(gdb) mon rtt stop
(gdb) mon rtt setup 0x1fffe000 0x2000
(gdb) mon rtt start
rtt: Searching for control block 'SEGGER RTT'
(this is debug prints added into openocd....)
KARL: addr: 0x1fffe400 match for buf_off: 108 char == 'S
KARL: addr: 0x1fffe400 match for buf_off: 109 char == 'E
KARL: addr: 0x1fffe400 match for buf_off: 110 char == 'G
KARL: addr: 0x1fffe400 match for buf_off: 111 char == 'G
KARL: addr: 0x1fffe400 match for buf_off: 112 char == 'E
KARL: addr: 0x1fffe400 match for buf_off: 113 char == 'R
KARL: addr: 0x1fffe400 match for buf_off: 114 char == ' 
KARL: addr: 0x1fffe400 match for buf_off: 115 char == 'R
KARL: addr: 0x1fffe400 match for buf_off: 116 char == 'T
KARL: addr: 0x1fffe400 match for buf_off: 117 char == 'T
KARL: found a match at 0x1fffe400 with bufoff 117 and id_length: 10
rtt: Control block found at 0x1fffe46c
^^^that's 4 bytes early.... and the buffer offsets don't make any sense....

(gdb) xac 0x1fffe400 200
0x1fffe400: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe408: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe410: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe418: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe420: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe428: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe430: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe438: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe440: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe448: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe450: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe458: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe460: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe468: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe470: 0x53 0x45 0x47 0x47 0x45 0x52 0x20 0x52 'SEGGER R'
0x1fffe478: 0x54 0x54 0x00 0x00 0x00 0x00 0x00 0x00 'TT'
0x1fffe480: 0x03 0x00 0x00 0x00 0x03 0x00 0x00 0x00 ''
� 'fffe488: 0xb4 0xcb 0x0d 0x00 0x00 0xa7 0x00 0x20 '��
0x1fffe490: 0x00 0x04 0x00 0x00 0xb9 0x01 0x00 0x00 '�'
0x1fffe498: 0xb9 0x01 0x00 0x00 0x00 0x00 0x00 0x00 '�'
�� 'ffe4a0: 0xbc 0x18 0x0d 0x00 0xf0 0xa2 0x00 0x20 '�
0x1fffe4a8: 0x00 0x04 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe4b0: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe4b8: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''
0x1fffe4c0: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ''

vvvvvvvvvvvvvv   Below we reprint out what should be in those buffer offsets
(gdb) p /c *(0x1fffe400 +109)
$9 = 0 '\000'
(gdb) p /c *(0x1fffe400 +110)
$10 = 0 '\000'
(gdb) p /c *(0x1fffe400 +111)
$11 = 0 '\000'
(gdb) p /c *(0x1fffe400 +112)
$12 = 83 'S'
(gdb) p /x &_SEGGER_RTT 
$13 = 0x1fffe470
(gdb)