Skip to content

UE process crashing at idle state #30

New issue
New issue
Open
Open
UE process crashing at idle state#30
@jls-ev

Description

@jls-ev
jls-ev
opened on Oct 16, 2024

Hello, and thanks for support first of all. The issue im facing, as the title says, is a crash in UE process at IDLE state. Already tried running the simulation using containers, both in ubuntu 22.04 and 18.04 VM, as building from source in a 18.04 VM. Tried looking trough configuration files as well, but nothing has worked so far. The terminal response follows:

 Disabling Core dump for this process: ulimit -c 0
[ParseArgs] "EnableSimulator" unchanged (true)
[ParseArgs] "GlobalTimeout" unchanged (false)
[Modules] Loading C++ Modules at "modules/exploits/5gnr_gnb"
[Modules] --> mac_sch_mtk_rrc_setup_crash_1.so loaded
[Modules] --> mac_sch_rrc_setup_crash_var.so loaded
[Modules] --> mac_sch_mtk_rlc_crash.so loaded
[Modules] --> mac_sch_mtk_rrc_setup_crash_7.so loaded
[Modules] --> mac_sch_mtk_rrc_setup_crash_4.so loaded
[Modules] --> mac_sch_mtk_rrc_setup_crash_3.so loaded
[Modules] --> mac_sch_mtk_rrc_setup_crash_9.so loaded
[Modules] --> mac_sch_nas_unknown_pdu_crash.so loaded
[Modules] --> mac_sch_mtk_rrc_setup_crash_2.so loaded
[Modules] --> mac_sch_mac_rlc_crash.so loaded
[Modules] --> mac_sch_rrc_reconfiguration_crash.so loaded
[Modules] --> mac_sch_rrc_setup_crash.so loaded
[Modules] --> mac_sch_mtk_rrc_setup_crash_8.so loaded
[Modules] --> mac_sch_mtk_rrc_setup_crash_6.so loaded
[Modules] 14/14 Modules Compiled / Loaded
[Modules] All modules using prefix
----------LTE Fuzzer----------
Loading Model...
Model Loaded!
[Machine] Layer:"NAS"
[Machine] --> States:0, Transitions:0
[Machine] Layer:"RRC"
[Machine] --> States:0, Transitions:0
[Machine] Layer:"RLC"
[Machine] --> States:0, Transitions:0
[Machine] Layer:"MAC-NR"
[Machine] --> States:0, Transitions:0
[Machine] Total States: 38
[Machine] Total Transitions: 308
[Monitor] ERROR: ADB Could not connect to device UWEUW4XG8XCA8PWS
[SHMDriver] SHM:/tmp/wshm, Channel:0, Mode:1, MQUEUE:/wshm
sh: 1: ulimit: Illegal option -q
[SHMDriver] SHM:/tmp/wshm, Channel:1, Mode:1
[SHMDriver] SHM:/tmp/wshm, Channel:2, Mode:1
[SHMDriver] SHM:/tmp/wshm, Channel:3, Mode:1
[SHMDriver] SHM:/tmp/wshm, Channel:4, Mode:1
[SHMDriver] SHM:/tmp/wshm, Channel:5, Mode:1
[SHMDriver] SHM:/tmp/wshm, Channel:6, Mode:1
[Open5GS] Adding IMSI 001010000000001 with K=00112233445566778899AABBCCDDEEFF, OPC=00112233445566778899AABBCCDDEEFF, APN=default
[Open5GS] Adding IMSI 001010100011321 with K=12345678901234567890123456789012, OP=12345678901234561234567890123456, APN=default
[Open5GS] Adding IMSI 001010000064950 with K=3ac9ec861c3d5209ddb00d88b8b2c933, OPC=ad3d5e6e6df84bf3fd799b39c70e7c74, APN=default
[Open5GS] Adding IMSI 001010000064951 with K=3ac9ec861c3d5209ddb00d88b8b2c933, OPC=ad3d5e6e6df84bf3fd799b39c70e7c74, APN=default
[Open5GS] Adding IMSI 001020000064951 with K=3ac9ec861c3d5209ddb00d88b8b2c933, OPC=ad3d5e6e6df84bf3fd799b39c70e7c74, APN=default
[Open5GS] Adding IMSI 001010000064952 with K=3ac9ec861c3d5209ddb00d88b8b2c933, OPC=ad3d5e6e6df84bf3fd799b39c70e7c74, APN=default
[Open5GS] Adding IMSI 001010000064953 with K=3ac9ec861c3d5209ddb00d88b8b2c933, OPC=ad3d5e6e6df84bf3fd799b39c70e7c74, APN=default
[Open5GS] Adding IMSI 999700000064959 with K=5FBC6D9274D7D3F03E32B12DBF582424, OPC=32B95812161923774B71D508A1D4D3B6, APN=internet
[Open5GS] Adding IMSI 901700000039907 with K=33CD0E15C56301487706C843E5BC53C1, OPC=3E91AD887FB569F4A68EEB8282872B0F, APN=internet
[Open5GS] Adding IMSI 222010000039900 with K=3ac9ec861c3d5209ddb00d88b8b2c933, OPC=ad3d5e6e6df84bf3fd799b39c70e7c74, APN=internet
[Open5GS] Adding IMSI 208950000039900 with K=3ac9ec861c3d5209ddb00d88b8b2c933, OPC=ad3d5e6e6df84bf3fd799b39c70e7c74, APN=internet
[Open5GS] Adding IMSI 525070000039900 with K=3ac9ec861c3d5209ddb00d88b8b2c933, OPC=ad3d5e6e6df84bf3fd799b39c70e7c74, APN=internet
[Open5GS] Adding IMSI 222010100000002 with K=0c2d427dc188ed0284c4dd0fde705060, OPC=64f4f96c49dfac6a89b45dfa15574a75, APN=internet
[Open5GS] Adding IMSI 901700000039908 with K=E5EB44B93317E84EBA206EF962A29D8C, OPC=4242F3B4D58A5DA39336E1F8CB643B2A, APN=internet
[Open5GS] Subscribers registered to core network: 14
./3rd-party/hostapd/idemptables -A INPUT -i ogstun -j ACCEPT
./3rd-party/hostapd/idemptables -A FORWARD ! -i ogstun -o ogstun -j ACCEPT
./3rd-party/hostapd/idemptables -A FORWARD -i ogstun ! -o ogstun -j ACCEPT
./3rd-party/hostapd/idemptables -t nat -A POSTROUTING -s 45.45.0.0/16 ! -o ogstun -j MASQUERADE
[!] Simulation Enabled, disabling ModemManager and HubCtrl. Remember to enabled them later!
[!] Base-Station process stopped
Starting OAI UE Simulator (RFSIM)
[!] UE process started
[GlobalTimeout] Not enabled in config. file
[AnomalyReport] Added Logging Sink: PacketLogger
[AnomalyReport] Added Logging Sink: SvcReportSender
[USBHubControl] Disabled in config. file
[ModemManager] ModemManager not started!
[ModemManager] ModemManager not started!
[Optimizer] Optimization disabled. Using default population:
--------------------------------------------------------
[Optimizer] Iter=1  Params=[0.2,0.2,0.2,0.2,0.2,0.2,...,0.2]
[Optimizer] Fitness=1e+06  Adj. Fitness=-1e+06
--------------------------------------------------------
[Optimizer] Initialized with X Size=293, Population Size=5
[Main] Fuzzing not enabled! Running only target reconnection
[PacketHandler] Added "proto:nas-5gs", Dir:0, Realtime:0, TID:23986
[PacketHandler] Added "proto:nas-5gs", Dir:1, Realtime:0, TID:23987
[PacketHandler] Added "proto:pdcp-nr-framed", Dir:0, Realtime:1, TID:23988
[PacketHandler] Added "proto:pdcp-nr-framed", Dir:1, Realtime:1, TID:23989
[PacketHandler] Added "proto:mac-nr-framed", Dir:0, Realtime:1, TID:23990
[PacketHandler] Added "proto:mac-nr-framed", Dir:0, Realtime:1, TID:23993
[PacketHandler] Added "proto:mac-nr-framed", Dir:1, Realtime:0, TID:23996
[!] UE process stopped
[!] UE process crashed
[AnomalyReport] [Crash] Service stopped at state "IDLE"
[PacketLogger] Packet Number:2, Comment: [Crash] Service stopped at state "IDLE"
[!] UE process started
[!] UE process stopped
[!] UE process crashed
[AnomalyReport] [Crash] Service stopped at state "IDLE"
[PacketLogger] Packet Number:4, Comment: [Crash] Service stopped at state "IDLE"
[!] UE process started
[!] UE process stopped
[!] UE process crashed
[AnomalyReport] [Crash] Service stopped at state "IDLE"
[PacketLogger] Packet Number:6, Comment: [Crash] Service stopped at state "IDLE"
[!] UE process started
[!] UE process stopped
[!] UE process crashed
[AnomalyReport] [Crash] Service stopped at state "IDLE"
[PacketLogger] Packet Number:8, Comment: [Crash] Service stopped at state "IDLE"
[!] UE process started
[!] Base-Station process stopped
[!] UE process stopped
[!] UE process crashed
[AnomalyReport] [Crash] Service stopped at state "IDLE"
[PacketLogger] Packet Number:11, Comment: [Crash] Service stopped at state "IDLE"
[!] UE process started
[!] UE process stopped
[!] UE process crashed
[AnomalyReport] [Crash] Service stopped at state "IDLE"
[PacketLogger] Packet Number:13, Comment: [Crash] Service stopped at state "IDLE"
[!] UE process started
[!] UE process stopped
[!] UE process crashed
[AnomalyReport] [Crash] Service stopped at state "IDLE"
[PacketLogger] Packet Number:15, Comment: [Crash] Service stopped at state "IDLE"
[!] UE process started
[!] UE process stopped
[!] UE process crashed
[AnomalyReport] [Crash] Service stopped at state "IDLE"
[PacketLogger] Packet Number:17, Comment: [Crash] Service stopped at state "IDLE"
^C
[!] Open5GS stopped
[PacketHandler] Stopping Threads
[!] UE process started
[SignalHandler] Exiting 5g_fuzzer

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions