0 here: #0 0x7fc10561aa10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10) #1 0x7fc10349d56a in _tc_free_internal ../lib/talloc/talloc.c:1201 #2 0x7fc10349d11a in _tc_free_children_internal ../lib/talloc/talloc.c:1646 #3 0x7fc10349d11a in _tc_free_internal ../lib/talloc/talloc.c:1163 #4 0x7fc10348db70 in _tc_free_children_internal ../lib/talloc/talloc.c:1646 #5 0x7fc10348db70 in _tc_free_internal ../lib/talloc/talloc.c:1163 #6 0x7fc10348db70 in _talloc_free_internal ../lib/talloc/talloc.c:1227 #7 0x7fc10348db70 in _talloc_free ../lib/talloc/talloc.c:1769 #8 0x7fc0f02c1804 in dcesrv_lsa_LookupSids ../source4/rpc_server/lsa/lsa_lookup.c:808 #9 0x7fc0f02a965d in lsarpc__op_dispatch default/librpc/gen_ndr/ndr_lsa_s.c:234 #10 0x7fc0f027bc6d in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1874 #11 0x7fc0f027bc6d in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196 #12 0x7fc0f027bc6d in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774 #13 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #14 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #15 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #16 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835 #17 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #18 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #19 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #20 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245 #21 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319 #22 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #23 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #24 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #25 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604 #26 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #27 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #28 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219 #29 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135 #30 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911 #31 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114 #32 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725 #33 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848 #34 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145 #35 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867 previously allocated by thread T0 here: #0 0x7fc10561ad28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28) #1 0x7fc1034940f0 in __talloc_with_prefix ../lib/talloc/talloc.c:763 #2 0x7fc1034940f0 in __talloc ../lib/talloc/talloc.c:804 #3 0x7fc1034940f0 in _talloc_named_const ../lib/talloc/talloc.c:961 #4 0x7fc1034940f0 in _talloc_memdup ../lib/talloc/talloc.c:2416 #5 0x7fc0ff407ba3 in dom_sid_string ../libcli/security/dom_sid.c:480 #6 0x7fc0f02bce54 in dcesrv_lsa_LookupSids_base_call ../source4/rpc_server/lsa/lsa_lookup.c:355 #7 0x7fc0f02c178e in dcesrv_lsa_LookupSids ../source4/rpc_server/lsa/lsa_lookup.c:800 #8 0x7fc0f02a965d in lsarpc__op_dispatch default/librpc/gen_ndr/ndr_lsa_s.c:234 #9 0x7fc0f027bc6d in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1874 #10 0x7fc0f027bc6d in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196 #11 0x7fc0f027bc6d in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774 #12 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #13 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #14 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #15 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835 #16 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #17 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #18 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #19 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245 #20 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319 #21 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #22 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #23 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #24 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604 #25 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #26 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #27 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219 #28 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135 #29 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911 #30 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114 #31 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725 #32 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848 #33 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145 #34 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867 SUMMARY: AddressSanitizer: heap-use-after-free ../lib/util/charset/util_str.c:226 in strlen_m_ext_handle Shadow bytes around the buggy address: 0x0c1a8010eb90: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa 0x0c1a8010eba0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x0c1a8010ebb0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fd fd 0x0c1a8010ebc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1a8010ebd0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd =>0x0c1a8010ebe0: fd fd fd fd[fd]fd fd fd fd fd fa fa fa fa fa fa 0x0c1a8010ebf0: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c1a8010ec00: fd fd fd fa fa fa fa fa fa fa fa fa 00 00 00 00 0x0c1a8010ec10: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa 0x0c1a8010ec20: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd 0x0c1a8010ec30: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==11696==ABORTING smbtorture 4.9.0pre1-DEVELOPERBUILD Using seed 1525334884 UNEXPECTED(failure): samba3.rpc.lsa.lookupsids.lsa.LookupSidsReply(ad_dc) REASON: Exception: Exception: ../source4/torture/rpc/lsa_lookup.c:390: dcerpc_lsa_LookupSids_r(b, tctx, &r) was NT_STATUS_CONNECTION_DISCONNECTED, expected NT_STATUS_OK: Lookup Sids failed envlog: SAMBA LOG of: ADDC pid 11696 ================================================================= ==11696==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d0008b5f20 at pc 0x7fc103909695 bp 0x7fff109547c0 sp 0x7fff109547b8 READ of size 1 at 0x60d0008b5f20 thread T0 #0 0x7fc103909694 in strlen_m_ext_handle ../lib/util/charset/util_str.c:226 #1 0x7fc10390988d in strlen_m_ext ../lib/util/charset/util_str.c:290 #2 0x7fc1039098e3 in strlen_m ../lib/util/charset/util_str.c:327 #3 0x7fc0fca617f0 in ndr_push_lsa_String default/librpc/gen_ndr/ndr_lsa.c:13 #4 0x7fc0fca885c2 in ndr_push_lsa_TranslatedName default/librpc/gen_ndr/ndr_lsa.c:2478 #5 0x7fc0fca982f4 in ndr_push_lsa_TransNameArray default/librpc/gen_ndr/ndr_lsa.c:2529 #6 0x7fc0fca98666 in ndr_push_lsa_LookupSids default/librpc/gen_ndr/ndr_lsa.c:7302 #7 0x7fc0f028d4d6 in lsarpc__op_ndr_push default/librpc/gen_ndr/ndr_lsa_s.c:2074 #8 0x7fc0f01ad4d2 in dcesrv_reply ../source4/rpc_server/common/reply.c:183 #9 0x7fc0f027bccc in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1890 #10 0x7fc0f027bccc in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196 #11 0x7fc0f027bccc in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774 #12 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #13 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #14 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #15 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835 #16 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #17 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #18 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #19 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245 #20 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319 #21 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #22 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #23 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #24 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604 #25 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #26 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #27 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219 #28 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135 #29 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911 #30 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114 #31 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725 #32 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848 #33 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145 #34 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867 #35 0x563dc39b86ee in binary_smbd_main ../source4/smbd/server.c:700 #36 0x563dc39b93cd in main ../source4/smbd/server.c:713 #37 0x7fc101ca22e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0) #38 0x563dc39b6499 in _start (/data/samba/git/samba8/bin/default/source4/smbd/samba+0x7499) 0x60d0008b5f20 is located 96 bytes inside of 142-byte region [0x60d0008b5ec0,0x60d0008b5f4e) freed by thread T0 here: #0 0x7fc10561aa10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10) #1 0x7fc10349d56a in _tc_free_internal ../lib/talloc/talloc.c:1201 #2 0x7fc10349d11a in _tc_free_children_internal ../lib/talloc/talloc.c:1646 #3 0x7fc10349d11a in _tc_free_internal ../lib/talloc/talloc.c:1163 #4 0x7fc10348db70 in _tc_free_children_internal ../lib/talloc/talloc.c:1646 #5 0x7fc10348db70 in _tc_free_internal ../lib/talloc/talloc.c:1163 #6 0x7fc10348db70 in _talloc_free_internal ../lib/talloc/talloc.c:1227 #7 0x7fc10348db70 in _talloc_free ../lib/talloc/talloc.c:1769 #8 0x7fc0f02c1804 in dcesrv_lsa_LookupSids ../source4/rpc_server/lsa/lsa_lookup.c:808 #9 0x7fc0f02a965d in lsarpc__op_dispatch default/librpc/gen_ndr/ndr_lsa_s.c:234 #10 0x7fc0f027bc6d in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1874 #11 0x7fc0f027bc6d in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196 #12 0x7fc0f027bc6d in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774 #13 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #14 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #15 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #16 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835 #17 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #18 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #19 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #20 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245 #21 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319 #22 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #23 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #24 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #25 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604 #26 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #27 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #28 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219 #29 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135 #30 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911 #31 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114 #32 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725 #33 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848 #34 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145 #35 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867 previously allocated by thread T0 here: #0 0x7fc10561ad28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28) #1 0x7fc1034940f0 in __talloc_with_prefix ../lib/talloc/talloc.c:763 #2 0x7fc1034940f0 in __talloc ../lib/talloc/talloc.c:804 #3 0x7fc1034940f0 in _talloc_named_const ../lib/talloc/talloc.c:961 #4 0x7fc1034940f0 in _talloc_memdup ../lib/talloc/talloc.c:2416 #5 0x7fc0ff407ba3 in dom_sid_string ../libcli/security/dom_sid.c:480 #6 0x7fc0f02bce54 in dcesrv_lsa_LookupSids_base_call ../source4/rpc_server/lsa/lsa_lookup.c:355 #7 0x7fc0f02c178e in dcesrv_lsa_LookupSids ../source4/rpc_server/lsa/lsa_lookup.c:800 #8 0x7fc0f02a965d in lsarpc__op_dispatch default/librpc/gen_ndr/ndr_lsa_s.c:234 #9 0x7fc0f027bc6d in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1874 #10 0x7fc0f027bc6d in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196 #11 0x7fc0f027bc6d in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774 #12 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #13 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #14 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #15 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835 #16 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #17 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #18 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #19 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245 #20 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319 #21 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #22 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #23 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168 #24 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604 #25 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125 #26 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162 #27 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219 #28 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135 #29 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911 #30 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114 #31 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725 #32 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848 #33 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145 #34 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867 SUMMARY: AddressSanitizer: heap-use-after-free ../lib/util/charset/util_str.c:226 in strlen_m_ext_handle Shadow bytes around the buggy address: 0x0c1a8010eb90: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa 0x0c1a8010eba0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x0c1a8010ebb0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fd fd 0x0c1a8010ebc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1a8010ebd0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd =>0x0c1a8010ebe0: fd fd fd fd[fd]fd fd fd fd fd fa fa fa fa fa fa 0x0c1a8010ebf0: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c1a8010ec00: fd fd fd fa fa fa fa fa fa fa fa fa 00 00 00 00 0x0c1a8010ec10: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa 0x0c1a8010ec20: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd 0x0c1a8010ec30: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==11696==ABORTING command: /data/samba/git/samba8/bin/smbtorture $LOADLIST --configfile=$SMB_CONF_PATH --option='fss:sequence timeout=1' --maximum-runtime=$SELFTEST_MAXTIME --basedir=$SELFTEST_ TMPDIR --format=subunit --option=torture:progress=no --option=torture:sharedelay=100000 --option=torture:writetimeupdatedelay=500000 --target=samba3 //$SERVER/tmp -U$USERNAME%$ PASSWORD rpc.lsa.lookupsids 2>&1 | /data/samba/git/samba8/selftest/filter-subunit --fail-on-empty --prefix="samba3.rpc.lsa.lookupsids." --suffix="(ad_dc)" expanded command: /data/samba/git/samba8/bin/smbtorture $LOADLIST --configfile=/data/samba/git/samba8/st/client/client.conf --option='fss:sequence timeout=1' --maximum-runtime =1200 --basedir=/data/samba/git/samba8/st/tmp --format=subunit --option=torture:progress=no --option=torture:sharedelay=100000 --option=torture:writetimeupdatedelay=500000 --ta rget=samba3 //addc/tmp -UAdministrator%locDCpass1 rpc.lsa.lookupsids 2>&1 | /data/samba/git/samba8/selftest/filter-subunit --fail-on-empty --prefix="samba3.rpc.lsa.lookupsids. " --suffix="(ad_dc)" ERROR: Testsuite[samba3.rpc.lsa.lookupsids(ad_dc)] REASON: Exit code was 1 [3(2)/95 at 41s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [] (nt4_dc) [4(3)/95 at 41s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [ntlm] (nt4_dc) [5(4)/95 at 41s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [spnego] (nt4_dc) [6(5)/95 at 41s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,ntlm] (nt4_dc) [7(6)/95 at 41s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [,bigendian] (nt4_dc) [8(7)/95 at 42s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [ntlm,bigendian] (nt4_dc) [9(8)/95 at 42s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,bigendian] (nt4_dc) [10(9)/95 at 42s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,ntlm,bigendian] (nt4_dc) ^@tdbsam_open: Converting version 0.0 database to version 4.0. tdbsam_convert_backup: updated /data/samba/git/samba8/st/ktest/private/passdb.tdb file. ^C/data/samba/git/samba8/selftest/selftest.pl: PID[11426]: Got SIGINT teardown environments. teardown_env(nt4_dc) smbd child process 11464 exited with value 0 nmbd child process 11462 exited with value 0 winbindd child process 11463 exited with value 0 ^Csmbd child process 11464 isn't here any more nmbd child process 11462 isn't here any more winbindd child process 11463 isn't here any more teardown_env(ad_dc) samba child process 11696 isn't here any more perl(11426),pstree(11846) sh(11843) /data/samba/git/samba8/selftest/selftest.pl: PID[11426]: Exiting... TOP 10 slowest tests samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,bigendian] (nt4_dc) -> 1 samba3.rpc.lsa.lookupsids over ncacn_np with [] (nt4_dc) -> 1 samba3.rpc.lsa.lookupsids(ad_dc) -> 1 samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,ntlm,bigendian] (nt4_dc) -> 0 samba3.rpc.lsa.lookupsids over ncacn_np with [ntlm] (nt4_dc) -> 0 samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,ntlm] (nt4_dc) -> 0 samba3.rpc.lsa.lookupsids over ncacn_np with [spnego] (nt4_dc) -> 0 samba3.rpc.lsa.lookupsids over ncacn_np with [,bigendian] (nt4_dc) -> 0 samba3.rpc.lsa.lookupsids(nt4_dc) -> 0 samba3.rpc.lsa.lookupsids over ncacn_np with [ntlm,bigendian] (nt4_dc) -> 0 ERROR: test failed with exit code -2 Makefile:17: recipe for target 'test' failed make: *** [test] Interrupt abartlet@ruth:/data/samba/git/samba8$ abartlet@ruth:/data/samba/git/samba8$ abartlet@ruth:/data/samba/git/samba8$ abartlet@ruth:/data/samba/git/samba8$ abartlet@ruth:/data/samba/git/samba8$