[sr-dev] [kamailio/kamailio] TLS crashes Kamailio 5.4 branch on Ubuntu 20.04 and Debian Buster (#2560)

tculjaga notifications at github.com
Wed Dec 2 03:47:54 CET 2020 

Hello, 

i have the same creash on Centos 8.

# lsb_release -a
LSB Version:    :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description:    CentOS Linux release 8.2.2004 (Core) 
Release:        8.2.2004
Codename:       Core


# cat /etc/os-release
NAME="CentOS Linux"
VERSION="8 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="8"


# uname -a
Linux dev-nexios-fsrhel 4.18.0-193.28.1.el8_2.x86_64 #1 SMP Thu Oct 22 00:20:22 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

I can attach the entire log from start till the crash if needed ... my logs are pretty much the same as  knightcode  :)

Here is a small snip:
 0(88367) CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f3537194d68), called from tls: tls_init.c: ser_free(323), first free tls: tls_init.c: ser_mallo
c(293) - ignoring
 0(88367) CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f35371959e8), called from tls: tls_init.c: ser_free(323), first free tls: tls_init.c: ser_mallo
c(293) - ignoring
 0(88367) CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f3537195be8), called from tls: tls_init.c: ser_free(323), first free tls: tls_init.c: ser_mallo
c(293) - ignoring
 0(88367) CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f3537195668), called from tls: tls_init.c: ser_free(323), first free tls: tls_init.c: ser_free(
323) - ignoring
 0(88367) CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f35371955e8), called from tls: tls_init.c: ser_free(323), first free tls: tls_init.c: ser_mallo
c(293) - ignoring
 0(88367) CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f3537195868), called from tls: tls_init.c: ser_free(323), first free tls: tls_init.c: ser_mallo
c(293) - ignoring
 0(88367) CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f3537195ee8), called from tls: tls_init.c: ser_free(323), first free tls: tls_init.c: ser_mallo
c(293) - ignoring
 0(88367) CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f353716f450), called from tls: tls_init.c: ser_free(323), first free tls: tls_init.c: ser_reall
oc(299) - ignoring
 0(88367) CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f353712d160), called from tls: tls_init.c: ser_free(323), first free tls: tls_init.c: ser_mallo
c(293) - ignoring



bt full:

warning: Loadable section ".note.gnu.property" outside of ELF segments
Core was generated by `/usr/local/kamailio-devel/sbin/kamailio -DD -P /run/kamailio/kamailio.pid -f /u'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f3541c6318a in BN_clear_free () from /lib64/libcrypto.so.1.1
Missing separate debuginfos, use: yum debuginfo-install brotli-1.0.6-1.el8.x86_64 cyrus-sasl-lib-2.1.27-1.el8.x86_64 glibc-2.28-101.el8.x86_64 jansson-2.11-3.el8.x86_64 json-c-0.13.1-0.2.el8.x86_64 keyutils-libs-1.5.10-6.el8.x86_64 krb5-libs-1.17-18.el8.x86_64 libblkid-2.32.1-22.el8.x86_64 libbson-1.17.2-1.el8.x86_64 libcap-2.26-3.el8.x86_64 libcom_err-1.45.4-3.el8.x86_64 libcurl-7.61.1-12.el8.x86_64 libdb-5.3.28-37.el8.x86_64 libgcc-8.3.1-5.el8.0.2.x86_64 libicu-60.3-2.el8_1.x86_64 libidn2-2.2.0-1.el8.x86_64 libmount-2.32.1-22.el8.x86_64 libnghttp2-1.39.2-1.el8.x86_64 libpq-12.4-1.el8_2.x86_64 libpsl-0.20.2-5.el8.x86_64 libselinux-2.9-3.el8.x86_64 libssh-0.9.0-4.el8.x86_64 libstdc++-8.3.1-5.el8.0.2.x86_64 libunistring-0.9.9-3.el8.x86_64 libuuid-2.32.1-22.el8.x86_64 libxcrypt-4.1.1-4.el8.x86_64 mongo-c-driver-libs-1.17.2-1.el8.x86_64 openldap-2.4.46-11.el8_1.x86_64 openssl-libs-1.1.1c-15.el8.x86_64 pcre-8.42-4.el8.x86_64 snappy-1.1.7-5.el8.x86_64 sssd-client-2.2.3-20.el8.x86_64 systemd-libs-239-31.el8_2.2.x86_64 zlib-1.2.11-16.el8_2.x86_64
(gdb) 
(gdb) 
(gdb) 
(gdb) 
(gdb) 
(gdb) 
(gdb) 
(gdb) bt
#0  0x00007f3541c6318a in BN_clear_free () from /lib64/libcrypto.so.1.1
#1  0x00007f353230d945 in ssh_dh_finalize.part () from /lib64/libssh.so.4
#2  0x00007f35322ff5fd in libssh_destructor () from /lib64/libssh.so.4
#3  0x00007f3543d8c2a6 in _dl_fini () from /lib64/ld-linux-x86-64.so.2
#4  0x00007f3543036e9c in __run_exit_handlers () from /lib64/libc.so.6
#5  0x00007f3543036fd0 in exit () from /lib64/libc.so.6
#6  0x0000000000421c21 in handle_sigs () at main.c:810
#7  0x000000000042c537 in main_loop () at main.c:1817
#8  0x0000000000434d46 in main (argc=15, argv=0x7ffc92a2e8e8) at main.c:2856
(gdb) bt full
#0  0x00007f3541c6318a in BN_clear_free () from /lib64/libcrypto.so.1.1
No symbol table info available.
#1  0x00007f353230d945 in ssh_dh_finalize.part () from /lib64/libssh.so.4
No symbol table info available.
#2  0x00007f35322ff5fd in libssh_destructor () from /lib64/libssh.so.4
No symbol table info available.
#3  0x00007f3543d8c2a6 in _dl_fini () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#4  0x00007f3543036e9c in __run_exit_handlers () from /lib64/libc.so.6
No symbol table info available.
#5  0x00007f3543036fd0 in exit () from /lib64/libc.so.6
No symbol table info available.
#6  0x0000000000421c21 in handle_sigs () at main.c:810
        chld = 0
        chld_status = 65280
        any_chld_stopped = 1
        memlog = 926740624
        __func__ = "handle_sigs"
#7  0x000000000042c537 in main_loop () at main.c:1817
        i = 8
        pid = 88396
        si = 0x0
        si_desc = "udp receiver child=7 sock=192.168.5.238:5060\000\177\000\000\060\000\000\000\060\000\000\000\310㢒\374\177\000\000\320⢒\374\177\000\000\000\312\004j\314\021Fz 㢒\374\177\000\000M\vo", '\000' <repeats 13 times>, "/Y\001\000\000\000\000\000\323\022\203\000\000\000\000\000\070x\326B5\177\000"
        nrprocs = 8
        woneinit = 1
        __func__ = "main_loop"
#8  0x0000000000434d46 in main (argc=15, argv=0x7ffc92a2e8e8) at main.c:2856
        cfg_stream = 0x22472a0
        c = -1
        r = 0
        tmp = 0x7ffc92a3083f ""
        tmp_len = 32565
        port = 1140483840
        proto = 0
        ahost = 0x0
        aport = 0
        options = 0x7ef1b8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
        ret = -1
        seed = 2338164144
        rfd = 4
        debug_save = 0
        debug_flag = 0
        dont_fork_cnt = 2
        n_lst = 0x7f3543fa6700
        p = 0x7f35430a124d <handle_intel.constprop+269> "H\205\300u\036A\215U\001D9l$\f\017\207?\377\377\377\201", <incomplete sequence \355\277>
        st = {st_dev = 23, st_ino = 19256, st_nlink = 2, st_mode = 16832, st_uid = 991, st_gid = 989, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {
            tv_sec = 1606640254, tv_nsec = 237000000}, st_mtim = {tv_sec = 1606876315, tv_nsec = 8047879}, st_ctim = {tv_sec = 1606876315, tv_nsec = 8047879}, __glibc_reserved = {0, 0, 0}}
        tbuf = "|c\001C5\177\000\000\330\361\262\222\374\177\000\000\000\000\000\000 ", '\000' <repeats 19 times>, " \317\327C5\177\000\000\300墒\374\177\000\000\a\000\000\000\000\000\000\000\330\304\327C5\177\000\000\a\000\000\000\t\000\000\000\220Y\372C5\177\000\000̀\330C5\177\000\000\000\000\000\000\000\000\000\000\370\216\330C5\177\000\000\020墒\374\177\000\000\240c\001C5\177\000\000\300c\371C5\177\000\000\000\000\000\000\000\000\000\000\220墒\374\177", '\000' <repeats 26 times>, "H\307\327C5\177\000\000\270d\372C5\177\000\000\220墒\374\177\000\000\000\300\327C5\177\000\000|"...
        option_index = 0
        long_options = {{name = 0x7f1326 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x7ec8f4 "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x7f132b "alias", has_arg = 1, 
            flag = 0x0, val = 1024}, {name = 0x7f1331 "subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x7f1337 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x7f1340 "substdefs", 
            has_arg = 1, flag = 0x0, val = 1027}, {name = 0x7f134a "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x7f1354 "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {
            name = 0x7f135f "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x7f1368 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x7f1373 "debug", has_arg = 1, flag = 0x0, 
--Type <RET> for more, q to quit, c to continue without paging--
            val = 1032}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
        __func__ = "main"
(gdb) 
(gdb) q




-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2560#issuecomment-736952881
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20201201/614c962b/attachment-0001.htm>

More information about the sr-dev mailing list