Actions
Bug #4340
closedMalformed MM Identity Response crashes OsmoMSC
Start date:
12/28/2019
Due date:
% Done:
100%
Resolution:
Spec Reference:
Description
From time to time we receive a MM Identity Response that crashes OsmoMSC:
(gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f8ec198c5fe in __GI_abort () at abort.c:100 #2 0x00007f8ec2016210 in osmo_panic_default (args=0x7ffe75e09f88, fmt=0x558dc6301189 "Assert failed %s %s:%d\n") at ../../../src/libosmocore/src/panic.c:49 #3 osmo_panic (fmt=fmt@entry=0x558dc6301189 "Assert failed %s %s:%d\n") at ../../../src/libosmocore/src/panic.c:84 #4 0x0000558dc62f9181 in vlr_subscr_rx_id_resp (vsub=vsub@entry=0x558dc81738e0, mi=mi@entry=0x558dc811f196 "\377\377\377\377\377\377\377\377", mi_len=mi_len@entry=8) at ../../../../src/osmo-msc/src/libvlr/vlr.c:1189 #5 0x0000558dc62ea90e in mm_rx_id_resp (msg=<optimized out>, msc_a=<optimized out>) at ../../../../src/osmo-msc/src/libmsc/gsm_04_08.c:197 #6 gsm0408_rcv_mm (msc_a=<optimized out>, msg=<optimized out>) at ../../../../src/osmo-msc/src/libmsc/gsm_04_08.c:1086 #7 0x0000558dc62c31cc in msc_a_ran_dec_from_msc_i (msc_a=msc_a@entry=0x558dc8130060, d=d@entry=0x7ffe75e0ace0) at ../../../../src/osmo-msc/src/libmsc/msc_a.c:1484 #8 0x0000558dc62c3cde in msc_a_ran_decode_cb (msc_a_fi=<optimized out>, data=0x7ffe75e0ace0, msg=0x7ffe75e0a750) at ../../../../src/osmo-msc/src/libmsc/msc_a.c:1643 #9 0x0000558dc62d0dde in ran_a_decode_l3 (ran_dec=<optimized out>, l3=<optimized out>) at ../../../../src/osmo-msc/src/libmsc/ran_msg_a.c:884 #10 0x0000558dc62c09d6 in msc_role_ran_decode (fi=0x558dc8127cb0, an_apdu=an_apdu@entry=0x7ffe75e0b370, decode_cb=decode_cb@entry=0x558dc62c3be0 <msc_a_ran_decode_cb>, decode_cb_data=decode_cb_data@entry=0x7ffe75e0ace0) at ../../../../src/osmo-msc/src/libmsc/msub.c:589 #11 0x0000558dc62c179a in msc_a_ran_dec (msc_a=0x558dc8130060, an_apdu=0x7ffe75e0b370, from_role=<optimized out>) at ../../../../src/osmo-msc/src/libmsc/msc_a.c:184 #12 0x00007f8ec200eaf9 in _osmo_fsm_inst_dispatch (fi=0x558dc8127cb0, event=9, data=0x7ffe75e0b370, file=0x558dc630de00 "../../../../src/osmo-msc/src/libmsc/msc_i.c", line=85) at ../../../src/libosmocore/src/fsm.c:877 #13 0x0000558dc62d0dde in ran_a_decode_l3 (ran_dec=<optimized out>, l3=<optimized out>) at ../../../../src/osmo-msc/src/libmsc/ran_msg_a.c:884 #14 0x0000558dc62c09d6 in msc_role_ran_decode (fi=0x558dc81268a0, an_apdu=0x7ffe75e0b370, decode_cb=<optimized out>, decode_cb_data=<optimized out>) at ../../../../src/osmo-msc/src/libmsc/msub.c:589 --Type <RET> for more, q to quit, c to continue without paging-- #15 0x00007f8ec200eaf9 in _osmo_fsm_inst_dispatch (fi=0x558dc81268a0, event=event@entry=9, data=data@entry=0x7ffe75e0b370, file=file@entry=0x558dc63129b8 "../../../../src/osmo-msc/src/libmsc/ran_peer.c", line=line@entry=412) at ../../../src/libosmocore/src/fsm.c:877 #16 0x0000558dc62d5bcd in ran_peer_st_ready (fi=<optimized out>, event=2, data=0x7ffe75e0b430) at ../../../../src/osmo-msc/src/libmsc/ran_peer.c:412 #17 0x00007f8ec200eaf9 in _osmo_fsm_inst_dispatch (fi=0x558dc8118ad0, event=2, data=data@entry=0x7ffe75e0b430, file=file@entry=0x558dc63129b8 "../../../../src/osmo-msc/src/libmsc/ran_peer.c", line=line@entry=596) at ../../../src/libosmocore/src/fsm.c:877 #18 0x0000558dc62d69b5 in ran_peer_up_l2 (sri=0x558dc8114750, calling_addr=0x0, co=<optimized out>, conn_id=<optimized out>, l2=<optimized out>) at ../../../../src/osmo-msc/src/libmsc/ran_peer.c:596 #19 0x0000558dc62ad606 in sccp_ran_sap_up (oph=0x558dc811f088, _scu=<optimized out>) at ../../../../src/osmo-msc/src/libmsc/sccp_ran.c:110 #20 0x00007f8ec200eaf9 in _osmo_fsm_inst_dispatch (fi=0x558dc817e4f0, event=11, data=data@entry=0x558dc8122a90, file=file@entry=0x7f8ec1da6e08 "../../../src/libosmo-sccp/src/sccp_scoc.c", line=line@entry=1677) at ../../../src/libosmocore/src/fsm.c:877 #21 0x00007f8ec1d950bc in sccp_scoc_rx_from_scrc (inst=inst@entry=0x558dc8118310, xua=xua@entry=0x558dc8122a90) at ../../../src/libosmo-sccp/src/sccp_scoc.c:1677 #22 0x00007f8ec1d92b1e in scrc_rx_mtp_xfer_ind_xua (inst=inst@entry=0x558dc8118310, xua=0x558dc8122a90) at ../../../src/libosmo-sccp/src/sccp_scrc.c:457 #23 0x00007f8ec1d95ccd in mtp_user_prim_cb (oph=0x558dc8180a98, ctx=0x558dc8118310) at ../../../src/libosmo-sccp/src/sccp_user.c:176 #24 0x00007f8ec1d8d62d in m3ua_rx_xfer (xua=0x558dc81824b0, asp=0x558dc811eb00) at ../../../src/libosmo-sccp/src/m3ua.c:586 #25 m3ua_rx_msg (asp=asp@entry=0x558dc811eb00, msg=msg@entry=0x558dc817fd20) at ../../../src/libosmo-sccp/src/m3ua.c:739 #26 0x00007f8ec1d9cc83 in xua_cli_read_cb (conn=0x558dc811c130) at ../../../src/libosmo-sccp/src/osmo_ss7.c:1701 #27 0x00007f8ec1fd5d93 in osmo_stream_cli_read (cli=0x558dc811c130) at ../../../src/libosmo-netif/src/stream.c:222 #28 osmo_stream_cli_fd_cb (ofd=<optimized out>, what=1) at ../../../src/libosmo-netif/src/stream.c:311 #29 0x00007f8ec200a25a in osmo_fd_disp_fds (_eset=<optimized out>, _wset=<optimized out>, _rset=<optimized out>) at ../../../src/libosmocore/src/select.c:227 #30 _osmo_select_main (polling=<optimized out>) at ../../../src/libosmocore/src/select.c:265 #31 0x00007f8ec200a826 in osmo_select_main_ctx (polling=<optimized out>) at ../../../src/libosmocore/src/select.c:291 #32 0x0000558dc62abfe3 in main (argc=<optimized out>, argv=0x7ffe75e0ba48) at ../../../../src/osmo-msc/src/osmo-msc/msc_main.c:729
the message contains invalid Mobile Identity:
(gdb) p mi_len $8 = 8 (gdb) x/2 mi 0x558dc811f196: 0xffffffff 0xffffffff
basically all bytes are 0xff.
Related issues
Actions