Re: [sr-dev] [kamailio/kamailio] Kamailio Crash (#2494)

[iliesh]

Hi,
Unfortunately, this issue is still persisting, Kamailio crashed again twice 
with the same symptoms.

/usr/local/sbin/kamailio -V
```
version: kamailio 5.4.1 (x86_64/linux) f57c90
```
(gdb) frame 0
```
#0  0x00007fe8703c342d in update_dialog_vars_dbinfo (cell=0x7fe8765627b8, 
var=0x7574617473706973) at dlg_db_handler.c:755
755             SET_STR_VALUE(values+2, var->key);
```

(gdb) p *cell
```
$1 = {ref = 2, next = 0x0, prev = 0x0, h_id = 1983, h_entry = 1998, state = 5, 
lifetime = 10800, init_ts = 1602587600, start_ts = 0, end_ts = 1602587602, 
dflags = 1664, iflags = 0, sflags = 0, toroute = 0, toroute_name = {s = 0x0, 
len = 0}, from_rr_nb = 0, tl = {next = 0x0,
    prev = 0x0, timeout = 0}, callid = {s = 0x7fe876562928 
"7cc579d77316465e60a43abd3ab36...@local.net", len = 55}, from_uri = {s = 
0x7fe123462960 "sip:123456...@local.net", len = 37}, to_uri = {s = 
0x7fe871234986 "sip:101@192.168.10.10:5060",
    len = 31}, req_uri = {s = 0x7fe8765629a6 "sip:101@172.16.10.18:25767", len 
= 35}, tag = {{s = 0x7fe8799cc1e8 "as0efa97cc416e6-2517-31", len = 10}, {s = 
0x0, len = 0}}, cseq = {{s = 0x7fe876109700 "102", len = 3}, {s = 0x0, len = 
0}}, route_set = {{
      s = 0x7fe123ae7280 "log", len = 0}, {s = 0x0, len = 0}}, contact = {{s = 
0x7fe87a512a20 "sip:123456789@192.168.10.136:5060", len = 31}, {s = 0x0, len = 
0}}, bind_addr = {0x7fe123fbc2f8, 0x0}, cbs = {first = 0x0, types = 0}, 
profile_links = 0x0, vars = 0x7fe874d11fe8,
  ka_src_counter = 0, ka_dst_counter = 0}
```

(gdb) list
```
750                     return -1;
751
752             VAL_TYPE(values) = VAL_TYPE(values+1) = DB1_INT;
753             VAL_TYPE(values+2) = VAL_TYPE(values+3) = DB1_STR;
754             VAL_NULL(values) = VAL_NULL(values+1) = VAL_NULL(values+2) = 
VAL_NULL(values+3) = 0;
755             SET_STR_VALUE(values+2, var->key);
756
757             VAL_INT(values)                 = cell->h_entry;
758             VAL_INT(values+1)               = cell->h_id;
759
```

(gdb) info locals
```
values = {{type = DB1_INT, nul = 0, free = 9438, val = {int_val = 1998, ll_val 
= 1998, double_val = 9.871431603908106e-321, time_val = 1998, string_val = 
0x7ce <Address 0x7ce out of bounds>, str_val = {s = 0x7ce <Address 0x7ce out of 
bounds>, len = 1404431440}, blob_val = {
        s = 0x7ce <Address 0x7ce out of bounds>, len = 1404431440}, bitmap_val 
= 1998, uint_val = 1998, ull_val = 1998}}, {type = DB1_INT, nul = 0, free = 0, 
val = {int_val = 1983, ll_val = 140733193390015, double_val = 
6.953143608353881e-310, time_val = 140733193390015,
      string_val = 0x7fff000007bf <Address 0x7fff000007bf out of bounds>, 
str_val = {s = 0x7fff000007bf <Address 0x7fff000007bf out of bounds>, len = 
1404421428}, blob_val = {s = 0x7fff000007bf <Address 0x7fff000007bf out of 
bounds>, len = 1404421428}, bitmap_val = 1983,
      uint_val = 1983, ull_val = 140733193390015}}, {type = DB1_STR, nul = 0, 
free = -1756933536, val = {int_val = 1956554888, ll_val = 140636365695112, 
double_val = 6.948359684592124e-310, time_val = 140636365695112, string_val = 
0x7fe8749ea888 "cfg_version", str_val = {
        s = 0x7fe8749ea888 "cfg_version", len = 11}, blob_val = {s = 
0x7fe8749ea888 "cfg_version", len = 11}, bitmap_val = 1956554888, uint_val = 
1956554888, ull_val = 140636365695112}}, {type = DB1_STR, nul = 0, free = 
1936573280, val = {int_val = 1938923952,
      ll_val = 140636348064176, double_val = 6.9483588135081459e-310, time_val 
= 140636348064176, string_val = 0x7fe87391a1b0 "1", str_val = {s = 
0x7fe87391a1b0 "1", len = 8}, blob_val = {s = 0x7fe87391a1b0 "1", len = 8}, 
bitmap_val = 1938923952, uint_val = 1938923952,
      ull_val = 140636348064176}}}
insert_keys = {0x7fe87065aa10 <vars_h_entry_column>, 0x7fe87065aa00 
<vars_h_id_column>, 0x7fe87065aa20 <vars_key_column>, 0x7fe87065aa30 
<vars_value_column>}
__FUNCTION__ = "update_dialog_vars_dbinfo"
```

My C knowledge is far to understand where the issue is, but what I noticed, 
that in the working commit: (a6cb74)
the unlock dialog function looks like that:

```
        /* unlock dialog */
        if (dlg) {
                dlg->dflags |= DLG_FLAG_CHANGED_VARS;
                dlg_unlock(d_table, &(d_table->entries[dlg->h_entry]));
                if ( dlg_db_mode==DB_MODE_REALTIME )
                        update_dialog_dbinfo(dlg);

        }
```
while in the current stable branch (a505f5)
```
if (dlg) {
                dlg->dflags |= DLG_FLAG_CHANGED_VARS;
                if ( dlg_db_mode==DB_MODE_REALTIME ) {
                        /* dlg_lock() / dlg_unlock() are reentrant */
                        update_dialog_dbinfo(dlg);
                }
                dlg_unlock(d_table, &(d_table->entries[dlg->h_entry]));
        }
```

Looks that the commit e4cf67 wasn't backported to the stable branch.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2494#issuecomment-708296393
_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev