search

coturn / coturn

coturn TURN server project
Other
11.19k stars 2.01k forks source link

coturn crashes with Segmentation fault #750

Closed qwertiko closed 3 years ago

qwertiko commented 3 years ago

Our coturn instance crashes daily around the same time. We are running coturn 4.5.0.7-1ubuntu2.18.04.2

gdb output:

GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/turnserver...Reading symbols from /usr/lib/debug/.build-id/4d/4dfbd429583750f258f061e6af3ef5a88a4c6d.debug...done.
done.
[New LWP 37645]
[New LWP 37650]
[New LWP 37644]
[New LWP 37649]
[New LWP 37651]
[New LWP 37647]
[New LWP 37643]
[New LWP 37646]
[New LWP 37648]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/bin/turnserver -c /etc/turnserver.conf -o -v'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fbf640008d0 in ?? ()
[Current thread is 1 (Thread 0x7fbf6ab44700 (LWP 37645))]
(gdb) bt
#0  0x00007fbf640008d0 in ?? ()
#1  0x00007fbf7260e99e in BIO_free () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#2  0x00007fbf7260f4c4 in BIO_free_all () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#3  0x00007fbf7230ed75 in SSL_set0_rbio () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1
#4  0x0000557c4b1f1095 in ssl_read (fd=<optimized out>, ssl=ssl@entry=0x7fbf64021990, nbh=nbh@entry=0x7fbf64029ee0, verbose=1) at src/apps/relay/ns_ioalib_engine_impl.c:1970
#5  0x0000557c4b20abc6 in dtls_accept_client_connection (nbh=0x7fbf64029ee0, local_addr=0x7fbf6ab5659c, remote_addr=0x7fbf6ab56610, ssl=0x7fbf64021990, sock=0x557c4d399240, server=0x7fbf6ab56198)
    at src/apps/relay/dtls_listener.c:242
#6  dtls_server_input_handler (nbh=0x7fbf64029ee0, s=0x557c4d399240, server=0x7fbf6ab56198) at src/apps/relay/dtls_listener.c:308
#7  handle_udp_packet (server=server@entry=0x7fbf6ab56198, sm=sm@entry=0x7fbf6ab565f8, ioa_eng=0x7fbf6ab451f8, ts=0x7fbf6ab45050) at src/apps/relay/dtls_listener.c:443
#8  0x0000557c4b20b384 in udp_server_input_handler (fd=34, what=<optimized out>, arg=0x7fbf6ab56198) at src/apps/relay/dtls_listener.c:728
#9  0x00007fbf720bfed8 in ?? () from /usr/lib/x86_64-linux-gnu/libevent_core-2.1.so.6
#10 0x00007fbf720c091f in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent_core-2.1.so.6
#11 0x0000557c4b1f7bc9 in run_events (eb=0x7fbf64000b60, e=0x7fbf6ab451f8) at src/apps/relay/netengine.c:1550
#12 0x0000557c4b1f90e5 in run_general_relay_thread (arg=0x7fbf6ab45010) at src/apps/relay/netengine.c:1681
#13 0x00007fbf70e536db in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#14 0x00007fbf70b7c71f in clone () from /lib/x86_64-linux-gnu/libc.so.6
(gdb)

turnserver.conf

# jitsi-meet coturn config. Do not modify this line
use-auth-secret
keep-address-family
static-auth-secret=xyz
realm=turn.xyz.com
cert=/etc/ssl/acme/xyz.com/fullchain.cer
pkey=/etc/ssl/acme/xyz.com/xyz.com.key
#listening-port=4446
tls-listening-port=443
external-ip=hidden
listening-ip=hidden
listening-ip=hidden
no-udp
no-tcp
stale-nonce=600
cipher-list="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
ec-curve-name=secp384r1
dh-file=/etc/ssl/certs/dhparam.pem
no-stdout-log
log-file=/var/log/turnserver.log
simple-log
no-multicast-peers
cli-port=5766
no-tlsv1
no-tlsv1_1
total-quota=100
fingerprint
syslog

# jitsi-meet coturn relay disable config. Do not modify this line
no-multicast-peers
no-cli
no-loopback-peers
no-tcp-relay
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
misi commented 3 years ago

@qwertiko Can you try to compile version 4.5.2 on your server? You can use debian buster backports package on debian.

Unfortunately I heard from more sources that there is an issue with ubuntu and 4.5.0.7 and dtls

qwertiko commented 3 years ago

@misi Thanks. I switched to 4.5.1.1-1.1ubuntu0.20.04.2 on Ubuntu 20.04 LTS and it is running stable without any segfaults in the last 24h

misi commented 3 years ago

Thanks for the feedback..