[153(1098)/354 at 36m33s] samba4.rpc.echo on ncacn_ip_tcp with bigendian and --option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc) [154(1107)/354 at 36m33s] samba4.rpc.echo on ncacn_ip_tcp with bigendian,seal and --option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc) Doing a full scan on CN=Configuration,DC=samba2000,DC=example,DC=com and looking for deleted objects Doing a full scan on DC=samba2000,DC=example,DC=com and looking for deleted objects python3: WARNING: The "server schannel" option is deprecated samba version 4.11.0pre1-DEVELOPERBUILD started. Copyright Andrew Tridgell and the Samba Team 1992-2019 binary_smbd_main: samba PID 30998 was called with maxruntime 18000 - current ts 1557200411 binary_smbd_main: samba: using 'standard' process model Attempting to autogenerate TLS self-signed keys for https for hostname 'DC6.samba2003.example.com' /home/gary/projects/samba04/bin/winbindd: Failed to create /usr/local/samba/var/cores for user 0 with mode 0700 /home/gary/projects/samba04/bin/winbindd: Unable to setup corepath for winbindd: No such file or directory /home/gary/projects/samba04/bin/winbindd: Failed to create /usr/local/samba/var/cores for user 0 with mode 0700 /home/gary/projects/samba04/bin/winbindd: Unable to setup corepath for winbindd: No such file or directory /home/gary/projects/samba04/bin/winbindd: winbindd version 4.11.0pre1-DEVELOPERBUILD started. /home/gary/projects/samba04/bin/winbindd: Copyright Andrew Tridgell and the Samba Team 1992-2019 /home/gary/projects/samba04/bin/winbindd: initialize_winbindd_cache: clearing cache and re-creating with version number 2 /home/gary/projects/samba04/bin/winbindd: daemon_ready: daemon 'winbindd' finished starting up and ready to serve connections TLS self-signed keys generated OK ================================================================= ==31047==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200000a5a0 at pc 0x7f07b384fa93 bp 0x7fffa7325120 sp 0x7fffa7325110 READ of size 8 at 0x61200000a5a0 thread T0 Doing a full scan on DC=ForestDnsZones,DC=samba2003,DC=example,DC=com and looking for deleted objects Doing a full scan on DC=DomainDnsZones,DC=samba2003,DC=example,DC=com and looking for deleted objects Doing a full scan on CN=Configuration,DC=samba2003,DC=example,DC=com and looking for deleted objects Doing a full scan on DC=samba2003,DC=example,DC=com and looking for deleted objects #0 0x7f07b384fa92 in _tevent_schedule_immediate ../../lib/tevent/tevent.c:670 #1 0x7f07b3853ef9 in tevent_req_post ../../lib/tevent/tevent_req.c:257 #2 0x7f07b3853f7b in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:136 #3 0x7f07b3854179 in tevent_req_finish ../../lib/tevent/tevent_req.c:193 #4 0x7f07b3854215 in _tevent_req_error ../../lib/tevent/tevent_req.c:211 #5 0x7f07a9e16581 in writev_cancel ../../lib/async_req/async_sock.c:331 #6 0x7f07b385486a in _tevent_req_cancel ../../lib/tevent/tevent_req.c:389 #7 0x7f07ae28fa38 in smbXcli_req_cancel_write_req ../../libcli/smb/smbXcli_base.c:902 #8 0x7f07ae2992ca in smbXcli_req_unset_pending ../../libcli/smb/smbXcli_base.c:956 #9 0x7f07ae29e6ac in smbXcli_req_cleanup ../../libcli/smb/smbXcli_base.c:1064 #10 0x7f07b3853957 in tevent_req_cleanup ../../lib/tevent/tevent_req.c:160 #11 0x7f07b38544a9 in tevent_req_received ../../lib/tevent/tevent_req.c:289 #12 0x7f07b3854537 in tevent_req_destructor ../../lib/tevent/tevent_req.c:128 #13 0x7f07b436f5f8 in _tc_free_internal ../../lib/talloc/talloc.c:1157 #14 0x7f07b435dbaf in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #15 0x7f07b435dbaf in _tc_free_internal ../../lib/talloc/talloc.c:1183 #16 0x7f07b435dbaf in _talloc_free_internal ../../lib/talloc/talloc.c:1247 #17 0x7f07b435dbaf in _talloc_free ../../lib/talloc/talloc.c:1789 #18 0x7f07b38544d2 in tevent_req_received ../../lib/tevent/tevent_req.c:291 #19 0x7f07b3854537 in tevent_req_destructor ../../lib/tevent/tevent_req.c:128 #20 0x7f07b436f5f8 in _tc_free_internal ../../lib/talloc/talloc.c:1157 #21 0x7f07b436f4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #22 0x7f07b436f4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 #23 0x7f07b436f4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #24 0x7f07b436f4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 #25 0x7f07b436f4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #26 0x7f07b436f4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 #27 0x7f07b436f4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #28 0x7f07b436f4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 #29 0x7f07b435dbaf in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #30 0x7f07b435dbaf in _tc_free_internal ../../lib/talloc/talloc.c:1183 #31 0x7f07b435dbaf in _talloc_free_internal ../../lib/talloc/talloc.c:1247 #32 0x7f07b435dbaf in _talloc_free ../../lib/talloc/talloc.c:1789 #33 0x7f079d90aab7 in dcerpc_interface_dealloc ../../source4/librpc/rpc/pyrpc.c:305 #34 0x504f97 (/usr/bin/python3.6+0x504f97) #35 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) #36 0x591460 (/usr/bin/python3.6+0x591460) #37 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) #38 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) #39 0x504c27 (/usr/bin/python3.6+0x504c27) #40 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) #41 0x591460 (/usr/bin/python3.6+0x591460) #42 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) #43 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) #44 0x504c27 (/usr/bin/python3.6+0x504c27) #45 0x501ba6 in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501ba6) #46 0x591460 (/usr/bin/python3.6+0x591460) #47 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) #48 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) #49 0x504c27 (/usr/bin/python3.6+0x504c27) #50 0x501ba6 in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501ba6) #51 0x591460 (/usr/bin/python3.6+0x591460) #52 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) #53 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) #54 0x504c27 (/usr/bin/python3.6+0x504c27) #55 0x501ba6 in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501ba6) #56 0x591460 (/usr/bin/python3.6+0x591460) #57 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) #58 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) #59 0x504c27 (/usr/bin/python3.6+0x504c27) #60 0x506392 in PyEval_EvalCode (/usr/bin/python3.6+0x506392) #61 0x634d51 (/usr/bin/python3.6+0x634d51) #62 0x634e09 in PyRun_FileExFlags (/usr/bin/python3.6+0x634e09) #63 0x6385c7 in PyRun_SimpleFileExFlags (/usr/bin/python3.6+0x6385c7) #64 0x639159 in Py_Main (/usr/bin/python3.6+0x639159) #65 0x4a6f0f in main (/usr/bin/python3.6+0x4a6f0f) #66 0x7f07b8b8db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #67 0x5afa09 in _start (/usr/bin/python3.6+0x5afa09) 0x61200000a5a0 is located 96 bytes inside of 312-byte region [0x61200000a540,0x61200000a678) freed by thread T0 here: #0 0x7f07b989f7b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8) #1 0x7f07b436fe6d in _tc_free_internal ../../lib/talloc/talloc.c:1221 #2 0x7f07b436f4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #3 0x7f07b436f4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 #4 0x7f07b436f4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #5 0x7f07b436f4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 #6 0x7f07b435dbaf in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #7 0x7f07b435dbaf in _tc_free_internal ../../lib/talloc/talloc.c:1183 #8 0x7f07b435dbaf in _talloc_free_internal ../../lib/talloc/talloc.c:1247 #9 0x7f07b435dbaf in _talloc_free ../../lib/talloc/talloc.c:1789 #10 0x7f079d90aab7 in dcerpc_interface_dealloc ../../source4/librpc/rpc/pyrpc.c:305 #11 0x504f97 (/usr/bin/python3.6+0x504f97) previously allocated by thread T0 here: #0 0x7f07b989fb50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50) #1 0x7f07b4365448 in __talloc_with_prefix ../../lib/talloc/talloc.c:782 #2 0x7f07b4365448 in __talloc ../../lib/talloc/talloc.c:824 #3 0x7f07b4365448 in _talloc_named_const ../../lib/talloc/talloc.c:981 #4 0x7f07b4365448 in _talloc_zero ../../lib/talloc/talloc.c:2422 #5 0x7f07b384dea4 in tevent_context_init_ops ../../lib/tevent/tevent.c:487 #6 0x7f07b384df76 in tevent_context_init_byname ../../lib/tevent/tevent.c:523 #7 0x7f07b0b0c99c in s4_event_context_init ../../source4/lib/events/tevent_s4.c:34 #8 0x7f07b183dafa in py_dcerpc_interface_init_helper ../../source4/librpc/rpc/pyrpc_util.c:219 #9 0x7f07960bb30a in interface_lsarpc_new librpc/gen_ndr/py_lsa.c:48556 #10 0x5553b4 (/usr/bin/python3.6+0x5553b4) SUMMARY: AddressSanitizer: heap-use-after-free ../../lib/tevent/tevent.c:670 in _tevent_schedule_immediate Shadow bytes around the buggy address: 0x0c247fff9460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c247fff9470: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c247fff9480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c247fff9490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c247fff94a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd =>0x0c247fff94b0: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd 0x0c247fff94c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c247fff94d0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c247fff94e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c247fff94f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 0x0c247fff9500: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==31047==ABORTING