I have same issue with kamailio 5.7.3, openssl 3.0.11 on debian 12. I tried tls
init_mode 1, 2 and 3 and there are no differences:
few times `freeing already freed pointer` errors in logs(it not causing crash
immediately)
```
CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already
freed pointer (0x7feb97ea8598), called from tls: tls_init.c: ser_free(323),
first free tls: tls_init.c: ser_free(323) - ignoring
```
or
```
CRITICAL: <core> [core/mem/q_malloc.c:535]: qm_free(): BUG: freeing already
freed pointer (0x7fa9d17f9a58), called from tls: tls_init.c: ser_free(412),
first free tls: tls_init.c: ser_malloc(367) - ignoring
```
and after some time segfault somewhere in openssl:
```
#0 0x0000000000000000 in ?? ()
#1 0x00007f740a216975 in EVP_MAC_CTX_new (mac=mac@entry=0x7f73eacb4ec0) at
../crypto/evp/mac_lib.c:27
#2 0x00007f740a2ed12b in ossl_prov_macctx_load_from_params
(macctx=macctx@entry=0x7f73ead6e100, params=params@entry=0x7fffcd233320,
macname=<optimized out>,
macname@entry=0x7f740a353aa6 "HMAC", ciphername=ciphername@entry=0x0,
mdname=mdname@entry=0x0, libctx=libctx@entry=0x7f740a47e900
<default_context_int>)
at ../providers/common/provider_util.c:318
#3 0x00007f740a31df2b in kdf_tls1_prf_set_ctx_params
(vctx=vctx@entry=0x7f73ead6e0f8, params=params@entry=0x7fffcd233320) at
../providers/implementations/kdfs/tls1_prf.c:187
#4 0x00007f740a31e2eb in kdf_tls1_prf_derive (vctx=0x7f73ead6e0f8,
key=0x7f73ead865c0 "", keylen=48, params=0x7fffcd233320) at
../providers/implementations/kdfs/tls1_prf.c:141
#5 0x00007f740a5c31e1 in tls1_PRF (s=s@entry=0x7f73ead88738,
seed1=seed1@entry=0x7f740a604fff, seed1_len=seed1_len@entry=22,
seed2=seed2@entry=0x7fffcd233500, seed2_len=48,
seed3=seed3@entry=0x0, seed3_len=0, seed4=0x0, seed4_len=0,
sec=0x7f73ead84ab8
"\327s\2030\215\025W\320U{\017\262\220ɾa\334\360X\352ocx\371\005)Q\347\274E_\023\300\300\300\300",
slen=32, out=0x7f73ead865c0 "", olen=48, fatal=1,
seed5_len=0, seed5=0x0) at ../ssl/t1_enc.c:72
#6 0x00007f740a5c444c in tls1_generate_master_secret (s=0x7f73ead88738,
out=0x7f73ead865c0 "",
p=0x7f73ead84ab8
"\327s\2030\215\025W\320U{\017\262\220ɾa\334\360X\352ocx\371\005)Q\347\274E_\023\300\300\300\300",
len=32, secret_size=0x7f73ead86578) at ../ssl/t1_enc.c:657
#7 0x00007f740a5a9ef7 in ssl_generate_master_secret (s=0x7f73ead88738,
pms=0x7f73ead84ab8
"\327s\2030\215\025W\320U{\017\262\220ɾa\334\360X\352ocx\371\005)Q\347\274E_\023\300\300\300\300",
pmslen=32, free_pms=0) at ../ssl/s3_lib.c:4644
#8 0x00007f740a5aa68e in ssl_derive (s=s@entry=0x7f73ead88738,
privkey=privkey@entry=0x7f73ead85820, pubkey=pubkey@entry=0x7f73ead57e20,
gensecret=gensecret@entry=1)
at ../ssl/s3_lib.c:4825
#9 0x00007f740a5fa911 in tls_process_cke_ecdhe (pkt=0x7fffcd233810,
s=0x7f73ead88738) at ../ssl/statem/statem_srvr.c:3048
#10 tls_process_client_key_exchange (s=0x7f73ead88738, pkt=0x7fffcd233810) at
../ssl/statem/statem_srvr.c:3316
#11 0x00007f740a5e6672 in read_state_machine (s=0x7f73ead88738) at
../ssl/statem/statem.c:647
#12 state_machine (s=0x7f73ead88738, server=1) at ../ssl/statem/statem.c:442
#13 0x00007f740a66a956 in tls_accept (c=c@entry=0x7f73ead21458,
error=error@entry=0x7fffcd2339f8) at ./src/modules/tls/tls_server.c:471
#14 0x00007f740a67320d in tls_h_read_f (c=c@entry=0x7f73ead21458,
flags=flags@entry=0x7fffcd253e20) at ./src/modules/tls/tls_server.c:1173
#15 0x000055af78d7b9e6 in tcp_read_headers (c=c@entry=0x7f73ead21458,
read_flags=read_flags@entry=0x7fffcd253e20) at core/tcp_read.c:445
#16 0x000055af78d7eae6 in tcp_read_req (con=0x7f73ead21458,
bytes_read=bytes_read@entry=0x7fffcd253e18,
read_flags=read_flags@entry=0x7fffcd253e20) at core/tcp_read.c:1508
#17 0x000055af78d83ca7 in handle_io (fm=fm@entry=0x7f740a80ca88,
events=events@entry=1, idx=idx@entry=-1) at core/tcp_read.c:1912
#18 0x000055af78d89d5d in io_wait_loop_epoll (repeat=repeat@entry=0,
t=<optimized out>, h=<optimized out>) at core/io_wait.h:1073
#19 0x000055af78d8a567 in tcp_receive_loop (unix_sock=<optimized out>) at
core/tcp_read.c:2032
#20 0x000055af78d721b7 in tcp_init_children
(woneinit=woneinit@entry=0x7fffcd25435c) at core/tcp_main.c:5364
#21 0x000055af78b7ffe0 in main_loop () at ./src/main.c:1936
#22 0x000055af78b714cc in main (argc=<optimized out>, argv=<optimized out>) at
./src/main.c:3212
```
or
```
#0 0x00007f73ea7483e0 in ?? ()
#1 0x00007f740a216a53 in EVP_MAC_CTX_free (ctx=0x7f73eacecbf8) at
../crypto/evp/mac_lib.c:44
#2 0x00007f740a31e19d in tls1_prf_P_hash (ctx_init=0x7f73ead85d70,
sec=sec@entry=0x7f73ead30ef8
"\226\273\177\2008\254}\363\034\351'H\250\032\177\225\274\b\264W\231\240\206Gп\036\032\036\347%鳀o\321\022q\361\2362\177\302Sk/ݒ",
sec_len=sec_len@entry=48,
seed=0x7f73ead6c360 "client
finished=L\347\353\277f\2713\314-\372/GQ\037\206\300\305\336,\027\267\207Y\242ǔLO\2039\233\313/_Ͽ\334q\237\324\3310\025?\332oN",
seed_len=seed_len@entry=63, out=out@entry=0x7f73ead73240 "", olen=12) at
../providers/implementations/kdfs/tls1_prf.c:314
#3 0x00007f740a31e48f in tls1_prf_alg (olen=12, out=0x7f73ead73240 "",
seed_len=63,
seed=0x7f73ead6c360 "client
finished=L\347\353\277f\2713\314-\372/GQ\037\206\300\305\336,\027\267\207Y\242ǔLO\2039\233\313/_Ͽ\334q\237\324\3310\025?\332oN",
slen=48,
sec=0x7f73ead30ef8
"\226\273\177\2008\254}\363\034\351'H\250\032\177\225\274\b\264W\231\240\206Gп\036\032\036\347%鳀o\321\022q\361\2362\177\302Sk/ݒ",
sha1ctx=0x0,
mdctx=<optimized out>) at ../providers/implementations/kdfs/tls1_prf.c:407
#4 kdf_tls1_prf_derive (vctx=0x7f73ead6c338, key=0x7f73ead73240 "", keylen=12,
params=<optimized out>) at ../providers/implementations/kdfs/tls1_prf.c:161
#5 0x00007f740a5c31e1 in tls1_PRF (s=s@entry=0x7f73ead72ff8,
seed1=seed1@entry=0x7f740a5fd2e8, seed1_len=seed1_len@entry=15,
seed2=seed2@entry=0x7fffcd233700, seed2_len=48,
seed3=seed3@entry=0x0, seed3_len=0, seed4=0x0, seed4_len=0,
sec=0x7f73ead83d50
"\226\273\177\2008\254}\363\034\351'H\250\032\177\225\274\b\264W\231\240\206Gп\036\032\036\347%鳀o\321\022q\361\2362\177\302Sk/ݒ",
slen=48,
out=0x7f73ead73240 "", olen=12, fatal=1, seed5_len=0, seed5=0x0) at
../ssl/t1_enc.c:72
#6 0x00007f740a5c4371 in tls1_final_finish_mac (s=0x7f73ead72ff8,
str=0x7f740a5fd2e8 "client finished", slen=15, out=0x7f73ead73240 "") at
../ssl/t1_enc.c:627
#7 0x00007f740a5f1d2b in ssl3_take_mac (s=s@entry=0x7f73ead72ff8) at
../ssl/statem/statem_lib.c:716
#8 0x00007f740a5f2b30 in tls_get_message_body (s=s@entry=0x7f73ead72ff8,
len=len@entry=0x7fffcd233808) at ../ssl/statem/statem_lib.c:1300
#9 0x00007f740a5e6636 in read_state_machine (s=0x7f73ead72ff8) at
../ssl/statem/statem.c:635
#10 state_machine (s=0x7f73ead72ff8, server=1) at ../ssl/statem/statem.c:442
#11 0x00007f740a66a956 in tls_accept (c=c@entry=0x7f73ead38970,
error=error@entry=0x7fffcd2339f8) at ./src/modules/tls/tls_server.c:471
#12 0x00007f740a67320d in tls_h_read_f (c=c@entry=0x7f73ead38970,
flags=flags@entry=0x7fffcd253e20) at ./src/modules/tls/tls_server.c:1173
#13 0x000055af78d7b9e6 in tcp_read_headers (c=c@entry=0x7f73ead38970,
read_flags=read_flags@entry=0x7fffcd253e20) at core/tcp_read.c:445
#14 0x000055af78d7eae6 in tcp_read_req (con=0x7f73ead38970,
bytes_read=bytes_read@entry=0x7fffcd253e18,
read_flags=read_flags@entry=0x7fffcd253e20) at core/tcp_read.c:1508
#15 0x000055af78d83ca7 in handle_io (fm=fm@entry=0x7f740a80ca58,
events=events@entry=1, idx=idx@entry=-1) at core/tcp_read.c:1912
#16 0x000055af78d89d5d in io_wait_loop_epoll (repeat=repeat@entry=0,
t=<optimized out>, h=<optimized out>) at core/io_wait.h:1073
#17 0x000055af78d8a567 in tcp_receive_loop (unix_sock=<optimized out>) at
core/tcp_read.c:2032
#18 0x000055af78d721b7 in tcp_init_children
(woneinit=woneinit@entry=0x7fffcd25435c) at core/tcp_main.c:5364
#19 0x000055af78b7ffe0 in main_loop () at ./src/main.c:1936
#20 0x000055af78b714cc in main (argc=<optimized out>, argv=<optimized out>) at
./src/main.c:3212
```
or
```
#0 0x00007f6ec591d6e1 in BN_num_bits (a=0x7f6ea658f068) at
../crypto/bn/bn_lib.c:199
#1 0x00007f6ec59d2ff8 in ecp_nistz256_windowed_mul (ctx=<optimized out>,
num=<optimized out>, point=<optimized out>, scalar=<optimized out>,
r=<optimized out>,
group=<optimized out>) at ../crypto/ec/ecp_nistz256.c:651
#2 ecp_nistz256_points_mul (group=<optimized out>, r=<optimized out>,
scalar=<optimized out>, num=<optimized out>, points=<optimized out>,
scalars=<optimized out>,
ctx=<optimized out>) at ../crypto/ec/ecp_nistz256.c:1152
#3 0x00007f6ec598fab4 in EC_POINT_mul (group=<optimized out>,
r=r@entry=0x7f6ea65ecb88, g_scalar=g_scalar@entry=0x0, point=<optimized out>,
p_scalar=<optimized out>,
p_scalar@entry=0x7f6ea658f068, ctx=<optimized out>,
ctx@entry=0x7f6ea65eca10) at ../crypto/ec/ec_lib.c:1143
#4 0x00007f6ec598bff1 in ossl_ec_key_public_check
(eckey=eckey@entry=0x7f6ea65d0850, ctx=ctx@entry=0x7f6ea65eca10) at
../crypto/ec/ec_key.c:491
#5 0x00007f6ec5b224ce in ec_validate (keydata=0x7f6ea65d0850, selection=2,
checktype=0) at ../providers/implementations/keymgmt/ec_kmgmt.c:966
#6 0x00007f6ec5a1e115 in try_provided_check (ctx=ctx@entry=0x7f6ea650d840,
selection=selection@entry=2, checktype=checktype@entry=0) at
../crypto/evp/pmeth_check.c:44
#7 0x00007f6ec5a1e1a1 in evp_pkey_public_check_combined
(ctx=ctx@entry=0x7f6ea650d840, checktype=checktype@entry=0) at
../crypto/evp/pmeth_check.c:57
#8 0x00007f6ec5a1e347 in EVP_PKEY_public_check (ctx=ctx@entry=0x7f6ea650d840)
at ../crypto/evp/pmeth_check.c:83
#9 0x00007f6ec5a110df in EVP_PKEY_derive_set_peer_ex
(ctx=ctx@entry=0x7f6ea65d1698, peer=peer@entry=0x7f6ea64db210,
validate_peer=validate_peer@entry=1)
at ../crypto/evp/exchange.c:402
#10 0x00007f6ec5a1141a in EVP_PKEY_derive_set_peer
(ctx=ctx@entry=0x7f6ea65d1698, peer=peer@entry=0x7f6ea64db210) at
../crypto/evp/exchange.c:502
#11 0x00007f6ec5e4c4a8 in ssl_derive (s=s@entry=0x7f6ea64a8518,
privkey=privkey@entry=0x7f6ea66a9528, pubkey=pubkey@entry=0x7f6ea64db210,
gensecret=gensecret@entry=1)
at ../ssl/s3_lib.c:4803
#12 0x00007f6ec5e9c911 in tls_process_cke_ecdhe (pkt=0x7fff7ab07990,
s=0x7f6ea64a8518) at ../ssl/statem/statem_srvr.c:3048
#13 tls_process_client_key_exchange (s=0x7f6ea64a8518, pkt=0x7fff7ab07990) at
../ssl/statem/statem_srvr.c:3316
#14 0x00007f6ec5e88672 in read_state_machine (s=0x7f6ea64a8518) at
../ssl/statem/statem.c:647
#15 state_machine (s=0x7f6ea64a8518, server=1) at ../ssl/statem/statem.c:442
#16 0x00007f6ec5f0c956 in tls_accept (c=c@entry=0x7f6ea66ab558,
error=error@entry=0x7fff7ab07b78) at ./src/modules/tls/tls_server.c:471
#17 0x00007f6ec5f1520d in tls_h_read_f (c=c@entry=0x7f6ea66ab558,
flags=flags@entry=0x7fff7ab27fa0) at ./src/modules/tls/tls_server.c:1173
#18 0x0000555d90bf59e6 in tcp_read_headers (c=c@entry=0x7f6ea66ab558,
read_flags=read_flags@entry=0x7fff7ab27fa0) at core/tcp_read.c:445
#19 0x0000555d90bf8ae6 in tcp_read_req (con=0x7f6ea66ab558,
bytes_read=bytes_read@entry=0x7fff7ab27f98,
read_flags=read_flags@entry=0x7fff7ab27fa0) at core/tcp_read.c:1508
#20 0x0000555d90bfdca7 in handle_io (fm=fm@entry=0x7f6ec60aea28,
events=events@entry=1, idx=idx@entry=-1) at core/tcp_read.c:1912
#21 0x0000555d90c03d5d in io_wait_loop_epoll (repeat=repeat@entry=0,
t=<optimized out>, h=<optimized out>) at core/io_wait.h:1073
#22 0x0000555d90c04567 in tcp_receive_loop (unix_sock=<optimized out>) at
core/tcp_read.c:2032
#23 0x0000555d90bec1b7 in tcp_init_children
(woneinit=woneinit@entry=0x7fff7ab284dc) at core/tcp_main.c:5364
#24 0x0000555d909f9fe0 in main_loop () at ./src/main.c:1936
#25 0x0000555d909eb4cc in main (argc=<optimized out>, argv=<optimized out>) at
./src/main.c:3212
```
I think there is memory corruption related to `freeing already freed pointer`
event.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3635#issuecomment-1817863524
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3635/1817863...@github.com>_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
