Cisco Bug: CSCuq25406 - ASR5K - MME Crash at mme_app_fill_modify_bearer_req()
Last Modified
Feb 22, 2017
Products (1)
- Cisco ASR 5000 Series
Known Affected Releases
15.0(19)
Description (partial)
Symptom: sessmgr crash generated in MME: 1 2014-Jul-18+21:56:52 sessmgr 04/0/05175 15.0(54993) SAD153402BM/SAD1532020J 2 2014-Jul-24+14:53:00 sessmgr 06/0/05084 15.0(54993) SAD153402BM/SAD173600K1 Total Crashes : 2 ********************* CRASH #01 *********************** SW Version : 15.0(54993) Similar Crash Count : 1 Time of First Crash : 2014-Jul-18+21:56:52 Assertion failure at sess/mme/mme-app/app/mme_app_egtpc.c:4759 Function: mme_app_fill_modify_bearer_req() Expression: (((ue_pdn_ctxt) != ((void *)0)) && ((ue_pdn_ctxt)->upc_magic == (('M'<<24)|('U'<<16)|('P'<<8)|('C')))) Proclet: sessmgr (f=87000,i=38) Process: card=4 cpu=0 arch=X pid=5175 cpu=~2% argv0=sessmgr Crash time: 2014-Jul-19+04:56:52 UTC Recent errno: 11 Resource temporarily unavailable Stack (80792@0xfffea000): [f7e285a1/X] libc.so.6/kill() sp=0xfffeae38 [0aa886a3/X] sn_assert() sp=0xfffeae68 [077c70c5/X] mme_app_fill_modify_bearer_req() sp=0xfffeaee8 [0778ddca/X] mme_app_send_s11_modify_brr_req() sp=0xffff6a78 [077e6f65/X] mme_s1_ho_state_prep_compl_handle_s1_ho_notify() sp=0xffff7548 [0771f159/X] mme_fsm_event_handler() sp=0xffff79a8 [077e9cea/X] mme_event_handler_s1_ho_procedure() sp=0xffff79e8 [07720374/X] mme_procedure_handle_event() sp=0xffff7a28 [077616f5/X] mme_disp_handle_emm_evt() sp=0xffff7b08 [0776748d/X] mme_disp_attached_handle_s1nas_msg() sp=0xffff7b98 [0771f159/X] mme_fsm_event_handler() sp=0xffff7ff8 [0771a113/X] s1_access_recv_msg() sp=0xffff8c08 [077080d1/X] UzLiSztDatInd() sp=0xffff90b8 [0c6f724f/X] SzUiSztDatInd() sp=0xffff90d8 [0c6fde66/X] szUiSndDatInd() sp=0xffff9108 [0c6f8522/X] szSmRcvEstStMsg() sp=0xffff9178 [0c6f8d5a/X] szSmExcMt() sp=0xffff91a8 [0c6e65c3/X] szLiCOMsgHandler() sp=0xffff9228 [0c6e6131/X] szLiRcvFromLower() sp=0xffff9418 [0c6e89c6/X] SzLiSctDatInd() sp=0xffff9578 [067ba00e/X] sn_ccpu_s1ap_handle_data_ind() sp=0xffff9608 [0427d566/X] sessmgr_mmemgr_data_ind() sp=0xffff9668 [0427d3c6/X] sessmgr_handle_mmemgr_req_bulk_data_ind() sp=0xffffaf08 [0ab3a43b/X] sn_msg_arriving_handle() sp=0xffffd5b8 Conditions: A PDN Connectivity Request from the UE is being processed when it is interrupted by an S1 Handover. While the S1 Handover is underway, the UE sends a NAS Activate Default Bearer Reject message in response to the NAS Activate Default Bearer Request sent by the MME before the S1 Handover started. This causes the MME to send a Delete Session Request for the new PDN being established and the PDN is cleared, then when the target eNodeB sends Handover Notify as part of the S1 Handover and the MME attempts to send Modify Bearer Request for all of the PDNs, this assertion is triggered as the new PDN no longer exists.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases