Re: FreeBSD 10.0: hostapd crash with Ralink 3070
Hmmm...
Where did you see the NULL value? I could not figure it out.
(Yesterday I built a kernel with debugging symbols enabled and I will
generate a new crash dump tonight. I hope this one will have much more
information).
Thanks,
pflynn
On Tue, Jan 28, 2014 at 9:54 PM, Adrian Chadd adr...@freebsd.org wrote:
Yup. Is it?
Adrian
On Jan 28, 2014 6:10 PM, Pedro Flynn pedro.fl...@gmail.com wrote:
You mean rvp-beacon_mbuf is null?
Thanks,
pflynn
On Tue, Jan 28, 2014 at 9:06 PM, Pedro Flynn pedro.fl...@gmail.comwrote:
Just to bring to our attention frame 8:
(kgdb) frame 8
#8 0x81a198bc in run_update_beacon (vap=0xf8000e8dd000,
item=2)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
3974 ieee80211_beacon_update(vap-iv_bss, rvp-bo, rvp-beacon_mbuf,
mcast);
Current language: auto; currently minimal
(kgdb) print run_update_beacon
$23 = {void (struct ieee80211vap *,
int)} 0x81a19750 run_update_beacon
(kgdb)
thanks,
pflynn
On Tue, Jan 28, 2014 at 9:04 PM, Adrian Chadd adr...@freebsd.orgwrote:
Right, frame 8 (the run beacon update) is passing a NULL mbuf into
net80211. Why's it doing that.
-a
On 28 January 2014 15:02, Pedro Flynn pedro.fl...@gmail.com wrote:
Here we go (this output is not beautiful...). Please, let me know if I
missed something or if I did something wrong:
bt output:
#0 doadump (textdump=value optimized out) at pcpu.h:219
#1 0x808af530 in kern_reboot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:447
#2 0x808af8f4 in panic (fmt=value optimized out)
at /usr/src/sys/kern/kern_shutdown.c:754
#3 0x80c8e692 in trap_fatal (frame=value optimized out,
eva=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:882
#4 0x80c8e969 in trap_pfault (frame=0xfe009695f720,
usermode=0)
at /usr/src/sys/amd64/amd64/trap.c:699
#5 0x80c8e0f6 in trap (frame=0xfe009695f720)
at /usr/src/sys/amd64/amd64/trap.c:463
#6 0x80c75392 in calltrap ()
at /usr/src/sys/amd64/amd64/exception.S:232
#7 0x809b1163 in ieee80211_beacon_update
(ni=0xfeffc000,
bo=0xf8000e8dd9e8, m=0x0, mcast=0) at atomic.h:161
#8 0x81a198bc in run_update_beacon (vap=0xf8000e8dd000,
item=2)
at
/usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
#9 0x809b42bd in ieee80211_wme_updateparams_locked (
vap=0xf8000e8dd000) at ieee80211_var.h:814
#10 0x809b437a in ieee80211_wme_updateparams
(vap=0xf8000e8dd000)
at /usr/src/sys/net80211/ieee80211_proto.c:1150
#11 0x809b3f43 in ieee80211_wme_initparams (vap=value
optimized
out)
at /usr/src/sys/net80211/ieee80211_proto.c:955
#12 0x809a9aec in ieee80211_sta_join1 ()
at /usr/src/sys/net80211/ieee80211_node.c:741
#13 0x8099047b in hostap_newstate (vap=0xf8000e8dd000,
nstate=value optimized out, arg=value optimized out)
at /usr/src/sys/net80211/ieee80211_hostap.c:274
#14 0x81a1a36a in run_newstate (vap=value optimized out,
nstate=IEEE80211_S_RUN, arg=-1)
at
/usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:1881
#15 0x809b2edf in ieee80211_newstate_cb
(xvap=0xf8000e8dd000,
npending=value optimized out)
at /usr/src/sys/net80211/ieee80211_proto.c:1756
#16 0x808f5b66 in taskqueue_run_locked
(queue=0xf8000e8e4600)
at /usr/src/sys/kern/subr_taskqueue.c:333
#17 0x808f63e8 in taskqueue_thread_loop (arg=value optimized
out)
at /usr/src/sys/kern/subr_taskqueue.c:535
#18 0x8088198a in fork_exit (
callout=0x808f6340 taskqueue_thread_loop,
arg=0xfeff60f0, frame=0xfe009695fc00)
at /usr/src/sys/kern/kern_fork.c:995
#19 0x80c758ce in fork_trampoline ()
at /usr/src/sys/amd64/amd64/exception.S:606
#20 0x in ?? ()
frame 0
#0 doadump (textdump=value optimized out) at pcpu.h:219
219 pcpu.h: No such file or directory.
in pcpu.h
print doadump
$1 = {int (boolean_t)} 0x808af6f0 doadump
frame 1:
#1 0x808af530 in kern_reboot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:447
447 doadump(TRUE);
print kern_reboot
print kern_reboot
$3 = {void (int)} 0x808aedf0 kern_reboot
frame 2
#2 0x808af8f4 in panic (fmt=value optimized out)
at /usr/src/sys/kern/kern_shutdown.c:754
754 kern_reboot(bootopt);
(kgdb) print panic
$4 = {void (const char *)} 0x808af760 panic
frame 3
#3 0x80c8e692 in trap_fatal (frame=value optimized out,
eva=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:882
882 panic(%s, trap_msg[type]);
(kgdb) print trap_fatal
$5 = {void (struct trapframe *, vm_offset_t)} 0x80c8e2f0
trap_fatal
(kgdb) frame 4
#4 0x80c8e969 in trap_pfault
Re: FreeBSD 10.0: hostapd crash with Ralink 3070
Do you get a crashdump that you can feed into kgdb upon reboot? If not, would you mind enabling crashdumps? -a On 28 January 2014 02:57, Pedro Flynn pedro.fl...@gmail.com wrote: (sorry - this reply was sent only to Hiren. Here is it for the list) Hi Hiren, this is what I get immediately after starting hostapd - via service hostapd onestart, since I need to do it manually as the system will reboot in loop if I enable hostapd in rc.conf): KDB: stack backtrace #0 0x808e7dd0 at kbd_backtrace+0x60 #1 0x808af8b5 at panic+0x115 #2 0x80c8e692 at trap_fatal+0x3a2 #3 0x80c8e969 at trap_pfault+0x2c9 #4 0x80c8e0f6 at trap+0x5e6 #5 0x80c75392 at calltrap+0x8 #6 0x81a158bc at run_update_beacon+0x16c #7 0x809b42bd at ieee80211_wme_update_params_locked+0x32d #8 0x809b437a at ieee80211_wme_update_params+0x5a #9 0x809bb3f43 at ieee80211_wme_init_params+0x2a3 #10 0x809a9aec at ieee80211_sta_join1+0xdc #11 0x8099047b at hostap_newstate+0x2eb #12 0x81a1636a at run_newstate+0x83a #13 0x809b2edf at ieee80211_newstate_cb+0x14f #14 0x808f5b66 at taskqueue_run_locked+0xe6 #15 0x808f63e8 at taskqueue_thread_loop+0xa8 #16 0x8088198a at fork_exit+0x9a #17 0x80c758ce at fork_trampoline+0xe Uptime: 45 s Automatic reboot in 15 seconds - press a key on the console to abort -- Press a key on the console to reboot, -- or switch off the station now. Thanks for any help or suggestion. pflynn On Mon, Jan 27, 2014 at 8:43 PM, hiren panchasara hiren.panchas...@gmail.com wrote: On Mon, Jan 27, 2014 at 2:16 PM, Pedro Flynn pedro.fl...@gmail.com wrote: I can provide information as needed. Sharing lots of kernel debug messages that you are seeing might be a good start :-) cheers, Hiren ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org
Re: FreeBSD 10.0: hostapd crash with Ralink 3070
Hi! I generated the crash dump and uploaded the image to a public folder on Google Drive. This is the link to the folder: https://drive.google.com/folderview?id=0B0sVwxI7RI7oc3R2bjVQR0pXWG8usp=sharing the image is xz compressed and the uncompressed size is 161 MB. I also put the uname -a output in the file uname-a.output. This is the uname -a: FreeBSD wormhole2 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 r...@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 Hope this dump will have some information. I can build a kernel with debug symbols if one think more information is better. Thanks, pflynn On Tue, Jan 28, 2014 at 2:21 PM, Pedro Flynn pedro.fl...@gmail.com wrote: Hi Adrian, This morning I installed 10.0-RELEASE on a second machine (I had to rollback my router to 9.2) with the same hardware with dumpdev set to YES in rc.conf. I will generate the crashdump as soon as I get home. Thanks, pflynn On Tue, Jan 28, 2014 at 2:11 PM, Adrian Chadd adr...@freebsd.org wrote: Do you get a crashdump that you can feed into kgdb upon reboot? If not, would you mind enabling crashdumps? -a On 28 January 2014 02:57, Pedro Flynn pedro.fl...@gmail.com wrote: (sorry - this reply was sent only to Hiren. Here is it for the list) Hi Hiren, this is what I get immediately after starting hostapd - via service hostapd onestart, since I need to do it manually as the system will reboot in loop if I enable hostapd in rc.conf): KDB: stack backtrace #0 0x808e7dd0 at kbd_backtrace+0x60 #1 0x808af8b5 at panic+0x115 #2 0x80c8e692 at trap_fatal+0x3a2 #3 0x80c8e969 at trap_pfault+0x2c9 #4 0x80c8e0f6 at trap+0x5e6 #5 0x80c75392 at calltrap+0x8 #6 0x81a158bc at run_update_beacon+0x16c #7 0x809b42bd at ieee80211_wme_update_params_locked+0x32d #8 0x809b437a at ieee80211_wme_update_params+0x5a #9 0x809bb3f43 at ieee80211_wme_init_params+0x2a3 #10 0x809a9aec at ieee80211_sta_join1+0xdc #11 0x8099047b at hostap_newstate+0x2eb #12 0x81a1636a at run_newstate+0x83a #13 0x809b2edf at ieee80211_newstate_cb+0x14f #14 0x808f5b66 at taskqueue_run_locked+0xe6 #15 0x808f63e8 at taskqueue_thread_loop+0xa8 #16 0x8088198a at fork_exit+0x9a #17 0x80c758ce at fork_trampoline+0xe Uptime: 45 s Automatic reboot in 15 seconds - press a key on the console to abort -- Press a key on the console to reboot, -- or switch off the station now. Thanks for any help or suggestion. pflynn On Mon, Jan 27, 2014 at 8:43 PM, hiren panchasara hiren.panchas...@gmail.com wrote: On Mon, Jan 27, 2014 at 2:16 PM, Pedro Flynn pedro.fl...@gmail.com wrote: I can provide information as needed. Sharing lots of kernel debug messages that you are seeing might be a good start :-) cheers, Hiren ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org
Re: FreeBSD 10.0: hostapd crash with Ralink 3070
Hi, Did it create a crash .txt file? If so, that's mostly enough to go on. Can you just attach that to a post to the mailing list? -a On 28 January 2014 13:26, Pedro Flynn pedro.fl...@gmail.com wrote: Hi! I generated the crash dump and uploaded the image to a public folder on Google Drive. This is the link to the folder: https://drive.google.com/folderview?id=0B0sVwxI7RI7oc3R2bjVQR0pXWG8usp=sharing the image is xz compressed and the uncompressed size is 161 MB. I also put the uname -a output in the file uname-a.output. This is the uname -a: FreeBSD wormhole2 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 r...@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 Hope this dump will have some information. I can build a kernel with debug symbols if one think more information is better. Thanks, pflynn On Tue, Jan 28, 2014 at 2:21 PM, Pedro Flynn pedro.fl...@gmail.com wrote: Hi Adrian, This morning I installed 10.0-RELEASE on a second machine (I had to rollback my router to 9.2) with the same hardware with dumpdev set to YES in rc.conf. I will generate the crashdump as soon as I get home. Thanks, pflynn On Tue, Jan 28, 2014 at 2:11 PM, Adrian Chadd adr...@freebsd.org wrote: Do you get a crashdump that you can feed into kgdb upon reboot? If not, would you mind enabling crashdumps? -a On 28 January 2014 02:57, Pedro Flynn pedro.fl...@gmail.com wrote: (sorry - this reply was sent only to Hiren. Here is it for the list) Hi Hiren, this is what I get immediately after starting hostapd - via service hostapd onestart, since I need to do it manually as the system will reboot in loop if I enable hostapd in rc.conf): KDB: stack backtrace #0 0x808e7dd0 at kbd_backtrace+0x60 #1 0x808af8b5 at panic+0x115 #2 0x80c8e692 at trap_fatal+0x3a2 #3 0x80c8e969 at trap_pfault+0x2c9 #4 0x80c8e0f6 at trap+0x5e6 #5 0x80c75392 at calltrap+0x8 #6 0x81a158bc at run_update_beacon+0x16c #7 0x809b42bd at ieee80211_wme_update_params_locked+0x32d #8 0x809b437a at ieee80211_wme_update_params+0x5a #9 0x809bb3f43 at ieee80211_wme_init_params+0x2a3 #10 0x809a9aec at ieee80211_sta_join1+0xdc #11 0x8099047b at hostap_newstate+0x2eb #12 0x81a1636a at run_newstate+0x83a #13 0x809b2edf at ieee80211_newstate_cb+0x14f #14 0x808f5b66 at taskqueue_run_locked+0xe6 #15 0x808f63e8 at taskqueue_thread_loop+0xa8 #16 0x8088198a at fork_exit+0x9a #17 0x80c758ce at fork_trampoline+0xe Uptime: 45 s Automatic reboot in 15 seconds - press a key on the console to abort -- Press a key on the console to reboot, -- or switch off the station now. Thanks for any help or suggestion. pflynn On Mon, Jan 27, 2014 at 8:43 PM, hiren panchasara hiren.panchas...@gmail.com wrote: On Mon, Jan 27, 2014 at 2:16 PM, Pedro Flynn pedro.fl...@gmail.com wrote: I can provide information as needed. Sharing lots of kernel debug messages that you are seeing might be a good start :-) cheers, Hiren ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org
Re: FreeBSD 10.0: hostapd crash with Ralink 3070
Hi Adrian. Yes. There is a core.txt.0 file. I uploaded it to the folder. Thanks! pflynn On Tue, Jan 28, 2014 at 8:23 PM, Adrian Chadd adr...@freebsd.org wrote: Hi, Did it create a crash .txt file? If so, that's mostly enough to go on. Can you just attach that to a post to the mailing list? -a On 28 January 2014 13:26, Pedro Flynn pedro.fl...@gmail.com wrote: Hi! I generated the crash dump and uploaded the image to a public folder on Google Drive. This is the link to the folder: https://drive.google.com/folderview?id=0B0sVwxI7RI7oc3R2bjVQR0pXWG8usp=sharing the image is xz compressed and the uncompressed size is 161 MB. I also put the uname -a output in the file uname-a.output. This is the uname -a: FreeBSD wormhole2 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 r...@snap.freebsd.org: /usr/obj/usr/src/sys/GENERIC amd64 Hope this dump will have some information. I can build a kernel with debug symbols if one think more information is better. Thanks, pflynn On Tue, Jan 28, 2014 at 2:21 PM, Pedro Flynn pedro.fl...@gmail.com wrote: Hi Adrian, This morning I installed 10.0-RELEASE on a second machine (I had to rollback my router to 9.2) with the same hardware with dumpdev set to YES in rc.conf. I will generate the crashdump as soon as I get home. Thanks, pflynn On Tue, Jan 28, 2014 at 2:11 PM, Adrian Chadd adr...@freebsd.org wrote: Do you get a crashdump that you can feed into kgdb upon reboot? If not, would you mind enabling crashdumps? -a On 28 January 2014 02:57, Pedro Flynn pedro.fl...@gmail.com wrote: (sorry - this reply was sent only to Hiren. Here is it for the list) Hi Hiren, this is what I get immediately after starting hostapd - via service hostapd onestart, since I need to do it manually as the system will reboot in loop if I enable hostapd in rc.conf): KDB: stack backtrace #0 0x808e7dd0 at kbd_backtrace+0x60 #1 0x808af8b5 at panic+0x115 #2 0x80c8e692 at trap_fatal+0x3a2 #3 0x80c8e969 at trap_pfault+0x2c9 #4 0x80c8e0f6 at trap+0x5e6 #5 0x80c75392 at calltrap+0x8 #6 0x81a158bc at run_update_beacon+0x16c #7 0x809b42bd at ieee80211_wme_update_params_locked+0x32d #8 0x809b437a at ieee80211_wme_update_params+0x5a #9 0x809bb3f43 at ieee80211_wme_init_params+0x2a3 #10 0x809a9aec at ieee80211_sta_join1+0xdc #11 0x8099047b at hostap_newstate+0x2eb #12 0x81a1636a at run_newstate+0x83a #13 0x809b2edf at ieee80211_newstate_cb+0x14f #14 0x808f5b66 at taskqueue_run_locked+0xe6 #15 0x808f63e8 at taskqueue_thread_loop+0xa8 #16 0x8088198a at fork_exit+0x9a #17 0x80c758ce at fork_trampoline+0xe Uptime: 45 s Automatic reboot in 15 seconds - press a key on the console to abort -- Press a key on the console to reboot, -- or switch off the station now. Thanks for any help or suggestion. pflynn On Mon, Jan 27, 2014 at 8:43 PM, hiren panchasara hiren.panchas...@gmail.com wrote: On Mon, Jan 27, 2014 at 2:16 PM, Pedro Flynn pedro.fl...@gmail.com wrote: I can provide information as needed. Sharing lots of kernel debug messages that you are seeing might be a good start :-) cheers, Hiren ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org
Re: FreeBSD 10.0: hostapd crash with Ralink 3070
Ok, fire up kgdb # kgdb /boot/kernel/kernel /var/crash/vmcore.0 then (gdb) list * (0x809b1163) (.. that's the instruction pointer at the time of the panic.) I bet it's iv_bss. -a ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org
Re: FreeBSD 10.0: hostapd crash with Ralink 3070
Right, frame 8 (the run beacon update) is passing a NULL mbuf into
net80211. Why's it doing that.
-a
On 28 January 2014 15:02, Pedro Flynn pedro.fl...@gmail.com wrote:
Here we go (this output is not beautiful...). Please, let me know if I
missed something or if I did something wrong:
bt output:
#0 doadump (textdump=value optimized out) at pcpu.h:219
#1 0x808af530 in kern_reboot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:447
#2 0x808af8f4 in panic (fmt=value optimized out)
at /usr/src/sys/kern/kern_shutdown.c:754
#3 0x80c8e692 in trap_fatal (frame=value optimized out,
eva=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:882
#4 0x80c8e969 in trap_pfault (frame=0xfe009695f720, usermode=0)
at /usr/src/sys/amd64/amd64/trap.c:699
#5 0x80c8e0f6 in trap (frame=0xfe009695f720)
at /usr/src/sys/amd64/amd64/trap.c:463
#6 0x80c75392 in calltrap ()
at /usr/src/sys/amd64/amd64/exception.S:232
#7 0x809b1163 in ieee80211_beacon_update (ni=0xfeffc000,
bo=0xf8000e8dd9e8, m=0x0, mcast=0) at atomic.h:161
#8 0x81a198bc in run_update_beacon (vap=0xf8000e8dd000, item=2)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
#9 0x809b42bd in ieee80211_wme_updateparams_locked (
vap=0xf8000e8dd000) at ieee80211_var.h:814
#10 0x809b437a in ieee80211_wme_updateparams
(vap=0xf8000e8dd000)
at /usr/src/sys/net80211/ieee80211_proto.c:1150
#11 0x809b3f43 in ieee80211_wme_initparams (vap=value optimized
out)
at /usr/src/sys/net80211/ieee80211_proto.c:955
#12 0x809a9aec in ieee80211_sta_join1 ()
at /usr/src/sys/net80211/ieee80211_node.c:741
#13 0x8099047b in hostap_newstate (vap=0xf8000e8dd000,
nstate=value optimized out, arg=value optimized out)
at /usr/src/sys/net80211/ieee80211_hostap.c:274
#14 0x81a1a36a in run_newstate (vap=value optimized out,
nstate=IEEE80211_S_RUN, arg=-1)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:1881
#15 0x809b2edf in ieee80211_newstate_cb (xvap=0xf8000e8dd000,
npending=value optimized out)
at /usr/src/sys/net80211/ieee80211_proto.c:1756
#16 0x808f5b66 in taskqueue_run_locked (queue=0xf8000e8e4600)
at /usr/src/sys/kern/subr_taskqueue.c:333
#17 0x808f63e8 in taskqueue_thread_loop (arg=value optimized out)
at /usr/src/sys/kern/subr_taskqueue.c:535
#18 0x8088198a in fork_exit (
callout=0x808f6340 taskqueue_thread_loop,
arg=0xfeff60f0, frame=0xfe009695fc00)
at /usr/src/sys/kern/kern_fork.c:995
#19 0x80c758ce in fork_trampoline ()
at /usr/src/sys/amd64/amd64/exception.S:606
#20 0x in ?? ()
frame 0
#0 doadump (textdump=value optimized out) at pcpu.h:219
219 pcpu.h: No such file or directory.
in pcpu.h
print doadump
$1 = {int (boolean_t)} 0x808af6f0 doadump
frame 1:
#1 0x808af530 in kern_reboot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:447
447 doadump(TRUE);
print kern_reboot
print kern_reboot
$3 = {void (int)} 0x808aedf0 kern_reboot
frame 2
#2 0x808af8f4 in panic (fmt=value optimized out)
at /usr/src/sys/kern/kern_shutdown.c:754
754 kern_reboot(bootopt);
(kgdb) print panic
$4 = {void (const char *)} 0x808af760 panic
frame 3
#3 0x80c8e692 in trap_fatal (frame=value optimized out,
eva=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:882
882 panic(%s, trap_msg[type]);
(kgdb) print trap_fatal
$5 = {void (struct trapframe *, vm_offset_t)} 0x80c8e2f0
trap_fatal
(kgdb) frame 4
#4 0x80c8e969 in trap_pfault (frame=0xfe009695f720, usermode=0)
at /usr/src/sys/amd64/amd64/trap.c:699
699 trap_fatal(frame, eva);
(kgdb) print trap_pfault
$6 = {int (struct trapframe *, int)} 0x80c8e6a0 trap_pfault
(kgdb) frame 5
#5 0x80c8e0f6 in trap (frame=0xfe009695f720)
at /usr/src/sys/amd64/amd64/trap.c:463
463 (void) trap_pfault(frame, FALSE);
(kgdb) print trap
$7 = {void (struct trapframe *)} 0x80c8db10 trap
frame 6
#6 0x80c75392 in calltrap ()
at /usr/src/sys/amd64/amd64/exception.S:232
232 call trap
Current language: auto; currently asm
(kgdb) print calltrap
$8 = {text variable, no debug info} 0x80c7538a calltrap
(kgdb) frame 7
#7 0x809b1163 in ieee80211_beacon_update (ni=0xfeffc000,
bo=0xf8000e8dd9e8, m=0x0, mcast=0) at atomic.h:161
161 atomic.h: No such file or directory.
in atomic.h
Current language: auto; currently minimal
(kgdb) print ieee80211_beacon_update
$9 = {int (struct ieee80211_node *, struct ieee80211_beacon_offsets *,
struct mbuf *, int)} 0x809b1090 ieee80211_beacon_update
frame 8
#8 0x81a198bc in run_update_beacon
Re: FreeBSD 10.0: hostapd crash with Ralink 3070
Just to bring to our attention frame 8:
(kgdb) frame 8
#8 0x81a198bc in run_update_beacon (vap=0xf8000e8dd000, item=2)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
3974 ieee80211_beacon_update(vap-iv_bss, rvp-bo, rvp-beacon_mbuf,
mcast);
Current language: auto; currently minimal
(kgdb) print run_update_beacon
$23 = {void (struct ieee80211vap *,
int)} 0x81a19750 run_update_beacon
(kgdb)
thanks,
pflynn
On Tue, Jan 28, 2014 at 9:04 PM, Adrian Chadd adr...@freebsd.org wrote:
Right, frame 8 (the run beacon update) is passing a NULL mbuf into
net80211. Why's it doing that.
-a
On 28 January 2014 15:02, Pedro Flynn pedro.fl...@gmail.com wrote:
Here we go (this output is not beautiful...). Please, let me know if I
missed something or if I did something wrong:
bt output:
#0 doadump (textdump=value optimized out) at pcpu.h:219
#1 0x808af530 in kern_reboot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:447
#2 0x808af8f4 in panic (fmt=value optimized out)
at /usr/src/sys/kern/kern_shutdown.c:754
#3 0x80c8e692 in trap_fatal (frame=value optimized out,
eva=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:882
#4 0x80c8e969 in trap_pfault (frame=0xfe009695f720,
usermode=0)
at /usr/src/sys/amd64/amd64/trap.c:699
#5 0x80c8e0f6 in trap (frame=0xfe009695f720)
at /usr/src/sys/amd64/amd64/trap.c:463
#6 0x80c75392 in calltrap ()
at /usr/src/sys/amd64/amd64/exception.S:232
#7 0x809b1163 in ieee80211_beacon_update (ni=0xfeffc000,
bo=0xf8000e8dd9e8, m=0x0, mcast=0) at atomic.h:161
#8 0x81a198bc in run_update_beacon (vap=0xf8000e8dd000,
item=2)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
#9 0x809b42bd in ieee80211_wme_updateparams_locked (
vap=0xf8000e8dd000) at ieee80211_var.h:814
#10 0x809b437a in ieee80211_wme_updateparams
(vap=0xf8000e8dd000)
at /usr/src/sys/net80211/ieee80211_proto.c:1150
#11 0x809b3f43 in ieee80211_wme_initparams (vap=value optimized
out)
at /usr/src/sys/net80211/ieee80211_proto.c:955
#12 0x809a9aec in ieee80211_sta_join1 ()
at /usr/src/sys/net80211/ieee80211_node.c:741
#13 0x8099047b in hostap_newstate (vap=0xf8000e8dd000,
nstate=value optimized out, arg=value optimized out)
at /usr/src/sys/net80211/ieee80211_hostap.c:274
#14 0x81a1a36a in run_newstate (vap=value optimized out,
nstate=IEEE80211_S_RUN, arg=-1)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:1881
#15 0x809b2edf in ieee80211_newstate_cb (xvap=0xf8000e8dd000,
npending=value optimized out)
at /usr/src/sys/net80211/ieee80211_proto.c:1756
#16 0x808f5b66 in taskqueue_run_locked (queue=0xf8000e8e4600)
at /usr/src/sys/kern/subr_taskqueue.c:333
#17 0x808f63e8 in taskqueue_thread_loop (arg=value optimized
out)
at /usr/src/sys/kern/subr_taskqueue.c:535
#18 0x8088198a in fork_exit (
callout=0x808f6340 taskqueue_thread_loop,
arg=0xfeff60f0, frame=0xfe009695fc00)
at /usr/src/sys/kern/kern_fork.c:995
#19 0x80c758ce in fork_trampoline ()
at /usr/src/sys/amd64/amd64/exception.S:606
#20 0x in ?? ()
frame 0
#0 doadump (textdump=value optimized out) at pcpu.h:219
219 pcpu.h: No such file or directory.
in pcpu.h
print doadump
$1 = {int (boolean_t)} 0x808af6f0 doadump
frame 1:
#1 0x808af530 in kern_reboot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:447
447 doadump(TRUE);
print kern_reboot
print kern_reboot
$3 = {void (int)} 0x808aedf0 kern_reboot
frame 2
#2 0x808af8f4 in panic (fmt=value optimized out)
at /usr/src/sys/kern/kern_shutdown.c:754
754 kern_reboot(bootopt);
(kgdb) print panic
$4 = {void (const char *)} 0x808af760 panic
frame 3
#3 0x80c8e692 in trap_fatal (frame=value optimized out,
eva=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:882
882 panic(%s, trap_msg[type]);
(kgdb) print trap_fatal
$5 = {void (struct trapframe *, vm_offset_t)} 0x80c8e2f0
trap_fatal
(kgdb) frame 4
#4 0x80c8e969 in trap_pfault (frame=0xfe009695f720,
usermode=0)
at /usr/src/sys/amd64/amd64/trap.c:699
699 trap_fatal(frame, eva);
(kgdb) print trap_pfault
$6 = {int (struct trapframe *, int)} 0x80c8e6a0 trap_pfault
(kgdb) frame 5
#5 0x80c8e0f6 in trap (frame=0xfe009695f720)
at /usr/src/sys/amd64/amd64/trap.c:463
463 (void) trap_pfault(frame, FALSE);
(kgdb) print trap
$7 = {void (struct trapframe *)} 0x80c8db10 trap
frame 6
#6 0x80c75392 in calltrap ()
at /usr/src/sys/amd64/amd64/exception.S:232
232
Re: FreeBSD 10.0: hostapd crash with Ralink 3070
You mean rvp-beacon_mbuf is null?
Thanks,
pflynn
On Tue, Jan 28, 2014 at 9:06 PM, Pedro Flynn pedro.fl...@gmail.com wrote:
Just to bring to our attention frame 8:
(kgdb) frame 8
#8 0x81a198bc in run_update_beacon (vap=0xf8000e8dd000,
item=2)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
3974 ieee80211_beacon_update(vap-iv_bss, rvp-bo, rvp-beacon_mbuf,
mcast);
Current language: auto; currently minimal
(kgdb) print run_update_beacon
$23 = {void (struct ieee80211vap *,
int)} 0x81a19750 run_update_beacon
(kgdb)
thanks,
pflynn
On Tue, Jan 28, 2014 at 9:04 PM, Adrian Chadd adr...@freebsd.org wrote:
Right, frame 8 (the run beacon update) is passing a NULL mbuf into
net80211. Why's it doing that.
-a
On 28 January 2014 15:02, Pedro Flynn pedro.fl...@gmail.com wrote:
Here we go (this output is not beautiful...). Please, let me know if I
missed something or if I did something wrong:
bt output:
#0 doadump (textdump=value optimized out) at pcpu.h:219
#1 0x808af530 in kern_reboot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:447
#2 0x808af8f4 in panic (fmt=value optimized out)
at /usr/src/sys/kern/kern_shutdown.c:754
#3 0x80c8e692 in trap_fatal (frame=value optimized out,
eva=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:882
#4 0x80c8e969 in trap_pfault (frame=0xfe009695f720,
usermode=0)
at /usr/src/sys/amd64/amd64/trap.c:699
#5 0x80c8e0f6 in trap (frame=0xfe009695f720)
at /usr/src/sys/amd64/amd64/trap.c:463
#6 0x80c75392 in calltrap ()
at /usr/src/sys/amd64/amd64/exception.S:232
#7 0x809b1163 in ieee80211_beacon_update
(ni=0xfeffc000,
bo=0xf8000e8dd9e8, m=0x0, mcast=0) at atomic.h:161
#8 0x81a198bc in run_update_beacon (vap=0xf8000e8dd000,
item=2)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
#9 0x809b42bd in ieee80211_wme_updateparams_locked (
vap=0xf8000e8dd000) at ieee80211_var.h:814
#10 0x809b437a in ieee80211_wme_updateparams
(vap=0xf8000e8dd000)
at /usr/src/sys/net80211/ieee80211_proto.c:1150
#11 0x809b3f43 in ieee80211_wme_initparams (vap=value optimized
out)
at /usr/src/sys/net80211/ieee80211_proto.c:955
#12 0x809a9aec in ieee80211_sta_join1 ()
at /usr/src/sys/net80211/ieee80211_node.c:741
#13 0x8099047b in hostap_newstate (vap=0xf8000e8dd000,
nstate=value optimized out, arg=value optimized out)
at /usr/src/sys/net80211/ieee80211_hostap.c:274
#14 0x81a1a36a in run_newstate (vap=value optimized out,
nstate=IEEE80211_S_RUN, arg=-1)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:1881
#15 0x809b2edf in ieee80211_newstate_cb
(xvap=0xf8000e8dd000,
npending=value optimized out)
at /usr/src/sys/net80211/ieee80211_proto.c:1756
#16 0x808f5b66 in taskqueue_run_locked
(queue=0xf8000e8e4600)
at /usr/src/sys/kern/subr_taskqueue.c:333
#17 0x808f63e8 in taskqueue_thread_loop (arg=value optimized
out)
at /usr/src/sys/kern/subr_taskqueue.c:535
#18 0x8088198a in fork_exit (
callout=0x808f6340 taskqueue_thread_loop,
arg=0xfeff60f0, frame=0xfe009695fc00)
at /usr/src/sys/kern/kern_fork.c:995
#19 0x80c758ce in fork_trampoline ()
at /usr/src/sys/amd64/amd64/exception.S:606
#20 0x in ?? ()
frame 0
#0 doadump (textdump=value optimized out) at pcpu.h:219
219 pcpu.h: No such file or directory.
in pcpu.h
print doadump
$1 = {int (boolean_t)} 0x808af6f0 doadump
frame 1:
#1 0x808af530 in kern_reboot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:447
447 doadump(TRUE);
print kern_reboot
print kern_reboot
$3 = {void (int)} 0x808aedf0 kern_reboot
frame 2
#2 0x808af8f4 in panic (fmt=value optimized out)
at /usr/src/sys/kern/kern_shutdown.c:754
754 kern_reboot(bootopt);
(kgdb) print panic
$4 = {void (const char *)} 0x808af760 panic
frame 3
#3 0x80c8e692 in trap_fatal (frame=value optimized out,
eva=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:882
882 panic(%s, trap_msg[type]);
(kgdb) print trap_fatal
$5 = {void (struct trapframe *, vm_offset_t)} 0x80c8e2f0
trap_fatal
(kgdb) frame 4
#4 0x80c8e969 in trap_pfault (frame=0xfe009695f720,
usermode=0)
at /usr/src/sys/amd64/amd64/trap.c:699
699 trap_fatal(frame, eva);
(kgdb) print trap_pfault
$6 = {int (struct trapframe *, int)} 0x80c8e6a0 trap_pfault
(kgdb) frame 5
#5 0x80c8e0f6 in trap (frame=0xfe009695f720)
at /usr/src/sys/amd64/amd64/trap.c:463
463 (void) trap_pfault(frame, FALSE);
(kgdb) print trap
$7 = {void (struct
Re: FreeBSD 10.0: hostapd crash with Ralink 3070
Yup. Is it?
Adrian
On Jan 28, 2014 6:10 PM, Pedro Flynn pedro.fl...@gmail.com wrote:
You mean rvp-beacon_mbuf is null?
Thanks,
pflynn
On Tue, Jan 28, 2014 at 9:06 PM, Pedro Flynn pedro.fl...@gmail.comwrote:
Just to bring to our attention frame 8:
(kgdb) frame 8
#8 0x81a198bc in run_update_beacon (vap=0xf8000e8dd000,
item=2)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
3974 ieee80211_beacon_update(vap-iv_bss, rvp-bo, rvp-beacon_mbuf,
mcast);
Current language: auto; currently minimal
(kgdb) print run_update_beacon
$23 = {void (struct ieee80211vap *,
int)} 0x81a19750 run_update_beacon
(kgdb)
thanks,
pflynn
On Tue, Jan 28, 2014 at 9:04 PM, Adrian Chadd adr...@freebsd.org wrote:
Right, frame 8 (the run beacon update) is passing a NULL mbuf into
net80211. Why's it doing that.
-a
On 28 January 2014 15:02, Pedro Flynn pedro.fl...@gmail.com wrote:
Here we go (this output is not beautiful...). Please, let me know if I
missed something or if I did something wrong:
bt output:
#0 doadump (textdump=value optimized out) at pcpu.h:219
#1 0x808af530 in kern_reboot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:447
#2 0x808af8f4 in panic (fmt=value optimized out)
at /usr/src/sys/kern/kern_shutdown.c:754
#3 0x80c8e692 in trap_fatal (frame=value optimized out,
eva=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:882
#4 0x80c8e969 in trap_pfault (frame=0xfe009695f720,
usermode=0)
at /usr/src/sys/amd64/amd64/trap.c:699
#5 0x80c8e0f6 in trap (frame=0xfe009695f720)
at /usr/src/sys/amd64/amd64/trap.c:463
#6 0x80c75392 in calltrap ()
at /usr/src/sys/amd64/amd64/exception.S:232
#7 0x809b1163 in ieee80211_beacon_update
(ni=0xfeffc000,
bo=0xf8000e8dd9e8, m=0x0, mcast=0) at atomic.h:161
#8 0x81a198bc in run_update_beacon (vap=0xf8000e8dd000,
item=2)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:3974
#9 0x809b42bd in ieee80211_wme_updateparams_locked (
vap=0xf8000e8dd000) at ieee80211_var.h:814
#10 0x809b437a in ieee80211_wme_updateparams
(vap=0xf8000e8dd000)
at /usr/src/sys/net80211/ieee80211_proto.c:1150
#11 0x809b3f43 in ieee80211_wme_initparams (vap=value
optimized
out)
at /usr/src/sys/net80211/ieee80211_proto.c:955
#12 0x809a9aec in ieee80211_sta_join1 ()
at /usr/src/sys/net80211/ieee80211_node.c:741
#13 0x8099047b in hostap_newstate (vap=0xf8000e8dd000,
nstate=value optimized out, arg=value optimized out)
at /usr/src/sys/net80211/ieee80211_hostap.c:274
#14 0x81a1a36a in run_newstate (vap=value optimized out,
nstate=IEEE80211_S_RUN, arg=-1)
at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:1881
#15 0x809b2edf in ieee80211_newstate_cb
(xvap=0xf8000e8dd000,
npending=value optimized out)
at /usr/src/sys/net80211/ieee80211_proto.c:1756
#16 0x808f5b66 in taskqueue_run_locked
(queue=0xf8000e8e4600)
at /usr/src/sys/kern/subr_taskqueue.c:333
#17 0x808f63e8 in taskqueue_thread_loop (arg=value optimized
out)
at /usr/src/sys/kern/subr_taskqueue.c:535
#18 0x8088198a in fork_exit (
callout=0x808f6340 taskqueue_thread_loop,
arg=0xfeff60f0, frame=0xfe009695fc00)
at /usr/src/sys/kern/kern_fork.c:995
#19 0x80c758ce in fork_trampoline ()
at /usr/src/sys/amd64/amd64/exception.S:606
#20 0x in ?? ()
frame 0
#0 doadump (textdump=value optimized out) at pcpu.h:219
219 pcpu.h: No such file or directory.
in pcpu.h
print doadump
$1 = {int (boolean_t)} 0x808af6f0 doadump
frame 1:
#1 0x808af530 in kern_reboot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:447
447 doadump(TRUE);
print kern_reboot
print kern_reboot
$3 = {void (int)} 0x808aedf0 kern_reboot
frame 2
#2 0x808af8f4 in panic (fmt=value optimized out)
at /usr/src/sys/kern/kern_shutdown.c:754
754 kern_reboot(bootopt);
(kgdb) print panic
$4 = {void (const char *)} 0x808af760 panic
frame 3
#3 0x80c8e692 in trap_fatal (frame=value optimized out,
eva=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:882
882 panic(%s, trap_msg[type]);
(kgdb) print trap_fatal
$5 = {void (struct trapframe *, vm_offset_t)} 0x80c8e2f0
trap_fatal
(kgdb) frame 4
#4 0x80c8e969 in trap_pfault (frame=0xfe009695f720,
usermode=0)
at /usr/src/sys/amd64/amd64/trap.c:699
699 trap_fatal(frame, eva);
(kgdb) print trap_pfault
$6 = {int (struct trapframe *, int)} 0x80c8e6a0 trap_pfault
(kgdb) frame 5
#5 0x80c8e0f6 in trap (frame=0xfe009695f720)
at
