[sr-dev] massive TLS crashes

Klaus Darilion klaus.mailinglists at pernau.at
Mon Feb 22 19:16:10 CET 2010 

Hi!

With kamailio 3.0 I encounter lots of crashes. I am using SNOM 320 and 
eyebeam clients. I think crashes are mostly correlated with SNOM 320.

Server is CentOS5.4. OpenSSL is openssl-0.9.8e-12.el5_4.1.

First crashed Kamailio always with the same backtrace:

Program terminated with signal 11, Segmentation fault.
[New process 1580]
#0  0x0017451d in kssl_keytab_is_available () from /lib/libssl.so.6
(gdb) bt
#0  0x0017451d in kssl_keytab_is_available () from /lib/libssl.so.6
#1  0x00156d01 in ssl3_choose_cipher () from /lib/libssl.so.6
#2  0x00151b45 in ssl3_get_client_hello () from /lib/libssl.so.6
#3  0x00152525 in ssl3_accept () from /lib/libssl.so.6
#4  0x00167eda in SSL_accept () from /lib/libssl.so.6
#5  0x004a6cff in tls_accept (c=0xb60ff4a0, error=0x0) at tls_server.c:327
#6  0x004ac15b in tls_h_fix_read_conn (c=0xb60ff4a0) at tls_server.c:1005
#7  0x0813d146 in tcp_read_req (con=0xb60ff4a0, bytes_read=0xbfe248b4, 
read_flags=0xbfe248b0) at tcp_read.c:654
#8  0x0813d8ef in handle_io (fm=0x82aa9d0, events=1, idx=-1) at 
tcp_read.c:930
#9  0x08141513 in tcp_receive_loop (unix_sock=27) at io_wait.h:1057
#10 0x0810fc1b in tcp_init_children () at tcp_main.c:4253
#11 0x0809ae69 in main_loop () at main.c:1525
#12 0x0809bc02 in main (argc=1, argv=0xbfe24cc4) at main.c:2251
(gdb) quit


Then I configured RSA ciphers (as suggested by others) and now I get 
different backtraces. Here is an example where Kamailio wrote 2 core files:

1. Program terminated with signal 11, Segmentation fault.
[New process 1735]
#0  0x004d01d3 in free_hash_table () at h_table.c:423
423 
clist_foreach_safe(&_tm_table->entries[i], p_cell, tmp_cell,
(gdb) bt
#0  0x004d01d3 in free_hash_table () at h_table.c:423
#1  0x004de1a0 in tm_shutdown () at t_funcs.c:126
#2  0x08104ef2 in destroy_modules () at sr_module.c:635
#3  0x08098400 in cleanup (show_status=1) at main.c:509
#4  0x0809912e in shutdown_children (sig=<value optimized out>, 
show_status=1) at main.c:649
#5  0x08099aa4 in handle_sigs () at main.c:740
#6  0x0809aab9 in main_loop () at main.c:1562
#7  0x0809bc02 in main (argc=1, argv=0xbfc70b74) at main.c:2251

2. Program terminated with signal 11, Segmentation fault.
[New process 1759]
#0  0x004f24ce in t_reply_matching (p_msg=0x8298cf0, 
p_branch=0xbfc70424) at t_lookup.c:983
983                             if (p_cell->label != entry_label)
(gdb) bt
#0  0x004f24ce in t_reply_matching (p_msg=0x8298cf0, 
p_branch=0xbfc70424) at t_lookup.c:983
#1  0x004f5559 in t_check_msg (p_msg=0x8298cf0, param_branch=0xbfc70424) 
at t_lookup.c:1138
#2  0x004f5e94 in t_check (p_msg=0x8298cf0, param_branch=0xbfc70424) at 
t_lookup.c:1180
#3  0x005140d9 in reply_received (p_msg=0x8298cf0) at t_reply.c:1897
#4  0x0808c764 in forward_reply (msg=0x8298cf0) at forward.c:689
#5  0x080c401e in receive_msg (
     buf=0xb60fe088 "SIP/2.0 200 Ok\r\nVia: SIP/2.0/TLS 
83.136.32.167:5061;branch=z9hG4bKcc38.0a7d6be7.0;i=2\r\nVia: SIP/2.0/TLS 
10.10.0.51:40487;received=83.136.33.3;branch=z9hG4bK-d8754z-7b0f1727475bda32-1---d8754z-;rport=2"..., 
len=1150, rcv_info=0xb60fded4) at receive.c:257
#6  0x0813cf41 in tcp_read_req (con=0xb60fdec0, bytes_read=0xbfc70768, 
read_flags=0xbfc70760) at tcp_read.c:761
#7  0x0813da0b in handle_io (fm=0x82aa708, events=1, idx=-1) at 
tcp_read.c:980
#8  0x08141513 in tcp_receive_loop (unix_sock=25) at io_wait.h:1057
#9  0x0810fc1b in tcp_init_children () at tcp_main.c:4253
#10 0x0809ae69 in main_loop () at main.c:1525
#11 0x0809bc02 in main (argc=1, argv=0xbfc70b74) at main.c:2251


Attached is the log file.

I can provided intensive logs (memdbg) too.

thanks
klaus
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: messages2
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20100222/ebcb1c51/attachment-0001.asc>

More information about the sr-dev mailing list