Attachment 14174 Details for Bug 13420 – backtrace from addressanitiser

backtrace from addressanitiser

buf (text/plain), 25.15 KB, created by Andrew Bartlett on 2018-05-03 08:13:41 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andrew Bartlett

Created: 2018-05-03 08:13:41 UTC

Size: 25.15 KB

patch

obsolete

>[2(1)/95 at 9s] samba3.rpc.lsa.lookupsids(ad_dc)
>=================================================================
>==11696==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d0008b5f20 at pc 0x7fc103909695 bp 0x7fff109547c0 sp 0x7fff109547b8
>READ of size 1 at 0x60d0008b5f20 thread T0
>    #0 0x7fc103909694 in strlen_m_ext_handle ../lib/util/charset/util_str.c:226
>    #1 0x7fc10390988d in strlen_m_ext ../lib/util/charset/util_str.c:290
>    #2 0x7fc1039098e3 in strlen_m ../lib/util/charset/util_str.c:327
>    #3 0x7fc0fca617f0 in ndr_push_lsa_String default/librpc/gen_ndr/ndr_lsa.c:13
>    #4 0x7fc0fca885c2 in ndr_push_lsa_TranslatedName default/librpc/gen_ndr/ndr_lsa.c:2478
>    #5 0x7fc0fca982f4 in ndr_push_lsa_TransNameArray default/librpc/gen_ndr/ndr_lsa.c:2529
>    #6 0x7fc0fca98666 in ndr_push_lsa_LookupSids default/librpc/gen_ndr/ndr_lsa.c:7302
>    #7 0x7fc0f028d4d6 in lsarpc__op_ndr_push default/librpc/gen_ndr/ndr_lsa_s.c:2074
>    #8 0x7fc0f01ad4d2 in dcesrv_reply ../source4/rpc_server/common/reply.c:183
>    #9 0x7fc0f027bccc in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1890
>    #10 0x7fc0f027bccc in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196
>    #11 0x7fc0f027bccc in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774
>    #12 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #13 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #14 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #15 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835
>    #16 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #17 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #18 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #19 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245
>    #20 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319
>    #21 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #22 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #23 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #24 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604
>    #25 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #26 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #27 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219
>    #28 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135
>    #29 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911
>    #30 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114
>    #31 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725
>    #32 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848
>    #33 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145
>    #34 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867
>    #35 0x563dc39b86ee in binary_smbd_main ../source4/smbd/server.c:700
>    #36 0x563dc39b93cd in main ../source4/smbd/server.c:713
>    #37 0x7fc101ca22e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
>    #38 0x563dc39b6499 in _start (/data/samba/git/samba8/bin/default/source4/smbd/samba+0x7499)
>
>0x60d0008b5f20 is located 96 bytes inside of 142-byte region [0x60d0008b5ec0,0x60d0008b5f4e)
>freed by thread T0 here:
>    #0 0x7fc10561aa10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10)
>    #1 0x7fc10349d56a in _tc_free_internal ../lib/talloc/talloc.c:1201
>    #2 0x7fc10349d11a in _tc_free_children_internal ../lib/talloc/talloc.c:1646
>    #3 0x7fc10349d11a in _tc_free_internal ../lib/talloc/talloc.c:1163
>    #4 0x7fc10348db70 in _tc_free_children_internal ../lib/talloc/talloc.c:1646
>    #5 0x7fc10348db70 in _tc_free_internal ../lib/talloc/talloc.c:1163
>    #6 0x7fc10348db70 in _talloc_free_internal ../lib/talloc/talloc.c:1227
>    #7 0x7fc10348db70 in _talloc_free ../lib/talloc/talloc.c:1769
>    #8 0x7fc0f02c1804 in dcesrv_lsa_LookupSids ../source4/rpc_server/lsa/lsa_lookup.c:808
>    #9 0x7fc0f02a965d in lsarpc__op_dispatch default/librpc/gen_ndr/ndr_lsa_s.c:234
>    #10 0x7fc0f027bc6d in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1874
>    #11 0x7fc0f027bc6d in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196
>    #12 0x7fc0f027bc6d in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774
>    #13 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #14 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #15 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #16 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835
>    #17 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #18 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #19 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #20 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245
>    #21 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319
>    #22 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #23 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #24 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #25 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604
>    #26 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #27 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #28 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219
>    #29 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135
>    #30 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911
>    #31 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114
>    #32 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725
>    #33 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848
>    #34 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145
>    #35 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867
>
>previously allocated by thread T0 here:
>    #0 0x7fc10561ad28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
>    #1 0x7fc1034940f0 in __talloc_with_prefix ../lib/talloc/talloc.c:763
>    #2 0x7fc1034940f0 in __talloc ../lib/talloc/talloc.c:804
>    #3 0x7fc1034940f0 in _talloc_named_const ../lib/talloc/talloc.c:961
>    #4 0x7fc1034940f0 in _talloc_memdup ../lib/talloc/talloc.c:2416
>    #5 0x7fc0ff407ba3 in dom_sid_string ../libcli/security/dom_sid.c:480
>    #6 0x7fc0f02bce54 in dcesrv_lsa_LookupSids_base_call ../source4/rpc_server/lsa/lsa_lookup.c:355
>    #7 0x7fc0f02c178e in dcesrv_lsa_LookupSids ../source4/rpc_server/lsa/lsa_lookup.c:800
>    #8 0x7fc0f02a965d in lsarpc__op_dispatch default/librpc/gen_ndr/ndr_lsa_s.c:234
>    #9 0x7fc0f027bc6d in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1874
>    #10 0x7fc0f027bc6d in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196
>    #11 0x7fc0f027bc6d in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774
>    #12 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #13 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #14 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #15 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835
>    #16 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #17 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #18 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #19 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245
>    #20 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319
>    #21 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #22 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #23 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #24 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604
>    #25 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #26 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #27 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219
>    #28 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135
>    #29 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911
>    #30 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114
>    #31 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725
>    #32 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848
>    #33 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145
>    #34 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867
>
>SUMMARY: AddressSanitizer: heap-use-after-free ../lib/util/charset/util_str.c:226 in strlen_m_ext_handle
>Shadow bytes around the buggy address:
>  0x0c1a8010eb90: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
>  0x0c1a8010eba0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
>  0x0c1a8010ebb0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fd fd
>  0x0c1a8010ebc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
>  0x0c1a8010ebd0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
>=>0x0c1a8010ebe0: fd fd fd fd[fd]fd fd fd fd fd fa fa fa fa fa fa
>  0x0c1a8010ebf0: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fd
>  0x0c1a8010ec00: fd fd fd fa fa fa fa fa fa fa fa fa 00 00 00 00
>  0x0c1a8010ec10: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
>  0x0c1a8010ec20: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
>  0x0c1a8010ec30: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
>Shadow byte legend (one shadow byte represents 8 application bytes):
>  Addressable:           00
>  Partially addressable: 01 02 03 04 05 06 07
>  Heap left redzone:       fa
>  Heap right redzone:      fb
>  Freed heap region:       fd
>  Stack left redzone:      f1
>  Stack mid redzone:       f2
>  Stack right redzone:     f3
>  Stack partial redzone:   f4
>  Stack after return:      f5
>  Stack use after scope:   f8
>  Global redzone:          f9
>  Global init order:       f6
>  Poisoned by user:        f7
>  Container overflow:      fc
>  Array cookie:            ac
>  Intra object redzone:    bb
>  ASan internal:           fe
>  Left alloca redzone:     ca
>  Right alloca redzone:    cb
>==11696==ABORTING
>smbtorture 4.9.0pre1-DEVELOPERBUILD
>Using seed 1525334884
>UNEXPECTED(failure): samba3.rpc.lsa.lookupsids.lsa.LookupSidsReply(ad_dc)
>REASON: Exception: Exception: ../source4/torture/rpc/lsa_lookup.c:390: dcerpc_lsa_LookupSids_r(b, tctx, &r) was NT_STATUS_CONNECTION_DISCONNECTED, expected NT_STATUS_OK: Lookup
>Sids failed
>envlog: SAMBA LOG of: ADDC pid 11696
>=================================================================
>==11696==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d0008b5f20 at pc 0x7fc103909695 bp 0x7fff109547c0 sp 0x7fff109547b8
>READ of size 1 at 0x60d0008b5f20 thread T0
>    #0 0x7fc103909694 in strlen_m_ext_handle ../lib/util/charset/util_str.c:226
>    #1 0x7fc10390988d in strlen_m_ext ../lib/util/charset/util_str.c:290
>    #2 0x7fc1039098e3 in strlen_m ../lib/util/charset/util_str.c:327
>    #3 0x7fc0fca617f0 in ndr_push_lsa_String default/librpc/gen_ndr/ndr_lsa.c:13
>    #4 0x7fc0fca885c2 in ndr_push_lsa_TranslatedName default/librpc/gen_ndr/ndr_lsa.c:2478
>    #5 0x7fc0fca982f4 in ndr_push_lsa_TransNameArray default/librpc/gen_ndr/ndr_lsa.c:2529
>    #6 0x7fc0fca98666 in ndr_push_lsa_LookupSids default/librpc/gen_ndr/ndr_lsa.c:7302
>    #7 0x7fc0f028d4d6 in lsarpc__op_ndr_push default/librpc/gen_ndr/ndr_lsa_s.c:2074
>    #8 0x7fc0f01ad4d2 in dcesrv_reply ../source4/rpc_server/common/reply.c:183
>    #9 0x7fc0f027bccc in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1890
>    #10 0x7fc0f027bccc in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196
>    #11 0x7fc0f027bccc in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774
>    #12 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #13 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #14 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #15 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835
>    #16 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #17 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #18 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #19 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245
>    #20 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319
>    #21 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #22 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #23 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #24 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604
>    #25 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #26 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #27 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219
>    #28 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135
>    #29 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911
>    #30 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114
>    #31 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725
>    #32 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848
>    #33 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145
>    #34 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867
>    #35 0x563dc39b86ee in binary_smbd_main ../source4/smbd/server.c:700
>    #36 0x563dc39b93cd in main ../source4/smbd/server.c:713
>    #37 0x7fc101ca22e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
>    #38 0x563dc39b6499 in _start (/data/samba/git/samba8/bin/default/source4/smbd/samba+0x7499)
>
>0x60d0008b5f20 is located 96 bytes inside of 142-byte region [0x60d0008b5ec0,0x60d0008b5f4e)
>freed by thread T0 here:
>    #0 0x7fc10561aa10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10)
>    #1 0x7fc10349d56a in _tc_free_internal ../lib/talloc/talloc.c:1201
>    #2 0x7fc10349d11a in _tc_free_children_internal ../lib/talloc/talloc.c:1646
>    #3 0x7fc10349d11a in _tc_free_internal ../lib/talloc/talloc.c:1163
>    #4 0x7fc10348db70 in _tc_free_children_internal ../lib/talloc/talloc.c:1646
>    #5 0x7fc10348db70 in _tc_free_internal ../lib/talloc/talloc.c:1163
>    #6 0x7fc10348db70 in _talloc_free_internal ../lib/talloc/talloc.c:1227
>    #7 0x7fc10348db70 in _talloc_free ../lib/talloc/talloc.c:1769
>    #8 0x7fc0f02c1804 in dcesrv_lsa_LookupSids ../source4/rpc_server/lsa/lsa_lookup.c:808
>    #9 0x7fc0f02a965d in lsarpc__op_dispatch default/librpc/gen_ndr/ndr_lsa_s.c:234
>    #10 0x7fc0f027bc6d in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1874
>    #11 0x7fc0f027bc6d in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196
>    #12 0x7fc0f027bc6d in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774
>    #13 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #14 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #15 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #16 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835
>    #17 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #18 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #19 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #20 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245
>    #21 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319
>    #22 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #23 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #24 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #25 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604
>    #26 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #27 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #28 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219
>    #29 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135
>    #30 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911
>    #31 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114
>    #32 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725
>    #33 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848
>    #34 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145
>    #35 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867
>
>previously allocated by thread T0 here:
>    #0 0x7fc10561ad28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
>    #1 0x7fc1034940f0 in __talloc_with_prefix ../lib/talloc/talloc.c:763
>    #2 0x7fc1034940f0 in __talloc ../lib/talloc/talloc.c:804
>    #3 0x7fc1034940f0 in _talloc_named_const ../lib/talloc/talloc.c:961
>    #4 0x7fc1034940f0 in _talloc_memdup ../lib/talloc/talloc.c:2416
>    #5 0x7fc0ff407ba3 in dom_sid_string ../libcli/security/dom_sid.c:480
>    #6 0x7fc0f02bce54 in dcesrv_lsa_LookupSids_base_call ../source4/rpc_server/lsa/lsa_lookup.c:355
>    #7 0x7fc0f02c178e in dcesrv_lsa_LookupSids ../source4/rpc_server/lsa/lsa_lookup.c:800
>    #8 0x7fc0f02a965d in lsarpc__op_dispatch default/librpc/gen_ndr/ndr_lsa_s.c:234
>    #9 0x7fc0f027bc6d in dcesrv_request ../source4/rpc_server/dcerpc_server.c:1874
>    #10 0x7fc0f027bc6d in dcesrv_process_ncacn_packet ../source4/rpc_server/dcerpc_server.c:2196
>    #11 0x7fc0f027bc6d in dcesrv_read_fragment_done ../source4/rpc_server/dcerpc_server.c:2774
>    #12 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #13 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #14 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #15 0x7fc0fe93b0ce in dcerpc_read_ncacn_packet_done ../librpc/rpc/dcerpc_util.c:835
>    #16 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #17 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #18 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #19 0x7fc0feb79fbd in tstream_readv_pdu_ask_for_next_vector ../lib/tsocket/tsocket_helpers.c:245
>    #20 0x7fc0feb7a2a8 in tstream_readv_pdu_readv_done ../lib/tsocket/tsocket_helpers.c:319
>    #21 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #22 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #23 0x7fc1036c14f7 in _tevent_req_done ../lib/tevent/tevent_req.c:168
>    #24 0x7fc0feb77b1b in tstream_readv_done ../lib/tsocket/tsocket.c:604
>    #25 0x7fc1036c1417 in _tevent_req_notify_callback ../lib/tevent/tevent_req.c:125
>    #26 0x7fc1036c14c3 in tevent_req_finish ../lib/tevent/tevent_req.c:162
>    #27 0x7fc1036c15c9 in tevent_req_trigger ../lib/tevent/tevent_req.c:219
>    #28 0x7fc1036bfd83 in tevent_common_loop_immediate ../lib/tevent/tevent_immediate.c:135
>    #29 0x7fc1036cf591 in epoll_event_loop_once ../lib/tevent/tevent_epoll.c:911
>    #30 0x7fc1036c935b in std_event_loop_once ../lib/tevent/tevent_standard.c:114
>    #31 0x7fc1036bdddb in _tevent_loop_once ../lib/tevent/tevent.c:725
>    #32 0x7fc1036be45e in tevent_common_loop_wait ../lib/tevent/tevent.c:848
>    #33 0x7fc1036c926e in std_event_loop_wait ../lib/tevent/tevent_standard.c:145
>    #34 0x7fc1036be50f in _tevent_loop_wait ../lib/tevent/tevent.c:867
>
>SUMMARY: AddressSanitizer: heap-use-after-free ../lib/util/charset/util_str.c:226 in strlen_m_ext_handle
>Shadow bytes around the buggy address:
>  0x0c1a8010eb90: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
>  0x0c1a8010eba0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
>  0x0c1a8010ebb0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fd fd
>  0x0c1a8010ebc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
>  0x0c1a8010ebd0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
>=>0x0c1a8010ebe0: fd fd fd fd[fd]fd fd fd fd fd fa fa fa fa fa fa
>  0x0c1a8010ebf0: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fd
>  0x0c1a8010ec00: fd fd fd fa fa fa fa fa fa fa fa fa 00 00 00 00
>  0x0c1a8010ec10: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
>  0x0c1a8010ec20: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
>  0x0c1a8010ec30: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
>Shadow byte legend (one shadow byte represents 8 application bytes):
>  Addressable:           00
>  Partially addressable: 01 02 03 04 05 06 07
>  Heap left redzone:       fa
>  Heap right redzone:      fb
>  Freed heap region:       fd
>  Stack left redzone:      f1
>  Stack mid redzone:       f2
>  Stack right redzone:     f3
>  Stack partial redzone:   f4
>  Stack after return:      f5
>  Stack use after scope:   f8
>  Global redzone:          f9
>  Global init order:       f6
>  Poisoned by user:        f7
>  Container overflow:      fc
>  Array cookie:            ac
>  Intra object redzone:    bb
>  ASan internal:           fe
>  Left alloca redzone:     ca
>  Right alloca redzone:    cb
>==11696==ABORTING
>
>command: /data/samba/git/samba8/bin/smbtorture  $LOADLIST --configfile=$SMB_CONF_PATH --option='fss:sequence timeout=1' --maximum-runtime=$SELFTEST_MAXTIME --basedir=$SELFTEST_
>TMPDIR --format=subunit --option=torture:progress=no --option=torture:sharedelay=100000 --option=torture:writetimeupdatedelay=500000 --target=samba3 //$SERVER/tmp -U$USERNAME%$
>PASSWORD rpc.lsa.lookupsids 2>&1  | /data/samba/git/samba8/selftest/filter-subunit --fail-on-empty --prefix="samba3.rpc.lsa.lookupsids." --suffix="(ad_dc)"
>expanded command: /data/samba/git/samba8/bin/smbtorture  $LOADLIST --configfile=/data/samba/git/samba8/st/client/client.conf --option='fss:sequence timeout=1' --maximum-runtime
>=1200 --basedir=/data/samba/git/samba8/st/tmp --format=subunit --option=torture:progress=no --option=torture:sharedelay=100000 --option=torture:writetimeupdatedelay=500000 --ta
>rget=samba3 //addc/tmp -UAdministrator%locDCpass1 rpc.lsa.lookupsids 2>&1  | /data/samba/git/samba8/selftest/filter-subunit --fail-on-empty --prefix="samba3.rpc.lsa.lookupsids.
>" --suffix="(ad_dc)"
>ERROR: Testsuite[samba3.rpc.lsa.lookupsids(ad_dc)]
>REASON: Exit code was 1
>
>
>[3(2)/95 at 41s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [] (nt4_dc)
>[4(3)/95 at 41s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [ntlm] (nt4_dc)
>[5(4)/95 at 41s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [spnego] (nt4_dc)
>[6(5)/95 at 41s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,ntlm] (nt4_dc)
>[7(6)/95 at 41s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [,bigendian] (nt4_dc)
>[8(7)/95 at 42s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [ntlm,bigendian] (nt4_dc)
>[9(8)/95 at 42s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,bigendian] (nt4_dc)
>[10(9)/95 at 42s, 1 errors] samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,ntlm,bigendian] (nt4_dc)
>^@tdbsam_open: Converting version 0.0 database to version 4.0.
>tdbsam_convert_backup: updated /data/samba/git/samba8/st/ktest/private/passdb.tdb file.
>^C/data/samba/git/samba8/selftest/selftest.pl: PID[11426]: Got SIGINT teardown environments.
>teardown_env(nt4_dc)
>smbd child process 11464 exited with value 0
>nmbd child process 11462 exited with value 0
>winbindd child process 11463 exited with value 0
>^Csmbd child process 11464 isn't here any more
>nmbd child process 11462 isn't here any more
>winbindd child process 11463 isn't here any more
>teardown_env(ad_dc)
>samba child process 11696 isn't here any more
>perl(11426),pstree(11846)
>            sh(11843)
>/data/samba/git/samba8/selftest/selftest.pl: PID[11426]: Exiting...
>TOP 10 slowest tests
>samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,bigendian] (nt4_dc) -> 1
>samba3.rpc.lsa.lookupsids over ncacn_np with [] (nt4_dc) -> 1
>samba3.rpc.lsa.lookupsids(ad_dc) -> 1
>samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,ntlm,bigendian] (nt4_dc) -> 0
>samba3.rpc.lsa.lookupsids over ncacn_np with [ntlm] (nt4_dc) -> 0
>samba3.rpc.lsa.lookupsids over ncacn_np with [spnego,ntlm] (nt4_dc) -> 0
>samba3.rpc.lsa.lookupsids over ncacn_np with [spnego] (nt4_dc) -> 0
>samba3.rpc.lsa.lookupsids over ncacn_np with [,bigendian] (nt4_dc) -> 0
>samba3.rpc.lsa.lookupsids(nt4_dc) -> 0
>samba3.rpc.lsa.lookupsids over ncacn_np with [ntlm,bigendian] (nt4_dc) -> 0
>ERROR: test failed with exit code -2
>Makefile:17: recipe for target 'test' failed
>make: *** [test] Interrupt
>
>abartlet@ruth:/data/samba/git/samba8$
>abartlet@ruth:/data/samba/git/samba8$
>abartlet@ruth:/data/samba/git/samba8$
>abartlet@ruth:/data/samba/git/samba8$
>abartlet@ruth:/data/samba/git/samba8$

Actions: View

Attachments on bug 13420: 14172 | 14174 | 14192 | 14195 | 14196 | 14198