Bug ID 433665: BIG-IP (rarely) cores due to a double free of SIP message

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.2.1, 11.3.0

Fixed In:
11.2.1 HF11

Opened: Oct 11, 2013
Severity: 2-Critical
Related AskF5 Article:
K15991

Symptoms

BIG-IP (rarely) cores due to a double free of SIP message

Impact

The BIG-IP system generates a core and the log message: Assertion 'sip->ref > 0' failed. This is a rarely occurring issue.

Conditions

The hotfix provided in bigip11.2.0-hf7.17 introduced flow control in the code that resulted in messages getting backed up at the egress side of the proxy. In this state, when the ingress side terminates it releases the SIP messages in the ingress queue, which may also be backed up at the proxy. Later, when the egress flow resumes, it may process an already released message causing a core

Workaround

None

Fix Information

The reference counting is shared between the proxy and the filter. This prevents the message from being released by the filter since the proxy holds the reference to the SIP message.

Behavior Change