[sr-dev] [kamailio/kamailio] Segfault in openssl on Xenial (#2274)
Nathan
notifications at github.com
Mon Apr 6 13:50:05 CEST 2020
Kamailio version (latest stable xenial version from kamailio repo):
```
version: kamailio 5.3.3 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 5.3.1
```
GDB output:
```
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x0000000000000000 in ?? ()
No symbol table info available.
#1 0x00007fe9a1931b0d in getrn (lh=lh at entry=0x7fe9a2e167e8, data=data at entry=0x7ffebc880c70, rhash=rhash at entry=0x7ffebc880c10) at lhash.c:396
ret = <optimized out>
n1 = <optimized out>
hash = <optimized out>
nn = <optimized out>
cf = <optimized out>
#2 0x00007fe9a193217a in lh_retrieve (lh=0x7fe9a2e167e8, data=data at entry=0x7ffebc880c70) at lhash.c:248
hash = 8298067
rn = <optimized out>
ret = <optimized out>
#3 0x00007fe9a1934651 in int_thread_get_item (d=0x7ffebc880c70) at err.c:500
p = <optimized out>
hash = 0x7fe9a2e167e8
#4 0x00007fe9a1935024 in ERR_get_state () at err.c:1023
fallback = {tid = {ptr = 0x0, val = 0}, err_flags = {0 <repeats 16 times>}, err_buffer = {0 <repeats 16 times>}, err_data = {0x0 <repeats 16 times>}, err_data_flags = {0 <repeats 16 times>},
err_file = {0x0 <repeats 16 times>}, err_line = {0 <repeats 16 times>}, top = 0, bottom = 0}
ret = <optimized out>
tmp = {tid = {ptr = 0x0, val = 140642013755136}, err_flags = {511, 316, -1619302300, 32745, -1552805456, 32745, -1565683712, 32745, -2091823603, -883404243, 234052522, 1484894954, -2091823603,
-883404243, 234052522, 1484894954}, err_buffer = {140641446269360, 140641433391104, 17179869256, 120267519968, 140641446272144, 140641433394304, 140732061453760, 6966688,
17774295194511430037, 16205183325810705970, 140641379772512, 1358401357362, 140641379784296, 140641379772516, 140641446269416, 140641433391104}, err_data = {
0x82c76a98fc8c8c89 <error: Cannot access memory at address 0x82c76a98fc8c8c89>, 0x5ce09cb9d15aa665 <error: Cannot access memory at address 0x5ce09cb9d15aa665>,
0x82c76a98fc8c8c89 <error: Cannot access memory at address 0x82c76a98fc8c8c89>, 0x5ce09cb9d15aa665 <error: Cannot access memory at address 0x5ce09cb9d15aa665>,
0x1 <error: Cannot access memory at address 0x1>, 0x7fe9a37211b0 <incomplete sequence \340>, 0xe0 <error: Cannot access memory at address 0xe0>, 0x7fe9a2ad9000 "",
0x1a3721130 <error: Cannot access memory at address 0x1a3721130>, 0x7fe9a2b126c8 "", 0x7ffebc880dc0 "",
0x69fcd8 <futex_release+29> "\211E\374\203}\374\002\017\224\300\017\266\300H\205\300t6H\213E\350H\203\354\bj", 0x48 <error: Cannot access memory at address 0x48>, 0x7fe9a2b126c8 "",
0x8 <error: Cannot access memory at address 0x8>, 0x100000049 <error: Cannot access memory at address 0x100000049>}, err_data_flags = {-1131934208, 32766, 7001680, 0, -1619302304, 32745,
-1573631521, 32745, -1619290520, 32745, -1619302300, 32745, -1552805400, 32745, -1565683712, 32745}, err_file = {0x7ffebc880e20 "\300\016\210\274\376\177",
0x7fe99f76cc19 <ser_free+74> "\220\311\303UH\211\345AWAVAUATSH\203\354\070H\211}\270H\213E\270H\211\307\350Ӳ\376\377\211Eȃ", <incomplete sequence \310>, 0x7ffebc880e80 "",
0x49ea76c4c1721d00 <error: Cannot access memory at address 0x49ea76c4c1721d00>, 0x7ffebc880ec0 "\262\367\217\070\271\235;\245", 0x7ffebc880e80 "",
0x48 <error: Cannot access memory at address 0x48>,
0x7fe9a1c58660 <state> "i\t\264F\340\372ﳫc\266\001\375\230Q\234M\263\037\344=M%\310a\274\234\177.Q\364%\224|K\334\062\233\374\065k,\215\362\064\231\277PҒ\035\332\333\363\320MɌ\202\372\346\366\t\206\064B\370X\362B\355\366u\334\341\342S\275\063\236\213\255*ű\327\347\005\214\221\016\001'@\003<\361\257Lf\300\346x1\227\315\344hF\236\020\065>'~5\314s\327\313{\206\307\343\016\034\226\223\354\063\357\v\226Y\241\203\333\032\231\345P\f\017'y\313ytѽ\201i\376k\242\240\317\bz^\344\062k\202Y\320Q\213^J\033g\256\377Y\316\034+\321\375\341\211>\\\205;\253\325\313:^\377\350\366ܻ\001"...,
0x7ffebc880ec0 "\262\367\217\070\271\235;\245", 0x7fe9a1932c0c <ssleay_rand_add+780> "H\213\204$\210", 0x14bc880ec0 <error: Cannot access memory at address 0x14bc880ec0>, 0x7ffebc880f28 "",
0x8 <error: Cannot access memory at address 0x8>, 0x7ffebc880eb0 "\276\002", 0x8 <error: Cannot access memory at address 0x8>, 0x0}, err_line = {0 <repeats 12 times>, 702, 0, 61, 0},
top = 948959154, bottom = -1522819655}
tmpp = 0x0
i = <optimized out>
tid = {ptr = 0x0, val = 140642013755136}
#5 0x00007fe9a193525f in ERR_clear_error () at err.c:743
i = <optimized out>
es = <optimized out>
#6 0x00007fe9a1c8667e in ssl23_accept (s=0x7fe9a36532d0) at s23_srvr.c:157
buf = <optimized out>
Time = 1586173596
cb = 0x0
ret = -1
new_state = <optimized out>
state = <optimized out>
#7 0x00007fe99f792bd4 in tls_accept (c=0x7fe9a3723810, error=0x7ffebc881050) at tls_server.c:422
ret = -1131933680
ssl = 0x7fe9a36532d0
cert = 0x7fe9a3720e58
tls_c = 0x7fe9a355a0d0
tls_log = -1619452682
__func__ = "tls_accept"
pkey = 0x0
#8 0x00007fe99f79c2d4 in tls_read_f (c=0x7fe9a3723810, flags=0x7ffebc8a13fc) at tls_server.c:1116
r = 0x7fe9a3723890
bytes_free = 16383
bytes_read = 305
read_size = 16383
ssl_error = 0
ssl_read = 0
ssl = 0x7fe9a36532d0
rd_buf = "\026\003\001\001,\001\000\001(\003\003\272\063\350r\362p\215ԩ<ߨyD2\317T\323\022\221!\253l\231?ڿ\236yv\277\305\000\000\252\300\060\300,\300(\300$\300\024\300\n\000\245\000\243\000\241\000\237\000k\000j\000i\000h\000\071\000\070\000\067\000\066\000\210\000\207\000\206\000\205\300\062\300.\300*\300&\300\017\300\005\000\235\000=\000\065\000\204\300/\300+\300'\300#\300\023\300\t\000\244\000\242\000\240\000\236\000g\000@\000?\000>\000\063\000\062\000\061\000\060\000\232\000\231\000\230\000\227\000E\000D\000C\000B\300\061\300-\300)\300%\300\016\300\004\000\234\000<\000/\000\226\000A\300\021\300\a\300\f\300\002\000\005\000\004\300\022\300\b\000\026\000"...
wr_buf = '\000' <repeats 50352 times>...
rd = {buf = 0x7ffebc881120 "\026\003\001\001,\001", pos = 0, used = 305, size = 65536}
wr = {buf = 0x7ffebc891120 "", pos = 0, used = 0, size = 65536}
tls_c = 0x7fe9a355a0d0
enc_rd_buf = 0x0
n = 0
flush_flags = 0
err_src = 0x7fe99f7c5046 "TLS read:"
x = 0
tls_dbg = 0
__func__ = "tls_read_f"
#9 0x000000000067420f in tcp_read_headers (c=0x7fe9a3723810, read_flags=0x7ffebc8a13fc) at core/tcp_read.c:469
bytes = 0
remaining = 0
p = 0x0
r = 0x7fe9a3723890
mc = 0
body_len = 0
mfline = 0x0
mtransid = {s = 0x0, len = 0}
__func__ = "tcp_read_headers"
#10 0x000000000067b7aa in tcp_read_req (con=0x7fe9a3723810, bytes_read=0x7ffebc8a13f8, read_flags=0x7ffebc8a13fc) at core/tcp_read.c:1496
bytes = -1
total_bytes = 0
resp = 1
size = 24
req = 0x7fe9a3723890
dst = {send_sock = 0x0, to = {s = {sa_family = 24989, sa_data = "f\000\000\000\000\000\070\024\212\274\376\177\000"}, sin = {sin_family = 24989, sin_port = 102, sin_addr = {s_addr = 0},
sin_zero = "8\024\212\274\376\177\000"}, sin6 = {sin6_family = 24989, sin6_port = 102, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
__u6_addr8 = "8\024\212\274\376\177\000\000\b\000\000\000\000\000\000", __u6_addr16 = {5176, 48266, 32766, 0, 8, 0, 0, 0}, __u6_addr32 = {3163165752, 32766, 8, 0}}},
sin6_scope_id = 20}}, id = 0, send_flags = {f = 1, blst_imask = 0}, proto = 1 '\001', proto_pad0 = 0 '\000', proto_pad1 = 0}
c = 32 ' '
ret = -1131801808
__func__ = "tcp_read_req"
#11 0x000000000068038f in handle_io (fm=0x7fe9c4368d48, events=1, idx=-1) at core/tcp_read.c:1804
ret = 8
n = 8
read_flags = 1
con = 0x7fe9a3723810
s = 7
resp = 0
t = 0
__func__ = "handle_io"
#12 0x000000000066ec4d in io_wait_loop_epoll (h=0xb0b300 <io_w>, t=2, repeat=0) at core/io_wait.h:1062
n = 1
r = 0
fm = 0x7fe9c4368d48
revents = 1
__func__ = "io_wait_loop_epoll"
#13 0x0000000000682228 in tcp_receive_loop (unix_sock=26) at core/tcp_read.c:1974
__func__ = "tcp_receive_loop"
#14 0x0000000000559d89 in tcp_init_children () at core/tcp_main.c:5174
r = 0
i = -1
reader_fd_1 = 26
pid = 0
si_desc = "tcp receiver (tls:128.199.61.178:5061)\000\000\t\000\000\000\001", '\000' <repeats 11 times>, "\320o\265\304\351\177\000\000S\236~\000\000\000\000\000\000\000\000 \000\000\000\000\000\000\200\000\000\000\000\000\006\000\000\000\000\000\000\000\200\026\212\274\376\177\000\000[\314Y\000\000\000\000\000\200\026\212\274\376\177\000\000\213\033b\000\000\000\000"
si = 0x0
__func__ = "tcp_init_children"
#15 0x0000000000427282 in main_loop () at main.c:1761
i = 10
pid = 17994
si = 0x0
si_desc = "udp receiver child=9 sock=128.199.61.178:5061\000\000\000\350\"{\000\000\000\000\000\000\035r\301\304v\352I\177 \000\020\000\000\000\000\320o\265\304\351\177\000\000S\236~\000\000\000\000\000\000\000\000 \000\000\000\000\000\000\200\000\000\000\000\000\006\000\000\000\000\000\000\000\320\027\212\274\376\177\000\000\210\020e\000\000\000\000"
nrprocs = 10
woneinit = 1
__func__ = "main_loop"
#16 0x000000000042eadb in main (argc=7, argv=0x7ffebc8a1cb8) at main.c:2802
cfg_stream = 0x1042010
c = -1
r = 0
tmp = 0x7ffebc8a2f40 ""
tmp_len = -1
port = 0
proto = -985238336
ahost = 0x0
aport = 0
options = 0x780aa8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 3827584968
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x7fe9c5257e9a <_dl_runtime_resolve_xsave+138>
p = 0x7fe9c4a67410 "\332("
st = {st_dev = 19, st_ino = 493, st_nlink = 2, st_mode = 16877, st_uid = 110, st_gid = 2500, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {
tv_sec = 1586173463, tv_nsec = 457366237}, st_mtim = {tv_sec = 1586173463, tv_nsec = 457366237}, st_ctim = {tv_sec = 1586173463, tv_nsec = 461366299}, __glibc_reserved = {0, 0, 0}}
tbuf = "$\032\212\274\376\177\000\000\330\314$\305\351\177\000\000\000\000\000\000\000\000\000\000'6\276\304\351\177\000\000\300\033\212\274\376\177\000\000(\032\212\274\376\177\000\000&\260be\000\000\000\000\300\212\225\001\000\000\000\000&\000\000\000\000\000\000\000\000\033\212\274\376\177", '\000' <repeats 13 times>, "\377\000\000\000\000", '/' <repeats 16 times>, "\000\000\000\000\000\000\000\377\000\000\377", '\000' <repeats 12 times>, "\377", '\000' <repeats 14 times>, "\377\000\000\000\377\000\000\000\377", '\000' <repeats 177 times>...
option_index = 0
long_options = {{name = 0x78363a "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x77d344 "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x78363f "alias", has_arg = 1, flag = 0x0,
val = 1024}, {name = 0x783645 "subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x78364b "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x783654 "substdefs", has_arg = 1,
flag = 0x0, val = 1027}, {name = 0x78365e "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
__func__ = "main"
(gdb) frame 7
#7 0x00007fe99f792bd4 in tls_accept (c=0x7fe9a3723810, error=0x7ffebc881050) at tls_server.c:422
422 tls_server.c: No such file or directory.
(gdb) list
417 in tls_server.c
(gdb) info locals
ret = -1131933680
ssl = 0x7fe9a36532d0
cert = 0x7fe9a3720e58
tls_c = 0x7fe9a355a0d0
tls_log = -1619452682
__func__ = "tls_accept"
pkey = 0x0
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2274#issuecomment-609746131
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20200406/3f31620f/attachment-0001.html>
More information about the sr-dev
mailing list