Segmentation fault while sending sms via bsc_hack_VTY

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Richard M. Zahoransky r.zahoransky at gmx.de
Sun Jun 27 14:33:47 UTC 2010 

Hello,

We have a working OpenBSC-LCR-Asterisk setup by now.
Sending SMS from one cell phone to another works perfectly after typing 
"sms send pending" in the vty-console. Is it always needed to trigger 
the sms-sending manually or is there a fixed intervall in which sms will 
be transfered?

Still a problem exists. If we try to send a sms directly from the 
bsc_hack_vty with "subscriber extension xxx sms send "TEXT"", the 
bsc_hack crashes:

<0008> paging.c:225 Start paging of subscriber 36 on bts 0.
<0008> paging.c:225 Start paging of subscriber 36 on bts 1.
<0008> paging.c:87 Going to send paging commands: imsi: 
'262012840035907' tmsi: '0x79d38c8e'
<0008> paging.c:87 Going to send paging commands: imsi: 
'262012840035907' tmsi: '0x79d38c8e'
<0008> paging.c:87 Going to send paging commands: imsi: 
'262012840035907' tmsi: '0x79d38c8e'
<0008> paging.c:87 Going to send paging commands: imsi: 
'262012840035907' tmsi: '0x79d38c8e'
<0004> abis_rsl.c:1165 (bts=0,trx=0,ts=0,ss=0) Activating ARFCN(871) 
SS(0) lctype SDCCH r=LOCATION_UPDATE ra=0x15
<0004> abis_rsl.c:969 (bts=0,trx=0,ts=0,ss=0) CHANNEL ACTIVATE ACK
<0009> abis_rsl.c:831 MEASUREMENT RESULT NR=0 RXL-FULL-ul=-108dBm 
RXL-SUB-ul=-108dBm RXQ-FULL-ul=6 RXQ-SUB-ul=6 BS_POWER=0 NOT VALID 
NUM_NEIGH=0
<0005> abis_nm.c:519 OC=BASEBAND TRANSCEIVER(04) INST=(00,00,ff) Failure 
Event Report Type=processing failure Severity=warning level failure
<0000> abis_rsl.c:1276 (bts=0,trx=0,ts=0,ss=0) SAPI=0 ESTABLISH INDICATION
<0003> gsm_04_08.c:799 PAGING RESPONSE: mi_type=0x04 MI(2043907214)
<0003> gsm_04_08.c:817 <- Channel was requested by 262012840035907
<0008> paging.c:289 Stop paging on bts 0, calling cbfn.
<0007> gsm_04_11.c:1151 paging_cb_send_sms(hooknum=1, event=0, 
msg=(nil),lchan=0x85365d8, sms=0x859cd58)
<0008> paging.c:293 Stop paging on bts 1 silently.
<0009> abis_rsl.c:831 MEASUREMENT RESULT NR=1 RXL-FULL-ul=-47dBm 
RXL-SUB-ul=-47dBm RXQ-FULL-ul=6 RXQ-SUB-ul=6 BS_POWER=0 L1_MS_PWR=  2dBm 
L1_FPC=0 L1_TA=0 NOT VALID NUM_NEIGH=0
<0000> abis_rsl.c:1276 (bts=0,trx=0,ts=0,ss=0) SAPI=0 DATA INDICATION
<0003> gsm_04_08.c:835 CLASSMARK CHANGE CM2(len=3) CM3(len=2)
<0009> abis_rsl.c:831 MEASUREMENT RESULT NR=2 RXL-FULL-ul=-47dBm 
RXL-SUB-ul=-47dBm RXQ-FULL-ul=0 RXQ-SUB-ul=0 BS_POWER=0 L1_MS_PWR=  2dBm 
L1_FPC=0 L1_TA=0 RXL-FULL-dl=-47dBm RXL-SUB-dl=-47dBm RXQ-FULL-dl=7 
RXQ-SUB-dl=3 NUM_NEIGH=1
<0009> abis_rsl.c:863 IDX=0 ARFCN=877 BSIC=63 => -56 dBm
<0000> abis_rsl.c:1276 (bts=0,trx=0,ts=0,ss=0) SAPI=3 ESTABLISH CONFIRM
<0007> gsm_04_11.c:1125 rll_ind_cb(lchan=0x85365d8, link_id=3, 
sms=0x859cd58, type=0
<0007> gsm_04_11.c:1057 send_sms_lchan()
<0001> transaction.c:69 subscr=0x859cb98, subscr->net=0x8533960

Program received signal SIGSEGV, Segmentation fault.
0x003a4785 in ?? () from /lib/tls/i686/cmov/libc.so.6


gdb bt prints out:

Program received signal SIGSEGV, Segmentation fault.
0x003a4785 in ?? () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0  0x003a4785 in ?? () from /lib/tls/i686/cmov/libc.so.6
#1  0x001729e9 in gsm48_encode_bcd_number (bcd_lv=0xbffff130 "", 
max_len=12 '\f', h_len=1,
    input=0xa6 <Address 0xa6 out of bounds>) at gsm48_ie.c:83
#2  0x080d137d in gsm340_gen_oa (conn=0x8536990, sms=0x8592f90) at 
gsm_04_11.c:423
#3  gsm340_gen_tpdu (conn=0x8536990, sms=0x8592f90) at gsm_04_11.c:461
#4  gsm411_send_sms_lchan (conn=0x8536990, sms=0x8592f90) at 
gsm_04_11.c:1096
#5  0x080bfe2f in complete_rllr (rllr=0x8592f18, 
type=BSC_RLLR_IND_EST_CONF) at bsc_rll.c:59
#6  0x080b7238 in abis_rsl_rx_rll (msg=0x8591db8) at abis_rsl.c:1303
#7  abis_rsl_rcvmsg (msg=0x8591db8) at abis_rsl.c:1728
#8  0x080c3c8a in handle_ts1_read (bfd=0x858550c, what=<value optimized 
out>) at input/ipaccess.c:489
#9  ipaccess_fd_cb (bfd=0x858550c, what=<value optimized out>) at 
input/ipaccess.c:597
#10 0x0016f925 in bsc_select_main (polling=1) at select.c:119
#11 0x08050289 in handle_gsm_bs () at gsm_bs.cpp:864
#12 0x08084343 in main (argc=2, argv=0xbffff884) at main.c:472


Maybe someone expirienced the same problems or can provide some help?

Best Regards and Thank you,

Richard Zahoransky

More information about the OpenBSC mailing list