[SR-Users] crash at 480 reply to INVITE

Juha Heinanen writes:

Kamailio 5.2 crashed when it received 480 reply to INVITE. Below is backtrace from the core file.

The crash happens in t_reply.c on the last line of this block:

    uac=&t->uac[branch];                                                    
    LM_DBG("org. status uas=%d, uac[%d]=%d local=%d is_invite=%d)\n",       
            t->uas.status, branch, uac->last_received,                      
            is_local(t), is_invite(t));                                     
    last_uac_status=uac->last_received;

Earlier it was checked that the transaction was found. Its uac[0] seems to be broken.

pcap shows that kamailio receives from the uas two "180 ringing" replies 30 secs apart after which fr_inv_timeout hits. at that point kamailio sends "408 request timeout" to uac and gets back ack. then 45 secs later, kamailio gets one more "180 ringing" reply from the uas followed by several 480 replies. one of them crashes kamailio.

-- juha