I looked at one trace and the blocking leads to the libmysqlclient:
``` #0 0x00007fa250dd3730 in futex_wait (private=<optimized out>, expected=0, futex_word=0x7fa2523a2d1c) at ../sysdeps/unix/sysv/linux/futex-internal.h:61 __ret = -512 err = <optimized out> #1 futex_wait_simple (private=<optimized out>, expected=0, futex_word=0x7fa2523a2d1c) at ../sysdeps/nptl/futex-internal.h:135 No locals. #2 __pthread_rwlock_wrlock_slow (rwlock=0x7fa2523a2d10) at pthread_rwlock_wrlock.c:67 waitval = 0 result = 0 #3 0x00007fa251b11d30 in ?? () from /usr/lib/x86_64-linux-gnu/libmysqlclient.so.20 No symbol table info available. #4 0x00007fa2510468e7 in CRYPTO_add_lock () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 No symbol table info available. #5 0x00007fa251466cfc in SSL_CTX_free () from /lib/x86_64-linux-gnu/libssl.so.1.0.0 No symbol table info available. #6 0x00007fa251468ff0 in SSL_free () from /lib/x86_64-linux-gnu/libssl.so.1.0.0 No symbol table info available. #7 0x00007fa24ef6a38a in tls_h_tcpconn_clean (c=0x7fa2535b8998) at tls_server.c:655 extra = 0x7fa2535ca9c8 __func__ = "tls_h_tcpconn_clean" #8 0x00000000004ed791 in _tcpconn_free (c=0x7fa2535b8998) at core/tcp_main.c:1352 __func__ = "_tcpconn_free" #9 0x00000000004ff708 in tcpconn_put_destroy (tcpconn=0x7fa2535b8998) at core/tcp_main.c:3030 __func__ = "tcpconn_put_destroy" ```
Can you get the output for:
``` ldd /usr/lib/x86_64-linux-gnu/libmysqlclient.so.20 ```
There were couple of similar reports for ubuntu 16.04 with security updates, having issues when connecting to mysql server via IP sockets. You can check the latest commits to db_mysql module done in master branch (backported to 5.3, iirc), among them leading to addition of opt_ssl_mode parameter. You can try to connect to mysql via unix socket file, if you have the mysql server on the same system as kamailio (use `localhost` instead of `127.0.0.1` in db url). I spent quite some time analyzing such a similar issue on ubuntu 16.04 with security updates, trying to track changes in libssl/libcrypto and libmysqlclient, but at the end the solution was to upgrade ubuntu not to have a mixture of libraries built with libssl1.0 and couple of them with 1.1.