The Samba-Bugzilla – Attachment 15125 Details for
Bug 13929
ASAN detected use after free in continue_ip_open_socket ../../source4/librpc/rpc/dcerpc_sock.c:267
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ASAN error report
asan_007.txt (text/plain), 9.36 KB, created by
Gary Lockyer
on 2019-05-07 04:27:10 UTC
(
hide
)
Description:
ASAN error report
Filename:
MIME Type:
Creator:
Gary Lockyer
Created:
2019-05-07 04:27:10 UTC
Size:
9.36 KB
patch
obsolete
>================================================================= >==20964==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b0000280b0 at pc 0x7ff28a03d66e bp 0x7fffb880f280 sp 0x7fffb880ea28 >READ of size 16 at 0x60b0000280b0 thread T0 > #0 0x7ff28a03d66d (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d) > #1 0x7ff284b90a1c in talloc_strdup ../../lib/talloc/talloc.c:2471 > #2 0x7ff2819ff186 in continue_ip_open_socket ../../source4/librpc/rpc/dcerpc_sock.c:267 > #3 0x7ff27ed54a6f in composite_done ../../source4/libcli/composite/composite.c:143 > #4 0x7ff2819ffc98 in continue_socket_connect ../../source4/librpc/rpc/dcerpc_sock.c:118 > #5 0x7ff27ed54a6f in composite_done ../../source4/libcli/composite/composite.c:143 > #6 0x7ff27ed54459 in socket_connect_handler ../../source4/lib/socket/connect.c:131 > #7 0x7ff28407c7d3 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:138 > #8 0x7ff284090c65 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:736 > #9 0x7ff284090c65 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:937 > #10 0x7ff284089612 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110 > #11 0x7ff28407ae16 in _tevent_loop_once ../../lib/tevent/tevent.c:772 > #12 0x7ff27ed54970 in composite_wait ../../source4/libcli/composite/composite.c:58 > #13 0x7ff281a0ed39 in dcerpc_pipe_connect_b_recv ../../source4/librpc/rpc/dcerpc_connect.c:1100 > #14 0x7ff281a0ef04 in dcerpc_pipe_connect_b ../../source4/librpc/rpc/dcerpc_connect.c:1128 > #15 0x7ff272dbe891 in libnet_JoinDomain (bin/shared/private/libsamba-net.cpython-36m-x86-64-linux-gnu-samba4.so+0x59891) > #16 0x7ff272dc19d0 in libnet_Join_member (bin/shared/private/libsamba-net.cpython-36m-x86-64-linux-gnu-samba4.so+0x5c9d0) > #17 0x7ff27304401a in py_net_join_member ../../source4/libnet/py_net.c:143 > #18 0x5030d4 (/usr/bin/python3.6+0x5030d4) > #19 0x507640 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507640) > #20 0x504c27 (/usr/bin/python3.6+0x504c27) > #21 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) > #22 0x591460 (/usr/bin/python3.6+0x591460) > #23 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #24 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) > #25 0x504c27 (/usr/bin/python3.6+0x504c27) > #26 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) > #27 0x591460 (/usr/bin/python3.6+0x591460) > #28 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #29 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) > #30 0x504c27 (/usr/bin/python3.6+0x504c27) > #31 0x501ba6 in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501ba6) > #32 0x591460 (/usr/bin/python3.6+0x591460) > #33 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #34 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) > #35 0x504c27 (/usr/bin/python3.6+0x504c27) > #36 0x501ba6 in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501ba6) > #37 0x591460 (/usr/bin/python3.6+0x591460) > #38 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #39 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) > #40 0x504c27 (/usr/bin/python3.6+0x504c27) > #41 0x506392 in PyEval_EvalCode (/usr/bin/python3.6+0x506392) > #42 0x634d51 (/usr/bin/python3.6+0x634d51) > #43 0x634e09 in PyRun_FileExFlags (/usr/bin/python3.6+0x634e09) > #44 0x6385c7 in PyRun_SimpleFileExFlags (/usr/bin/python3.6+0x6385c7) > #45 0x639159 in Py_Main (/usr/bin/python3.6+0x639159) > #46 0x4a6f0f in main (/usr/bin/python3.6+0x4a6f0f) > #47 0x7ff2893b8b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) > #48 0x5afa09 in _start (/usr/bin/python3.6+0x5afa09) > >0x60b0000280b0 is located 96 bytes inside of 112-byte region [0x60b000028050,0x60b0000280c0) >freed by thread T0 here: > #0 0x7ff28a0ca7b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8) > #1 0x7ff284b9ae6d in _tc_free_internal ../../lib/talloc/talloc.c:1221 > #2 0x7ff284b9a4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 > #3 0x7ff284b9a4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 > #4 0x7ff284b88baf in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 > #5 0x7ff284b88baf in _tc_free_internal ../../lib/talloc/talloc.c:1183 > #6 0x7ff284b88baf in _talloc_free_internal ../../lib/talloc/talloc.c:1247 > #7 0x7ff284b88baf in _talloc_free ../../lib/talloc/talloc.c:1789 > #8 0x7ff2819fe8e5 in dcerpc_pipe_open_socket_recv ../../source4/librpc/rpc/dcerpc_sock.c:180 > #9 0x7ff2819ff11b in continue_ip_open_socket ../../source4/librpc/rpc/dcerpc_sock.c:240 > #10 0x7ff27ed54a6f in composite_done ../../source4/libcli/composite/composite.c:143 > #11 0x7ff2819ffc98 in continue_socket_connect ../../source4/librpc/rpc/dcerpc_sock.c:118 > #12 0x7ff27ed54a6f in composite_done ../../source4/libcli/composite/composite.c:143 > #13 0x7ff27ed54459 in socket_connect_handler ../../source4/lib/socket/connect.c:131 > #14 0x7ff28407c7d3 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:138 > #15 0x7ff284090c65 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:736 > #16 0x7ff284090c65 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:937 > #17 0x7ff284089612 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110 > #18 0x7ff28407ae16 in _tevent_loop_once ../../lib/tevent/tevent.c:772 > #19 0x7ff27ed54970 in composite_wait ../../source4/libcli/composite/composite.c:58 > #20 0x7ff281a0ed39 in dcerpc_pipe_connect_b_recv ../../source4/librpc/rpc/dcerpc_connect.c:1100 > #21 0x7ff281a0ef04 in dcerpc_pipe_connect_b ../../source4/librpc/rpc/dcerpc_connect.c:1128 > #22 0x7ff272dbe891 in libnet_JoinDomain (bin/shared/private/libsamba-net.cpython-36m-x86-64-linux-gnu-samba4.so+0x59891) > #23 0x7ff272dc19d0 in libnet_Join_member (bin/shared/private/libsamba-net.cpython-36m-x86-64-linux-gnu-samba4.so+0x5c9d0) > #24 0x7ff27304401a in py_net_join_member ../../source4/libnet/py_net.c:143 > #25 0x5030d4 (/usr/bin/python3.6+0x5030d4) > >previously allocated by thread T0 here: > #0 0x7ff28a0cab50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50) > #1 0x7ff284b90fbb in __talloc_with_prefix ../../lib/talloc/talloc.c:782 > #2 0x7ff284b90fbb in __talloc ../../lib/talloc/talloc.c:824 > #3 0x7ff284b90fbb in __talloc_strlendup ../../lib/talloc/talloc.c:2455 > #4 0x7ff284b90fbb in talloc_strdup ../../lib/talloc/talloc.c:2471 > #5 0x7ff27ed4ef67 in ipv6_tcp_get_my_addr ../../source4/lib/socket/socket_ip.c:1002 > #6 0x7ff27ed518dd in socket_get_my_addr ../../source4/lib/socket/socket.c:347 > #7 0x7ff2819ff836 in continue_socket_connect ../../source4/librpc/rpc/dcerpc_sock.c:68 > #8 0x7ff27ed54a6f in composite_done ../../source4/libcli/composite/composite.c:143 > #9 0x7ff27ed54459 in socket_connect_handler ../../source4/lib/socket/connect.c:131 > #10 0x7ff28407c7d3 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:138 > #11 0x7ff284090c65 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:736 > #12 0x7ff284090c65 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:937 > #13 0x7ff284089612 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110 > #14 0x7ff28407ae16 in _tevent_loop_once ../../lib/tevent/tevent.c:772 > #15 0x7ff27ed54970 in composite_wait ../../source4/libcli/composite/composite.c:58 > #16 0x7ff281a0ed39 in dcerpc_pipe_connect_b_recv ../../source4/librpc/rpc/dcerpc_connect.c:1100 > #17 0x7ff281a0ef04 in dcerpc_pipe_connect_b ../../source4/librpc/rpc/dcerpc_connect.c:1128 > #18 0x7ff272dbe891 in libnet_JoinDomain (bin/shared/private/libsamba-net.cpython-36m-x86-64-linux-gnu-samba4.so+0x59891) > #19 0x7ff272dc19d0 in libnet_Join_member (bin/shared/private/libsamba-net.cpython-36m-x86-64-linux-gnu-samba4.so+0x5c9d0) > #20 0x7ff27304401a in py_net_join_member ../../source4/libnet/py_net.c:143 > #21 0x5030d4 (/usr/bin/python3.6+0x5030d4) > >SUMMARY: AddressSanitizer: heap-use-after-free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d) >Shadow bytes around the buggy address: > 0x0c167fffcfc0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 > 0x0c167fffcfd0: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa 00 00 > 0x0c167fffcfe0: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa > 0x0c167fffcff0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd > 0x0c167fffd000: fd fd fa fa fa fa fa fa fa fa fd fd fd fd fd fd >=>0x0c167fffd010: fd fd fd fd fd fd[fd]fd fa fa fa fa fa fa fa fa > 0x0c167fffd020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c167fffd030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c167fffd040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c167fffd050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c167fffd060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa >Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > ASan internal: fe > Left alloca redzone: ca > Right alloca redzone: cb >==20964==ABORTING >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15125">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13929
: 15125 |
15149