Bug ID 433665: BIG-IP (rarely) cores due to a double free of SIP message

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.2.1, 11.3.0

Fixed In:
11.2.1 HF11

Opened: Oct 11, 2013
Severity: 2-Critical
Related AskF5 Article:


BIG-IP (rarely) cores due to a double free of SIP message


The BIG-IP system generates a core and the log message: Assertion 'sip->ref > 0' failed. This is a rarely occurring issue.


The hotfix provided in bigip11.2.0-hf7.17 introduced flow control in the code that resulted in messages getting backed up at the egress side of the proxy. In this state, when the ingress side terminates it releases the SIP messages in the ingress queue, which may also be backed up at the proxy. Later, when the egress flow resumes, it may process an already released message causing a core



Fix Information

The reference counting is shared between the proxy and the filter. This prevents the message from being released by the filter since the proxy holds the reference to the SIP message.

Behavior Change