Wireshark-bugs: [Wireshark-bugs] [Bug 4358] Buildbot crash output: fuzz-2009-12-27-26249.pcap
Date: Sun, 27 Dec 2009 12:56:57 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4358 --- Comment #3 from Guy Harris <guy@xxxxxxxxxxxx> 2009-12-27 12:56:44 PST --- Dissection (tshark -V output) of a few frames up to and including 147521: Frame 147519: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) Arrival Time: Mar 27, 2008 08:16:46.420843000 PDT Epoch Time: 1206631006.420843000 seconds [Time delta from previous captured frame: 0.000004000 seconds] [Time delta from previous displayed frame: 0.000004000 seconds] [Time since reference or first frame: 5584.744497000 seconds] Frame Number: 147519 Frame Length: 62 bytes (496 bits) Capture Length: 62 bytes (496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:sctp] Ethernet II, Src: 00:50:c2:2d:24:d2 (00:50:c2:2d:24:d2), Dst: 00:01:af:17:b0:10 (00:01:af:17:b0:10) Destination: 00:01:af:17:b0:10 (00:01:af:17:b0:10) Address: 00:01:af:17:b0:10 (00:01:af:17:b0:10) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: 00:50:c2:2d:24:d2 (00:50:c2:2d:24:d2) Address: 00:50:c2:2d:24:d2 (00:50:c2:2d:24:d2) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 10.30.81.1 (10.30.81.1), Dst: 10.30.80.42 (10.30.80.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xf2a9 (62121) Flags: 0x00 0.. = Reserved bit: Not set .0. = Don't fragment: Not set ..0 = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: SCTP (132) Header checksum: 0xd239 [correct] [Good: True] [Bad: False] Source: 10.30.81.1 (10.30.81.1) Destination: 10.30.80.42 (10.30.80.42) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Stream Control Transmission Protocol, Src Port: 14001 (14001), Dst Port: 14001 (14001) Source port: 14001 Destination port: 14001 Verification tag: 0x5a6663a2 Checksum: 0x68312787 [correct CRC32C] SACK chunk (Cumulative TSN: 1726824748, a_rwnd: 4096, gaps: 0, duplicate TSNs: 0) Chunk type: SACK (3) 0... .... = Bit: Stop processing of the packet .0.. .... = Bit: Do not report Chunk flags: 0x00 .... ...0 = Nounce sum: 0 Chunk length: 16 Cumulative TSN ACK: 1726824748 Advertised receiver window credit (a_rwnd): 4096 Number of gap acknowledgement blocks: 0 Number of duplicated TSNs: 0 Frame 147520: 194 bytes on wire (1552 bits), 194 bytes captured (1552 bits) Arrival Time: Mar 27, 2008 08:16:46.421135000 PDT Epoch Time: 1206631006.421135000 seconds [Time delta from previous captured frame: 0.000292000 seconds] [Time delta from previous displayed frame: 0.000292000 seconds] [Time since reference or first frame: 5584.744789000 seconds] Frame Number: 147520 Frame Length: 194 bytes (1552 bits) Capture Length: 194 bytes (1552 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:sctp:sua:bssap:gsm_a_dtap:sua] Ethernet II, Src: 00:01:af:17:b0:10 (00:01:af:17:b0:10), Dst: 00:18:19:c1:74:c0 (00:18:19:c1:74:c0) Destination: 00:18:19:c1:74:c0 (00:18:19:c1:74:c0) Address: 00:18:19:c1:74:c0 (00:18:19:c1:74:c0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: 00:01:af:17:b0:10 (00:01:af:17:b0:10) Address: 00:01:af:17:b0:10 (00:01:af:17:b0:10) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 10.30.80.42 (10.30.80.42), Dst: 10.30.89.1 (10.30.89.1) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 180 Identification: 0x0000 (0) Flags: 0x02 (Don't Fragment) 0.. = Reserved bit: Not set .1. = Don't fragment: Set ..0 = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: SCTP (132) Header checksum: 0x845f [incorrect, should be 0x7c5f] [Good: False] [Bad: True] [Expert Info (Error/Checksum): Bad checksum] [Message: Bad checksum] [Severity level: Error] [Group: Checksum] Source: 10.30.80.42 (10.30.80.42) Destination: 10.30.89.1 (10.30.89.1) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Stream Control Transmission Protocol, Src Port: 14001 (14001), Dst Port: 14001 (14001) Source port: 14001 Destination port: 14001 Verification tag: 0x00001a32 Checksum: 0x2c86c93d [incorrect CRC32C, should be 0x6aa58f16] DATA chunk(ordered, complete segment, TSN: 1726824749, SID: 1, SSN: 12918, PPID: 4, payload length: 60 bytes) Chunk type: DATA (0) 0... .... = Bit: Stop processing of the packet .0.. .... = Bit: Do not report Chunk flags: 0x03 .... ...1 = E-Bit: Last segment .... ..1. = B-Bit: First segment .... .0.. = U-Bit: Ordered delivery .... 0... = I-Bit: Possibly delay SACK Chunk length: 76 TSN: 1726824749 Stream Identifier: 0x0001 Stream sequence number: 12918 Payload protocol identifier: SUA (4) SS7 SCCP-User Adaptation Layer Version: Release 1 (1) Reserved: 00 Message Class: Connection-Oriented messages (8) Message Type: Connection Oriented Data Transfer (CODT) (8) Message Length: 60 Routing context (1 context) Parameter Tag: Routing context (0x0006) Parameter Length: 8 Routing context: 1 Sequence number Parameter Tag: Sequence number (0x0107) Parameter Length: 8 Reserved: 0000 Receive Sequence Number 0000 000. = Receive Sequence Number P(R): 0 .... ...0 = More Data Bit: Not More Data Sent Sequence Number 0000 000. = Sent Sequence Number P(S): 0 .... ...0 = Spare Bit: False Destination reference number (188) Parameter Tag: Destination reference number (0x0105) Parameter Length: 8 Destination Reference Number: 188 Data (SS7 message of 24 bytes) Parameter Tag: Data (0x010b) Parameter Length: 28 Data: 0100150532430981C92933E8240E9F4D4780307251819469 BSSAP Message Type: Direct Transfer (0x01) Data Link Connection Identifier 00.. .... = Control Channel: not further specified (0x00) ..00 0... = Spare: 0x00 .... .000 = SAPI: RR/MM/CC (0x00) Length: 21 GSM A-I/F DTAP - MM Information Protocol Discriminator: Mobility Management messages 0000 .... = Skip Indicator: 0 .... 0101 = Protocol discriminator: Mobility Management messages (5) 00.. .... = Sequence number: 0 ..11 0010 = DTAP Mobility Management Message Type: MM Information (0x32) Network Name - Full Name Element ID: 67 Length: 9 1... .... = Extension: No Extension .000 .... = Coding Scheme: Cell Broadcast data coding scheme, GSM default alphabet, language unspecified, defined in 3GPP TS 23.038 .... 0... = Add CI: The MS should not add the letters for the Country's Initials to the text string .... .001 = Number of spare bits in last octet: bit 8 is spare and set to '0' in octet n Text String: ISLANDCOM Time Zone and Time - Universal Time and Local Time Zone Element ID: 71 Year 08, Month 03, Day 27 Hour 15, Minutes 18, Seconds 49 Timezone: GMT - 4 hours 0 minutes Stream Control Transmission Protocol DATA chunk(ordered, complete segment, TSN: 1726824750, SID: 1, SSN: 12919, PPID: 4, payload length: 56 bytes) Chunk type: DATA (0) 0... .... = Bit: Stop processing of the packet .0.. .... = Bit: Do not report Chunk flags: 0x03 .... ...1 = E-Bit: Last segment .... ..1. = B-Bit: First segment .... .0.. = U-Bit: Ordered delivery .... 0... = I-Bit: Possibly delay SACK Chunk length: 72 TSN: 1726824750 Stream Identifier: 0x0001 Stream sequence number: 12919 Payload protocol identifier: SUA (4) SS7 SCCP-User Adaptation Layer Version: Release 1 (1) Reserved: 00 Message Class: Connection-Oriented messages (8) Message Type: Connection Oriented Data Transfer (CODT) (8) Message Length: 56 Routing context (1 context) Parameter Tag: Routing context (0x0006) Parameter Length: 8 Routing context: 1 [Malformed Packet: SUA] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Message: Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] Frame 147521: 194 bytes on wire (1552 bits), 194 bytes captured (1552 bits) Arrival Time: Mar 27, 2008 08:16:46.421139000 PDT Epoch Time: 1206631006.421139000 seconds [Time delta from previous captured frame: 0.000004000 seconds] [Time delta from previous displayed frame: 0.000004000 seconds] [Time since reference or first frame: 5584.744793000 seconds] Frame Number: 147521 Frame Length: 194 bytes (1552 bits) Capture Length: 194 bytes (1552 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:sctp:sua:bssap:gsm_a_dtap:sua:bssap:gsm_a_dtap] Ethernet II, Src: 00:18:19:c1:74:c0 (00:18:19:c1:74:c0), Dst: 00:50:c2:2d:24:d2 (00:50:c2:2d:24:d2) Destination: 00:50:c2:2d:24:d2 (00:50:c2:2d:24:d2) Address: 00:50:c2:2d:24:d2 (00:50:c2:2d:24:d2) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: 00:18:19:c1:74:c0 (00:18:19:c1:74:c0) Address: 00:18:19:c1:74:c0 (00:18:19:c1:74:c0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 10.30.80.42 (10.30.80.42), Dst: 10.30.81.1 (10.30.81.1) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 180 Identification: 0x0000 (0) Flags: 0x02 (Don't Fragment) 0.. = Reserved bit: Not set .1. = Don't fragment: Set ..0 = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: SCTP (132) Header checksum: 0x855f [correct] [Good: True] [Bad: False] Source: 10.30.80.42 (10.30.80.42) Destination: 10.30.81.1 (10.30.81.1) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Stream Control Transmission Protocol, Src Port: 14001 (14001), Dst Port: 14001 (14001) Source port: 14001 Destination port: 14001 Verification tag: 0x00001a32 Checksum: 0x2c86c93d [incorrect CRC32C, should be 0xb72c313c] DATA chunk(ordered, complete segment, TSN: 1726824749, SID: 1, SSN: 12918, PPID: 4, payload length: 60 bytes) Chunk type: DATA (0) 0... .... = Bit: Stop processing of the packet .0.. .... = Bit: Do not report Chunk flags: 0x03 .... ...1 = E-Bit: Last segment .... ..1. = B-Bit: First segment .... .0.. = U-Bit: Ordered delivery .... 0... = I-Bit: Possibly delay SACK Chunk length: 76 TSN: 1726824749 Stream Identifier: 0x0001 Stream sequence number: 12918 Payload protocol identifier: SUA (4) SS7 SCCP-User Adaptation Layer Version: Release 1 (1) Reserved: 00 Message Class: Connection-Oriented messages (8) Message Type: Connection Oriented Data Transfer (CODT) (8) Message Length: 60 Routing context (1 context) Parameter Tag: Routing context (0x0006) Parameter Length: 8 Routing context: 1 Sequence number Parameter Tag: Sequence number (0x0107) Parameter Length: 8 Reserved: 0000 Receive Sequence Number 0000 000. = Receive Sequence Number P(R): 0 .... ...0 = More Data Bit: Not More Data Sent Sequence Number 0000 000. = Sent Sequence Number P(S): 0 .... ...0 = Spare Bit: False Destination reference number (188) Parameter Tag: Destination reference number (0x0105) Parameter Length: 8 Destination Reference Number: 188 Data (SS7 message of 24 bytes) Parameter Tag: Data (0x010b) Parameter Length: 28 Data: 0100150532430281982933E8240E9F0D4780307251819469 BSSAP Message Type: Direct Transfer (0x01) Data Link Connection Identifier 00.. .... = Control Channel: not further specified (0x00) ..00 0... = Spare: 0x00 .... .000 = SAPI: RR/MM/CC (0x00) Length: 21 GSM A-I/F DTAP - MM Information Protocol Discriminator: Mobility Management messages 0000 .... = Skip Indicator: 0 .... 0101 = Protocol discriminator: Mobility Management messages (5) 00.. .... = Sequence number: 0 ..11 0010 = DTAP Mobility Management Message Type: MM Information (0x32) Network Name - Full Name Element ID: 67 Length: 2 1... .... = Extension: No Extension .000 .... = Coding Scheme: Cell Broadcast data coding scheme, GSM default alphabet, language unspecified, defined in 3GPP TS 23.038 .... 0... = Add CI: The MS should not add the letters for the Country's Initials to the text string .... .001 = Number of spare bits in last octet: bit 8 is spare and set to '0' in octet n Text String: Σ Extraneous Data Stream Control Transmission Protocol DATA chunk(ordered, complete segment, TSN: 1726824750, SID: 1, SSN: 12919, PPID: 4, payload length: 56 bytes) Chunk type: DATA (0) 0... .... = Bit: Stop processing of the packet .0.. .... = Bit: Do not report Chunk flags: 0x03 .... ...1 = E-Bit: Last segment .... ..1. = B-Bit: First segment .... .0.. = U-Bit: Ordered delivery .... 0... = I-Bit: Possibly delay SACK Chunk length: 72 TSN: 1726824750 Stream Identifier: 0x0001 Stream sequence number: 12919 Payload protocol identifier: SUA (4) SS7 SCCP-User Adaptation Layer Version: Release 1 (1) Reserved: 00 Message Class: Connection-Oriented messages (8) Message Type: Connection Oriented Data Transfer (CODT) (8) Message Length: 56 Routing context (1 context) Parameter Tag: Routing context (0x0006) Parameter Length: 8 Routing context: 1 Sequence number Parameter Tag: Sequence number (0x0107) Parameter Length: 8 Reserved: 00D1 Receive Sequence Number 0000 000. = Receive Sequence Number P(R): 0 .... ...0 = More Data Bit: Not More Data Sent Sequence Number 0000 000. = Sent Sequence Number P(S): 0 .... ...0 = Spare Bit: False Destination reference number (188) Parameter Tag: Destination reference number (0x0105) Parameter Length: 8 Destination Reference Number: 188 Data (SS7 message of 17 bytes) Parameter Tag: Data (0x010b) Parameter Length: 21 Data: 01000E050273265300011705F4E516B7FF Padding: 000000 BSSAP Message Type: Direct Transfer (0x01) Data Link Connection Identifier 00.. .... = Control Channel: not further specified (0x00) ..00 0... = Spare: 0x00 .... .000 = SAPI: RR/MM/CC (0x00) Length: 14 GSM A-I/F DTAP - Location Updating Accept Protocol Discriminator: Mobility Management messages 0000 .... = Skip Indicator: 0 .... 0101 = Protocol discriminator: Mobility Management messages (5) 00.. .... = Sequence number: 0 ..00 0010 = DTAP Mobility Management Message Type: Location Updating Accept (0x02) Location Area Identification (LAI) - 376/352/1 Mobile Country Code (MCC): Turks and Caicos Islands (376) Mobile Network Code (MNC): IslandCom Communications Ltd. (352) Location Area Code (LAC): 0x0001 (1) Mobile Identity - TMSI/P-TMSI (0xe516b7ff) Element ID: 23 Length: 5 1111 .... = Unused .... 0... = Odd/even indication: Even number of identity digits (0) .... .100 = Mobile Identity Type: TMSI/P-TMSI (4) TMSI/P-TMSI: 0xe516b7ff Overflow of some allocation in one of the dissectors in question? -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
- References:
- [Wireshark-bugs] [Bug 4358] New: Buildbot crash output: fuzz-2009-12-27-26249.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4358] New: Buildbot crash output: fuzz-2009-12-27-26249.pcap
- Prev by Date: [Wireshark-bugs] [Bug 4358] Buildbot crash output: fuzz-2009-12-27-26249.pcap
- Next by Date: [Wireshark-bugs] [Bug 4358] Buildbot crash output: fuzz-2009-12-27-26249.pcap
- Previous by thread: [Wireshark-bugs] [Bug 4358] Buildbot crash output: fuzz-2009-12-27-26249.pcap
- Next by thread: [Wireshark-bugs] [Bug 4358] Buildbot crash output: fuzz-2009-12-27-26249.pcap
- Index(es):