[openssl-users] 1.1.1a: crash in CRYPTO_THREAD_lock_free

Claus Assmann ca+ssl-users at esmtp.org
Tue Nov 27 12:11:06 UTC 2018

I'm trying OpenSSL 1.1.1a on FreeBSD 11.2-RELEASE-p4 and got the following
crash in one of my test programs (I compiled OpenSSL with -g after the
first time this happened to get at least some debug info):

#0  __je_huge_salloc (tsdn=<value optimized out>, ptr=<value optimized out>) at extent.h:114
#1  0x000000080122d01e in ifree (tsd=<value optimized out>) at arena.h:141468
#2  0x000000080122d5b1 in __free (ptr=0x800000000) at tsd.h:716
#3  0x0000000801535abb in _pthread_rwlock_destroy (rwlock=<value optimized out>)
   4at /usr/src/lib/libthr/thread/thr_rwlock.c:127
#4  0x0000000800e67c28 in CRYPTO_THREAD_lock_free (lock=0x801a27298) at crypto/threads_pthread.c:102
#5  0x0000000800dcb760 in EVP_PKEY_free (x=0x801a7b370) at crypto/evp/p_lib.c:601
#6  0x00000008008affce in ssl3_free (s=0x801bbd000) at ssl/s3_lib.c:3321
#7  0x0000000800904c91 in tls1_free (s=0x801bbd000) at ssl/t1_lib.c:115
#8  0x00000008008c085c in SSL_free (s=0x801bbd000) at ssl/ssl_lib.c:1204
#9  0x00000000004133d3 in sm_tlsbio_close (fp=0x6612e0, flags=0) at ../../mta/libmta/tlsbio.c:391
(gdb) p (pthread_rwlock_t)0x801a27298
$2 = (struct pthread_rwlock *) 0x801a27298
(gdb) p *$2
$3 = {lock = {rw_state = 1, rw_flags = 0, rw_blocked_readers = 1, rw_blocked_writers = 0, rw_spare = 0x801a272a8}, 
  owner = 27402512}

Since my program doesn't use pthreads, I compiled OpenSSL with no-threads
and the crash doesn't happen (surprise...).
Is this a bug in my application or in OpenSSL? I'm not sure how to debug
this any further (without going into the details of pthreads on that OS).

More information about the openssl-users mailing list