AddressSanitizer: heap-use-after-free in i2p::stream::Stream::HandleNextPacket

[ill5-com]

Consistently crashing when eepsite hosted on router is accessed.

CMake flags: cmake -DCMAKE_BUILD_TYPE=Release -DWITH_HARDENING=ON -DWITH_ADDRSANITIZER=ON .

OS Information:

OS: Ubuntu 22.04 jammy
Kernel: x86_64 Linux 5.15.0-78-generic
CPU: AMD Ryzen 9 3900X 12-Core @ 3.793GHz

Crash log:

=================================================================
==12421==ERROR: AddressSanitizer: heap-use-after-free on address 0x6210002fd120 at pc 0x55e1d32ff088 bp 0x7f8a540ed4a0 sp 0x7f8a540ed490
READ of size 1 at 0x6210002fd120 thread T15
    #0 0x55e1d32ff087 in i2p::stream::Stream::HandleNextPacket(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x830087)
    #1 0x55e1d330510a in i2p::stream::StreamingDestination::HandleNextPacket(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x83610a)
    #2 0x55e1d2fc75a0 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x4f85a0)
    #3 0x55e1d2ff8b6d in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) (/home/owner/i2pd/i2pd+0x529b6d)
    #4 0x55e1d306f833 in i2p::garlic::GarlicDestination::HandleECIESx25519GarlicClove(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x5a0833)
    #5 0x55e1d3496847 in i2p::garlic::ECIESX25519AEADRatchetSession::HandlePayload(unsigned char const*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet> const&, int) (/home/owner/i2pd/i2pd+0x9c7847)
    #6 0x55e1d34a0a0f in i2p::garlic::ECIESX25519AEADRatchetSession::HandleExistingSessionMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) (/home/owner/i2pd/i2pd+0x9d1a0f)
    #7 0x55e1d34a11b0 in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNextMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) (/home/owner/i2pd/i2pd+0x9d21b0)
    #8 0x55e1d34a1935 in i2p::garlic::ReceiveRatchetTagSet::HandleNextMessage(unsigned char*, unsigned long, int) (/home/owner/i2pd/i2pd+0x9d2935)
    #9 0x55e1d307338a in i2p::garlic::GarlicDestination::HandleECIESx25519TagMessage(unsigned char*, unsigned long) (/home/owner/i2pd/i2pd+0x5a438a)
    #10 0x55e1d308930d in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) (/home/owner/i2pd/i2pd+0x5ba30d)
    #11 0x55e1d302b833 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x55c833)
    #12 0x55e1d3449f36 in i2p::util::RunnableService::Run() (/home/owner/i2pd/i2pd+0x97af36)
    #13 0x55e1d345634d in std::thread::_State_impl<std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > > >::_M_run() (/home/owner/i2pd/i2pd+0x98734d)
    #14 0x7f8a5eb402b2  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc2b2)
    #15 0x7f8a5e7c7b42  (/lib/x86_64-linux-gnu/libc.so.6+0x94b42)
    #16 0x7f8a5e8599ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

0x6210002fd120 is located 32 bytes inside of 4120-byte region [0x6210002fd100,0x6210002fe118)
freed by thread T15 here:
    #0 0x7f8a5f2c0ce7 in operator delete(void*) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:160
    #1 0x55e1d32c40be in i2p::stream::StreamingDestination::DeleteStream(std::shared_ptr<i2p::stream::Stream>) (/home/owner/i2pd/i2pd+0x7f50be)
    #2 0x55e1d32c8954 in i2p::stream::Stream::Terminate(bool) (/home/owner/i2pd/i2pd+0x7f9954)
    #3 0x55e1d32f3e50 in i2p::stream::Stream::ProcessPacket(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x824e50)
    #4 0x55e1d32fec52 in i2p::stream::Stream::HandleNextPacket(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x82fc52)
    #5 0x55e1d330510a in i2p::stream::StreamingDestination::HandleNextPacket(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x83610a)
    #6 0x55e1d2fc75a0 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x4f85a0)
    #7 0x55e1d2ff8b6d in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) (/home/owner/i2pd/i2pd+0x529b6d)
    #8 0x55e1d306f833 in i2p::garlic::GarlicDestination::HandleECIESx25519GarlicClove(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x5a0833)
    #9 0x55e1d3496847 in i2p::garlic::ECIESX25519AEADRatchetSession::HandlePayload(unsigned char const*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet> const&, int) (/home/owner/i2pd/i2pd+0x9c7847)
    #10 0x55e1d34a0a0f in i2p::garlic::ECIESX25519AEADRatchetSession::HandleExistingSessionMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) (/home/owner/i2pd/i2pd+0x9d1a0f)
    #11 0x55e1d34a11b0 in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNextMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) (/home/owner/i2pd/i2pd+0x9d21b0)
    #12 0x55e1d34a1935 in i2p::garlic::ReceiveRatchetTagSet::HandleNextMessage(unsigned char*, unsigned long, int) (/home/owner/i2pd/i2pd+0x9d2935)
    #13 0x55e1d307338a in i2p::garlic::GarlicDestination::HandleECIESx25519TagMessage(unsigned char*, unsigned long) (/home/owner/i2pd/i2pd+0x5a438a)
    #14 0x55e1d308930d in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) (/home/owner/i2pd/i2pd+0x5ba30d)
    #15 0x55e1d302b833 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x55c833)
    #16 0x55e1d3449f36 in i2p::util::RunnableService::Run() (/home/owner/i2pd/i2pd+0x97af36)
    #17 0x55e1d345634d in std::thread::_State_impl<std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > > >::_M_run() (/home/owner/i2pd/i2pd+0x98734d)
    #18 0x7f8a5eb402b2  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc2b2)

previously allocated by thread T15 here:
    #0 0x7f8a5f2c01c7 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
    #1 0x55e1d330a111 in i2p::stream::StreamingDestination::HandleDataMessagePayload(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x83b111)
    #2 0x55e1d2fc75a0 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) (/home/owner/i2pd/i2pd+0x4f85a0)
    #3 0x55e1d2ff8b6d in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) (/home/owner/i2pd/i2pd+0x529b6d)
    #4 0x55e1d306de1a in i2p::garlic::GarlicDestination::HandleGarlicPayload(unsigned char*, unsigned long, std::shared_ptr<i2p::tunnel::InboundTunnel>) (/home/owner/i2pd/i2pd+0x59ee1a)
    #5 0x55e1d3074e1c in i2p::garlic::GarlicDestination::HandleAESBlock(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::AESDecryption>, std::shared_ptr<i2p::tunnel::InboundTunnel>) (/home/owner/i2pd/i2pd+0x5a5e1c)
    #6 0x55e1d308a076 in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) (/home/owner/i2pd/i2pd+0x5bb076)
    #7 0x55e1d302b833 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x55c833)
    #8 0x55e1d3449f36 in i2p::util::RunnableService::Run() (/home/owner/i2pd/i2pd+0x97af36)
    #9 0x55e1d345634d in std::thread::_State_impl<std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > > >::_M_run() (/home/owner/i2pd/i2pd+0x98734d)
    #10 0x7f8a5eb402b2  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc2b2)

Thread T15 created by T0 here:
    #0 0x7f8a5f262685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7f8a5eb40388 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc388)
    #2 0x55e1d36b591d in i2p::client::ClientContext::AddLocalDestination(std::shared_ptr<i2p::client::ClientDestination>) (/home/owner/i2pd/i2pd+0xbe691d)
    #3 0x55e1d36b9605 in i2p::client::ClientContext::CreateNewLocalDestination(i2p::data::PrivateKeys const&, bool, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > const*) (/home/owner/i2pd/i2pd+0xbea605)
    #4 0x55e1d36d6bfa in i2p::client::ClientContext::ReadTunnels(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int&, int&) (/home/owner/i2pd/i2pd+0xc07bfa)
    #5 0x55e1d36d98de in i2p::client::ClientContext::ReadTunnels() (/home/owner/i2pd/i2pd+0xc0a8de)
    #6 0x55e1d36db149 in i2p::client::ClientContext::Start() (/home/owner/i2pd/i2pd+0xc0c149)
    #7 0x55e1d2d3b1ec in i2p::util::Daemon_Singleton::start() (/home/owner/i2pd/i2pd+0x26c1ec)
    #8 0x55e1d2f3fbd4 in i2p::util::DaemonLinux::start() (/home/owner/i2pd/i2pd+0x470bd4)
    #9 0x55e1d2cc4045 in main (/home/owner/i2pd/i2pd+0x1f5045)
    #10 0x7f8a5e75cd8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)

SUMMARY: AddressSanitizer: heap-use-after-free (/home/owner/i2pd/i2pd+0x830087) in i2p::stream::Stream::HandleNextPacket(i2p::stream::Packet*)
Shadow bytes around the buggy address:
  0x0c42800579d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c42800579e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c42800579f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280057a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280057a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4280057a20: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280057a30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280057a40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280057a50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280057a60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280057a70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==12421==ABORTING

[ill5-com]

Switched to debug build, trace is a little different due to no inlining (I'm guessing here). Occurs upon eepsite access still.

=================================================================
==26108==ERROR: AddressSanitizer: heap-use-after-free on address 0x6210009e8520 at pc 0x562b2d249a81 bp 0x7f2ecf8ecd70 sp 0x7f2ecf8ecd60
READ of size 1 at 0x6210009e8520 thread T17
    #0 0x562b2d249a80 in i2p::stream::Packet::GetNACKCount() const /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:81
    #1 0x562b2d249afe in i2p::stream::Packet::GetOption() const /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:84
    #2 0x562b2d249b2f in i2p::stream::Packet::GetFlags() const /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:85
    #3 0x562b2d249bd9 in i2p::stream::Packet::IsSYN() const /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:90
    #4 0x562b2d227af2 in i2p::stream::Stream::HandleNextPacket(i2p::stream::Packet*) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:199
    #5 0x562b2d237a3d in i2p::stream::StreamingDestination::HandleNextPacket(i2p::stream::Packet*) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1194
    #6 0x562b2d23ba3a in i2p::stream::StreamingDestination::HandleDataMessagePayload(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1441
    #7 0x562b2d016537 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:1090
    #8 0x562b2d008580 in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:367
    #9 0x562b2d09e43b in i2p::garlic::GarlicDestination::HandleECIESx25519GarlicClove(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:1052
    #10 0x562b2d37c172 in i2p::garlic::ECIESX25519AEADRatchetSession::HandlePayload(unsigned char const*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet> const&, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:314
    #11 0x562b2d38101e in i2p::garlic::ECIESX25519AEADRatchetSession::HandleExistingSessionMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:738
    #12 0x562b2d38166d in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNextMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:786
    #13 0x562b2d379eee in i2p::garlic::ReceiveRatchetTagSet::HandleNextMessage(unsigned char*, unsigned long, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:117
    #14 0x562b2d097b6a in i2p::garlic::GarlicDestination::HandleECIESx25519TagMessage(unsigned char*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:591
    #15 0x562b2d096597 in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:507
    #16 0x562b2d07d17d in void std::__invoke_impl<void, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(std::__invoke_memfun_deref, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x58417d)
    #17 0x562b2d07be7e in std::__invoke_result<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>::type std::__invoke<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x582e7e)
    #18 0x562b2d07a5e8 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::__call<void, , 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/11/functional:420
    #19 0x562b2d078b54 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::operator()<, void>() /usr/include/c++/11/functional:503
    #20 0x562b2d075911 in void boost::asio::asio_handler_invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, ...) /usr/include/boost/asio/handler_invoke_hook.hpp:88
    #21 0x562b2d0722d3 in void boost_asio_handler_invoke_helpers::invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x5792d3)
    #22 0x562b2d06bcdf in void boost::asio::detail::handler_work<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u>, void>::complete<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x572cdf)
    #23 0x562b2d063425 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x56a425)
    #24 0x562b2ce837ae in boost::asio::detail::scheduler_operation::complete(void*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/scheduler_operation.hpp:40
    #25 0x562b2ce8df28 in boost::asio::detail::scheduler::do_run_one(boost::asio::detail::conditionally_enabled_mutex::scoped_lock&, boost::asio::detail::scheduler_thread_info&, boost::system::error_code const&) /usr/include/boost/asio/detail/impl/scheduler.ipp:481
    #26 0x562b2ce8d2be in boost::asio::detail::scheduler::run(boost::system::error_code&) /usr/include/boost/asio/detail/impl/scheduler.ipp:204
    #27 0x562b2ce8e713 in boost::asio::io_context::run() /usr/include/boost/asio/impl/io_context.ipp:63
    #28 0x562b2d34e516 in i2p::util::RunnableService::Run() /home/owner/i2pd-build/i2pd/libi2pd/util.cpp:154
    #29 0x562b2d35de5b in void std::__invoke_impl<void, void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>(std::__invoke_memfun_deref, void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&) /usr/include/c++/11/bits/invoke.h:74
    #30 0x562b2d35dcb8 in std::__invoke_result<void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>::type std::__invoke<void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>(void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&) /usr/include/c++/11/bits/invoke.h:96
    #31 0x562b2d35dbf8 in void std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/11/functional:420
    #32 0x562b2d35daea in void std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>::operator()<, void>() /usr/include/c++/11/functional:503
    #33 0x562b2d35da31 in void std::__invoke_impl<void, std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>(std::__invoke_other, std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>&&) /usr/include/c++/11/bits/invoke.h:61
    #34 0x562b2d35d9ec in std::__invoke_result<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>::type std::__invoke<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>(std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>&&) /usr/include/c++/11/bits/invoke.h:96
    #35 0x562b2d35d98d in void std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/include/c++/11/bits/std_thread.h:253
    #36 0x562b2d35d95d in std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > >::operator()() /usr/include/c++/11/bits/std_thread.h:260
    #37 0x562b2d35d93d in std::thread::_State_impl<std::thread::_Invoker<std::tuple<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()> > > >::_M_run() /usr/include/c++/11/bits/std_thread.h:211
    #38 0x7f2edb3522b2  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc2b2)
    #39 0x7f2edafd9b42  (/lib/x86_64-linux-gnu/libc.so.6+0x94b42)
    #40 0x7f2edb06b9ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

0x6210009e8520 is located 32 bytes inside of 4120-byte region [0x6210009e8500,0x6210009e9518)
freed by thread T17 here:
    #0 0x7f2edbad2ce7 in operator delete(void*) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:160
    #1 0x562b2d2614d5 in i2p::util::MemoryPool<i2p::stream::Packet>::CleanUp(i2p::stream::Packet*) (/home/owner/i2pd/i2pd+0x7684d5)
    #2 0x562b2d25ac78 in i2p::util::MemoryPool<i2p::stream::Packet>::CleanUp() /home/owner/i2pd-build/i2pd/libi2pd/util.h:59
    #3 0x562b2d239859 in i2p::stream::StreamingDestination::DeleteStream(std::shared_ptr<i2p::stream::Stream>) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1337
    #4 0x562b2d22674e in i2p::stream::Stream::Terminate(bool) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:113
    #5 0x562b2d228995 in i2p::stream::Stream::ProcessPacket(i2p::stream::Packet*) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:280
    #6 0x562b2d22749a in i2p::stream::Stream::HandleNextPacket(i2p::stream::Packet*) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:169
    #7 0x562b2d237a3d in i2p::stream::StreamingDestination::HandleNextPacket(i2p::stream::Packet*) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1194
    #8 0x562b2d23ba3a in i2p::stream::StreamingDestination::HandleDataMessagePayload(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1441
    #9 0x562b2d016537 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:1090
    #10 0x562b2d008580 in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:367
    #11 0x562b2d09e43b in i2p::garlic::GarlicDestination::HandleECIESx25519GarlicClove(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:1052
    #12 0x562b2d37c172 in i2p::garlic::ECIESX25519AEADRatchetSession::HandlePayload(unsigned char const*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet> const&, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:314
    #13 0x562b2d38101e in i2p::garlic::ECIESX25519AEADRatchetSession::HandleExistingSessionMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:738
    #14 0x562b2d38166d in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNextMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:786
    #15 0x562b2d379eee in i2p::garlic::ReceiveRatchetTagSet::HandleNextMessage(unsigned char*, unsigned long, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:117
    #16 0x562b2d097b6a in i2p::garlic::GarlicDestination::HandleECIESx25519TagMessage(unsigned char*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:591
    #17 0x562b2d096597 in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:507
    #18 0x562b2d07d17d in void std::__invoke_impl<void, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(std::__invoke_memfun_deref, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x58417d)
    #19 0x562b2d07be7e in std::__invoke_result<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>::type std::__invoke<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x582e7e)
    #20 0x562b2d07a5e8 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::__call<void, , 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/11/functional:420
    #21 0x562b2d078b54 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::operator()<, void>() /usr/include/c++/11/functional:503
    #22 0x562b2d075911 in void boost::asio::asio_handler_invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, ...) /usr/include/boost/asio/handler_invoke_hook.hpp:88
    #23 0x562b2d0722d3 in void boost_asio_handler_invoke_helpers::invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x5792d3)
    #24 0x562b2d06bcdf in void boost::asio::detail::handler_work<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u>, void>::complete<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x572cdf)
    #25 0x562b2d063425 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x56a425)
    #26 0x562b2ce837ae in boost::asio::detail::scheduler_operation::complete(void*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/scheduler_operation.hpp:40
    #27 0x562b2ce8df28 in boost::asio::detail::scheduler::do_run_one(boost::asio::detail::conditionally_enabled_mutex::scoped_lock&, boost::asio::detail::scheduler_thread_info&, boost::system::error_code const&) /usr/include/boost/asio/detail/impl/scheduler.ipp:481
    #28 0x562b2ce8d2be in boost::asio::detail::scheduler::run(boost::system::error_code&) /usr/include/boost/asio/detail/impl/scheduler.ipp:204
    #29 0x562b2ce8e713 in boost::asio::io_context::run() /usr/include/boost/asio/impl/io_context.ipp:63

previously allocated by thread T17 here:
    #0 0x7f2edbad21c7 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
    #1 0x562b2d24bbc9 in i2p::stream::Packet* i2p::util::MemoryPool<i2p::stream::Packet>::Acquire<>() /home/owner/i2pd-build/i2pd/libi2pd/util.h:66
    #2 0x562b2d24a543 in i2p::stream::StreamingDestination::NewPacket() /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:292
    #3 0x562b2d23b995 in i2p::stream::StreamingDestination::HandleDataMessagePayload(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Streaming.cpp:1437
    #4 0x562b2d016537 in i2p::client::ClientDestination::HandleDataMessage(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:1090
    #5 0x562b2d008580 in i2p::client::LeaseSetDestination::HandleCloveI2NPMessage(i2p::I2NPMessageType, unsigned char const*, unsigned long, unsigned int) /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:367
    #6 0x562b2d09e43b in i2p::garlic::GarlicDestination::HandleECIESx25519GarlicClove(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:1052
    #7 0x562b2d37c172 in i2p::garlic::ECIESX25519AEADRatchetSession::HandlePayload(unsigned char const*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet> const&, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:314
    #8 0x562b2d37bc30 in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNewIncomingSession(unsigned char const*, unsigned long) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:290
    #9 0x562b2d38169f in i2p::garlic::ECIESX25519AEADRatchetSession::HandleNextMessage(unsigned char*, unsigned long, std::shared_ptr<i2p::garlic::ReceiveRatchetTagSet>, int) /home/owner/i2pd-build/i2pd/libi2pd/ECIESX25519AEADRatchetSession.cpp:788
    #10 0x562b2d09705a in i2p::garlic::GarlicDestination::HandleGarlicMessage(std::shared_ptr<i2p::I2NPMessage>) /home/owner/i2pd-build/i2pd/libi2pd/Garlic.cpp:548
    #11 0x562b2d07d17d in void std::__invoke_impl<void, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(std::__invoke_memfun_deref, void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x58417d)
    #12 0x562b2d07be7e in std::__invoke_result<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>::type std::__invoke<void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&>(void (i2p::garlic::GarlicDestination::*&)(std::shared_ptr<i2p::I2NPMessage>), std::shared_ptr<i2p::client::LeaseSetDestination>&, std::shared_ptr<i2p::I2NPMessage>&) (/home/owner/i2pd/i2pd+0x582e7e)
    #13 0x562b2d07a5e8 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::__call<void, , 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/11/functional:420
    #14 0x562b2d078b54 in void std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>::operator()<, void>() /usr/include/c++/11/functional:503
    #15 0x562b2d075911 in void boost::asio::asio_handler_invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, ...) /usr/include/boost/asio/handler_invoke_hook.hpp:88
    #16 0x562b2d0722d3 in void boost_asio_handler_invoke_helpers::invoke<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x5792d3)
    #17 0x562b2d06bcdf in void boost::asio::detail::handler_work<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u>, void>::complete<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)> >(std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&, std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>&) (/home/owner/i2pd/i2pd+0x572cdf)
    #18 0x562b2d063425 in boost::asio::detail::completion_handler<std::_Bind<void (i2p::garlic::GarlicDestination::*(std::shared_ptr<i2p::client::LeaseSetDestination>, std::shared_ptr<i2p::I2NPMessage>))(std::shared_ptr<i2p::I2NPMessage>)>, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0u> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) (/home/owner/i2pd/i2pd+0x56a425)
    #19 0x562b2ce837ae in boost::asio::detail::scheduler_operation::complete(void*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/scheduler_operation.hpp:40
    #20 0x562b2ce8df28 in boost::asio::detail::scheduler::do_run_one(boost::asio::detail::conditionally_enabled_mutex::scoped_lock&, boost::asio::detail::scheduler_thread_info&, boost::system::error_code const&) /usr/include/boost/asio/detail/impl/scheduler.ipp:481
    #21 0x562b2ce8d2be in boost::asio::detail::scheduler::run(boost::system::error_code&) /usr/include/boost/asio/detail/impl/scheduler.ipp:204
    #22 0x562b2ce8e713 in boost::asio::io_context::run() /usr/include/boost/asio/impl/io_context.ipp:63
    #23 0x562b2d34e516 in i2p::util::RunnableService::Run() /home/owner/i2pd-build/i2pd/libi2pd/util.cpp:154
    #24 0x562b2d35de5b in void std::__invoke_impl<void, void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>(std::__invoke_memfun_deref, void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&) /usr/include/c++/11/bits/invoke.h:74
    #25 0x562b2d35dcb8 in std::__invoke_result<void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>::type std::__invoke<void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&>(void (i2p::util::RunnableService::*&)(), i2p::util::RunnableService*&) /usr/include/c++/11/bits/invoke.h:96
    #26 0x562b2d35dbf8 in void std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/11/functional:420
    #27 0x562b2d35daea in void std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>::operator()<, void>() /usr/include/c++/11/functional:503
    #28 0x562b2d35da31 in void std::__invoke_impl<void, std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>(std::__invoke_other, std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>&&) /usr/include/c++/11/bits/invoke.h:61
    #29 0x562b2d35d9ec in std::__invoke_result<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>::type std::__invoke<std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>>(std::_Bind<void (i2p::util::RunnableService::*(i2p::util::RunnableService*))()>&&) /usr/include/c++/11/bits/invoke.h:96

Thread T17 created by T0 here:
    #0 0x7f2edba74685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7f2edb352388 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc388)
    #2 0x562b2d34e2ce in i2p::util::RunnableService::StartIOService() /home/owner/i2pd-build/i2pd/libi2pd/util.cpp:128
    #3 0x562b2d01c0d8 in i2p::client::RunnableClientDestination::Start() /home/owner/i2pd-build/i2pd/libi2pd/Destination.cpp:1452
    #4 0x562b2d4feba0 in i2p::client::ClientContext::AddLocalDestination(std::shared_ptr<i2p::client::ClientDestination>) /home/owner/i2pd-build/i2pd/libi2pd_client/ClientContext.cpp:368
    #5 0x562b2d4ff4ad in i2p::client::ClientContext::CreateNewLocalDestination(i2p::data::PrivateKeys const&, bool, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > const*) /home/owner/i2pd-build/i2pd/libi2pd_client/ClientContext.cpp:397
    #6 0x562b2d5074c7 in i2p::client::ClientContext::ReadTunnels(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int&, int&) /home/owner/i2pd-build/i2pd/libi2pd_client/ClientContext.cpp:759
    #7 0x562b2d5023e4 in i2p::client::ClientContext::ReadTunnels() /home/owner/i2pd-build/i2pd/libi2pd_client/ClientContext.cpp:529
    #8 0x562b2d4fa087 in i2p::client::ClientContext::Start() /home/owner/i2pd-build/i2pd/libi2pd_client/ClientContext.cpp:59
    #9 0x562b2ce247b1 in i2p::util::Daemon_Singleton::start() /home/owner/i2pd-build/i2pd/daemon/Daemon.cpp:344
    #10 0x562b2cfb3d92 in i2p::util::DaemonLinux::start() /home/owner/i2pd-build/i2pd/daemon/UnixDaemon.cpp:203
    #11 0x562b2cfb23c8 in main /home/owner/i2pd-build/i2pd/daemon/i2pd.cpp:30
    #12 0x7f2edaf6ed8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)

SUMMARY: AddressSanitizer: heap-use-after-free /home/owner/i2pd-build/i2pd/libi2pd/Streaming.h:81 in i2p::stream::Packet::GetNACKCount() const
Shadow bytes around the buggy address:
  0x0c4280135050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280135060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280135070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280135080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4280135090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c42801350a0: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
  0x0c42801350b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42801350c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42801350d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42801350e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c42801350f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==26108==ABORTING

[ill5-com]

Still occurs with -DWITH_HARDENING=OFF

[diva-exchange]

Can reproduce also on v2.49.0 within container and eepsite inside or outside container, see build with debug symbols and trace on #1940

[Vort]

7e3157b162b644e8624aaea1057fb712052c4761 commit have related changes. Can anyone check if it fixes this problem?