skalenetwork / skaled

Running more than 20 production blockchains, SKALED is Ethereum-compatible, high performance C++ Proof-of-Stake client, tools and libraries. Uses SKALE consensus as a blockchain consensus core. Includes dynamic Oracle. Implements file storage and retrieval as an EVM extension.
https://skale.network
GNU General Public License v3.0
84 stars 40 forks source link

SIGSEGV in skaled on ws peer unregister (un-ddos) #474

Closed sync-by-unito[bot] closed 3 years ago

sync-by-unito[bot] commented 3 years ago

skaled-sdk 3.5.2-develop.0 and cats on WebSockets

┆Issue is synchronized with this Jira Bug

sync-by-unito[bot] commented 3 years ago

➤ Automation for Jira commented:

Corresponding Pull Request https://github.com/skalenetwork/skaled/pull/476

sync-by-unito[bot] commented 3 years ago

➤ Dima Litvinov commented:

Probably, this could be symptom of the same problem. Sergiy Lavrynenko could you please have a quick look?

2021-02-16 16:55:43.245965 TRACEPOINT import_block 5615 2021-02-16 16:55:43.246732 Paying 3.522 finney from sender for gas (352265 gas at 10 Gwei) 2021-02-16 16:55:43.348307 Try to delete non existing key #00000000… 2021-02-16 16:55:43.348814 Try to delete non existing key #00000000…() 2021-02-16 16:55:43.353866 Post state changed. 2021-02-16 16:55:43.353932 Processed 1 transactions in 107(true) 2021-02-16 16:55:43.353996 Rejigging seal engine... 2021-02-16 16:55:43.354029 Starting to seal block #5615 2021-02-16 16:55:43.355324 Post-reward stateRoot: is not calculated in Skale state 2021-02-16 16:55:43.355386 --- Cache --- . a324817c935954636128693e464bd76cafb3592f: 12 #:1002276142000000000000 @: $c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

2021-02-16 16:55:43.357361 Block sealed #5615 2021-02-16 16:55:43.360280 Imported and best 0 (#5615). Has 0 siblings. Route: [c3662407f51528bb1dd56c6c859ed53216d9390482d87fddb960d8cea433fa0b,e0b4cef80f046d8c2dea02469b423443d65f1119bee2ef65a29d7ae09a701af0] 2021-02-16 16:55:43.361062 Insterted block with 1 transactions 2021-02-16 16:55:43.362206 Post state changed. 2021-02-16 16:55:43.362281 noteChanged: {chain} 2021-02-16 16:55:43.362333 Block timestamp: 1613494542 2021-02-16 16:55:43.362912 Successfully imported 1 of 1 transactions

2021-02-16 16:55:43.362966 sent_to_consensus = 52 got_from_consensus = 49 m_transaction_cache = 0 m_tq = 0 m_bcast_counter = 49 2021-02-16 16:55:43.366033 TRACEPOINT fetch_transactions 5617 2021-02-16 16:55:43.466343 TRACEPOINT drop_bad_transactions 5617 2021-02-16 16:55:43.589424 http://37.53.74.180:53666 >>> {"id":6,"jsonrpc":"2.0","method":"eth_getTransactionReceipt","params":["0x16c5588f6eab7193e13dc1461002df7a23237819921afffcf1c428057f00d03a"]} 2021-02-16 16:55:43.601151 http://37.53.74.180:53666 <<< {"id":6,"jsonrpc":"2.0","result":{"blockHash":"0xe0b4cef80f046d8c2dea02469b423443d65f1119bee2ef65a29d7ae09a701af0","blockNumber":"0x15ef","contractAddress":null,"cumulativeGasUsed":"0x44090","from":"0xa324817c935954636128693e464bd76cafb3592f","gasUsed":"0x44090","logs":[{"address":"0xd3cdbc1b727b2ed91b8ad21333841d2e96f255af","blockHash":"0xe0b4cef80f046d8c2dea02469b423443d65f1119bee2ef65a29d7ae09a701af0","blockNumber":"0x15ef","data":"0x000000000000000000000000000000000000000000000000002386f26fc10000","logIndex":"0x0","polarity":false,"topics":["0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef","0x000000000000000000000000a324817c935954636128693e464bd76cafb3592f","0x0000000000000000000000000000000000000000000000000000000000000000"],"transactionHash":"0x16c5588f6eab7193e13dc1461002df7a23237819921afffcf1c428057f00d03a","transactionIndex":"0x0","type":"mined"},{"address":"0x427c74e358eb1f620e71f64afc9b1b5d2309dd01","blockHash":"0xe0b4cef80f046d8c2dea02469b423443d65f1119bee2ef65a29d7ae09a701af0","blockNumber":"0x15ef","data":"0x00000000000000000000000000000000000000000000000000000000000000c00000000000000000000000006bef2391669bd70aa167593a4542f794b2513abf000000000000000000000000a324817c935954636128693e464bd76cafb3592f000000000000000000000000000000000000000000000000002386f26fc100000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000074d61696e6e65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000000000000000000000000000000000000000","logIndex":"0x1","polarity":false,"topics":["0xa701ebe76260cb49bb2dc03cf8cf6dacbc4c59a5d615c4db34a7dfdf36e6b6dc","0x8d646f556e5d9d6f1edcf7a39b77f5ac253776eb34efcfd688aacbee518efc26","0x000000000000000000000000000000000000000000000000000000000000000b","0x00000000000000000000000057ad607c6e90df7d7f158985c3e436007a15d744"],"transactionHash":"0x16c5588f6eab7193e13dc1461002df7a23237819921afffcf1c428057f00d03a","transactionIndex":"0x0","type":"mined"}],"logsBloom":"0x00000000000000100000004000000000000000000000000000000800000000000000000000000000000000000400000000000200000000000000000000000000000000000040000000100008000000001000000000000000000000000000000000000000020000400000000080000800000000000000000000000010040000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000002001008000000000000000000000000000000000002001000000800000000000000002000000000000000020000000020000000000000000000000000000000000000000000000000050000000000000000","status":"0x1","to":"0x57ad607c6e90df7d7f158985c3e436007a15d744","transactionHash":"0x16c5588f6eab7193e13dc1461002df7a23237819921afffcf1c428057f00d03a","transactionIndex":"0x0"}} [2021-02-16 16:55:44.008] [15:main] [info] 5615:BIN_CONSENSUS_START: PROPOSING: 1011111010011101

==1==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e000022da0 at pc 0x563c9f398fc1 bp 0x7f03c53a2130 sp 0x7f03c53a2120 WRITE of size 8 at 0x60e000022da0 thread T87

0 0x563c9f398fc0 in skutils::dispatch::loop::pending_timer_init() /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:430

#1 0x563c9f3991ba in skutils::dispatch::loop::on_idle() /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:450
#2 0x563c9f39800f in operator() /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:310
#3 0x563c9f39802f in _FUN /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:311
#4 0x563c9f5b7257 in uv__run_idle src/unix/loop-watcher.c:68
#5 0x563c9f5b4049 in uv_run src/unix/core.c:378
#6 0x563c9f3986a5 in skutils::dispatch::loop::run() /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:353
#7 0x563c9f3b260b in operator() /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:1663
#8 0x563c9f3b4f54 in __invoke_impl<void, skutils::dispatch::domain::get_loop()::<lambda()> > /usr/include/c++/7/bits/invoke.h:60
#9 0x563c9f3b3d3e in __invoke<skutils::dispatch::domain::get_loop()::<lambda()> > /usr/include/c++/7/bits/invoke.h:95
#10 0x563c9f3b708d in _M_invoke<0> /usr/include/c++/7/thread:234
#11 0x563c9f3b705e in operator() /usr/include/c++/7/thread:243
#12 0x563c9f3b703d in _M_run /usr/include/c++/7/thread:186
#13 0x7f03f23686de  (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbd6de)
#14 0x7f03f2a5c6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#15 0x7f03f1a2571e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12171e)

0x60e000022da0 is located 0 bytes inside of 152-byte region [0x60e000022da0,0x60e000022e38) freed by thread T1 (61400001e040-15) here:

0 0x7f03f2f577a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)

#1 0x563c9f39969b in skutils::dispatch::loop::job_data_t::~job_data_t() /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:508
#2 0x563c9f39973d in skutils::dispatch::loop::job_data_t::~job_data_t() /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:516
#3 0x563c9f0ca500 in skutils::ref_retain_release::ref_destroy() /home/runner/work/skaled/skaled/libskutils/include/skutils/atomic_shared_ptr.h:65
#4 0x563c9f0cabb6 in skutils::ref_retain_release::ref_release() /home/runner/work/skaled/skaled/libskutils/include/skutils/atomic_shared_ptr.h:101
#5 0x563c9f3c2a6d in skutils::retain_release_ptr<skutils::dispatch::loop::job_data_t, skutils::dispatch::dispatch_shared_traits<skutils::dispatch::loop::job_data_t> >::ref_release() /home/runner/work/skaled/skaled/libskutils/include/skutils/atomic_shared_ptr.h:162
#6 0x563c9f3bdb57 in skutils::retain_release_ptr<skutils::dispatch::loop::job_data_t, skutils::dispatch::dispatch_shared_traits<skutils::dispatch::loop::job_data_t> >::assign(skutils::dispatch::loop::job_data_t const*) /home/runner/work/skaled/skaled/libskutils/include/skutils/atomic_shared_ptr.h:183
#7 0x563c9f3c2d4e in skutils::retain_release_ptr<skutils::dispatch::loop::job_data_t, skutils::dispatch::dispatch_shared_traits<skutils::dispatch::loop::job_data_t> >::reset(skutils::dispatch::loop::job_data_t*) /home/runner/work/skaled/skaled/libskutils/include/skutils/atomic_shared_ptr.h:225
#8 0x563c9f3bdc5e in skutils::retain_release_ptr<skutils::dispatch::loop::job_data_t, skutils::dispatch::dispatch_shared_traits<skutils::dispatch::loop::job_data_t> >::clear() /home/runner/work/skaled/skaled/libskutils/include/skutils/atomic_shared_ptr.h:203
#9 0x563c9f3b9cf2 in skutils::retain_release_ptr<skutils::dispatch::loop::job_data_t, skutils::dispatch::dispatch_shared_traits<skutils::dispatch::loop::job_data_t> >::~retain_release_ptr() /home/runner/work/skaled/skaled/libskutils/include/skutils/atomic_shared_ptr.h:224
#10 0x563c9f39ad2c in skutils::dispatch::loop::impl_job_remove(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:646
#11 0x563c9f39bb01 in skutils::dispatch::loop::job_remove(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:692
#12 0x563c9f3974c2 in skutils::dispatch::stop(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:207
#13 0x563c9e6cabf9 in dev::tracking::pending_ima_txns::tracking_stop() /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:464
#14 0x563c9e6ca145 in dev::tracking::pending_ima_txns::tracking_auto_start_stop() /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:432
#15 0x563c9e6bbf08 in dev::tracking::pending_ima_txns::on_txn_erase(dev::tracking::txn_entry const&, bool) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:304
#16 0x563c9e6bb643 in dev::tracking::pending_ima_txns::erase(boost::multiprecision::number<boost::multiprecision::backends::cpp_int_backend<256u, 256u, (boost::multiprecision::cpp_integer_type)0, (boost::multiprecision::cpp_int_check_type)0, void>, (boost::multiprecision::expression_template_option)0>, bool) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:277
#17 0x563c9e6bb13f in dev::tracking::pending_ima_txns::erase(dev::tracking::txn_entry&, bool) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:266
#18 0x563c9e73ff4c in dev::rpc::SkaleStats::skale_imaBroadcastTxnErase(Json::Value const&) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:2655
#19 0x563c9e76a37f in dev::rpc::SkaleStatsFace::skale_imaBroadcastTxnEraseI(Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStatsFace.h:73
#20 0x563c9dfdff11 in ModularServer<dev::rpc::SkaleStats, dev::rpc::NetFace, dev::rpc::Web3Face, dev::rpc::PersonalFace, dev::rpc::AdminEthFace, dev::rpc::DebugFace, dev::rpc::SkaleDebug, dev::rpc::TestFace>::HandleMethodCall(jsonrpc::Procedure&, Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/ModularServer.h:165
#21 0x563c9dfdf460 in ModularServer<dev::rpc::SkaleFace, dev::rpc::SkaleStats, dev::rpc::NetFace, dev::rpc::Web3Face, dev::rpc::PersonalFace, dev::rpc::AdminEthFace, dev::rpc::DebugFace, dev::rpc::SkaleDebug, dev::rpc::TestFace>::HandleMethodCall(jsonrpc::Procedure&, Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/ModularServer.h:171
#22 0x563c9dfde726 in ModularServer<dev::rpc::EthFace, dev::rpc::SkaleFace, dev::rpc::SkaleStats, dev::rpc::NetFace, dev::rpc::Web3Face, dev::rpc::PersonalFace, dev::rpc::AdminEthFace, dev::rpc::DebugFace, dev::rpc::SkaleDebug, dev::rpc::TestFace>::HandleMethodCall(jsonrpc::Procedure&, Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/ModularServer.h:171
#23 0x563c9f336ad0 in jsonrpc::AbstractProtocolHandler::ProcessRequest(Json::Value const&, Json::Value&) (/skaled/skaled+0x2d8bad0)

previously allocated by thread T11 (61400001e040-12) here:

0 0x7f03f2f57d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)

#1 0x563c9f399494 in skutils::dispatch::loop::job_data_t::job_data_t(skutils::retain_release_ptr<skutils::dispatch::loop, skutils::dispatch::dispatch_shared_traits<skutils::dispatch::loop> >) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:493
#2 0x563c9f39a667 in skutils::dispatch::loop::impl_job_add(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()>, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:628
#3 0x563c9f39bf70 in skutils::dispatch::loop::job_add(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()>, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:708
#4 0x563c9f3b35d6 in job_add<skutils::dispatch::queue::impl_job_add(skutils::dispatch::job_t, skutils::dispatch::duration_t, skutils::dispatch::duration_t, skutils::dispatch::job_id_t*)::<lambda()> > /home/runner/work/skaled/skaled/libskutils/include/skutils/dispatch.h:470
#5 0x563c9f39dac3 in skutils::dispatch::queue::impl_job_add(std::function<void ()>, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:912
#6 0x563c9f39fab0 in skutils::dispatch::queue::job_add_periodic(std::function<void ()>, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:1089
#7 0x563c9f396f04 in skutils::dispatch::repeat(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()>, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:198
#8 0x563c9e764545 in repeat<dev::tracking::pending_ima_txns::tracking_start()::<lambda()> > /home/runner/work/skaled/skaled/libskutils/include/skutils/dispatch.h:283
#9 0x563c9e6ca9c6 in dev::tracking::pending_ima_txns::tracking_start() /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:442
#10 0x563c9e6ca156 in dev::tracking::pending_ima_txns::tracking_auto_start_stop() /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:434
#11 0x563c9e6bbe7e in dev::tracking::pending_ima_txns::on_txn_insert(dev::tracking::txn_entry const&, bool) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:299
#12 0x563c9e6bad94 in dev::tracking::pending_ima_txns::insert(dev::tracking::txn_entry&, bool) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:256
#13 0x563c9e7397ee in dev::rpc::SkaleStats::skale_imaBroadcastTxnInsert(Json::Value const&) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:2606
#14 0x563c9e76a15b in dev::rpc::SkaleStatsFace::skale_imaBroadcastTxnInsertI(Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStatsFace.h:69
#15 0x563c9dfdff11 in ModularServer<dev::rpc::SkaleStats, dev::rpc::NetFace, dev::rpc::Web3Face, dev::rpc::PersonalFace, dev::rpc::AdminEthFace, dev::rpc::DebugFace, dev::rpc::SkaleDebug, dev::rpc::TestFace>::HandleMethodCall(jsonrpc::Procedure&, Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/ModularServer.h:165
#16 0x563c9dfdf460 in ModularServer<dev::rpc::SkaleFace, dev::rpc::SkaleStats, dev::rpc::NetFace, dev::rpc::Web3Face, dev::rpc::PersonalFace, dev::rpc::AdminEthFace, dev::rpc::DebugFace, dev::rpc::SkaleDebug, dev::rpc::TestFace>::HandleMethodCall(jsonrpc::Procedure&, Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/ModularServer.h:171
#17 0x563c9dfde726 in ModularServer<dev::rpc::EthFace, dev::rpc::SkaleFace, dev::rpc::SkaleStats, dev::rpc::NetFace, dev::rpc::Web3Face, dev::rpc::PersonalFace, dev::rpc::AdminEthFace, dev::rpc::DebugFace, dev::rpc::SkaleDebug, dev::rpc::TestFace>::HandleMethodCall(jsonrpc::Procedure&, Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/ModularServer.h:171
#18 0x563c9f336ad0 in jsonrpc::AbstractProtocolHandler::ProcessRequest(Json::Value const&, Json::Value&) (/skaled/skaled+0x2d8bad0)

Thread T87 created by T16 (x61400001e040-2) here:

0 0x7f03f2eb0d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)

#1 0x7f03f2368994 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbd994)
#2 0x563c9f3b28e5 in skutils::dispatch::domain::get_loop() /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:1663
#3 0x563c9f39d930 in skutils::dispatch::queue::impl_job_add(std::function<void ()>, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:905
#4 0x563c9f39fab0 in skutils::dispatch::queue::job_add_periodic(std::function<void ()>, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:1089
#5 0x563c9f396f04 in skutils::dispatch::repeat(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()>, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:198
#6 0x563c9e764545 in repeat<dev::tracking::pending_ima_txns::tracking_start()::<lambda()> > /home/runner/work/skaled/skaled/libskutils/include/skutils/dispatch.h:283
#7 0x563c9e6ca9c6 in dev::tracking::pending_ima_txns::tracking_start() /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:442
#8 0x563c9e6ca156 in dev::tracking::pending_ima_txns::tracking_auto_start_stop() /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:434
#9 0x563c9e6bbe7e in dev::tracking::pending_ima_txns::on_txn_insert(dev::tracking::txn_entry const&, bool) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:299
#10 0x563c9e6bad94 in dev::tracking::pending_ima_txns::insert(dev::tracking::txn_entry&, bool) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:256
#11 0x563c9e7397ee in dev::rpc::SkaleStats::skale_imaBroadcastTxnInsert(Json::Value const&) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStats.cpp:2606
#12 0x563c9e76a15b in dev::rpc::SkaleStatsFace::skale_imaBroadcastTxnInsertI(Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/SkaleStatsFace.h:69
#13 0x563c9dfdff11 in ModularServer<dev::rpc::SkaleStats, dev::rpc::NetFace, dev::rpc::Web3Face, dev::rpc::PersonalFace, dev::rpc::AdminEthFace, dev::rpc::DebugFace, dev::rpc::SkaleDebug, dev::rpc::TestFace>::HandleMethodCall(jsonrpc::Procedure&, Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/ModularServer.h:165
#14 0x563c9dfdf460 in ModularServer<dev::rpc::SkaleFace, dev::rpc::SkaleStats, dev::rpc::NetFace, dev::rpc::Web3Face, dev::rpc::PersonalFace, dev::rpc::AdminEthFace, dev::rpc::DebugFace, dev::rpc::SkaleDebug, dev::rpc::TestFace>::HandleMethodCall(jsonrpc::Procedure&, Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/ModularServer.h:171
#15 0x563c9dfde726 in ModularServer<dev::rpc::EthFace, dev::rpc::SkaleFace, dev::rpc::SkaleStats, dev::rpc::NetFace, dev::rpc::Web3Face, dev::rpc::PersonalFace, dev::rpc::AdminEthFace, dev::rpc::DebugFace, dev::rpc::SkaleDebug, dev::rpc::TestFace>::HandleMethodCall(jsonrpc::Procedure&, Json::Value const&, Json::Value&) /home/runner/work/skaled/skaled/libweb3jsonrpc/ModularServer.h:171
#16 0x563c9f336ad0 in jsonrpc::AbstractProtocolHandler::ProcessRequest(Json::Value const&, Json::Value&) (/skaled/skaled+0x2d8bad0)

Thread T16 (x61400001e040-2) created by T0 (main) here:

0 0x7f03f2eb0d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)

#1 0x7f03f2368994 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbd994)
#2 0x563c9f4b93d2 in skutils::thread_pool::init() /home/runner/work/skaled/skaled/libskutils/src/thread_pool.cpp:59
#3 0x563c9f4b917f in skutils::thread_pool::thread_pool(unsigned long, unsigned long) /home/runner/work/skaled/skaled/libskutils/src/thread_pool.cpp:49
#4 0x563c9f3a0038 in skutils::dispatch::domain::domain(unsigned long, unsigned long) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:1137
#5 0x563c9f3939ef in skutils::dispatch::default_domain(unsigned long, unsigned long) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:68
#6 0x563c9ddfffc6 in main /home/runner/work/skaled/skaled/skaled/main.cpp:729
#7 0x7f03f1925bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)

Thread T1 (61400001e040-15) created by T0 (main) here:

0 0x7f03f2eb0d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)

#1 0x7f03f2368994 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbd994)
#2 0x563c9f4b93d2 in skutils::thread_pool::init() /home/runner/work/skaled/skaled/libskutils/src/thread_pool.cpp:59
#3 0x563c9f4b917f in skutils::thread_pool::thread_pool(unsigned long, unsigned long) /home/runner/work/skaled/skaled/libskutils/src/thread_pool.cpp:49
#4 0x563c9f3a0038 in skutils::dispatch::domain::domain(unsigned long, unsigned long) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:1137
#5 0x563c9f3939ef in skutils::dispatch::default_domain(unsigned long, unsigned long) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:68
#6 0x563c9ddfffc6 in main /home/runner/work/skaled/skaled/skaled/main.cpp:729
#7 0x7f03f1925bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)

Thread T11 (61400001e040-12) created by T0 (main) here:

0 0x7f03f2eb0d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)

#1 0x7f03f2368994 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbd994)
#2 0x563c9f4b93d2 in skutils::thread_pool::init() /home/runner/work/skaled/skaled/libskutils/src/thread_pool.cpp:59
#3 0x563c9f4b917f in skutils::thread_pool::thread_pool(unsigned long, unsigned long) /home/runner/work/skaled/skaled/libskutils/src/thread_pool.cpp:49
#4 0x563c9f3a0038 in skutils::dispatch::domain::domain(unsigned long, unsigned long) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:1137
#5 0x563c9f3939ef in skutils::dispatch::default_domain(unsigned long, unsigned long) /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:68
#6 0x563c9ddfffc6 in main /home/runner/work/skaled/skaled/skaled/main.cpp:729
#7 0x7f03f1925bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)

SUMMARY: AddressSanitizer: heap-use-after-free /home/runner/work/skaled/skaled/libskutils/src/dispatch.cpp:430 in skutils::dispatch::loop::pending_timer_init() Shadow bytes around the buggy address: 0x0c1c7fffc560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fffc570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fffc580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fffc590: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c1c7fffc5a0: 00 00 00 00 00 00 00 00 00 00 00 03 fa fa fa fa =>0x0c1c7fffc5b0: fa fa fa fa[fd]fd fd fd fd fd fd fd fd fd fd fd 0x0c1c7fffc5c0: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa 0x0c1c7fffc5d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fffc5e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fffc5f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fffc600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==1==ABORTING

skaled 3.5.2+commit.8ab50803

sync-by-unito[bot] commented 3 years ago

➤ Dima Litvinov commented:

More detailed description:

==1==ERROR: AddressSanitizer: heap-use-after-free on address 0x618000849880 at pc 0x555af382f586 bp 0x7fbcae9723f0 sp 0x7fbcae9723e0

READ of size 8 at 0x618000849880 thread T34 (led/WS-listener)

#0 0x555af382f585 in skutils::ws::nlws::server::onPeerUnregister(skutils::ws::nlws::peer*) /home/vagrant/actions-runner/_work/skaled/skaled/libskutils/src/ws.cpp:3709

#1 0x555af38303a5 in skutils::ws::nlws::server::onClose(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/vagrant/actions-runner/_work/skaled/skaled/libskutils/src/ws.cpp:3750

#2 0x555af382b343 in operator() /home/vagrant/actions-runner/_work/skaled/skaled/libskutils/src/ws.cpp:3542

#3 0x555af383c4ed in _M_invoke /usr/include/c++/7/bits/std_function.h:316

#4 0x555af38459ff in std::function<void (int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)>::operator()(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const /usr/include/c++/7/bits/std_function.h:706

#5 0x555af381d1bc in skutils::ws::nlws::server_api::onDisconnect(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/vagrant/actions-runner/_work/skaled/skaled/libskutils/src/ws.cpp:2910

#6 0x555af380f99f in skutils::ws::nlws::basic_api::stat_callback_server(lws*, lws_callback_reasons, void*, void*, unsigned long) /home/vagrant/actions-runner/_work/skaled/skaled/libskutils/src/ws.cpp:1466

#7 0x555af386f251 in lws_close_free_wsi (/skaled/skaled+0x2fc9251)