From owner-freebsd-wireless@FreeBSD.ORG Tue Jan 28 22:47:41 2014 Return-Path: Delivered-To: freebsd-wireless@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 13F76D7B for ; Tue, 28 Jan 2014 22:47:41 +0000 (UTC) Received: from mail-qa0-x229.google.com (mail-qa0-x229.google.com [IPv6:2607:f8b0:400d:c00::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BD4CF11F2 for ; Tue, 28 Jan 2014 22:47:40 +0000 (UTC) Received: by mail-qa0-f41.google.com with SMTP id w8so1437383qac.28 for ; Tue, 28 Jan 2014 14:47:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=xKKwjQo2kHvpeZ4/723E2P87KBPdfnvHNrV0l9z90lM=; b=bmhJBzOYf486zGuE9JaJfcSK3x79Wo9cvSmwegLyDXMAER3+KbdHaNBlLZ5Fb1Jvp6 vfjTbGDCWZeVaDbpKgCoiUG0zSGmwNgF310lOeIwqJmeU/4Lt1Bebw4cZdCskURPjzBL rENRUhOgZuqaCU1b/5/jlPSst18j+4xX1Ojjhs4/xZ8xbTPWfFVuPdxVEmEwxa/C1BdB AauGeQkurC8g9KuHLuscpcpIRZltdrRXfD2dD51sqfPVmwc5eGiN5yfC+WgOEYoDhrtt gSTkSyD/I6iF7mgckPI4GN0aaKPubNqJUE5Vi53XxhbGSW2i4iwv2D8CjKuMkZF8x1RD SicA== MIME-Version: 1.0 X-Received: by 10.229.13.195 with SMTP id d3mr6903082qca.4.1390949260014; Tue, 28 Jan 2014 14:47:40 -0800 (PST) Sender: adrian.chadd@gmail.com Received: by 10.224.52.8 with HTTP; Tue, 28 Jan 2014 14:47:39 -0800 (PST) In-Reply-To: References: Date: Tue, 28 Jan 2014 14:47:39 -0800 X-Google-Sender-Auth: sDB9kkIYv1O8DOBoJyrnA19ollM Message-ID: Subject: Re: FreeBSD 10.0: hostapd crash with Ralink 3070 From: Adrian Chadd To: Pedro Flynn Content-Type: text/plain; charset=ISO-8859-1 Cc: "freebsd-wireless@freebsd.org" X-BeenThere: freebsd-wireless@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussions of 802.11 stack, tools device driver development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jan 2014 22:47:41 -0000 ok, do 'bt', and see what's being passed into ieee80211_beacon_update. Use 'frame X' to switch to frame X, and 'print VARIABLE_NAME' to print out the contents of the given variable name. That mbuf looks like it's NULL, which is odd. Thanks! -a On 28 January 2014 14:45, Pedro Flynn wrote: > OK! This is what I have: > > list * (0xffffffff809b1163) > Undefined command: "". Try "help". > (kgdb) list * (0xffffffff809b1163) > 0xffffffff809b1163 is in ieee80211_beacon_update > (/usr/src/sys/net80211/ieee80211_output.c:3099). > 3094 /* XXX do WME aggressive mode processing? */ > 3095 IEEE80211_UNLOCK(ic); > 3096 return 1; /* just assume length changed */ > 3097 } > 3098 > 3099 wh = mtod(m, struct ieee80211_frame *); > 3100 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++; > 3101 *(uint16_t *)&wh->i_seq[0] = > 3102 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); > 3103 M_SEQNO_SET(m, seqno); > Current language: auto; currently minimal > (kgdb) > > > (by the way, I'm building a kernel with debug symbols) > > Thanks, > > pflynn > > > > On Tue, Jan 28, 2014 at 8:34 PM, Adrian Chadd wrote: >> >> Ok, fire up kgdb >> >> # kgdb /boot/kernel/kernel /var/crash/vmcore.0 >> >> then >> >> (gdb) list * (0xffffffff809b1163) >> >> (.. that's the "instruction pointer" at the time of the panic.) >> >> I bet it's iv_bss. >> >> >> >> -a > >