Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.2.1, 11.3.0
Fixed In:
11.2.1 HF11
Opened: Oct 11, 2013 Severity: 2-Critical Related Article:
K15991
BIG-IP (rarely) cores due to a double free of SIP message
The BIG-IP system generates a core and the log message: Assertion 'sip->ref > 0' failed. This is a rarely occurring issue.
The hotfix provided in bigip11.2.0-hf7.17 introduced flow control in the code that resulted in messages getting backed up at the egress side of the proxy. In this state, when the ingress side terminates it releases the SIP messages in the ingress queue, which may also be backed up at the proxy. Later, when the egress flow resumes, it may process an already released message causing a core
None
The reference counting is shared between the proxy and the filter. This prevents the message from being released by the filter since the proxy holds the reference to the SIP message.