[sr-dev] [kamailio/kamailio] Kamailio Crash (#2494)

iliesh notifications at github.com
Wed Oct 14 11:58:00 CEST 2020 

Hi,
Unfortunately, this issue is still persisting, Kamailio crashed again twice with the same symptoms.

/usr/local/sbin/kamailio -V
```
version: kamailio 5.4.1 (x86_64/linux) f57c90
```
(gdb) frame 0
```
#0  0x00007fe8703c342d in update_dialog_vars_dbinfo (cell=0x7fe8765627b8, var=0x7574617473706973) at dlg_db_handler.c:755
755             SET_STR_VALUE(values+2, var->key);
```

(gdb) p *cell
```
$1 = {ref = 2, next = 0x0, prev = 0x0, h_id = 1983, h_entry = 1998, state = 5, lifetime = 10800, init_ts = 1602587600, start_ts = 0, end_ts = 1602587602, dflags = 1664, iflags = 0, sflags = 0, toroute = 0, toroute_name = {s = 0x0, len = 0}, from_rr_nb = 0, tl = {next = 0x0,
    prev = 0x0, timeout = 0}, callid = {s = 0x7fe876562928 "7cc579d77316465e60a43abd3ab361bd at local.net", len = 55}, from_uri = {s = 0x7fe123462960 "sip:123456789 at local.net", len = 37}, to_uri = {s = 0x7fe871234986 "sip:101 at 192.168.10.10:5060",
    len = 31}, req_uri = {s = 0x7fe8765629a6 "sip:101 at 172.16.10.18:25767", len = 35}, tag = {{s = 0x7fe8799cc1e8 "as0efa97cc416e6-2517-31", len = 10}, {s = 0x0, len = 0}}, cseq = {{s = 0x7fe876109700 "102", len = 3}, {s = 0x0, len = 0}}, route_set = {{
      s = 0x7fe123ae7280 "log", len = 0}, {s = 0x0, len = 0}}, contact = {{s = 0x7fe87a512a20 "sip:123456789 at 192.168.10.136:5060", len = 31}, {s = 0x0, len = 0}}, bind_addr = {0x7fe123fbc2f8, 0x0}, cbs = {first = 0x0, types = 0}, profile_links = 0x0, vars = 0x7fe874d11fe8,
  ka_src_counter = 0, ka_dst_counter = 0}
```

(gdb) list
```
750                     return -1;
751
752             VAL_TYPE(values) = VAL_TYPE(values+1) = DB1_INT;
753             VAL_TYPE(values+2) = VAL_TYPE(values+3) = DB1_STR;
754             VAL_NULL(values) = VAL_NULL(values+1) = VAL_NULL(values+2) = VAL_NULL(values+3) = 0;
755             SET_STR_VALUE(values+2, var->key);
756
757             VAL_INT(values)                 = cell->h_entry;
758             VAL_INT(values+1)               = cell->h_id;
759
```

(gdb) info locals
```
values = {{type = DB1_INT, nul = 0, free = 9438, val = {int_val = 1998, ll_val = 1998, double_val = 9.871431603908106e-321, time_val = 1998, string_val = 0x7ce <Address 0x7ce out of bounds>, str_val = {s = 0x7ce <Address 0x7ce out of bounds>, len = 1404431440}, blob_val = {
        s = 0x7ce <Address 0x7ce out of bounds>, len = 1404431440}, bitmap_val = 1998, uint_val = 1998, ull_val = 1998}}, {type = DB1_INT, nul = 0, free = 0, val = {int_val = 1983, ll_val = 140733193390015, double_val = 6.953143608353881e-310, time_val = 140733193390015,
      string_val = 0x7fff000007bf <Address 0x7fff000007bf out of bounds>, str_val = {s = 0x7fff000007bf <Address 0x7fff000007bf out of bounds>, len = 1404421428}, blob_val = {s = 0x7fff000007bf <Address 0x7fff000007bf out of bounds>, len = 1404421428}, bitmap_val = 1983,
      uint_val = 1983, ull_val = 140733193390015}}, {type = DB1_STR, nul = 0, free = -1756933536, val = {int_val = 1956554888, ll_val = 140636365695112, double_val = 6.948359684592124e-310, time_val = 140636365695112, string_val = 0x7fe8749ea888 "cfg_version", str_val = {
        s = 0x7fe8749ea888 "cfg_version", len = 11}, blob_val = {s = 0x7fe8749ea888 "cfg_version", len = 11}, bitmap_val = 1956554888, uint_val = 1956554888, ull_val = 140636365695112}}, {type = DB1_STR, nul = 0, free = 1936573280, val = {int_val = 1938923952,
      ll_val = 140636348064176, double_val = 6.9483588135081459e-310, time_val = 140636348064176, string_val = 0x7fe87391a1b0 "1", str_val = {s = 0x7fe87391a1b0 "1", len = 8}, blob_val = {s = 0x7fe87391a1b0 "1", len = 8}, bitmap_val = 1938923952, uint_val = 1938923952,
      ull_val = 140636348064176}}}
insert_keys = {0x7fe87065aa10 <vars_h_entry_column>, 0x7fe87065aa00 <vars_h_id_column>, 0x7fe87065aa20 <vars_key_column>, 0x7fe87065aa30 <vars_value_column>}
__FUNCTION__ = "update_dialog_vars_dbinfo"
```

My C knowledge is far to understand where the issue is, but what I noticed, that in the working commit: (a6cb74)
the unlock dialog function looks like that:

```
        /* unlock dialog */
        if (dlg) {
                dlg->dflags |= DLG_FLAG_CHANGED_VARS;
                dlg_unlock(d_table, &(d_table->entries[dlg->h_entry]));
                if ( dlg_db_mode==DB_MODE_REALTIME )
                        update_dialog_dbinfo(dlg);

        }
```
while in the current stable branch (a505f5)
```
if (dlg) {
                dlg->dflags |= DLG_FLAG_CHANGED_VARS;
                if ( dlg_db_mode==DB_MODE_REALTIME ) {
                        /* dlg_lock() / dlg_unlock() are reentrant */
                        update_dialog_dbinfo(dlg);
                }
                dlg_unlock(d_table, &(d_table->entries[dlg->h_entry]));
        }
```

Looks that the commit e4cf67 wasn't backported to the stable branch.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2494#issuecomment-708296393
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20201014/e0f21470/attachment-0001.htm>

More information about the sr-dev mailing list