[sr-dev] [kamailio/kamailio] htable Module Crash in Kamailio 5.5 (Issue #3082)

surabhigarg notifications at github.com
Wed Apr 13 10:39:40 CEST 2022


**Issue Description:**

Kamailio is running with htable module having following parameter configuration:
`modparam("htable", "htable", "flags=>size=6;dbtable=htable;autoexpire=0;dbmode=1") `

So, If there is an error in kamailio cfg then crash is observed in htable module. Here, I believe when kamailio goes to sync in memory htable content to the DB it crashes.

**Troubleshooting**
with dbmode=0  crash is not observed.

**Steps to Reproduce**

1. Add entries in htable(DB) of mariadb.
2. Intentionally add some error in kamailio.cfg (i.e. remove colon at the end of any line)
3. start kamailio 
4. kamailio wont come up as there is an error in kamailio.cfg
5. And while kamailio is shutting down there is a crash in htable
6. Now, check entries in htable(DB)of mariadb which gets empty

**Kamailio Cfg**
```
modparam("htable", "htable", "flags=>size=6;dbtable=htable;autoexpire=0;dbmode=1")
modparam("htable", "db_url", DBURL)

# HTable Init
event_route[htable:mod-init] {
    $sht(flags=>disable_sip_message_processing) = 0;
    xlog("L_INFO", "Init: disable_sip_message_processing $sht(flags=>disable_sip_message_processing)\n");
}
```


**Debugging Data:**

```
$ gdb /usr/local/kamailio-5.5/sbin/kamailio /tmp/core.kamailio.103011.N1VL-PA-SIP01.1649823318
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-120.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/kamailio-5.5/sbin/kamailio...done.

warning: exec file is newer than core file.
[New LWP 103011]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/local/kamailio-5.5/sbin/kamailio -D -P /run/kamailio/kamailio.pid -f /usr/'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f5b54995755 in atomic_get (v=0x14) at ../../core/mem/../atomic/atomic_common.h:66
66		return atomic_get_int(&(v->val));
Missing separate debuginfos, use: debuginfo-install glibc-2.17-324.el7_9.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-50.el7.x86_64 libcom_err-1.42.9-19.el7.x86_64 libgcc-4.8.5-44.el7.x86_64 libselinux-2.5-15.el7.x86_64 libstdc++-4.8.5-44.el7.x86_64 mariadb-libs-5.5.68-1.el7.x86_64 openssl-libs-1.0.2k-21.el7_9.x86_64 pcre-8.32-17.el7.x86_64 zlib-1.2.7-19.el7_9.x86_64
(gdb) bt full
#0  0x00007f5b54995755 in atomic_get (v=0x14) at ../../core/mem/../atomic/atomic_common.h:66
No locals.
#1  0x00007f5b54996d51 in ht_slot_lock (ht=0x7f5b504de738, idx=0) at ht_api.c:153
        mypid = 103011
#2  0x00007f5b5498e3fb in ht_db_save_table (ht=0x7f5b504de738, dbtable=0x7f5b504de750) at ht_db.c:577
        db_cols = {0x7f5b54bd83f0 <ht_db_name_column>, 0x7f5b54bd8400 <ht_db_ktype_column>, 0x7f5b54bd8410 <ht_db_vtype_column>, 0x7f5b54bd8420 <ht_db_value_column>, 
          0x7f5b54bd8430 <ht_db_expires_column>}
        db_vals = {{type = 8527368, nul = 0, free = 6, val = {int_val = -874111776, ll_val = 140723729341664, double_val = 6.9526760222378001e-310, time_val = 140723729341664, 
              string_val = 0x7ffccbe61ce0 "\300\035\346\313\374\177", str_val = {s = 0x7ffccbe61ce0 "\300\035\346\313\374\177", len = 1532402903}, blob_val = {
                s = 0x7ffccbe61ce0 "\300\035\346\313\374\177", len = 1532402903}, bitmap_val = 3420855520, uint_val = 3420855520, ull_val = 140723729341664}}, {
            type = 1532380141, nul = 32603, free = 6, val = {int_val = 0, ll_val = 0, double_val = 0, time_val = 0, string_val = 0x0, str_val = {s = 0x0, len = 0}, blob_val = {
                s = 0x0, len = 0}, bitmap_val = 0, uint_val = 0, ull_val = 0}}, {type = DB1_INT, nul = 0, free = 1535278736, val = {int_val = -874111552, 
              ll_val = 140723729341888, double_val = 6.9526760222488671e-310, time_val = 140723729341888, string_val = 0x7ffccbe61dc0 "\260\036\346\313\374\177", str_val = {
                s = 0x7ffccbe61dc0 "\260\036\346\313\374\177", len = 1419312224}, blob_val = {s = 0x7ffccbe61dc0 "\260\036\346\313\374\177", len = 1419312224}, 
              bitmap_val = 3420855744, uint_val = 3420855744, ull_val = 140723729341888}}, {type = 1532429419, nul = 32603, free = 48, val = {int_val = -874111488, 
              ll_val = 140723729341952, double_val = 6.9526760222520291e-310, time_val = 140723729341952, string_val = 0x7ffccbe61e00 "\260\036\346\313\374\177", str_val = {
                s = 0x7ffccbe61e00 "\260\036\346\313\374\177", len = -874111728}, blob_val = {s = 0x7ffccbe61e00 "\260\036\346\313\374\177", len = -874111728}, 
              bitmap_val = 3420855808, uint_val = 3420855808, ull_val = 140723729341952}}, {type = 1544071712, nul = 32603, free = 8527368, val = {int_val = 8527368, 
              ll_val = 8527368, double_val = 4.2130795782459789e-317, time_val = 8527368, string_val = 0x821e08 "DEBUG", str_val = {s = 0x821e08 "DEBUG", len = 0}, blob_val = {
                s = 0x821e08 "DEBUG", len = 0}, bitmap_val = 8527368, uint_val = 8527368, ull_val = 8527368}}}
        it = 0x0
        tmp = {s = 0x7f5b549cdfcb "lid parameters\n", len = 1544071712}
        i = 0
        now = 1649823318
        ncols = 3
        __FUNCTION__ = "ht_db_save_table"
#3  0x00007f5b549a3c7d in ht_db_sync_tables () at ht_api.c:1078
        ht = 0x7f5b504de738
        __FUNCTION__ = "ht_db_sync_tables"
#4  0x00007f5b549ac4cc in destroy () at htable.c:321
No locals.
#5  0x0000000000590523 in destroy_modules () at core/sr_module.c:839
        t = 0x7f5b5b83bd08
        foo = 0x7f5b5b83b520
        __FUNCTION__ = "destroy_modules"
#6  0x000000000041d7da in cleanup (show_status=0) at main.c:575
        memlog = 0
        __FUNCTION__ = "cleanup"
#7  0x000000000041f0b5 in shutdown_children (sig=15, show_status=0) at main.c:718
        __FUNCTION__ = "shutdown_children"
#8  0x0000000000436825 in main (argc=12, argv=0x7ffccbe62688) at main.c:3068
        cfg_stream = 0xba2050
        c = -1
        r = 0
---Type <return> to continue, or q <return> to quit---
        tmp = 0x7ffccbe6466c ""
        tmp_len = 1408
        port = 896
        proto = 32603
        ahost = 0x0
        aport = 0
        options = 0x7df0f8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
        ret = -1
        seed = 513568880
        rfd = 4
        debug_save = 0
        debug_flag = 0
        dont_fork_cnt = 0
        n_lst = 0x7ffccbe62540
        p = 0xf0b5ff <Address 0xf0b5ff out of bounds>
        st = {st_dev = 0, st_ino = 0, st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 0, st_blksize = 0, st_blocks = 0, st_atim = {
            tv_sec = 0, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, tv_nsec = 0}, __unused = {0, 0, 0}}
        tbuf = '\000' <repeats 392 times>...
        option_index = 0
        long_options = {{name = 0x7e150f "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x7dc584 "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x7e1514 "alias", 
            has_arg = 1, flag = 0x0, val = 1024}, {name = 0x7e151a "subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x7e1520 "substdef", has_arg = 1, flag = 0x0, 
            val = 1026}, {name = 0x7e1529 "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x7e1533 "server-id", has_arg = 1, flag = 0x0, val = 1028}, {
            name = 0x7e153d "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x7e1548 "modparam", has_arg = 1, flag = 0x0, val = 1030}, {
            name = 0x7e1551 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x7e155c "debug", has_arg = 1, flag = 0x0, val = 1032}, {name = 0x7e1562 "cfg-print", 
            has_arg = 0, flag = 0x0, val = 1033}, {name = 0x7e156c "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
        __FUNCTION__ = "main"
(gdb) 
```

**Additional Information**

- Kamailio Version:
```
 [root at N1VL-PA-SIP01 kamailio]# /usr/local/kamailio-5.5/sbin/kamailio -V
version: kamailio 5.5.2 (x86_64/linux) e5f5a8
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: e5f5a8 
compiled on 19:07:54 Apr 12 2022 with gcc 4.8.5
```
- Operating System:
```
$ cat /etc/os-release 
NAME="Red Hat Enterprise Linux Server"
VERSION="7.9 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"
PRETTY_NAME="Red Hat Enterprise Linux Server 7.9 (Maipo)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.9
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.9"
```

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3082
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/issues/3082 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20220413/980d689d/attachment-0001.htm>


More information about the sr-dev mailing list