-
Bug
-
Resolution: Unresolved
-
Medium
-
None
Hello, I found in some cases the kpimon-go xApp crashes due to a segmentation fault violation in the cgo decoding routine of the indication header when processing specific messages.
The part of the log corresponding to the crash is:
{"ts":1706803669449,"crit":"INFO","id":"kpimon","mdc":{"CONTAINER_NAME":"","HOST_NAME":"","PID":"8","POD_NAME":"","SERVICE_NAME":"","SYSTEM_NAME":"","time":"2024-02-01T16:07:49"},"msg":"Message received: name=RIC_INDICATION meid=gnb_734_373_16b8cef1 subId=1 txid= 296449690326 len=238"}
{"ts":1706803669449,"crit":"DEBUG","id":"kpimon","mdc":{"CONTAINER_NAME":"","HOST_NAME":"","PID":"8","POD_NAME":"","SERVICE_NAME":"","SYSTEM_NAME":"","time":"2024-02-01T16:07:49"},"msg":"Received message type: 12050"}
2024/02/01 16:07:49 RIC Indication message from {gnb_734_373_16b8cef1} received
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x80 addr=0x0 pc=0x7f42ae384976]
runtime stack:
runtime.throw({0xda8b49?, 0xffffffffffffffff?})
/opt/go/1.18/src/runtime/panic.go:992 +0x71
runtime.sigpanic()
/opt/go/1.18/src/runtime/signal_unix.go:802 +0x389
goroutine 112 [syscall]:
runtime.cgocall(0xba8140, 0xc00039add0)
/opt/go/1.18/src/runtime/cgocall.go:157 +0x5c fp=0xc00039ada8 sp=0xc00039ad70 pc=0x40819c
example.com/kpimon/control._Cfunc_e2sm_decode_ric_indication_header(0xc0004bc3c0, 0x26)
_cgo_gotypes.go:714 +0x4d fp=0xc00039add0 sp=0xc00039ada8 pc=0xba204d
example.com/kpimon/control.(*Control).handleIndication.func1(0xda73c3?, 0x14?)
/opt/control/control.go:688 +0x4d fp=0xc00039ae10 sp=0xc00039add0 pc=0xba5a2d
example.com/kpimon/control.(*Control).handleIndication(0xba6fe6?, 0xc0003f1700)
/opt/control/control.go:688 +0x105 fp=0xc00039afc0 sp=0xc00039ae10 pc=0xba4a45
example.com/kpimon/control.(*Control).controlLoop.func1()
/opt/control/control_loop.go:15 +0x2a fp=0xc00039afe0 sp=0xc00039afc0 pc=0xba1d0a
runtime.goexit()
/opt/go/1.18/src/runtime/asm_amd64.s:1571 +0x1 fp=0xc00039afe8 sp=0xc00039afe0 pc=0x46ba21
created by example.com/kpimon/control.(*Control).controlLoop
/opt/control/control_loop.go:15 +0xed
The input that causes the crash:
<E2AP-PDU> <initiatingMessage> <procedureCode>5</procedureCode> <criticality><ignore/></criticality> <value> <RICindication> <protocolIEs> <RICindication-IEs> <id>29</id> <criticality><reject/></criticality> <value> <RICrequestID> <ricRequestorID>123</ricRequestorID> <ricInstanceID>1</ricInstanceID> </RICrequestID> </value> </RICindication-IEs> <RICindication-IEs> <id>5</id> <criticality><reject/></criticality> <value> <RANfunctionID>0</RANfunctionID> </value> </RICindication-IEs> <RICindication-IEs> <id>15</id> <criticality><reject/></criticality> <value> <RICactionID>1</RICactionID> </value> </RICindication-IEs> <RICindication-IEs> <id>27</id> <criticality><reject/></criticality> <value> <RICindicationSN>9</RICindicationSN> </value> </RICindication-IEs> <RICindication-IEs> <id>28</id> <criticality><reject/></criticality> <value> <RICindicationType><report/></RICindicationType> </value> </RICindication-IEs> <RICindication-IEs> <id>25</id> <criticality><reject/></criticality> <value> <RICindicationHeader> C0 00 10 FF 30 30 36 31 33 00 00 07 4F 52 41 4E 53 69 6D 80 09 73 69 6D 75 6C 61 74 6F 72 0E 4F 52 41 4E 2D 53 43 </RICindicationHeader> </value> </RICindication-IEs> <RICindication-IEs> <id>26</id> <criticality><reject/></criticality> <value> <RICindicationMessage> 0C 00 01 40 09 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 20 02 20 00 40 00 08 30 06 55 B9 59 73 1B D0 01 20 00 00 30 06 55 B9 59 73 1E 80 01 20 00 00 30 06 55 B9 59 73 21 30 01 20 00 00 30 06 55 B9 59 73 23 E0 01 20 00 00 30 06 55 B9 59 73 26 90 01 20 00 00 30 06 55 B9 59 72 E8 30 01 20 00 00 30 06 55 B9 59 73 11 70 01 20 00 00 30 06 55 B9 59 73 2E A0 01 20 00 00 30 06 55 B9 59 73 31 90 01 20 00 00 00 80 </RICindicationMessage> </value> </RICindication-IEs> <RICindication-IEs> <id>20</id> <criticality><reject/></criticality> <value> <RICcallProcessID>63 70 69 64</RICcallProcessID> </value> </RICindication-IEs> </protocolIEs> </RICindication> </value> </initiatingMessage> </E2AP-PDU>
I will also attach the full log and binary E2Ap input causing the crash below. Please let me know if you cannot reproduce the crash or if you have any other questions. Thanks!
