From owner-freebsd-wireless@FreeBSD.ORG  Wed Jan 29 10:35:43 2014
Return-Path: <owner-freebsd-wireless@FreeBSD.ORG>
Delivered-To: freebsd-wireless@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 38034BD0;
 Wed, 29 Jan 2014 10:35:43 +0000 (UTC)
Received: from mail-qa0-x22f.google.com (mail-qa0-x22f.google.com
 [IPv6:2607:f8b0:400d:c00::22f])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id C8F2F18CA;
 Wed, 29 Jan 2014 10:35:42 +0000 (UTC)
Received: by mail-qa0-f47.google.com with SMTP id j5so2153160qaq.34
 for <multiple recipients>; Wed, 29 Jan 2014 02:35:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=TkLBM8OhMtQzcKUssvwoJ2SjPcIoTXL9ARXKmdmAchY=;
 b=ERTiQ3h402Xk+iq7uO9EwcS191Br83LIfJvlRO18hx7bE6xGLRhCrUo1PAZqpCh5wM
 rAjUi6+Vbs1Aj7EV55FoDil1MMaMz1rdI4pmor1qJh5w/VGJtN+afaiYx3PjFFhplqkU
 HYr2pRIXYzixKm0tvft9Kq/39lbuYmu5ADU9uiWXYVTb0iTsIUcLntkT1oYNm1Q7Zm/y
 HlwKbpR+ovsdXfaZM9smyBq377s4n5kLRZemDtuVXzw2R1NGVUMIpzNgJb3G0MlZumkd
 TDINnY/w1MJOesVL1yJfM6j6N+C5yySzAyg72t+fyVomw0zFIP9q+6rb5fkiUNyIUp51
 avIg==
MIME-Version: 1.0
X-Received: by 10.224.103.131 with SMTP id k3mr10573682qao.102.1390991741964; 
 Wed, 29 Jan 2014 02:35:41 -0800 (PST)
Received: by 10.140.27.151 with HTTP; Wed, 29 Jan 2014 02:35:41 -0800 (PST)
In-Reply-To: <CAJ-VmomvFetR8R5W4pRJ2V7Wj_eEk8O3eYPFdg2_VbZfeyqzhg@mail.gmail.com>
References: <CAN48zxmMZHsjr55AAbFaeB591Ahd9S1-AkGksRiRtgNOJv6DYQ@mail.gmail.com>
 <CALCpEUHRsquBrE4o6WxfcLgi-O2BN1FtPa+rS2Cdk==0dUdPaA@mail.gmail.com>
 <CAN48zxkXiUFyGuysTSkEPiwdS9VvEZgeyvo1eTr_seFQ2yM-6A@mail.gmail.com>
 <CAN48zxn+eKDFCbFDHwBJOUfyqvjH3whttTH0whtTfgBQxFRrGA@mail.gmail.com>
 <CAJ-VmonPDSHOzuD8bqpjLC1FjYQqHrwz2-w8u5wCqUw-hspVfQ@mail.gmail.com>
 <CAN48zx=zhBYSnkm4Kszs4oe1MdGPrP01B_0eysyso7T5a_WWMA@mail.gmail.com>
 <CAN48zxmxL_h=9B32C1dC5uGAbV_ExEXQoumPS1Zwvwt2RAbPUQ@mail.gmail.com>
 <CAN48zx=QgdLpTUm3OK2V-TVUxxBpiGF4A1WzZbSL6thqB_C++g@mail.gmail.com>
 <CAJ-VmokDb3mUj7Xw6hQKvX5beCv_hXLmMm-nAfz_ZZ-EYq1gyQ@mail.gmail.com>
 <CAN48zxkcJu-nYWrqJmrpC2VQ_LO2RwV6c9r3sUdKA6uXpfjcVQ@mail.gmail.com>
 <CAJ-VmokH0O6RMRYyvSDcz+CNRha9auujxAnKWRxorG=UrG8J8w@mail.gmail.com>
 <CAN48zx=RwTJL=M=xLi30CDxVVFUAmOgo+d9ONNxyeRwP=i2=aw@mail.gmail.com>
 <CAJ-Vmo=kFcEjvmUQX87Q_RX4=aVKNyYDHqf-kZ+p0OcgKdZQGA@mail.gmail.com>
 <CAN48zx=oG0=eTZLqA4QzhEEcriY8Z3BF7PLDX4Qy=GEX+3sDmA@mail.gmail.com>
 <CAJ-VmokZ5sfiLZc9fSgOwgoSa-5VCvwy1rGAjXQ16GHC3keyhQ@mail.gmail.com>
 <CAN48zxn8oU8Dzz4oecJaXTNvP6OpTahm50-zCUs-L_m=WK3WYQ@mail.gmail.com>
 <CAN48zxmDEgBUKAN70-mbB6YAub-M6e2wyvDF0Aun3FdBJJF+_A@mail.gmail.com>
 <CAJ-VmomvFetR8R5W4pRJ2V7Wj_eEk8O3eYPFdg2_VbZfeyqzhg@mail.gmail.com>
Date: Wed, 29 Jan 2014 08:35:41 -0200
Message-ID: <CAN48zx=FG1D=JuNcu1nR_k1QPfBcejvd-ER+JRLHRRNn6DpBzA@mail.gmail.com>
Subject: Re: FreeBSD 10.0: hostapd crash with Ralink 3070
From: Pedro Flynn <pedro.flynn@gmail.com>
To: Adrian Chadd <adrian@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.17
Cc: "freebsd-wireless@freebsd.org" <freebsd-wireless@freebsd.org>
X-BeenThere: freebsd-wireless@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussions of 802.11 stack,
 tools device driver development." <freebsd-wireless.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-wireless>, 
 <mailto:freebsd-wireless-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-wireless/>
List-Post: <mailto:freebsd-wireless@freebsd.org>
List-Help: <mailto:freebsd-wireless-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-wireless>, 
 <mailto:freebsd-wireless-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2014 10:35:43 -0000

Hmmm...
Where did you see the NULL value? I could not figure it out.

(Yesterday I built a kernel with debugging symbols enabled and I will
generate a new crash dump tonight. I hope this one will have much more
information).

Thanks,

pflynn


On Tue, Jan 28, 2014 at 9:54 PM, Adrian Chadd <adrian@freebsd.org> wrote:

> Yup. Is it?
>
> Adrian
> On Jan 28, 2014 6:10 PM, "Pedro Flynn" <pedro.flynn@gmail.com> wrote:
>
>> You mean rvp->beacon_mbuf is null?
>>
>> Thanks,
>>
>> pflynn
>>
>>
>> On Tue, Jan 28, 2014 at 9:06 PM, Pedro Flynn <pedro.flynn@gmail.com>wrote:
>>
>>> Just to bring to our attention frame 8:
>>>
>>> (kgdb) frame 8
>>> #8  0xffffffff81a198bc in run_update_beacon (vap=0xfffff8000e8dd000,
>>> item=2)
>>>     at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
>>> 3974 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf,
>>> mcast);
>>> Current language:  auto; currently minimal
>>> (kgdb) print run_update_beacon
>>> $23 = {void (struct ieee80211vap *,
>>>     int)} 0xffffffff81a19750 <run_update_beacon>
>>> (kgdb)
>>>
>>> thanks,
>>>
>>> pflynn
>>>
>>>
>>> On Tue, Jan 28, 2014 at 9:04 PM, Adrian Chadd <adrian@freebsd.org>wrote:
>>>
>>>> Right, frame 8 (the run beacon update) is passing a NULL mbuf into
>>>> net80211. Why's it doing that.
>>>>
>>>>
>>>>
>>>> -a
>>>>
>>>>
>>>> On 28 January 2014 15:02, Pedro Flynn <pedro.flynn@gmail.com> wrote:
>>>> > Here we go (this output is not beautiful...). Please, let me know if I
>>>> > missed something or if I did something wrong:
>>>> >
>>>> > bt output:
>>>> >
>>>> > #0  doadump (textdump=<value optimized out>) at pcpu.h:219
>>>> > #1  0xffffffff808af530 in kern_reboot (howto=260)
>>>> >     at /usr/src/sys/kern/kern_shutdown.c:447
>>>> > #2  0xffffffff808af8f4 in panic (fmt=<value optimized out>)
>>>> >     at /usr/src/sys/kern/kern_shutdown.c:754
>>>> > #3  0xffffffff80c8e692 in trap_fatal (frame=<value optimized out>,
>>>> >     eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:882
>>>> > #4  0xffffffff80c8e969 in trap_pfault (frame=0xfffffe009695f720,
>>>> usermode=0)
>>>> >     at /usr/src/sys/amd64/amd64/trap.c:699
>>>> > #5  0xffffffff80c8e0f6 in trap (frame=0xfffffe009695f720)
>>>> >     at /usr/src/sys/amd64/amd64/trap.c:463
>>>> > #6  0xffffffff80c75392 in calltrap ()
>>>> >     at /usr/src/sys/amd64/amd64/exception.S:232
>>>> > #7  0xffffffff809b1163 in ieee80211_beacon_update
>>>> (ni=0xfffffe0000ffc000,
>>>> >     bo=0xfffff8000e8dd9e8, m=0x0, mcast=0) at atomic.h:161
>>>> > #8  0xffffffff81a198bc in run_update_beacon (vap=0xfffff8000e8dd000,
>>>> item=2)
>>>> >     at
>>>> /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
>>>> > #9  0xffffffff809b42bd in ieee80211_wme_updateparams_locked (
>>>> >     vap=0xfffff8000e8dd000) at ieee80211_var.h:814
>>>> > #10 0xffffffff809b437a in ieee80211_wme_updateparams
>>>> > (vap=0xfffff8000e8dd000)
>>>> >     at /usr/src/sys/net80211/ieee80211_proto.c:1150
>>>> > #11 0xffffffff809b3f43 in ieee80211_wme_initparams (vap=<value
>>>> optimized
>>>> > out>)
>>>> >     at /usr/src/sys/net80211/ieee80211_proto.c:955
>>>> > #12 0xffffffff809a9aec in ieee80211_sta_join1 ()
>>>> >     at /usr/src/sys/net80211/ieee80211_node.c:741
>>>> > #13 0xffffffff8099047b in hostap_newstate (vap=0xfffff8000e8dd000,
>>>> >     nstate=<value optimized out>, arg=<value optimized out>)
>>>> >     at /usr/src/sys/net80211/ieee80211_hostap.c:274
>>>> > #14 0xffffffff81a1a36a in run_newstate (vap=<value optimized out>,
>>>> >     nstate=IEEE80211_S_RUN, arg=-1)
>>>> >     at
>>>> /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:1881
>>>> > #15 0xffffffff809b2edf in ieee80211_newstate_cb
>>>> (xvap=0xfffff8000e8dd000,
>>>> >     npending=<value optimized out>)
>>>> >     at /usr/src/sys/net80211/ieee80211_proto.c:1756
>>>> > #16 0xffffffff808f5b66 in taskqueue_run_locked
>>>> (queue=0xfffff8000e8e4600)
>>>> >     at /usr/src/sys/kern/subr_taskqueue.c:333
>>>> > #17 0xffffffff808f63e8 in taskqueue_thread_loop (arg=<value optimized
>>>> out>)
>>>> >     at /usr/src/sys/kern/subr_taskqueue.c:535
>>>> > #18 0xffffffff8088198a in fork_exit (
>>>> >     callout=0xffffffff808f6340 <taskqueue_thread_loop>,
>>>> >     arg=0xfffffe0000ff60f0, frame=0xfffffe009695fc00)
>>>> >     at /usr/src/sys/kern/kern_fork.c:995
>>>> > #19 0xffffffff80c758ce in fork_trampoline ()
>>>> >     at /usr/src/sys/amd64/amd64/exception.S:606
>>>> > #20 0x0000000000000000 in ?? ()
>>>> >
>>>> > frame 0
>>>> > #0  doadump (textdump=<value optimized out>) at pcpu.h:219
>>>> > 219 pcpu.h: No such file or directory.
>>>> > in pcpu.h
>>>> > print doadump
>>>> > $1 = {int (boolean_t)} 0xffffffff808af6f0 <doadump>
>>>> >
>>>> > frame 1:
>>>> > #1  0xffffffff808af530 in kern_reboot (howto=260)
>>>> >     at /usr/src/sys/kern/kern_shutdown.c:447
>>>> > 447 doadump(TRUE);
>>>> > print kern_reboot
>>>> > print kern_reboot
>>>> > $3 = {void (int)} 0xffffffff808aedf0 <kern_reboot>
>>>> >
>>>> > frame 2
>>>> > #2  0xffffffff808af8f4 in panic (fmt=<value optimized out>)
>>>> >     at /usr/src/sys/kern/kern_shutdown.c:754
>>>> > 754 kern_reboot(bootopt);
>>>> > (kgdb) print panic
>>>> > $4 = {void (const char *)} 0xffffffff808af760 <panic>
>>>> >
>>>> > frame 3
>>>> > #3  0xffffffff80c8e692 in trap_fatal (frame=<value optimized out>,
>>>> >     eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:882
>>>> > 882 panic("%s", trap_msg[type]);
>>>> > (kgdb) print trap_fatal
>>>> > $5 = {void (struct trapframe *, vm_offset_t)} 0xffffffff80c8e2f0
>>>> > <trap_fatal>
>>>> > (kgdb) frame 4
>>>> > #4  0xffffffff80c8e969 in trap_pfault (frame=0xfffffe009695f720,
>>>> usermode=0)
>>>> >     at /usr/src/sys/amd64/amd64/trap.c:699
>>>> > 699 trap_fatal(frame, eva);
>>>> > (kgdb) print trap_pfault
>>>> > $6 = {int (struct trapframe *, int)} 0xffffffff80c8e6a0 <trap_pfault>
>>>> > (kgdb) frame 5
>>>> > #5  0xffffffff80c8e0f6 in trap (frame=0xfffffe009695f720)
>>>> >     at /usr/src/sys/amd64/amd64/trap.c:463
>>>> > 463 (void) trap_pfault(frame, FALSE);
>>>> > (kgdb) print trap
>>>> > $7 = {void (struct trapframe *)} 0xffffffff80c8db10 <trap>
>>>> >
>>>> > frame 6
>>>> > #6  0xffffffff80c75392 in calltrap ()
>>>> >     at /usr/src/sys/amd64/amd64/exception.S:232
>>>> > 232 call trap
>>>> > Current language:  auto; currently asm
>>>> > (kgdb) print calltrap
>>>> > $8 = {<text variable, no debug info>} 0xffffffff80c7538a <calltrap>
>>>> > (kgdb) frame 7
>>>> > #7  0xffffffff809b1163 in ieee80211_beacon_update
>>>> (ni=0xfffffe0000ffc000,
>>>> >     bo=0xfffff8000e8dd9e8, m=0x0, mcast=0) at atomic.h:161
>>>> > 161 atomic.h: No such file or directory.
>>>> > in atomic.h
>>>> > Current language:  auto; currently minimal
>>>> > (kgdb) print ieee80211_beacon_update
>>>> > $9 = {int (struct ieee80211_node *, struct ieee80211_beacon_offsets *,
>>>> >     struct mbuf *, int)} 0xffffffff809b1090 <ieee80211_beacon_update>
>>>> >
>>>> >  frame 8
>>>> > #8  0xffffffff81a198bc in run_update_beacon (vap=0xfffff8000e8dd000,
>>>> item=2)
>>>> >     at
>>>> /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
>>>> > 3974 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf,
>>>> > mcast);
>>>> > (kgdb) print run_update_beacon
>>>> > $10 = {void (struct ieee80211vap *,
>>>> >     int)} 0xffffffff81a19750 <run_update_beacon>
>>>> > (kgdb) frame 9
>>>> > #9  0xffffffff809b42bd in ieee80211_wme_updateparams_locked (
>>>> >     vap=0xfffff8000e8dd000) at ieee80211_var.h:814
>>>> > 814 vap->iv_update_beacon(vap, what);
>>>> > (kgdb) print ieee80211_wme_updateparams_locked
>>>> > $11 = {void (struct ieee80211vap
>>>> >      *)} 0xffffffff809b3f90 <ieee80211_wme_updateparams_locked>
>>>> > (kgdb) frame 10
>>>> > #10 0xffffffff809b437a in ieee80211_wme_updateparams
>>>> > (vap=0xfffff8000e8dd000)
>>>> >     at /usr/src/sys/net80211/ieee80211_proto.c:1150
>>>> > 1150 ieee80211_wme_updateparams_locked(vap);
>>>> > (kgdb) print ieee80211_wme_updateparams
>>>> > $12 = {void (struct ieee80211vap
>>>> >      *)} 0xffffffff809b4320 <ieee80211_wme_updateparams>
>>>> >
>>>> > frame 11
>>>> > #11 0xffffffff809b3f43 in ieee80211_wme_initparams (vap=<value
>>>> optimized
>>>> > out>)
>>>> >     at /usr/src/sys/net80211/ieee80211_proto.c:955
>>>> > 955 ieee80211_wme_updateparams(vap);
>>>> > (kgdb) print ieee80211_wme_initparams
>>>> > $13 = {void (struct ieee80211vap
>>>> >      *)} 0xffffffff809b3ca0 <ieee80211_wme_initparams>
>>>> > (kgdb) frame 12
>>>> > #12 0xffffffff809a9aec in ieee80211_sta_join1 ()
>>>> >     at /usr/src/sys/net80211/ieee80211_node.c:741
>>>> > 741 ieee80211_wme_initparams(vap);
>>>> > (kgdb) print ieee80211_sta_join1
>>>> > $14 = {int (struct ieee80211_node *)} 0xffffffff809a9a10
>>>> > <ieee80211_sta_join1>
>>>> > (kgdb) frame 13
>>>> > #13 0xffffffff8099047b in hostap_newstate (vap=0xfffff8000e8dd000,
>>>> >     nstate=<value optimized out>, arg=<value optimized out>)
>>>> >     at /usr/src/sys/net80211/ieee80211_hostap.c:274
>>>> > 274    ieee80211_ht_adjust_channel(ic,
>>>> > (kgdb) print hostap_newstate
>>>> > $15 = {int (struct ieee80211vap *, enum ieee80211_state,
>>>> >     int)} 0xffffffff80990190 <hostap_newstate>
>>>> > frame 14
>>>> > #14 0xffffffff81a1a36a in run_newstate (vap=<value optimized out>,
>>>> >     nstate=IEEE80211_S_RUN, arg=-1)
>>>> >     at
>>>> /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:1881
>>>> > 1881 return(rvp->newstate(vap, nstate, arg));
>>>> > (kgdb) print run_newstate
>>>> > $16 = {int (struct ieee80211vap *, enum ieee80211_state,
>>>> >     int)} 0xffffffff81a19b30 <run_newstate>
>>>> > (kgdb) frame 15
>>>> > #15 0xffffffff809b2edf in ieee80211_newstate_cb
>>>> (xvap=0xfffff8000e8dd000,
>>>> >     npending=<value optimized out>)
>>>> >     at /usr/src/sys/net80211/ieee80211_proto.c:1756
>>>> > 1756 rc = vap->iv_newstate(vap, nstate, arg);
>>>> > (kgdb) print ieee80211_newstate_cb
>>>> > $17 = {void (void *, int)} 0xffffffff809b2d90 <ieee80211_newstate_cb>
>>>> > (kgdb) frame 16
>>>> > #16 0xffffffff808f5b66 in taskqueue_run_locked
>>>> (queue=0xfffff8000e8e4600)
>>>> >     at /usr/src/sys/kern/subr_taskqueue.c:333
>>>> > 333 task->ta_func(task->ta_context, pending);
>>>> > (kgdb) print taskqueue_run_locked
>>>> > $18 = {void (struct taskqueue *)} 0xffffffff808f5a80
>>>> <taskqueue_run_locked>
>>>> > frame 17
>>>> > #17 0xffffffff808f63e8 in taskqueue_thread_loop (arg=<value optimized
>>>> out>)
>>>> >     at /usr/src/sys/kern/subr_taskqueue.c:535
>>>> > 535 taskqueue_run_locked(tq);
>>>> > (kgdb) print taskqueue_thread_loop
>>>> > $19 = {void (void *)} 0xffffffff808f6340 <taskqueue_thread_loop>
>>>> > (kgdb) frame 18
>>>> > #18 0xffffffff8088198a in fork_exit (
>>>> >     callout=0xffffffff808f6340 <taskqueue_thread_loop>,
>>>> >     arg=0xfffffe0000ff60f0, frame=0xfffffe009695fc00)
>>>> >     at /usr/src/sys/kern/kern_fork.c:995
>>>> > 995 callout(arg, frame);
>>>> > (kgdb) print fork_exit
>>>> > $20 = {void (void (*)(void *, struct trapframe *), void *, struct
>>>> trapframe
>>>> >      *)} 0xffffffff808818f0 <fork_exit>
>>>> > (kgdb) frame 19
>>>> > #19 0xffffffff80c758ce in fork_trampoline ()
>>>> >     at /usr/src/sys/amd64/amd64/exception.S:606
>>>> > 606 call fork_exit
>>>> > Current language:  auto; currently asm
>>>> > (kgdb) print fork_trampoline
>>>> > $21 = {<text variable, no debug info>} 0xffffffff80c758c0
>>>> <fork_trampoline>
>>>> > frame 20
>>>> > #20 0x0000000000000000 in ?? ()
>>>> >
>>>> > Thanks,
>>>> >
>>>> > pflynn
>>>> >
>>>> >
>>>> > On Tue, Jan 28, 2014 at 8:47 PM, Adrian Chadd <adrian@freebsd.org>
>>>> wrote:
>>>> >>
>>>> >> ok, do 'bt', and see what's being passed into
>>>> ieee80211_beacon_update.
>>>> >> Use 'frame X' to switch to frame X, and 'print VARIABLE_NAME' to
>>>> print
>>>> >> out the contents of the given variable name.
>>>> >>
>>>> >> That mbuf looks like it's NULL, which is odd.
>>>> >>
>>>> >> Thanks!
>>>> >>
>>>> >>
>>>> >> -a
>>>> >>
>>>> >>
>>>> >> On 28 January 2014 14:45, Pedro Flynn <pedro.flynn@gmail.com> wrote:
>>>> >> > OK! This is what I have:
>>>> >> >
>>>> >> > list * (0xffffffff809b1163)
>>>> >> > Undefined command: "".  Try "help".
>>>> >> > (kgdb) list * (0xffffffff809b1163)
>>>> >> > 0xffffffff809b1163 is in ieee80211_beacon_update
>>>> >> > (/usr/src/sys/net80211/ieee80211_output.c:3099).
>>>> >> > 3094 /* XXX do WME aggressive mode processing? */
>>>> >> > 3095 IEEE80211_UNLOCK(ic);
>>>> >> > 3096 return 1; /* just assume length changed */
>>>> >> > 3097 }
>>>> >> > 3098
>>>> >> > 3099 wh = mtod(m, struct ieee80211_frame *);
>>>> >> > 3100 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++;
>>>> >> > 3101 *(uint16_t *)&wh->i_seq[0] =
>>>> >> > 3102 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
>>>> >> > 3103 M_SEQNO_SET(m, seqno);
>>>> >> > Current language:  auto; currently minimal
>>>> >> > (kgdb)
>>>> >> >
>>>> >> >
>>>> >> > (by the way, I'm building a kernel with debug symbols)
>>>> >> >
>>>> >> > Thanks,
>>>> >> >
>>>> >> > pflynn
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> > On Tue, Jan 28, 2014 at 8:34 PM, Adrian Chadd <adrian@freebsd.org>
>>>> >> > wrote:
>>>> >> >>
>>>> >> >> Ok, fire up kgdb
>>>> >> >>
>>>> >> >> # kgdb /boot/kernel/kernel /var/crash/vmcore.0
>>>> >> >>
>>>> >> >> then
>>>> >> >>
>>>> >> >> (gdb) list * (0xffffffff809b1163)
>>>> >> >>
>>>> >> >> (.. that's the "instruction pointer" at the time of the panic.)
>>>> >> >>
>>>> >> >> I bet it's iv_bss.
>>>> >> >>
>>>> >> >>
>>>> >> >>
>>>> >> >> -a
>>>> >> >
>>>> >> >
>>>> >
>>>> >
>>>>
>>>
>>>
>>