[OpenSIPS-Users] 3.2.3 TLS issue

Gregory Massel greg at switchtel.co.za
Fri Nov 12 12:44:51 EST 2021


Sorry, I do have the core files, however, my /usr/sbin/opensips is now 
3.2.2 and the core dumps were taken against 3.2.3.

I should have thought to get the backtrace before downgrading.

This is a production server, however, I will try and schedule some 
downtime and then restore 3.2.3 to generate the backtrace and will try 
out the nightly release.

--Greg

On 2021-11-12 13:09, Andrew Yager wrote:
> Do you have a core dump with the backtrace when it dies?
>
> There are a few fixes in the nightly releases around some TLS things, 
> and we've found these to be a better choice for SSL performance.
>
> Thanks,
> Andrew
>
> On Fri, 12 Nov 2021 at 02:30, Gregory Massel <greg at switchtel.co.za> wrote:
>
>     Thanks.
>
>     This report lists it as a bug in WolfSSL, however, given that I'm
>     got similar errors (although not a segfault) when changing to
>     OpenSSL, it would appear more likely that it's in proto_tls or
>     tls_mgm.
>
>     --Greg
>
>     On 2021-11-11 17:06, Mark Farmer wrote:
>>     Confirmed here too, 3.2.2 is running fine.
>>
>>     There does seem to be a bug report about this:
>>
>>     https://github.com/OpenSIPS/opensips/issues/2667
>>
>>
>>     On Thu, 11 Nov 2021 at 14:33, Gregory Massel
>>     <greg at switchtel.co.za> wrote:
>>
>>         I've managed to downgrade to 3.2.2 and all is working again.
>>         So this appears to be a bug introduced in 3.2.3.
>>
>>         Environment is:
>>
>>         Linux msteams 5.4.0-90-generic #101~18.04.1-Ubuntu SMP Fri
>>         Oct 22 09:25:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
>>
>>         The downgrade/fix was with:
>>
>>         apt-get install opensips=3.2.2-1
>>         opensips-dialplan-module=3.2.2-1
>>         opensips-http-modules=3.2.2-1 opensips-mysql-module=3.2.2-1
>>         opensips-presence-modules=3.2.2-1
>>         opensips-regex-module=3.2.2-1 opensips-tls-module=3.2.2-1
>>         opensips-tls-openssl-module=3.2.2-1
>>         opensips-tls-wolfssl-module=3.2.2-1
>>         opensips-tlsmgm-module=3.2.2-1
>>
>>         --Greg
>>
>>         On 2021-11-11 15:56, Gregory Massel wrote:
>>>
>>>         I'm running OpenSIPS 3.2.3 and it keeps bombing out on SSL
>>>         connections.
>>>
>>>         With WolfSSL it segfaults:
>>>
>>>         Nov 11 11:52:04 msteams /usr/sbin/opensips[15322]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify success
>>>         Nov 11 11:52:04 msteams /usr/sbin/opensips[15322]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify success
>>>         Nov 11 11:52:04 msteams /usr/sbin/opensips[15322]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS connection to52.114.75.24:5061  <http://52.114.75.24:5061>  established
>>>         Nov 11 11:52:04 msteams /usr/sbin/opensips[15322]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify success
>>>         Nov 11 11:52:04 msteams /usr/sbin/opensips[15322]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify success
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15322]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS connection to52.114.132.46:5061  <http://52.114.132.46:5061>  established
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15328]: CRITICAL:core:sig_usr: segfault in process pid: 15328, id: 25
>>>         Nov 11 11:52:05 msteams kernel: [22403546.537543] opensips[15328]: segfault at 35 ip 00007ff7b4b3f790 sp 00007fff48dd0a30 error 4 in tls_wolfssl.so[7ff7b4a71000+1e3000]
>>>         Nov 11 11:52:05 msteams kernel: [22403546.537549] Code: ff ff e9 5b ff ff ff 0f 1f 00 53 48 8d 3d 08 40 3b 00 e8 53 09 00 00 85 c0 75 4f 48 8b 3d 50 40 3b 00 48 85 ff 74 14 0f 1f 00 <48> 8b 5f 08 e8 87 36 f7 ff 48 85 db 48 89 df 75
>>>         ef 5b 48 8d 3d d7
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15322]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify success
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15322]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify success
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15322]: INFO:tls_wolfssl:_wolfssl_tls_accept: New TLS connection from52.114.75.24:17152  <http://52.114.75.24:17152>  accepted
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15322]: INFO:tls_wolfssl:tls_dump_cert_info: tls_accept: client TLS certificate subject: /CN=sip.pstnhub.microsoft.com  <http://sip.pstnhub.microsoft.com>, issuer: /C=US/O=Microsoft Corporation/CN=Microsoft RSA TLS CA 01
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15325]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify success
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15325]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify success
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15329]: CRITICAL:core:sig_usr: segfault in process pid: 15329, id: 26
>>>         Nov 11 11:52:05 msteams kernel: [22403546.732270] traps: opensips[15329] general protection fault ip:7ff7b4b0953d sp:7fff48dd0760 error:0 in tls_wolfssl.so[7ff7b4a71000+1e3000]
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15326]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify success
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15326]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify success
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15325]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS connection to54.171.127.194:5061  <http://54.171.127.194:5061>  established
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15330]: CRITICAL:core:sig_usr: segfault in process pid: 15330, id: 27
>>>         Nov 11 11:52:05 msteams kernel: [22403546.801626] traps: opensips[15330] general protection fault ip:7ff7b4b3f790 sp:7fff48dd0a30 error:0 in tls_wolfssl.so[7ff7b4a71000+1e3000]
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15326]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify success
>>>         Nov 11 11:52:05 msteams /usr/sbin/opensips[15326]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify success
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15325]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS connection to52.114.14.70:5061  <http://52.114.14.70:5061>  established
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15325]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS connection to54.172.60.3:5061  <http://54.172.60.3:5061>  established
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:handle_sigs: child process 15328 exited by a signal 11
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:handle_sigs: core was generated
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:handle_sigs: terminating due to SIGCHLD
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15296]: INFO:core:sig_usr: signal 15 received
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15297]: INFO:core:sig_usr: signal 15 received
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 3(15296) [time_keeper] terminated, still waiting for 28 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 4(15297) [timer] terminated, still waiting for 27 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 5(15298) [SIP receiver udp:127.0.0.1:5060  <http://127.0.0.1:5060>] terminated, still waiting for 26 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 6(15299) [SIP receiver udp:127.0.0.1:5060  <http://127.0.0.1:5060>] terminated, still waiting for 25 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 14(15308) [SIP receiver udp:[0:0:0:0:0:0:0:1]:5060] terminated, still waiting for 24 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 30(15333) [TCP main] terminated, still waiting for 23 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 9(15302) [SIP receiver udp:196.216.192.19:5060  <http://196.216.192.19:5060>] terminated, still waiting for 22 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 15(15310) [SIP receiver udp:[0:0:0:0:0:0:0:1]:5060] terminated, still waiting for 21 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 19(15319) [SIP receiver udp:[2001:43F8:BC0:1:0:0:0:1019]:5060] terminated, still waiting for 20 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 29(15332) [Timer handler] terminated, still waiting for 19 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 1(15294) [MI FIFO] terminated, still waiting for 18 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 21(15322) [TCP receiver] terminated, still waiting for 17 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 20(15320) [SIP receiver udp:[2001:43F8:BC0:1:0:0:0:1019]:5060] terminated, still waiting for 16 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 11(15304) [SIP receiver udp:196.216.192.19:5060  <http://196.216.192.19:5060>] terminated, still waiting for 15 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 8(15301) [SIP receiver udp:127.0.0.1:5060  <http://127.0.0.1:5060>] terminated, still waiting for 14 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 2(15295) [HTTPD INADDR_ANY:8888] terminated, still waiting for 13 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 10(15303) [SIP receiver udp:196.216.192.19:5060  <http://196.216.192.19:5060>] terminated, still waiting for 12 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 13(15307) [SIP receiver udp:[0:0:0:0:0:0:0:1]:5060] terminated, still waiting for 11 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 16(15311) [SIP receiver udp:[0:0:0:0:0:0:0:1]:5060] terminated, still waiting for 10 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 22(15323) [TCP receiver] terminated, still waiting for 9 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 12(15305) [SIP receiver udp:196.216.192.19:5060  <http://196.216.192.19:5060>] terminated, still waiting for 8 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 18(15317) [SIP receiver udp:[2001:43F8:BC0:1:0:0:0:1019]:5060] terminated, still waiting for 7 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 17(15315) [SIP receiver udp:[2001:43F8:BC0:1:0:0:0:1019]:5060] terminated, still waiting for 6 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 24(15326) [TCP receiver] terminated, still waiting for 5 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 7(15300) [SIP receiver udp:127.0.0.1:5060  <http://127.0.0.1:5060>] terminated, still waiting for 4 more
>>>         Nov 11 11:52:06 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 23(15325) [TCP receiver] terminated, still waiting for 3 more
>>>         Nov 11 11:52:09 msteams /usr/sbin/opensips[15293]: INFO:core:shutdown_opensips: process 26(15329) [TCP receiver] terminated, still waiting for 2 more
>>>         Nov 11 11:52:11 msteams /usr/sbin/opensips[15293]: INFO:core:cleanup: cleanup
>>>         Nov 11 11:52:12 msteams /usr/sbin/opensips[15293]: INFO:tls_wolfssl:mod_destroy: destroying tls_wolfssl module
>>>         Nov 11 11:52:12 msteams /usr/sbin/opensips[15293]: CRITICAL:core:fm_free: freeing already freed shm pointer (0x7ff7badd7878), first free: (null): (null)(0) - aborting!
>>>         Nov 11 11:52:18 msteams systemd[1]: opensips.service: Main process exited, code=dumped, status=6/ABRT
>>>         Nov 11 11:52:18 msteams systemd[1]: opensips.service: Failed with result 'core-dump'.
>>>         Nov 11 11:52:18 msteams systemd[1]: opensips.service: Service hold-off time over, scheduling restart.
>>>         Nov 11 11:52:18 msteams systemd[1]: opensips.service: Scheduled restart job, restart counter is at 1.
>>>         Nov 11 11:52:18 msteams systemd[1]: Stopped OpenSIPS is a very fast and flexible SIP (RFC3261) server.
>>>
>>>         With OpenSSL it remains running, however, is still extremely
>>>         unhappy:
>>>         Nov 11 15:46:35 msteams /usr/sbin/opensips[5044]: CRITICAL:core:io_watch_add: #012>>> fd_array idx 8 (fd=236) points to bogus map (fd=-1,type=0,flags=20000000,data=(nil))#012#012It seems you have hit a programming bug.#012Please help us make OpenSIPS better by reporting it athttps://github.com/OpenSIPS/opensips/issues
>>>         Nov 11 15:46:35 msteams /usr/sbin/opensips[5044]: CRITICAL:core:io_watch_add: #012>>> used fd map fd=227 is not present in fd_array (fd=227,type=19,flags=80000002,data=0x7f4b4e12eb80)#012#012It seems you have hit a programming bug.#012Please help us make OpenSIPS better by reporting it athttps://github.com/OpenSIPS/opensips/issues
>>>         Nov 11 15:46:35 msteams /usr/sbin/opensips[5044]: CRITICAL:core:io_watch_add: #012>>> unused fd_map fd=236 has bogus data (fd=-1,flags=20000000,data=(nil))#012#012It seems you have hit a programming bug.#012Please help us make OpenSIPS better by reporting it athttps://github.com/OpenSIPS/opensips/issues
>>>         Nov 11 15:46:35 msteams /usr/sbin/opensips[5044]: CRITICAL:core:io_watch_add: [TCP_main] check failed after successful fd add (fd=244,type=19,data=0x7f4b4e1c8240,flags=2) already=0
>>>
>>>         I didn't have these issues with OpenSIPS 3.1, however, am
>>>         not sure how to downgrade as, when I do, it complains that
>>>         the database table structure is not suitable and there does
>>>         not appear to be a migration script to revert to an older
>>>         version.
>>>
>>>
>>>         -- 
>>>         Regards
>>>         *Gregory Massel*
>>>         *T* +27 87 550 0000
>>>         *F* +27 11 783 4877
>>>         *W* www.switchtel.co.za <http://www.switchtel.co.za/>
>>>
>>>         _______________________________________________
>>>         Users mailing list
>>>         Users at lists.opensips.org
>>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>         _______________________________________________
>>         Users mailing list
>>         Users at lists.opensips.org
>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>>     -- 
>>     Mark Farmer
>>     farmorg at gmail.com
>>
>>     _______________________________________________
>>     Users mailing list
>>     Users at lists.opensips.org
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>     -- 
>     Regards
>     *Gregory Massel*
>     *T* +27 87 550 0000
>     *F* +27 11 783 4877
>     *W* www.switchtel.co.za <http://www.switchtel.co.za/>
>     _______________________________________________
>     Users mailing list
>     Users at lists.opensips.org
>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20211112/d1a90c8f/attachment-0001.html>


More information about the Users mailing list