[Bug]: AMF crashes when SM Context creation fails during initial context setup #3950
Description
Open5GS Release, Revision, or Tag
v2.7.5
Steps to reproduce
Environment: Latest Open5GS source branch, deployed as Docker containers
Start all Network Function (NF) containers.
Apply strict memory constraints to the container or host system(SMF)
During PDU Session establishment, if the AMF fails to connect to the SMF while attempting to create the SM Context, the AMF proceeds with NAS signaling despite the failure. This leads to an invalid internal state transition and triggers a fatal error in ngap_build_downlink_nas_transport, causing the AMF process to crash.
Logs
06/26 01:52:15.260: [gmm] DEBUG: OLD NR_CGI[PLMN_ID:64f629,CELL_ID:0x111] (../src/amf/gmm-handler.c:303)
06/26 01:52:15.260: [gmm] DEBUG: TAI[PLMN_ID:64f629,TAC:1] (../src/amf/gmm-handler.c:306)
06/26 01:52:15.260: [gmm] DEBUG: NR_CGI[PLMN_ID:64f629,CELL_ID:0x111] (../src/amf/gmm-handler.c:309)
06/26 01:52:15.260: [gmm] DEBUG: SERVED_TAI_INDEX[0] (../src/amf/gmm-handler.c:326)
06/26 01:52:15.260: [sbi] DEBUG: OGS_SBI_GET_NF_INSTANCE [nf_instance:0x5e8b7fa740f8,service_name:nausf-auth] (../lib/sbi/path.c:298)
06/26 01:52:15.260: [sbi] DEBUG: apiroot [http://172.22.0.11:7777] (../lib/sbi/path.c:356)
06/26 01:52:15.260: [sbi] DEBUG: [POST] http://172.22.0.35:7777/nausf-auth/v1/ue-authentications (../lib/sbi/client.c:787)
06/26 01:52:15.261: [sbi] DEBUG: SENDING...[106] (../lib/sbi/client.c:544)
06/26 01:52:15.261: [sbi] DEBUG: {"supiOrSuci":"suci-0-466-92-0000-0-0-0123456005","servingNetworkName":"5G:mnc092.mcc466.3gppnetwork.org"} (../lib/sbi/client.c:546)
06/26 01:52:15.261: [gmm] DEBUG: gmm_state_registered(): EXIT (../src/amf/gmm-sm.c:655)
06/26 01:52:15.261: [gmm] DEBUG: gmm_state_authentication(): ENTRY (../src/amf/gmm-sm.c:1733)
06/26 01:52:15.261: [sbi] DEBUG: [200:GET] http://172.22.0.35:7777/nnssf-nsselection/v2/network-slice-information?slice-info-request-for-pdu-session=%7B%22sNssai%22%3A%7B%22sst%22%3A1%7D%2C%22roamingIndication%22%3A%22NON_ROAMING%22%7D&nf-id=10a5c116-51ed-41f0-9f8a-6304c36e21d1&nf-type=AMF (../lib/sbi/client.c:734)
06/26 01:52:15.261: [sbi] DEBUG: RECEIVED[92] (../lib/sbi/client.c:745)
06/26 01:52:15.261: [sbi] DEBUG: {"nsiInformation":{"nrfId":"http://172.22.0.12:7777/nnrf-disc/v1/nf-instances","nsiId":"1"}} (../lib/sbi/client.c:748)
06/26 01:52:15.262: [amf] DEBUG: amf_state_operational(): OGS_EVENT_NAME_SBI_CLIENT (../src/amf/amf-sm.c:84)
06/26 01:52:15.262: [sbi] DEBUG: OGS_SBI_GET_NF_INSTANCE [nf_instance:(nil),service_name:nsmf-pdusession] (../lib/sbi/path.c:298)
06/26 01:52:15.262: [sbi] DEBUG: ogs_sbi_nf_instance_find_by_discovery_param() [nf_instance:(nil),service_name:nsmf-pdusession] (../lib/sbi/path.c:303)
06/26 01:52:15.262: [sbi] DEBUG: snssai [[{"sst":1}]] (../lib/sbi/path.c:397)
06/26 01:52:15.262: [sbi] DEBUG: dnn [internet] (../lib/sbi/path.c:424)
06/26 01:52:15.263: [sbi] DEBUG: tai [{"plmnId":{"mcc":"466","mnc":"92"},"tac":"000001"}] (../lib/sbi/path.c:438)
06/26 01:52:15.263: [sbi] DEBUG: [POST] http://172.22.0.35:7777/nsmf-pdusession/v1/sm-contexts (../lib/sbi/client.c:787)
06/26 01:52:15.263: [sbi] DEBUG: SENDING...[941] (../lib/sbi/client.c:544)
06/26 01:52:15.263: [sbi] DEBUG: --=-o9el9JitJEjzAUjj/0PY3w==
Content-Type: application/json
{"supi":"imsi-466920123456005","pei":"imeisv-4370816125816151","pduSessionId":1,"dnn":"internet","sNssai":{"sst":1},"servingNfId":"10a5c116-51ed-41f0-9f8a-6304c36e21d1","guami":{"plmnId":{"mcc":"466","mnc":"92"},"amfId":"020040"},"servingNetwork":{"mcc":"466","mnc":"92"},"n1SmMsg":{"contentId":"5gnas-sm"},"anType":"3GPP_ACCESS","ratType":"NR","ueLocation":{"nrLocation":{"tai":{"plmnId":{"mcc":"466","mnc":"92"},"tac":"000001"},"ncgi":{"plmnId":{"mcc":"466","mnc":"92"},"nrCellId":"000000111"},"ueLocationTimestamp":"2025-06-25T17:52:15.260375Z"}},"ueTimeZone":"+08:00","smContextStatusUri":"http://172.22.0.10:7777/namf-callback/v1/imsi-466920123456005/sm-context-status/1","pcfId":"c32f1ae6-51dc-41f0-998a-27b95d40e0b8"}
--=-o9el9JitJEjzAUjj/0PY3w==
Content-Id: 5gnas-sm
Content-Type: application/vnd.3gpp.5gnas
.▒▒▒▒▒( (../lib/sbi/client.c:546)
06/26 01:52:15.265: [sbi] DEBUG: [504:POST] http://172.22.0.35:7777/nsmf-pdusession/v1/sm-contexts (../lib/sbi/client.c:734)
06/26 01:52:15.265: [sbi] DEBUG: RECEIVED[75] (../lib/sbi/client.c:745)
06/26 01:52:15.265: [sbi] DEBUG: {"title":"(NF discover) No NF-Instance [nsmf-pdusession:AMF]","status":504} (../lib/sbi/client.c:748)
06/26 01:52:15.265: [amf] DEBUG: amf_state_operational(): OGS_EVENT_NAME_SBI_CLIENT (../src/amf/amf-sm.c:84)
06/26 01:52:15.265: [amf] ERROR: [1:0] No SmContextCreateError (../src/amf/nsmf-handler.c:192)
06/26 01:52:15.265: [amf] WARNING: [suci-0-466-92-0000-0-0-0123456005] DL NAS transport (../src/amf/nas-path.c:1013)
06/26 01:52:15.265: [amf] FATAL: AMF-UE-ID[0] RAN_UE_NGAP_ID[109] AMF_UE_NGAP_ID[109] (../src/amf/ngap-build.c:315)
06/26 01:52:15.265: [amf] FATAL: ngap_build_downlink_nas_transport: should not be reached. (../src/amf/ngap-build.c:319)
06/26 01:52:15.267: [core] FATAL: backtrace() returned 12 addresses (../lib/core/ogs-abort.c:37)
./open5gs-amfd(+0x681fc) [0x5e8b4792c1fc]
./open5gs-amfd(+0x261cb) [0x5e8b478ea1cb]
./open5gs-amfd(+0x29c7b) [0x5e8b478edc7b]
./open5gs-amfd(+0x2a2a5) [0x5e8b478ee2a5]
./open5gs-amfd(+0x504d0) [0x5e8b479144d0]
./open5gs-amfd(+0x42e52) [0x5e8b47906e52]
/open5gs/install/lib/x86_64-linux-gnu/libogscore.so.2(ogs_fsm_dispatch+0x113) [0x76f48b266c55]
./open5gs-amfd(+0xa625) [0x5e8b478ce625]
/open5gs/install/lib/x86_64-linux-gnu/libogscore.so.2(+0x117ba) [0x76f48b2577ba]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x8609) [0x76f48a5ae609]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43) [0x76f48a4d3353]Expected behaviour
If the AMF fails to connect to the SMF during SM Context creation, it should abort the procedure and return a NAS rejection to the UE.
Observed Behaviour
The AMF proceeds to send a NAS downlink message despite receiving a 504 error from the SMF, leading to an invalid internal state and a fatal crash in ngap_build_downlink_nas_transport.
eNodeB/gNodeB
UERANSIM
UE Models and versions
UERANSIM