(Starting a new thread to keep mailreader depth sane) #4 0x00007f666e6ef97a in _fr_talloc_fault (reason=0x36ad408378 "Bad talloc magic value - unknown value") at src/lib/debug.c:561 #5 0x00000036ad402df1 in talloc_abort_unknown_value (ptr=<value optimized out>) at ../talloc.c:341 #6 talloc_chunk_from_ptr (ptr=<value optimized out>) at ../talloc.c:360 #7 talloc_get_name (ptr=<value optimized out>) at ../talloc.c:1153 #8 0x00000036ad4057eb in _talloc_get_type_abort (ptr=0x7f662c091dd0, name=0x7f666e714bdb "VALUE_PAIR", location=0x7f666e714bc7 "src/lib/debug.c:817") at ../talloc.c:1206 #9 0x00007f666e6f0104 in fr_verify_vp (file=0x7f666e7144f0 "src/lib/cursor.c", line=151, vp=0x7f662c091dd0) at src/lib/debug.c:817 #10 0x00007f666e6eec3f in fr_cursor_next (cursor=0x7f666a584490) at src/lib/cursor.c:151 #11 0x00007f666e70b75e in pairfree (vps=0x7f666a584508) at src/lib/valuepair.c:169 #12 0x00000000004493d6 in sess_free_vps (parent=0x7f664c0b76f0, data_ptr=0x7f662c07b140, ad=0x7f664c0b78e8, idx=0, argl=0, argp=0x0) at src/main/tls.c:1986 #13 0x00000037a0c6a68a in ?? () from /usr/lib64/libcrypto.so.10 #14 0x00000037a7c466bc in SSL_SESSION_free () from /usr/lib64/libssl.so.10 #15 0x00000037a7c445cd in SSL_free () from /usr/lib64/libssl.so.10 #16 0x000000000044624f in session_close (ssn=0x7f6644063950) at src/main/tls.c:599 At a guess, this is wrong: https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/modules/rlm_... ...because FR_TLS_EX_INDEX_TALLOC is used to parent the VPs paircopy'ed in: https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/main/tls.c#L... I spent a bit of time looking at this earlier; the lifecycle of some of these objects is really really really hard to follow, both because OpenSSL is a bit weird, and because the naming of the FR TLS stuff is used in different ways to similarly-named objects inside OpenSSL. Summary for my own notes: OpenSSL: SSL_CTX* is an OpenSSL object containing the certs/keys/settings, that creates an... SSL* is an OpenSSL "connection" i.e. an SSL handshake, that creates or uses a cached... SSL_SESSION* is a negotiated OpenSSL master key & algos FreeRADIUS tls_session_t is an OpenSSL SSL* i.e. connection plus some bits i.e. the BIOs to feed into/out of OpenSS eap_handler_t is an EAP exchange; it's keyed off State which mutates on every round trip. It contains a bunch of eap counter stuff and the tls_session_t Given that sess_free_vps() is called by OpenSSL when the session goes away, I guess we don't need to parent the cached VPs to anything; ditto the cached certs? Certainly don't want to parent the vps/certs to handler or tls_session_t; those have shorter lifetimes than SSL_SESSION* objects.