I think the net80211 beacon create routine doesn't allocate a node ref. Yeah, it doesn't. You have to do ieee80211_ref_node() after calling becaon_create(), and deref it if the tx fails. The TX success will free the node ref for you.
-adrian On 16 September 2015 at 04:27, Idwer Vollering <[email protected]> wrote: > 2015-09-16 8:06 GMT+02:00 Matthew Grooms <[email protected]>: > >> >> It looks like my screenshot got scrubbed. Here is my hopefully faithful >> transcription ... >> >> Fatal trap 9: general protection fault while in kernel mode >> cpuid = 3; apic id = 03 >> instruction pointer = 0x20:0xffffffff80a01105 >> stack pointer = 0x28:0xfffffe0092fe86f0 >> frame pointer = 0x28:0xfffffe0092fe8740 >> code segment = base 0x0, limit 0xfffff, type 0x1b >> = DPL 0, pres 1, long 1, def32 0, gran 1 >> processor eflags = interrupt enabled, resume, IOPL = 0 >> current process = 716 (ifconfig) >> [thread pid 716 tid 100082 ] >> Stopped at __mtx_lock_flags+0x55: movq (%r13),%rax >> db> bt >> Tracing pid 716 tid 100082 td 0xffffff800512814d0 >> __mtx_lock_flags() at __mtx_lock_flags+0x55/frame 0xfffffe0092fe8740 >> ieee80211_free_node() at ieee80211_free_node()_0x38/frame 0xfffffe0092fe8780 >> ieee80211_node_vdetach() at ieee80211_node_vdetach()+0x2d/frame >> 0xfffffe0092fe87a0 >> ieee80211_vap_detach() at ieee80211_vap_detach()+0x35e/frame >> 0xfffffe0092fe87d0 >> urtwn_vap_delete() at urtwn_vap_delete()+0xe/frame 0xfffffe0092fe87f0 >> if_clone_destroyif() at if_clone_destroyif()+0x1aa/frame 0xfffffe0092fe8840 >> if_clone_destroy() at if_clone_destroy()0x8e/frame 0xfffffe0092fe8860 >> kern_ioctl() at kern_ioctl()+0x230/frame 0xfffffe0092fe88c0 >> sys_ioctl() at sys_ioctl()+0x153/frame 0xfffffe0092fe89a0 >> amd64_syscall() at amd64_syscall()+0x282/frame 0xfffffe0092fe8ab0 >> Xfast_syscall() at Xfast_syscall()+0xfb/frame 0xfffffe0092fe8ab0 >> -- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x8011e8c8a, rsp = >> 0x7fffffffe2f8, rbp = 0x7fffffffe310 -- >> db> > > Assuming dumpdev="AUTO" is set in /etc/rc.conf, you should have > entered 'dump' at the db> blinker :) > > The trap details are found in /var/crash/, run kgdb: "kgdb > /boot/kernel/kernel /var/crash/vmcore.last", then run 'bt' and 'up' at > its prompt. > >> >> -Matthew >> _______________________________________________ >> [email protected] mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-wireless >> To unsubscribe, send any mail to "[email protected]" > _______________________________________________ > [email protected] mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-wireless > To unsubscribe, send any mail to "[email protected]" _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to "[email protected]"
