Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
I have same issue with kamailio 5.7.3, openssl 3.0.11 on debian 12. I tried tls init_mode 1, 2 and 3 and there are no differences:
few times freeing already freed pointer errors in logs(it not causing crash immediately)
CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7feb97ea8598), called from tls: tls_init.c: ser_free(323), first free tls: tls_init.c: ser_free(323) - ignoring
or
CRITICAL: <core> [core/mem/q_malloc.c:535]: qm_free(): BUG: freeing already freed pointer (0x7fa9d17f9a58), called from tls: tls_init.c: ser_free(412), first free tls: tls_init.c: ser_malloc(367) - ignoring
and after some time segfault somewhere in openssl:
#0 0x0000000000000000 in ?? ()
#1 0x00007f740a216975 in EVP_MAC_CTX_new (mac=mac@entry=0x7f73eacb4ec0) at ../crypto/evp/mac_lib.c:27
#2 0x00007f740a2ed12b in ossl_prov_macctx_load_from_params (macctx=macctx@entry=0x7f73ead6e100, params=params@entry=0x7fffcd233320, macname=<optimized out>,
macname@entry=0x7f740a353aa6 "HMAC", ciphername=ciphername@entry=0x0, mdname=mdname@entry=0x0, libctx=libctx@entry=0x7f740a47e900 <default_context_int>)
at ../providers/common/provider_util.c:318
#3 0x00007f740a31df2b in kdf_tls1_prf_set_ctx_params (vctx=vctx@entry=0x7f73ead6e0f8, params=params@entry=0x7fffcd233320) at ../providers/implementations/kdfs/tls1_prf.c:187
#4 0x00007f740a31e2eb in kdf_tls1_prf_derive (vctx=0x7f73ead6e0f8, key=0x7f73ead865c0 "", keylen=48, params=0x7fffcd233320) at ../providers/implementations/kdfs/tls1_prf.c:141
#5 0x00007f740a5c31e1 in tls1_PRF (s=s@entry=0x7f73ead88738, seed1=seed1@entry=0x7f740a604fff, seed1_len=seed1_len@entry=22, seed2=seed2@entry=0x7fffcd233500, seed2_len=48,
seed3=seed3@entry=0x0, seed3_len=0, seed4=0x0, seed4_len=0,
sec=0x7f73ead84ab8 "\327s\2030\215\025W\320U{\017\262\220ɾa\334\360X\352ocx\371\005)Q\347\274E_\023\300\300\300\300", slen=32, out=0x7f73ead865c0 "", olen=48, fatal=1,
seed5_len=0, seed5=0x0) at ../ssl/t1_enc.c:72
#6 0x00007f740a5c444c in tls1_generate_master_secret (s=0x7f73ead88738, out=0x7f73ead865c0 "",
p=0x7f73ead84ab8 "\327s\2030\215\025W\320U{\017\262\220ɾa\334\360X\352ocx\371\005)Q\347\274E_\023\300\300\300\300", len=32, secret_size=0x7f73ead86578) at ../ssl/t1_enc.c:657
#7 0x00007f740a5a9ef7 in ssl_generate_master_secret (s=0x7f73ead88738,
pms=0x7f73ead84ab8 "\327s\2030\215\025W\320U{\017\262\220ɾa\334\360X\352ocx\371\005)Q\347\274E_\023\300\300\300\300", pmslen=32, free_pms=0) at ../ssl/s3_lib.c:4644
#8 0x00007f740a5aa68e in ssl_derive (s=s@entry=0x7f73ead88738, privkey=privkey@entry=0x7f73ead85820, pubkey=pubkey@entry=0x7f73ead57e20, gensecret=gensecret@entry=1)
at ../ssl/s3_lib.c:4825
#9 0x00007f740a5fa911 in tls_process_cke_ecdhe (pkt=0x7fffcd233810, s=0x7f73ead88738) at ../ssl/statem/statem_srvr.c:3048
#10 tls_process_client_key_exchange (s=0x7f73ead88738, pkt=0x7fffcd233810) at ../ssl/statem/statem_srvr.c:3316
#11 0x00007f740a5e6672 in read_state_machine (s=0x7f73ead88738) at ../ssl/statem/statem.c:647
#12 state_machine (s=0x7f73ead88738, server=1) at ../ssl/statem/statem.c:442
#13 0x00007f740a66a956 in tls_accept (c=c@entry=0x7f73ead21458, error=error@entry=0x7fffcd2339f8) at ./src/modules/tls/tls_server.c:471
#14 0x00007f740a67320d in tls_h_read_f (c=c@entry=0x7f73ead21458, flags=flags@entry=0x7fffcd253e20) at ./src/modules/tls/tls_server.c:1173
#15 0x000055af78d7b9e6 in tcp_read_headers (c=c@entry=0x7f73ead21458, read_flags=read_flags@entry=0x7fffcd253e20) at core/tcp_read.c:445
#16 0x000055af78d7eae6 in tcp_read_req (con=0x7f73ead21458, bytes_read=bytes_read@entry=0x7fffcd253e18, read_flags=read_flags@entry=0x7fffcd253e20) at core/tcp_read.c:1508
#17 0x000055af78d83ca7 in handle_io (fm=fm@entry=0x7f740a80ca88, events=events@entry=1, idx=idx@entry=-1) at core/tcp_read.c:1912
#18 0x000055af78d89d5d in io_wait_loop_epoll (repeat=repeat@entry=0, t=<optimized out>, h=<optimized out>) at core/io_wait.h:1073
#19 0x000055af78d8a567 in tcp_receive_loop (unix_sock=<optimized out>) at core/tcp_read.c:2032
#20 0x000055af78d721b7 in tcp_init_children (woneinit=woneinit@entry=0x7fffcd25435c) at core/tcp_main.c:5364
#21 0x000055af78b7ffe0 in main_loop () at ./src/main.c:1936
#22 0x000055af78b714cc in main (argc=<optimized out>, argv=<optimized out>) at ./src/main.c:3212
or
#0 0x00007f73ea7483e0 in ?? ()
#1 0x00007f740a216a53 in EVP_MAC_CTX_free (ctx=0x7f73eacecbf8) at ../crypto/evp/mac_lib.c:44
#2 0x00007f740a31e19d in tls1_prf_P_hash (ctx_init=0x7f73ead85d70,
sec=sec@entry=0x7f73ead30ef8 "\226\273\177\2008\254}\363\034\351'H\250\032\177\225\274\b\264W\231\240\206Gп\036\032\036\347%鳀o\321\022q\361\2362\177\302Sk/ݒ",
sec_len=sec_len@entry=48,
seed=0x7f73ead6c360 "client finished=L\347\353\277f\2713\314-\372/GQ\037\206\300\305\336,\027\267\207Y\242ǔLO\2039\233\313/_Ͽ\334q\237\324\3310\025?\332oN",
seed_len=seed_len@entry=63, out=out@entry=0x7f73ead73240 "", olen=12) at ../providers/implementations/kdfs/tls1_prf.c:314
#3 0x00007f740a31e48f in tls1_prf_alg (olen=12, out=0x7f73ead73240 "", seed_len=63,
seed=0x7f73ead6c360 "client finished=L\347\353\277f\2713\314-\372/GQ\037\206\300\305\336,\027\267\207Y\242ǔLO\2039\233\313/_Ͽ\334q\237\324\3310\025?\332oN", slen=48,
sec=0x7f73ead30ef8 "\226\273\177\2008\254}\363\034\351'H\250\032\177\225\274\b\264W\231\240\206Gп\036\032\036\347%鳀o\321\022q\361\2362\177\302Sk/ݒ", sha1ctx=0x0,
mdctx=<optimized out>) at ../providers/implementations/kdfs/tls1_prf.c:407
#4 kdf_tls1_prf_derive (vctx=0x7f73ead6c338, key=0x7f73ead73240 "", keylen=12, params=<optimized out>) at ../providers/implementations/kdfs/tls1_prf.c:161
#5 0x00007f740a5c31e1 in tls1_PRF (s=s@entry=0x7f73ead72ff8, seed1=seed1@entry=0x7f740a5fd2e8, seed1_len=seed1_len@entry=15, seed2=seed2@entry=0x7fffcd233700, seed2_len=48,
seed3=seed3@entry=0x0, seed3_len=0, seed4=0x0, seed4_len=0,
sec=0x7f73ead83d50 "\226\273\177\2008\254}\363\034\351'H\250\032\177\225\274\b\264W\231\240\206Gп\036\032\036\347%鳀o\321\022q\361\2362\177\302Sk/ݒ", slen=48,
out=0x7f73ead73240 "", olen=12, fatal=1, seed5_len=0, seed5=0x0) at ../ssl/t1_enc.c:72
#6 0x00007f740a5c4371 in tls1_final_finish_mac (s=0x7f73ead72ff8, str=0x7f740a5fd2e8 "client finished", slen=15, out=0x7f73ead73240 "") at ../ssl/t1_enc.c:627
#7 0x00007f740a5f1d2b in ssl3_take_mac (s=s@entry=0x7f73ead72ff8) at ../ssl/statem/statem_lib.c:716
#8 0x00007f740a5f2b30 in tls_get_message_body (s=s@entry=0x7f73ead72ff8, len=len@entry=0x7fffcd233808) at ../ssl/statem/statem_lib.c:1300
#9 0x00007f740a5e6636 in read_state_machine (s=0x7f73ead72ff8) at ../ssl/statem/statem.c:635
#10 state_machine (s=0x7f73ead72ff8, server=1) at ../ssl/statem/statem.c:442
#11 0x00007f740a66a956 in tls_accept (c=c@entry=0x7f73ead38970, error=error@entry=0x7fffcd2339f8) at ./src/modules/tls/tls_server.c:471
#12 0x00007f740a67320d in tls_h_read_f (c=c@entry=0x7f73ead38970, flags=flags@entry=0x7fffcd253e20) at ./src/modules/tls/tls_server.c:1173
#13 0x000055af78d7b9e6 in tcp_read_headers (c=c@entry=0x7f73ead38970, read_flags=read_flags@entry=0x7fffcd253e20) at core/tcp_read.c:445
#14 0x000055af78d7eae6 in tcp_read_req (con=0x7f73ead38970, bytes_read=bytes_read@entry=0x7fffcd253e18, read_flags=read_flags@entry=0x7fffcd253e20) at core/tcp_read.c:1508
#15 0x000055af78d83ca7 in handle_io (fm=fm@entry=0x7f740a80ca58, events=events@entry=1, idx=idx@entry=-1) at core/tcp_read.c:1912
#16 0x000055af78d89d5d in io_wait_loop_epoll (repeat=repeat@entry=0, t=<optimized out>, h=<optimized out>) at core/io_wait.h:1073
#17 0x000055af78d8a567 in tcp_receive_loop (unix_sock=<optimized out>) at core/tcp_read.c:2032
#18 0x000055af78d721b7 in tcp_init_children (woneinit=woneinit@entry=0x7fffcd25435c) at core/tcp_main.c:5364
#19 0x000055af78b7ffe0 in main_loop () at ./src/main.c:1936
#20 0x000055af78b714cc in main (argc=<optimized out>, argv=<optimized out>) at ./src/main.c:3212
or
#0 0x00007f6ec591d6e1 in BN_num_bits (a=0x7f6ea658f068) at ../crypto/bn/bn_lib.c:199
#1 0x00007f6ec59d2ff8 in ecp_nistz256_windowed_mul (ctx=<optimized out>, num=<optimized out>, point=<optimized out>, scalar=<optimized out>, r=<optimized out>,
group=<optimized out>) at ../crypto/ec/ecp_nistz256.c:651
#2 ecp_nistz256_points_mul (group=<optimized out>, r=<optimized out>, scalar=<optimized out>, num=<optimized out>, points=<optimized out>, scalars=<optimized out>,
ctx=<optimized out>) at ../crypto/ec/ecp_nistz256.c:1152
#3 0x00007f6ec598fab4 in EC_POINT_mul (group=<optimized out>, r=r@entry=0x7f6ea65ecb88, g_scalar=g_scalar@entry=0x0, point=<optimized out>, p_scalar=<optimized out>,
p_scalar@entry=0x7f6ea658f068, ctx=<optimized out>, ctx@entry=0x7f6ea65eca10) at ../crypto/ec/ec_lib.c:1143
#4 0x00007f6ec598bff1 in ossl_ec_key_public_check (eckey=eckey@entry=0x7f6ea65d0850, ctx=ctx@entry=0x7f6ea65eca10) at ../crypto/ec/ec_key.c:491
#5 0x00007f6ec5b224ce in ec_validate (keydata=0x7f6ea65d0850, selection=2, checktype=0) at ../providers/implementations/keymgmt/ec_kmgmt.c:966
#6 0x00007f6ec5a1e115 in try_provided_check (ctx=ctx@entry=0x7f6ea650d840, selection=selection@entry=2, checktype=checktype@entry=0) at ../crypto/evp/pmeth_check.c:44
#7 0x00007f6ec5a1e1a1 in evp_pkey_public_check_combined (ctx=ctx@entry=0x7f6ea650d840, checktype=checktype@entry=0) at ../crypto/evp/pmeth_check.c:57
#8 0x00007f6ec5a1e347 in EVP_PKEY_public_check (ctx=ctx@entry=0x7f6ea650d840) at ../crypto/evp/pmeth_check.c:83
#9 0x00007f6ec5a110df in EVP_PKEY_derive_set_peer_ex (ctx=ctx@entry=0x7f6ea65d1698, peer=peer@entry=0x7f6ea64db210, validate_peer=validate_peer@entry=1)
at ../crypto/evp/exchange.c:402
#10 0x00007f6ec5a1141a in EVP_PKEY_derive_set_peer (ctx=ctx@entry=0x7f6ea65d1698, peer=peer@entry=0x7f6ea64db210) at ../crypto/evp/exchange.c:502
#11 0x00007f6ec5e4c4a8 in ssl_derive (s=s@entry=0x7f6ea64a8518, privkey=privkey@entry=0x7f6ea66a9528, pubkey=pubkey@entry=0x7f6ea64db210, gensecret=gensecret@entry=1)
at ../ssl/s3_lib.c:4803
#12 0x00007f6ec5e9c911 in tls_process_cke_ecdhe (pkt=0x7fff7ab07990, s=0x7f6ea64a8518) at ../ssl/statem/statem_srvr.c:3048
#13 tls_process_client_key_exchange (s=0x7f6ea64a8518, pkt=0x7fff7ab07990) at ../ssl/statem/statem_srvr.c:3316
#14 0x00007f6ec5e88672 in read_state_machine (s=0x7f6ea64a8518) at ../ssl/statem/statem.c:647
#15 state_machine (s=0x7f6ea64a8518, server=1) at ../ssl/statem/statem.c:442
#16 0x00007f6ec5f0c956 in tls_accept (c=c@entry=0x7f6ea66ab558, error=error@entry=0x7fff7ab07b78) at ./src/modules/tls/tls_server.c:471
#17 0x00007f6ec5f1520d in tls_h_read_f (c=c@entry=0x7f6ea66ab558, flags=flags@entry=0x7fff7ab27fa0) at ./src/modules/tls/tls_server.c:1173
#18 0x0000555d90bf59e6 in tcp_read_headers (c=c@entry=0x7f6ea66ab558, read_flags=read_flags@entry=0x7fff7ab27fa0) at core/tcp_read.c:445
#19 0x0000555d90bf8ae6 in tcp_read_req (con=0x7f6ea66ab558, bytes_read=bytes_read@entry=0x7fff7ab27f98, read_flags=read_flags@entry=0x7fff7ab27fa0) at core/tcp_read.c:1508
#20 0x0000555d90bfdca7 in handle_io (fm=fm@entry=0x7f6ec60aea28, events=events@entry=1, idx=idx@entry=-1) at core/tcp_read.c:1912
#21 0x0000555d90c03d5d in io_wait_loop_epoll (repeat=repeat@entry=0, t=<optimized out>, h=<optimized out>) at core/io_wait.h:1073
#22 0x0000555d90c04567 in tcp_receive_loop (unix_sock=<optimized out>) at core/tcp_read.c:2032
#23 0x0000555d90bec1b7 in tcp_init_children (woneinit=woneinit@entry=0x7fff7ab284dc) at core/tcp_main.c:5364
#24 0x0000555d909f9fe0 in main_loop () at ./src/main.c:1936
#25 0x0000555d909eb4cc in main (argc=<optimized out>, argv=<optimized out>) at ./src/main.c:3212
I think there is memory corruption related to freeing already freed pointer event.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.