<p>We have a crash in kamailio 4.4.4 after t_next_contacts() has been called from failure route, if at this very moment when kamailio is preparing new INVITE the caller sends a cancel.</p>
<p>#0 build_res_buf_from_sip_req (code=3186024432, code@entry=487, text=0x25, new_tag=0x7f8dcf5fb2b0 <tm_tag>, msg=0x7f8dbde6cf78,<br>
returned_len=0xb7, bmark=0x4) at msg_translator.c:2395<br>
<a href="https://github.com/kamailio/kamailio/issues/1" class="issue-link js-issue-link" data-url="https://github.com/kamailio/kamailio/issues/1" data-id="31891578" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#1</a> 0x00007f8dcf35f7b2 in _reply (trans=0x7f8dbde70960, p_msg=0x7f8dbde6cf78, code=487, text=, lock=1) at t_reply.c:712<br>
<a href="https://github.com/kamailio/kamailio/pull/2" class="issue-link js-issue-link" data-url="https://github.com/kamailio/kamailio/issues/2" data-id="41491271" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#2</a> 0x00007f8dcf3b5e8b in e2e_cancel (cancel_msg=0x7f8dbde6dff0, cancel_msg@entry=0x7f8dd26bb750, t_cancel=0x25,<br>
t_invite=0x7f8dbde70960) at t_fwd.c:1278</p>
<p>So the scheme is the following: proxy > INVITE < 486 > INVITE* < CANCEL<br>
Victor has investigated this and found that the issue seems to be related to the reply lumps added by append_to_reply when processing initial invite. In order to reproduce this you need children>=2.</p>
<p>When first target replies 486 the proxy calls t_next_contacts() and starts preparing invite to the next target and at this time another process receives cancel and destroys the transaction, the process handling that invite message(*) gets crashed.</p>
<p>While we are investigating the possibility to move the append_to_reply calls to the branch route, would it be possible to avoid crash by some kind of lock mechanism? The thing is that it's not always possible to move append_to_reply to the branch route, e.g. our proxy is deployed behind stateless lb with multiple interfaces and proxy needs to tell lb which interface to use already in the 100 Trying reply it sends to lb as a first thing when receiving a message.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/kamailio/kamailio/issues/872">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AF36ZQ5WJvFkII9QAMyUahAiYI8cvFusks5rDZA4gaJpZM4LASj1">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AF36ZSLcw-A0PlW4HWyHCgSxW6ppamS9ks5rDZA4gaJpZM4LASj1.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/kamailio/kamailio/issues/872"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/kamailio/kamailio","title":"kamailio/kamailio","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/kamailio/kamailio"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"kamailio crashes on CANCEL due to empty reply_lumps (#872)"}],"action":{"name":"View Issue","url":"https://github.com/kamailio/kamailio/issues/872"}}}</script>