Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AddressSanitizer: heap-use-after-free in i2p::stream::Stream::HandleNextPacket #1955

Open
ill5-com opened this issue Jul 26, 2023 · 4 comments
Open

AddressSanitizer: heap-use-after-free in i2p::stream::Stream::HandleNextPacket #1955

ill5-com opened this issue Jul 26, 2023 · 4 comments
Assignees
@orignal

Comments

@ill5-com
Copy link

Consistently crashing when eepsite hosted on router is accessed.

CMake flags: cmake -DCMAKE_BUILD_TYPE=Release -DWITH_HARDENING=ON -DWITH_ADDRSANITIZER=ON .

OS Information:

OS: Ubuntu 22.04 jammy
Kernel: x86_64 Linux 5.15.0-78-generic
CPU: AMD Ryzen 9 3900X 12-Core @ 3.793GHz

Crash log:

=================================================================
==12421==ERROR: AddressSanitizer: heap-use-after-free on address 0x6210002fd120 at pc 0x55e1d32ff088 bp 0x7f8a540ed4a0 sp 0x7f8a540ed490
READ of size 1 at 0x6210002fd120 thread T15
    #0 0x55e1d32ff087 in i2p::stream::Stream::HandleNextPacket(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x830087)
    #1 0x55e1d330510a in i2p::stream::StreamingDestination::HandleNextPacket(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x83610a)
    #2 0x55e1d2fc75a0 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x4f85a0)
    #3 0x55e1d2ff8b6d in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) (/home/owner/i2pd/i2pd+0x529b6d)
    #4 0x55e1d306f833 in i2p::garlic::GarlicDestination::HandleECIESx25519GarlicClove(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x5a0833)
    #5 0x55e1d3496847 in i2p::garlic::ECIESX25519AEADRatchetSession::HandlePayload(unsigned char const*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet> const&, int) (/home/owner/i2pd/i2pd+0x9c7847)
    #6 0x55e1d34a0a0f in i2p::garlic::ECIESX25519AEADRatchetSession::HandleExistingSessionMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) (/home/owner/i2pd/i2pd+0x9d1a0f)
    #7 0x55e1d34a11b0 in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNextMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) (/home/owner/i2pd/i2pd+0x9d21b0)
    #8 0x55e1d34a1935 in i2p::garlic::ReceiveRatchetTagSet::HandleNextMessage(unsigned char*, unsigned long, int) (/home/owner/i2pd/i2pd+0x9d2935)
    #9 0x55e1d307338a in i2p::garlic::GarlicDestination::HandleECIESx25519TagMessage(unsigned char*, unsigned long) (/home/owner/i2pd/i2pd+0x5a438a)
    #10 0x55e1d308930d in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) (/home/owner/i2pd/i2pd+0x5ba30d)
    #11 0x55e1d302b833 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x55c833)
    #12 0x55e1d3449f36 in i2p::util::RunnableService::Run() (/home/owner/i2pd/i2pd+0x97af36)
    #13 0x55e1d345634d in std::thread::_State_impl<std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > > >::_M_run() (/home/owner/i2pd/i2pd+0x98734d)
    #14 0x7f8a5eb402b2  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc2b2)
    #15 0x7f8a5e7c7b42  (/lib/x86_64-linux-gnu/libc.so.6+0x94b42)
    #16 0x7f8a5e8599ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

0x6210002fd120 is located 32 bytes inside of 4120-byte region [0x6210002fd100,0x6210002fe118)
freed by thread T15 here:
    #0 0x7f8a5f2c0ce7 in operator delete(void*) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:160
    #1 0x55e1d32c40be in i2p::stream::StreamingDestination::DeleteStream(std::shared_ptr<i2p::stream::Stream>) (/home/owner/i2pd/i2pd+0x7f50be)
    #2 0x55e1d32c8954 in i2p::stream::Stream::Terminate(bool) (/home/owner/i2pd/i2pd+0x7f9954)
    #3 0x55e1d32f3e50 in i2p::stream::Stream::ProcessPacket(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x824e50)
    #4 0x55e1d32fec52 in i2p::stream::Stream::HandleNextPacket(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x82fc52)
    #5 0x55e1d330510a in i2p::stream::StreamingDestination::HandleNextPacket(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x83610a)
    #6 0x55e1d2fc75a0 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x4f85a0)
    #7 0x55e1d2ff8b6d in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) (/home/owner/i2pd/i2pd+0x529b6d)
    #8 0x55e1d306f833 in i2p::garlic::GarlicDestination::HandleECIESx25519GarlicClove(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x5a0833)
    #9 0x55e1d3496847 in i2p::garlic::ECIESX25519AEADRatchetSession::HandlePayload(unsigned char const*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet> const&, int) (/home/owner/i2pd/i2pd+0x9c7847)
    #10 0x55e1d34a0a0f in i2p::garlic::ECIESX25519AEADRatchetSession::HandleExistingSessionMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) (/home/owner/i2pd/i2pd+0x9d1a0f)
    #11 0x55e1d34a11b0 in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNextMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) (/home/owner/i2pd/i2pd+0x9d21b0)
    #12 0x55e1d34a1935 in i2p::garlic::ReceiveRatchetTagSet::HandleNextMessage(unsigned char*, unsigned long, int) (/home/owner/i2pd/i2pd+0x9d2935)
    #13 0x55e1d307338a in i2p::garlic::GarlicDestination::HandleECIESx25519TagMessage(unsigned char*, unsigned long) (/home/owner/i2pd/i2pd+0x5a438a)
    #14 0x55e1d308930d in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) (/home/owner/i2pd/i2pd+0x5ba30d)
    #15 0x55e1d302b833 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x55c833)
    #16 0x55e1d3449f36 in i2p::util::RunnableService::Run() (/home/owner/i2pd/i2pd+0x97af36)
    #17 0x55e1d345634d in std::thread::_State_impl<std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > > >::_M_run() (/home/owner/i2pd/i2pd+0x98734d)
    #18 0x7f8a5eb402b2  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc2b2)

previously allocated by thread T15 here:
    #0 0x7f8a5f2c01c7 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
    #1 0x55e1d330a111 in i2p::stream::StreamingDestination::HandleDataMessagePayload(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x83b111)
    #2 0x55e1d2fc75a0 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x4f85a0)
    #3 0x55e1d2ff8b6d in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) (/home/owner/i2pd/i2pd+0x529b6d)
    #4 0x55e1d306de1a in i2p::garlic::GarlicDestination::HandleGarlicPayload(unsigned char*, unsigned long, std::shared_ptr<i2p::tunnel::InboundTunnel>) (/home/owner/i2pd/i2pd+0x59ee1a)
    #5 0x55e1d3074e1c in i2p::garlic::GarlicDestination::HandleAESBlock(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::AESDecryption>, std::shared_ptr<i2p::tunnel::InboundTunnel>) (/home/owner/i2pd/i2pd+0x5a5e1c)
    #6 0x55e1d308a076 in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) (/home/owner/i2pd/i2pd+0x5bb076)
    #7 0x55e1d302b833 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x55c833)
    #8 0x55e1d3449f36 in i2p::util::RunnableService::Run() (/home/owner/i2pd/i2pd+0x97af36)
    #9 0x55e1d345634d in std::thread::_State_impl<std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > > >::_M_run() (/home/owner/i2pd/i2pd+0x98734d)
    #10 0x7f8a5eb402b2  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc2b2)

Thread T15 created by T0 here:
    #0 0x7f8a5f262685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7f8a5eb40388 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc388)
    #2 0x55e1d36b591d in i2p::client::ClientContext::AddLocalDestination(std::shared_ptr<i2p::client::ClientDestination>) (/home/owner/i2pd/i2pd+0xbe691d)
    #3 0x55e1d36b9605 in i2p::client::ClientContext::CreateNewLocalDestination(i2p::data::PrivateKeys const&, bool, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > const*) (/home/owner/i2pd/i2pd+0xbea605)
    #4 0x55e1d36d6bfa in i2p::client::ClientContext::ReadTunnels(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int&, int&) (/home/owner/i2pd/i2pd+0xc07bfa)
    #5 0x55e1d36d98de in i2p::client::ClientContext::ReadTunnels() (/home/owner/i2pd/i2pd+0xc0a8de)
    #6 0x55e1d36db149 in i2p::client::ClientContext::Start() (/home/owner/i2pd/i2pd+0xc0c149)
    #7 0x55e1d2d3b1ec in i2p::util::Daemon_Singleton::start() (/home/owner/i2pd/i2pd+0x26c1ec)
    #8 0x55e1d2f3fbd4 in i2p::util::DaemonLinux::start() (/home/owner/i2pd/i2pd+0x470bd4)
    #9 0x55e1d2cc4045 in main (/home/owner/i2pd/i2pd+0x1f5045)
    #10 0x7f8a5e75cd8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)

SUMMARY: AddressSanitizer: heap-use-after-free (/home/owner/i2pd/i2pd+0x830087) in i2p::stream::Stream::HandleNextPacket(i2p::stream::Packet*)
Shadow bytes around the buggy address:
  0x0c42800579d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c42800579e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c42800579f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280057a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280057a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4280057a20: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280057a30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280057a40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280057a50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280057a60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280057a70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==12421==ABORTING
@ill5-com
Copy link
Author

ill5-com commented Jul 26, 2023
edited

Switched to debug build, trace is a little different due to no inlining (I'm guessing here). Occurs upon eepsite access still.

=================================================================
==26108==ERROR: AddressSanitizer: heap-use-after-free on address 0x6210009e8520 at pc 0x562b2d249a81 bp 0x7f2ecf8ecd70 sp 0x7f2ecf8ecd60
READ of size 1 at 0x6210009e8520 thread T17
    #0 0x562b2d249a80 in i2p::stream::Packet::GetNACKCount() const /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:81
    #1 0x562b2d249afe in i2p::stream::Packet::GetOption() const /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:84
    #2 0x562b2d249b2f in i2p::stream::Packet::GetFlags() const /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:85
    #3 0x562b2d249bd9 in i2p::stream::Packet::IsSYN() const /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:90
    #4 0x562b2d227af2 in i2p::stream::Stream::HandleNextPacket(i2p::stream::Packet*) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:199
    #5 0x562b2d237a3d in i2p::stream::StreamingDestination::HandleNextPacket(i2p::stream::Packet*) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1194
    #6 0x562b2d23ba3a in i2p::stream::StreamingDestination::HandleDataMessagePayload(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1441
    #7 0x562b2d016537 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:1090
    #8 0x562b2d008580 in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:367
    #9 0x562b2d09e43b in i2p::garlic::GarlicDestination::HandleECIESx25519GarlicClove(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:1052
    #10 0x562b2d37c172 in i2p::garlic::ECIESX25519AEADRatchetSession::HandlePayload(unsigned char const*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet> const&, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:314
    #11 0x562b2d38101e in i2p::garlic::ECIESX25519AEADRatchetSession::HandleExistingSessionMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:738
    #12 0x562b2d38166d in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNextMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:786
    #13 0x562b2d379eee in i2p::garlic::ReceiveRatchetTagSet::HandleNextMessage(unsigned char*, unsigned long, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:117
    #14 0x562b2d097b6a in i2p::garlic::GarlicDestination::HandleECIESx25519TagMessage(unsigned char*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:591
    #15 0x562b2d096597 in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:507
    #16 0x562b2d07d17d in void std::__invoke_impl<void, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(std::__invoke_memfun_deref, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x58417d)
    #17 0x562b2d07be7e in std::__invoke_result<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>::type std::__invoke<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x582e7e)
    #18 0x562b2d07a5e8 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::__call<void, , 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/11/functional:420
    #19 0x562b2d078b54 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::operator()<, void>() /usr/include/c++/11/functional:503
    #20 0x562b2d075911 in void boost::asio::asio_handler_invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, ...) /usr/include/boost/asio/handler_invoke_hook.hpp:88
    #21 0x562b2d0722d3 in void boost_asio_handler_invoke_helpers::invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x5792d3)
    #22 0x562b2d06bcdf in void boost::asio::detail::handler_work<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u>, void>::complete<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x572cdf)
    #23 0x562b2d063425 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x56a425)
    #24 0x562b2ce837ae in boost::asio::detail::scheduler_operation::complete(void*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/scheduler_operation.hpp:40
    #25 0x562b2ce8df28 in boost::asio::detail::scheduler::do_run_one(boost::asio::detail::conditionally_enabled_mutex::scoped_lock&, boost::asio::detail::scheduler_thread_info&, boost::system::error_code const&) /usr/include/boost/asio/detail/impl/scheduler.ipp:481
    #26 0x562b2ce8d2be in boost::asio::detail::scheduler::run(boost::system::error_code&) /usr/include/boost/asio/detail/impl/scheduler.ipp:204
    #27 0x562b2ce8e713 in boost::asio::io_context::run() /usr/include/boost/asio/impl/io_context.ipp:63
    #28 0x562b2d34e516 in i2p::util::RunnableService::Run() /home/owner/i2pd-build/i2pd/libi2pd/util.cpp:154
    #29 0x562b2d35de5b in void std::__invoke_impl<void, void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>(std::__invoke_memfun_deref, void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&) /usr/include/c++/11/bits/invoke.h:74
    #30 0x562b2d35dcb8 in std::__invoke_result<void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>::type std::__invoke<void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>(void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&) /usr/include/c++/11/bits/invoke.h:96
    #31 0x562b2d35dbf8 in void std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/11/functional:420
    #32 0x562b2d35daea in void std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>::operator()<, void>() /usr/include/c++/11/functional:503
    #33 0x562b2d35da31 in void std::__invoke_impl<void, std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>(std::__invoke_other, std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>&&) /usr/include/c++/11/bits/invoke.h:61
    #34 0x562b2d35d9ec in std::__invoke_result<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>::type std::__invoke<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>(std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>&&) /usr/include/c++/11/bits/invoke.h:96
    #35 0x562b2d35d98d in void std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/include/c++/11/bits/std_thread.h:253
    #36 0x562b2d35d95d in std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > >::operator()() /usr/include/c++/11/bits/std_thread.h:260
    #37 0x562b2d35d93d in std::thread::_State_impl<std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > > >::_M_run() /usr/include/c++/11/bits/std_thread.h:211
    #38 0x7f2edb3522b2  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc2b2)
    #39 0x7f2edafd9b42  (/lib/x86_64-linux-gnu/libc.so.6+0x94b42)
    #40 0x7f2edb06b9ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

0x6210009e8520 is located 32 bytes inside of 4120-byte region [0x6210009e8500,0x6210009e9518)
freed by thread T17 here:
    #0 0x7f2edbad2ce7 in operator delete(void*) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:160
    #1 0x562b2d2614d5 in i2p::util::MemoryPool<i2p::stream::Packet>::CleanUp(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x7684d5)
    #2 0x562b2d25ac78 in i2p::util::MemoryPool<i2p::stream::Packet>::CleanUp() /home/owner/i2pd-build/i2pd/libi2pd/util.h:59
    #3 0x562b2d239859 in i2p::stream::StreamingDestination::DeleteStream(std::shared_ptr<i2p::stream::Stream>) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1337
    #4 0x562b2d22674e in i2p::stream::Stream::Terminate(bool) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:113
    #5 0x562b2d228995 in i2p::stream::Stream::ProcessPacket(i2p::stream::Packet*) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:280
    #6 0x562b2d22749a in i2p::stream::Stream::HandleNextPacket(i2p::stream::Packet*) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:169
    #7 0x562b2d237a3d in i2p::stream::StreamingDestination::HandleNextPacket(i2p::stream::Packet*) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1194
    #8 0x562b2d23ba3a in i2p::stream::StreamingDestination::HandleDataMessagePayload(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1441
    #9 0x562b2d016537 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:1090
    #10 0x562b2d008580 in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:367
    #11 0x562b2d09e43b in i2p::garlic::GarlicDestination::HandleECIESx25519GarlicClove(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:1052
    #12 0x562b2d37c172 in i2p::garlic::ECIESX25519AEADRatchetSession::HandlePayload(unsigned char const*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet> const&, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:314
    #13 0x562b2d38101e in i2p::garlic::ECIESX25519AEADRatchetSession::HandleExistingSessionMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:738
    #14 0x562b2d38166d in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNextMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:786
    #15 0x562b2d379eee in i2p::garlic::ReceiveRatchetTagSet::HandleNextMessage(unsigned char*, unsigned long, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:117
    #16 0x562b2d097b6a in i2p::garlic::GarlicDestination::HandleECIESx25519TagMessage(unsigned char*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:591
    #17 0x562b2d096597 in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:507
    #18 0x562b2d07d17d in void std::__invoke_impl<void, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(std::__invoke_memfun_deref, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x58417d)
    #19 0x562b2d07be7e in std::__invoke_result<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>::type std::__invoke<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x582e7e)
    #20 0x562b2d07a5e8 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::__call<void, , 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/11/functional:420
    #21 0x562b2d078b54 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::operator()<, void>() /usr/include/c++/11/functional:503
    #22 0x562b2d075911 in void boost::asio::asio_handler_invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, ...) /usr/include/boost/asio/handler_invoke_hook.hpp:88
    #23 0x562b2d0722d3 in void boost_asio_handler_invoke_helpers::invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x5792d3)
    #24 0x562b2d06bcdf in void boost::asio::detail::handler_work<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u>, void>::complete<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x572cdf)
    #25 0x562b2d063425 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x56a425)
    #26 0x562b2ce837ae in boost::asio::detail::scheduler_operation::complete(void*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/scheduler_operation.hpp:40
    #27 0x562b2ce8df28 in boost::asio::detail::scheduler::do_run_one(boost::asio::detail::conditionally_enabled_mutex::scoped_lock&, boost::asio::detail::scheduler_thread_info&, boost::system::error_code const&) /usr/include/boost/asio/detail/impl/scheduler.ipp:481
    #28 0x562b2ce8d2be in boost::asio::detail::scheduler::run(boost::system::error_code&) /usr/include/boost/asio/detail/impl/scheduler.ipp:204
    #29 0x562b2ce8e713 in boost::asio::io_context::run() /usr/include/boost/asio/impl/io_context.ipp:63

previously allocated by thread T17 here:
    #0 0x7f2edbad21c7 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
    #1 0x562b2d24bbc9 in i2p::stream::Packet* i2p::util::MemoryPool<i2p::stream::Packet>::Acquire<>() /home/owner/i2pd-build/i2pd/libi2pd/util.h:66
    #2 0x562b2d24a543 in i2p::stream::StreamingDestination::NewPacket() /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:292
    #3 0x562b2d23b995 in i2p::stream::StreamingDestination::HandleDataMessagePayload(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1437
    #4 0x562b2d016537 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:1090
    #5 0x562b2d008580 in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:367
    #6 0x562b2d09e43b in i2p::garlic::GarlicDestination::HandleECIESx25519GarlicClove(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:1052
    #7 0x562b2d37c172 in i2p::garlic::ECIESX25519AEADRatchetSession::HandlePayload(unsigned char const*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet> const&, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:314
    #8 0x562b2d37bc30 in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNewIncomingSession(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:290
    #9 0x562b2d38169f in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNextMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:788
    #10 0x562b2d09705a in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:548
    #11 0x562b2d07d17d in void std::__invoke_impl<void, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(std::__invoke_memfun_deref, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x58417d)
    #12 0x562b2d07be7e in std::__invoke_result<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>::type std::__invoke<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x582e7e)
    #13 0x562b2d07a5e8 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::__call<void, , 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/11/functional:420
    #14 0x562b2d078b54 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::operator()<, void>() /usr/include/c++/11/functional:503
    #15 0x562b2d075911 in void boost::asio::asio_handler_invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, ...) /usr/include/boost/asio/handler_invoke_hook.hpp:88
    #16 0x562b2d0722d3 in void boost_asio_handler_invoke_helpers::invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x5792d3)
    #17 0x562b2d06bcdf in void boost::asio::detail::handler_work<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u>, void>::complete<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x572cdf)
    #18 0x562b2d063425 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x56a425)
    #19 0x562b2ce837ae in boost::asio::detail::scheduler_operation::complete(void*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/scheduler_operation.hpp:40
    #20 0x562b2ce8df28 in boost::asio::detail::scheduler::do_run_one(boost::asio::detail::conditionally_enabled_mutex::scoped_lock&, boost::asio::detail::scheduler_thread_info&, boost::system::error_code const&) /usr/include/boost/asio/detail/impl/scheduler.ipp:481
    #21 0x562b2ce8d2be in boost::asio::detail::scheduler::run(boost::system::error_code&) /usr/include/boost/asio/detail/impl/scheduler.ipp:204
    #22 0x562b2ce8e713 in boost::asio::io_context::run() /usr/include/boost/asio/impl/io_context.ipp:63
    #23 0x562b2d34e516 in i2p::util::RunnableService::Run() /home/owner/i2pd-build/i2pd/libi2pd/util.cpp:154
    #24 0x562b2d35de5b in void std::__invoke_impl<void, void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>(std::__invoke_memfun_deref, void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&) /usr/include/c++/11/bits/invoke.h:74
    #25 0x562b2d35dcb8 in std::__invoke_result<void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>::type std::__invoke<void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>(void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&) /usr/include/c++/11/bits/invoke.h:96
    #26 0x562b2d35dbf8 in void std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/11/functional:420
    #27 0x562b2d35daea in void std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>::operator()<, void>() /usr/include/c++/11/functional:503
    #28 0x562b2d35da31 in void std::__invoke_impl<void, std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>(std::__invoke_other, std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>&&) /usr/include/c++/11/bits/invoke.h:61
    #29 0x562b2d35d9ec in std::__invoke_result<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>::type std::__invoke<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>(std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>&&) /usr/include/c++/11/bits/invoke.h:96

Thread T17 created by T0 here:
    #0 0x7f2edba74685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7f2edb352388 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc388)
    #2 0x562b2d34e2ce in i2p::util::RunnableService::StartIOService() /home/owner/i2pd-build/i2pd/libi2pd/util.cpp:128
    #3 0x562b2d01c0d8 in i2p::client::RunnableClientDestination::Start() /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:1452
    #4 0x562b2d4feba0 in i2p::client::ClientContext::AddLocalDestination(std::shared_ptr<i2p::client::ClientDestination>) /home/owner/i2pd-build/i2pd/libi2pd_client/ClientContext.cpp:368
    #5 0x562b2d4ff4ad in i2p::client::ClientContext::CreateNewLocalDestination(i2p::data::PrivateKeys const&, bool, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > const*) /home/owner/i2pd-build/i2pd/libi2pd_client/ClientContext.cpp:397
    #6 0x562b2d5074c7 in i2p::client::ClientContext::ReadTunnels(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int&, int&) /home/owner/i2pd-build/i2pd/libi2pd_client/ClientContext.cpp:759
    #7 0x562b2d5023e4 in i2p::client::ClientContext::ReadTunnels() /home/owner/i2pd-build/i2pd/libi2pd_client/ClientContext.cpp:529
    #8 0x562b2d4fa087 in i2p::client::ClientContext::Start() /home/owner/i2pd-build/i2pd/libi2pd_client/ClientContext.cpp:59
    #9 0x562b2ce247b1 in i2p::util::Daemon_Singleton::start() /home/owner/i2pd-build/i2pd/daemon/Daemon.cpp:344
    #10 0x562b2cfb3d92 in i2p::util::DaemonLinux::start() /home/owner/i2pd-build/i2pd/daemon/UnixDaemon.cpp:203
    #11 0x562b2cfb23c8 in main /home/owner/i2pd-build/i2pd/daemon/i2pd.cpp:30
    #12 0x7f2edaf6ed8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)

SUMMARY: AddressSanitizer: heap-use-after-free /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:81 in i2p::stream::Packet::GetNACKCount() const
Shadow bytes around the buggy address:
  0x0c4280135050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280135060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280135070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280135080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280135090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c42801350a0: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
  0x0c42801350b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42801350c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42801350d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42801350e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42801350f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==26108==ABORTING

@ill5-com
Copy link
Author

ill5-com commented Jul 26, 2023
edited

Still occurs with -DWITH_HARDENING=OFF

@diva-exchange
Copy link

Can reproduce also on v2.49.0 within container and eepsite inside or outside container, see build with debug symbols and trace on #1940

@Vort Vort mentioned this issue Dec 30, 2023
Closed
@Vort
Copy link
Contributor

Vort commented Feb 19, 2024

7e3157b commit have related changes. Can anyone check if it fixes this problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@orignal orignal

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Vort @orignal @diva-exchange @ill5-com