Bug ID 433665: BIG-IP (rarely) cores due to a double free of SIP message

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.2.1, 11.3.0

Fixed In:
11.2.1 HF11

Opened: Oct 11, 2013

Severity: 2-Critical

Related Article: K15991


BIG-IP (rarely) cores due to a double free of SIP message


The BIG-IP system generates a core and the log message: Assertion 'sip->ref > 0' failed. This is a rarely occurring issue.


The hotfix provided in bigip11.2.0-hf7.17 introduced flow control in the code that resulted in messages getting backed up at the egress side of the proxy. In this state, when the ingress side terminates it releases the SIP messages in the ingress queue, which may also be backed up at the proxy. Later, when the egress flow resumes, it may process an already released message causing a core



Fix Information

The reference counting is shared between the proxy and the filter. This prevents the message from being released by the filter since the proxy holds the reference to the SIP message.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips