Hi, Unfortunately, this issue is still persisting, Kamailio crashed again twice with the same symptoms.
/usr/local/sbin/kamailio -V ``` version: kamailio 5.4.1 (x86_64/linux) f57c90 ``` (gdb) frame 0 ``` #0 0x00007fe8703c342d in update_dialog_vars_dbinfo (cell=0x7fe8765627b8, var=0x7574617473706973) at dlg_db_handler.c:755 755 SET_STR_VALUE(values+2, var->key); ```
(gdb) p *cell ``` $1 = {ref = 2, next = 0x0, prev = 0x0, h_id = 1983, h_entry = 1998, state = 5, lifetime = 10800, init_ts = 1602587600, start_ts = 0, end_ts = 1602587602, dflags = 1664, iflags = 0, sflags = 0, toroute = 0, toroute_name = {s = 0x0, len = 0}, from_rr_nb = 0, tl = {next = 0x0, prev = 0x0, timeout = 0}, callid = {s = 0x7fe876562928 "7cc579d77316465e60a43abd3ab361bd@local.net", len = 55}, from_uri = {s = 0x7fe123462960 "sip:123456789@local.net", len = 37}, to_uri = {s = 0x7fe871234986 "sip:101@192.168.10.10:5060", len = 31}, req_uri = {s = 0x7fe8765629a6 "sip:101@172.16.10.18:25767", len = 35}, tag = {{s = 0x7fe8799cc1e8 "as0efa97cc416e6-2517-31", len = 10}, {s = 0x0, len = 0}}, cseq = {{s = 0x7fe876109700 "102", len = 3}, {s = 0x0, len = 0}}, route_set = {{ s = 0x7fe123ae7280 "log", len = 0}, {s = 0x0, len = 0}}, contact = {{s = 0x7fe87a512a20 "sip:123456789@192.168.10.136:5060", len = 31}, {s = 0x0, len = 0}}, bind_addr = {0x7fe123fbc2f8, 0x0}, cbs = {first = 0x0, types = 0}, profile_links = 0x0, vars = 0x7fe874d11fe8, ka_src_counter = 0, ka_dst_counter = 0} ```
(gdb) list ``` 750 return -1; 751 752 VAL_TYPE(values) = VAL_TYPE(values+1) = DB1_INT; 753 VAL_TYPE(values+2) = VAL_TYPE(values+3) = DB1_STR; 754 VAL_NULL(values) = VAL_NULL(values+1) = VAL_NULL(values+2) = VAL_NULL(values+3) = 0; 755 SET_STR_VALUE(values+2, var->key); 756 757 VAL_INT(values) = cell->h_entry; 758 VAL_INT(values+1) = cell->h_id; 759 ```
(gdb) info locals ``` values = {{type = DB1_INT, nul = 0, free = 9438, val = {int_val = 1998, ll_val = 1998, double_val = 9.871431603908106e-321, time_val = 1998, string_val = 0x7ce <Address 0x7ce out of bounds>, str_val = {s = 0x7ce <Address 0x7ce out of bounds>, len = 1404431440}, blob_val = { s = 0x7ce <Address 0x7ce out of bounds>, len = 1404431440}, bitmap_val = 1998, uint_val = 1998, ull_val = 1998}}, {type = DB1_INT, nul = 0, free = 0, val = {int_val = 1983, ll_val = 140733193390015, double_val = 6.953143608353881e-310, time_val = 140733193390015, string_val = 0x7fff000007bf <Address 0x7fff000007bf out of bounds>, str_val = {s = 0x7fff000007bf <Address 0x7fff000007bf out of bounds>, len = 1404421428}, blob_val = {s = 0x7fff000007bf <Address 0x7fff000007bf out of bounds>, len = 1404421428}, bitmap_val = 1983, uint_val = 1983, ull_val = 140733193390015}}, {type = DB1_STR, nul = 0, free = -1756933536, val = {int_val = 1956554888, ll_val = 140636365695112, double_val = 6.948359684592124e-310, time_val = 140636365695112, string_val = 0x7fe8749ea888 "cfg_version", str_val = { s = 0x7fe8749ea888 "cfg_version", len = 11}, blob_val = {s = 0x7fe8749ea888 "cfg_version", len = 11}, bitmap_val = 1956554888, uint_val = 1956554888, ull_val = 140636365695112}}, {type = DB1_STR, nul = 0, free = 1936573280, val = {int_val = 1938923952, ll_val = 140636348064176, double_val = 6.9483588135081459e-310, time_val = 140636348064176, string_val = 0x7fe87391a1b0 "1", str_val = {s = 0x7fe87391a1b0 "1", len = 8}, blob_val = {s = 0x7fe87391a1b0 "1", len = 8}, bitmap_val = 1938923952, uint_val = 1938923952, ull_val = 140636348064176}}} insert_keys = {0x7fe87065aa10 <vars_h_entry_column>, 0x7fe87065aa00 <vars_h_id_column>, 0x7fe87065aa20 <vars_key_column>, 0x7fe87065aa30 <vars_value_column>} __FUNCTION__ = "update_dialog_vars_dbinfo" ```
My C knowledge is far to understand where the issue is, but what I noticed, that in the working commit: (a6cb74) the unlock dialog function looks like that:
``` /* unlock dialog */ if (dlg) { dlg->dflags |= DLG_FLAG_CHANGED_VARS; dlg_unlock(d_table, &(d_table->entries[dlg->h_entry])); if ( dlg_db_mode==DB_MODE_REALTIME ) update_dialog_dbinfo(dlg);
} ``` while in the current stable branch (a505f5) ``` if (dlg) { dlg->dflags |= DLG_FLAG_CHANGED_VARS; if ( dlg_db_mode==DB_MODE_REALTIME ) { /* dlg_lock() / dlg_unlock() are reentrant */ update_dialog_dbinfo(dlg); } dlg_unlock(d_table, &(d_table->entries[dlg->h_entry])); } ```
Looks that the commit e4cf67 wasn't backported to the stable branch.