<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css">.style1 {font-family: "Times New Roman";}</style></head><body>
<div class="moz-text-html" lang="x-western"> Hi<br>
<br>
We've seen a few occurrences of this crash since we implemented
kamailio 5.4.5 for our inbound call traffic. Preceding the crash
we always get a message in the logs about "dialog
[dlg_hash.c:1182]: next_state_dlg(): bogus event 2 in state 5 for
dlg" and whenever we see that message, we get the crash.<br>
<br>
Jun 1 10:12:14 thissystem /usr/sbin/kamailio[20001]: CRITICAL: {2
1 INVITE <a class="moz-txt-link-abbreviated" href="mailto:6787142-3831531134-1330894187@some.telco.domain">
6787142-3831531134-1330894187@some.telco.domain</a>} dialog
[dlg_hash.c:1182]: next_state_dlg(): bogus event 2 in state 5 for
dlg 0x7fae153d3cf0 [3973:6059] with clid '<a class="moz-txt-link-abbreviated" href="mailto:82608924-3831089984-1833452161@some.telco.domain">82608924-3831089984-1833452161@some.telco.domain</a>'
and tags '3831089984-684203260' ''<br>
<br>
The crash happens on line 879 of <a class="moz-txt-link-freetext" href="https://github.com/kamailio/kamailio/blob/master/src/modules/dialog/dlg_db_handler.c" target="_BLANK">
https://github.com/kamailio/kamailio/blob/master/src/modules/dialog/dlg_db_handler.c</a>
<br>
<br>
<pre><span class="pl-c1">SET_STR_VALUE</span>(values+<span class="pl-c1">7</span>, cell-><span class="pl-smi">bind_addr</span>[DLG_CALLER_LEG]-><span class="pl-smi">sock_str</span>);</pre>
<br>
Looking at gdb, I see that cell-><span class="pl-smi">bind_addr</span>[DLG_CALLER_LEG]
== 0 so trying to use it results in the segfault. I have thought
about patching that to check for bind_addr being set and bypassing
that line if not but I do not think it's the right fix though it
probably would avoid the current crash (and do odd things later
instead!). I did check that everything else in that function that
uses DLG_CALLER_LEG is set correctly and it appears that it is -
or at least if not correctly then they are at least set!<br>
<br>
The "bogus event 2 in state 5" message is coming out from line
1143 in src/modules/ims_dialog/dlg_hash.c<br>
<br>
<pre> case DLG_EVENT_RPL1xx:
switch (dlg->state) {
case DLG_STATE_UNCONFIRMED:
case DLG_STATE_EARLY:
dlg->state = DLG_STATE_EARLY;
break;
default:
log_next_state_dlg(event, dlg);
}
break;
</pre>
(I didn't really understand why it would set dlg->state =
DLG_STATE_EARLY if it's already DLG_STATE_EARLY but...)<br>
<br>
I have a couple of core dumps of this from the last day or two -
usually seems to crash at least once a week on our pair of
kamailio inbound servers. If there's any more info I can provide
to help fix this properly rather than my proposed bodge then feel
free to ask.<br>
<br>
Trevor Hemsley<br>
</div>
<br><br><p style="font-family: Verdana; font-size:10pt; color:#666666;"><b>Disclaimer</b></p><p style="font-family: Verdana; font-size:8pt; color:#666666;">The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.<br><br>This email has been scanned for viruses and malware, and may have been automatically archived by <b>Mimecast Ltd</b>, an innovator in Software as a Service (SaaS) for business. Providing a <b>safer</b> and <b>more useful</b> place for your human generated data. Specializing in; Security, archiving and compliance. To find out more <a href="http://www.mimecast.com/products/" target="_blank">Click Here</a>.</p></body></html>