From owner-freebsd-wireless@FreeBSD.ORG  Tue Jan 28 22:45:25 2014
Return-Path: <owner-freebsd-wireless@FreeBSD.ORG>
Delivered-To: freebsd-wireless@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 61F53D43;
 Tue, 28 Jan 2014 22:45:25 +0000 (UTC)
Received: from mail-qa0-x22a.google.com (mail-qa0-x22a.google.com
 [IPv6:2607:f8b0:400d:c00::22a])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 043A611E1;
 Tue, 28 Jan 2014 22:45:24 +0000 (UTC)
Received: by mail-qa0-f42.google.com with SMTP id k4so1436697qaq.15
 for <multiple recipients>; Tue, 28 Jan 2014 14:45:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=oX9Aa4E4teTzkySy/+RV+6Bjg1V7pHm7k6f0CwfYJws=;
 b=IVOIUyqEU26wW687y0cQCpwzlJcWFaGpgmvNvqt6I8asu4zMLFJYd0gv/dOANZBqxu
 ijRpFEBiPyxQ8M0pn4XRRCi+/f4vm22XR1rqu3OpYIdtO2A14+O9zd20T5L4N+O8M2Tx
 y7wLpjhN+7OqrVB7pDIlkQ9bS6wgdQ9cdS82u3TD4b6GNgW19+bG6h55CQkQF1dQ2vem
 L7KFfQWW2mhWozn+gKwgIaqsO0IIInz840Kn0HXhwLhhBVMDZPnVVKtMwa39XO9A9gcT
 nNzLDfm/+H5LzlqqvoiZk/nwzVNgOLOQGYP0Vst+ArxGhcsTVe6HJ9NOdLI9gWgtcdpB
 NkqA==
MIME-Version: 1.0
X-Received: by 10.229.97.134 with SMTP id l6mr6778418qcn.11.1390949124227;
 Tue, 28 Jan 2014 14:45:24 -0800 (PST)
Received: by 10.140.27.151 with HTTP; Tue, 28 Jan 2014 14:45:24 -0800 (PST)
In-Reply-To: <CAJ-VmokH0O6RMRYyvSDcz+CNRha9auujxAnKWRxorG=UrG8J8w@mail.gmail.com>
References: <CAN48zxmMZHsjr55AAbFaeB591Ahd9S1-AkGksRiRtgNOJv6DYQ@mail.gmail.com>
 <CALCpEUHRsquBrE4o6WxfcLgi-O2BN1FtPa+rS2Cdk==0dUdPaA@mail.gmail.com>
 <CAN48zxkXiUFyGuysTSkEPiwdS9VvEZgeyvo1eTr_seFQ2yM-6A@mail.gmail.com>
 <CAN48zxn+eKDFCbFDHwBJOUfyqvjH3whttTH0whtTfgBQxFRrGA@mail.gmail.com>
 <CAJ-VmonPDSHOzuD8bqpjLC1FjYQqHrwz2-w8u5wCqUw-hspVfQ@mail.gmail.com>
 <CAN48zx=zhBYSnkm4Kszs4oe1MdGPrP01B_0eysyso7T5a_WWMA@mail.gmail.com>
 <CAN48zxmxL_h=9B32C1dC5uGAbV_ExEXQoumPS1Zwvwt2RAbPUQ@mail.gmail.com>
 <CAN48zx=QgdLpTUm3OK2V-TVUxxBpiGF4A1WzZbSL6thqB_C++g@mail.gmail.com>
 <CAJ-VmokDb3mUj7Xw6hQKvX5beCv_hXLmMm-nAfz_ZZ-EYq1gyQ@mail.gmail.com>
 <CAN48zxkcJu-nYWrqJmrpC2VQ_LO2RwV6c9r3sUdKA6uXpfjcVQ@mail.gmail.com>
 <CAJ-VmokH0O6RMRYyvSDcz+CNRha9auujxAnKWRxorG=UrG8J8w@mail.gmail.com>
Date: Tue, 28 Jan 2014 20:45:24 -0200
Message-ID: <CAN48zx=RwTJL=M=xLi30CDxVVFUAmOgo+d9ONNxyeRwP=i2=aw@mail.gmail.com>
Subject: Re: FreeBSD 10.0: hostapd crash with Ralink 3070
From: Pedro Flynn <pedro.flynn@gmail.com>
To: Adrian Chadd <adrian@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.17
Cc: "freebsd-wireless@freebsd.org" <freebsd-wireless@freebsd.org>
X-BeenThere: freebsd-wireless@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussions of 802.11 stack,
 tools device driver development." <freebsd-wireless.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-wireless>, 
 <mailto:freebsd-wireless-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-wireless/>
List-Post: <mailto:freebsd-wireless@freebsd.org>
List-Help: <mailto:freebsd-wireless-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-wireless>, 
 <mailto:freebsd-wireless-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2014 22:45:25 -0000

OK! This is what I have:

list * (0xffffffff809b1163)
Undefined command: "".  Try "help".
(kgdb) list * (0xffffffff809b1163)
0xffffffff809b1163 is in ieee80211_beacon_update
(/usr/src/sys/net80211/ieee80211_output.c:3099).
3094 /* XXX do WME aggressive mode processing? */
3095 IEEE80211_UNLOCK(ic);
3096 return 1; /* just assume length changed */
3097 }
3098
3099 wh = mtod(m, struct ieee80211_frame *);
3100 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++;
3101 *(uint16_t *)&wh->i_seq[0] =
3102 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
3103 M_SEQNO_SET(m, seqno);
Current language:  auto; currently minimal
(kgdb)


(by the way, I'm building a kernel with debug symbols)

Thanks,

pflynn



On Tue, Jan 28, 2014 at 8:34 PM, Adrian Chadd <adrian@freebsd.org> wrote:

> Ok, fire up kgdb
>
> # kgdb /boot/kernel/kernel /var/crash/vmcore.0
>
> then
>
> (gdb) list * (0xffffffff809b1163)
>
> (.. that's the "instruction pointer" at the time of the panic.)
>
> I bet it's iv_bss.
>
>
>
> -a
>

