Cisco Bug: CSCuq25406 - ASR5K - MME Crash at mme_app_fill_modify_bearer_req()

Last Modified

Feb 22, 2017

Products (1)

Cisco ASR 5000 Series

Known Affected Releases

15.0(19)

Description (partial)

Symptom:
sessmgr crash generated in MME:

1  2014-Jul-18+21:56:52 sessmgr  04/0/05175 15.0(54993) SAD153402BM/SAD1532020J
2  2014-Jul-24+14:53:00 sessmgr  06/0/05084 15.0(54993) SAD153402BM/SAD173600K1

Total Crashes : 2

********************* CRASH #01 ***********************
SW Version          : 15.0(54993)
Similar Crash Count : 1
Time of First Crash : 2014-Jul-18+21:56:52

Assertion failure at sess/mme/mme-app/app/mme_app_egtpc.c:4759
  Function: mme_app_fill_modify_bearer_req()
  Expression: (((ue_pdn_ctxt) != ((void *)0)) && ((ue_pdn_ctxt)->upc_magic == (('M'<<24)|('U'<<16)|('P'<<8)|('C'))))
  Proclet: sessmgr (f=87000,i=38)
  Process: card=4 cpu=0 arch=X pid=5175 cpu=~2% argv0=sessmgr
  Crash time: 2014-Jul-19+04:56:52 UTC
  Recent errno: 11 Resource temporarily unavailable
  Stack (80792@0xfffea000):
    [f7e285a1/X] libc.so.6/kill() sp=0xfffeae38
    [0aa886a3/X] sn_assert() sp=0xfffeae68
    [077c70c5/X] mme_app_fill_modify_bearer_req() sp=0xfffeaee8
    [0778ddca/X] mme_app_send_s11_modify_brr_req() sp=0xffff6a78
    [077e6f65/X] mme_s1_ho_state_prep_compl_handle_s1_ho_notify() sp=0xffff7548
    [0771f159/X] mme_fsm_event_handler() sp=0xffff79a8
    [077e9cea/X] mme_event_handler_s1_ho_procedure() sp=0xffff79e8
    [07720374/X] mme_procedure_handle_event() sp=0xffff7a28
    [077616f5/X] mme_disp_handle_emm_evt() sp=0xffff7b08
    [0776748d/X] mme_disp_attached_handle_s1nas_msg() sp=0xffff7b98
    [0771f159/X] mme_fsm_event_handler() sp=0xffff7ff8
    [0771a113/X] s1_access_recv_msg() sp=0xffff8c08
    [077080d1/X] UzLiSztDatInd() sp=0xffff90b8
    [0c6f724f/X] SzUiSztDatInd() sp=0xffff90d8
    [0c6fde66/X] szUiSndDatInd() sp=0xffff9108
    [0c6f8522/X] szSmRcvEstStMsg() sp=0xffff9178
    [0c6f8d5a/X] szSmExcMt() sp=0xffff91a8
    [0c6e65c3/X] szLiCOMsgHandler() sp=0xffff9228
    [0c6e6131/X] szLiRcvFromLower() sp=0xffff9418
    [0c6e89c6/X] SzLiSctDatInd() sp=0xffff9578
    [067ba00e/X] sn_ccpu_s1ap_handle_data_ind() sp=0xffff9608
    [0427d566/X] sessmgr_mmemgr_data_ind() sp=0xffff9668
    [0427d3c6/X] sessmgr_handle_mmemgr_req_bulk_data_ind() sp=0xffffaf08
    [0ab3a43b/X] sn_msg_arriving_handle() sp=0xffffd5b8

Conditions:
A PDN Connectivity Request from the UE is being processed when it is interrupted by an S1 Handover.  While the S1 Handover is underway, the UE sends a NAS Activate Default Bearer Reject message in response to the NAS Activate Default Bearer Request sent by the MME before the S1 Handover started.  This causes the MME to send a Delete Session Request for the new PDN being established and the PDN is cleared, then when the target eNodeB sends Handover Notify as part of the S1 Handover and the MME attempts to send Modify Bearer Request for all of the PDNs, this assertion is triggered as the new PDN no longer exists.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts