BugZero | Cisco BugID CSCvy30209 - IOS-XE cpp ucode crash with fragmented packets

Cisco - Defect ID: CSCvy30209

IOS-XE cpp ucode crash with fragmented packets

Cisco - Defect ID: CSCvy30209

IOS-XE cpp ucode crash with fragmented packets

Last updated on 4/23/2025

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

IOS-XE router might crash when we receive two(or more) of same(duplicated) fragments on different interfaces. %CPPDRV-3-LOCKDOWN: R0/0: cpp_cp: QFP0.0 CPP Driver LOCKDOWN encountered due to previous fatal error (HW: QFP interrupt).@ %CPPDRV-3-LOCKDOWN: R0/0: fman_fp_image: QFP0.0 CPP Driver LOCKDOWN encountered due to previous fatal error (HW: QFP interrupt).@ %CPPDRV-3-LOCKDOWN: R0/0: cpp_ha: QFP0.0 CPP Driver LOCKDOWN encountered due to previous fatal error (HW: QFP interrupt).@ %IOSXE-1-PLATFORM: R0/0: kernel: QFP0.0: Fatal Fault: HW reported: QFP interrupt@ These syslog messages might be seen before the crash %FRAG-3-REASSEMBLY_ERR: Reassembly/VFR encountered an error: the first fragment's copy of packet state does not exist %FRAG-3-REASSEMBLY_DBG: Reassembly/VFR encountered an error: IPv4 vFR complete with wrong refcnt, actual refcnt 4, expected refcnt 1 %FRAG-3-REASSEMBLY_ERR: Reassembly/VFR encountered an error: the first fragment's copy of packet state does not exist

Conditions

Virtual fragmentation reassembly (VFR) has been configured. This is a VFR day-1 issue and very corner case. We may hit this issue only when same fragments are received on different interfaces at the same time. And these interfaces must have VFR configured via "ip virtual-reassembly" explicitly or enabled automatically by some features (such as NAT, Cisco IOS XE Firewall, IPSec) on them.

Workaround

Remove Virtual fragmentation reassembly (VFR) configuration from the interfaces. Starting from 16.9.x and later releases, "Virtual fragmentation reassembly (VFR) is automatically enabled by some features (such as NAT, Cisco IOS XE Firewall, IPSec) ...". It is not required to manually configure the "ip virtual-reassembly" for these features after 16.9.x. Please refer to ?IP Addressing: Fragmentation and Reassembly Configuration Guide? for additional information. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_frre/configuration/xe-16/frre-xe-16-book/virt-frag-reassembly.html

Further Problem Description

Kernel crashes might be seen after the CCP ucode crash [463768.148140] QFP0.0: Fatal Fault: HW reported: QFP interrupt [464158.128801] systemd-journald[109]: Failed to send WATCHDOG=1 notification message: Connection refused [464175.912943] Uhhuh. NMI received for unknown reason 3d on CPU 0. [464175.912944] Do you have a strange power saving mode enabled? [464175.912944] Kernel panic - not syncing: NMI: Not continuing

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvy30209

IOS-XE cpp ucode crash with fragmented packets

Cisco - Defect ID: CSCvy30209

IOS-XE cpp ucode crash with fragmented packets

Last updated on 4/23/2025

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?