On Sat, Mar 05, 2016 at 01:48:46PM -0500, Bob Copeland wrote: > mesh_paths is supposed to be not null for the lifetime of the mesh interface. > So either there's an initialization race here, or something is clobbering > that pointer. Or mpath->sdata is not valid. I'll dig into this. It looks this is very much timing dependent. Whenever I get "IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready" between the two mesh_path_send_to_gates() calls, the kernel panics and if that print is not there for wlan2, kernel does not panic.. In other words, no panic: [ 8.800089] JKM:mesh_path_send_to_gates:tbl=ffff88001e2a7a00 [ 11.966892] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 11.980010] JKM:mesh_path_send_to_gates:tbl=ffff88001e2a7a00 [ 11.981188] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 11.993772] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready Panic: [ 12.341919] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 12.364397] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 12.390036] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready [ 12.430022] JKM:mesh_path_send_to_gates:tbl= (null) [ 12.430888] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 12.431859] IP: [<ffffffff81441934>] mesh_path_send_to_gates+0x44/0x490 mpath and mpath->sdata seem to stay unchanged in the crash: [ 8.310097] JKM:mesh_path_send_to_gates:tbl=ffff88001eac6d00 mpath=ffff88001ea8b200 sdata=ffff88001e09e680 [ 11.445864] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 11.475456] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 11.502370] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready [ 11.510022] JKM:mesh_path_send_to_gates:tbl= (null) mpath=ffff88001ea8b200 sdata=ffff88001e09e680 [ 11.511413] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 But there is more corruption in neighboring struct ieee80211_if_mesh members: [ 8.480071] JKM:mesh_path_send_to_gates:tbl=ffff88001dd38100 mpath=ffff88001ea27900 sdata=ffff88001eb66680 meshconf_offset=76 mpp_paths=ffff88001dd38600 mesh_paths_generation=3 mpp_paths_generation=0 chsw_ttl=0 pre_value=0 [ 11.604246] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 11.625758] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 11.648686] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready [ 11.680051] JKM:mesh_path_send_to_gates:tbl= (null) mpath=ffff88001ea27900 sdata=ffff88001eb66680 meshconf_offset=0 mpp_paths= (null) mesh_paths_generation=0 mpp_paths_generation=0 chsw_ttl=0 pre_value=0 [ 11.682636] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 So something is corrupting memory there.. With full hexdump of the struct: [ 3.543560] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready [ 3.547157] IPv6: ADDRCONF(NETDEV_CHANGE): wlan2: link becomes ready [ 9.180095] JKM:mesh_path_send_to_gates:tbl=ffff88001e06fd00 mpath=ffff88001e213f00 sdata=ffff88001dd9e680 meshconf_offset=76 mpp_paths=ffff88001e06fc00 mesh_paths_generation=3 mpp_paths_generation=0 chsw_ttl=0 pre_value=0 mesh_id_len=14 sn=8 [ 9.186097] struct ieee80211_if_mesh: ffff88001dd9ed48: 48 ad d9 1d 00 88 ff ff 10 d0 c0 1f 00 88 ff ff H............... [ 9.188478] struct ieee80211_if_mesh: ffff88001dd9ed58: e0 a3 ff ff 00 00 00 00 30 e2 43 81 ff ff ff ff ........0.C..... [ 9.189160] struct ieee80211_if_mesh: ffff88001dd9ed68: 80 e6 d9 1d 00 88 ff ff 00 00 00 00 ff ff ff ff ................ [ 9.189847] struct ieee80211_if_mesh: ffff88001dd9ed78: 00 02 00 00 00 00 ad de 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ed88: c9 8c ff ff 00 00 00 00 10 e2 43 81 ff ff ff ff ..........C..... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ed98: 80 e6 d9 1d 00 88 ff ff 03 00 00 00 ff ff ff ff ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9eda8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9edb8: 00 00 00 00 00 00 00 00 e0 e1 43 81 ff ff ff ff ..........C..... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9edc8: 80 e6 d9 1d 00 88 ff ff 00 00 00 00 ff ff ff ff ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9edd8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ede8: 77 70 61 73 2d 6d 65 73 68 2d 6f 70 65 6e 00 00 wpas-mesh-open.. [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9edf8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ee08: 0e 00 00 00 00 00 00 00 01 01 00 01 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ee18: 08 00 00 00 09 00 00 00 03 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ee28: c7 8d ff ff 00 00 00 00 33 8c ff ff 00 00 00 00 ........3....... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ee38: c7 8d ff ff 00 00 00 00 00 60 1a 1e 00 88 ff ff .........`...... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ee48: 00 00 00 00 00 00 00 00 50 ee d9 1d 00 88 ff ff ........P....... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ee58: 50 ee d9 1d 00 88 ff ff 00 00 00 00 00 00 00 00 P............... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ee68: 00 00 00 00 0c 00 00 00 00 00 00 00 0c 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ee78: 00 00 00 00 00 00 00 00 00 00 00 00 64 00 64 00 ............d.d. [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ee88: 64 00 20 00 03 1f 1f 00 32 00 00 00 04 00 00 00 d. .....2....... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ee98: e8 03 00 00 64 00 00 00 88 13 00 00 0a 00 64 00 ....d.........d. [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9eea8: 32 00 00 00 88 13 00 01 00 00 00 00 03 00 00 00 2............... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9eeb8: 70 17 00 00 88 13 d0 07 01 00 00 00 0a 00 00 00 p............... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9eec8: 00 00 00 00 02 00 00 00 0e 00 00 00 01 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9eed8: 02 00 00 00 00 00 00 00 00 5a 2e 1e 00 88 ff ff .........Z...... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9eee8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9eef8: 01 00 00 00 00 00 00 00 48 c2 4c 81 ff ff ff ff ........H.L..... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ef08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ef18: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ef28: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ef38: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ef48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ef58: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ef68: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ef78: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ef88: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9ef98: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9efa8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9efb8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9efc8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9efd8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9efe8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9eff8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9f008: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9f018: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9f028: 28 f0 d9 1d 00 88 ff ff 28 f0 d9 1d 00 88 ff ff (.......(....... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9f038: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9f048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9f058: 00 00 00 00 00 00 00 00 4c 00 00 00 00 00 00 00 ........L....... [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9f068: 00 fd 06 1e 00 88 ff ff 00 fc 06 1e 00 88 ff ff ................ [ 9.190070] struct ieee80211_if_mesh: ffff88001dd9f078: 03 00 00 00 00 00 00 00 ........ [ 12.303831] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 12.326151] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 12.351970] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready [ 12.370034] JKM:mesh_path_send_to_gates:tbl= (null) mpath=ffff88001e213f00 sdata=ffff88001dd9e680 meshconf_offset=0 mpp_paths= (null) mesh_paths_generation=0 mpp_paths_generation=0 chsw_ttl=0 pre_value=0 mesh_id_len=-32 sn=500821520 [ 12.372873] struct ieee80211_if_mesh: ffff88001dd9ed48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.374437] struct ieee80211_if_mesh: ffff88001dd9ed58: 00 00 00 00 00 00 00 00 b0 ca 42 81 ff ff ff ff ..........B..... [ 12.375971] struct ieee80211_if_mesh: ffff88001dd9ed68: 80 e6 d9 1d 00 88 ff ff 00 00 00 00 ff ff ff ff ................ [ 12.377790] struct ieee80211_if_mesh: ffff88001dd9ed78: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.379686] struct ieee80211_if_mesh: ffff88001dd9ed88: 00 00 00 00 00 00 00 00 30 ca 42 81 ff ff ff ff ........0.B..... [ 12.381501] struct ieee80211_if_mesh: ffff88001dd9ed98: 80 e6 d9 1d 00 88 ff ff 00 00 00 00 ff ff ff ff ................ [ 12.382888] struct ieee80211_if_mesh: ffff88001dd9eda8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.384280] struct ieee80211_if_mesh: ffff88001dd9edb8: 00 00 00 00 00 00 00 00 70 ca 42 81 ff ff ff ff ........p.B..... [ 12.385783] struct ieee80211_if_mesh: ffff88001dd9edc8: 80 e6 d9 1d 00 88 ff ff 00 00 00 00 ff ff ff ff ................ [ 12.387248] struct ieee80211_if_mesh: ffff88001dd9edd8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.388775] struct ieee80211_if_mesh: ffff88001dd9ede8: 00 00 00 00 00 00 00 00 10 ca 42 81 ff ff ff ff ..........B..... [ 12.390219] struct ieee80211_if_mesh: ffff88001dd9edf8: 80 e6 d9 1d 00 88 ff ff 00 00 00 00 ff ff ff ff ................ [ 12.391680] struct ieee80211_if_mesh: ffff88001dd9ee08: e0 ff ff ff 0f 00 00 00 10 ee d9 1d 00 88 ff ff ................ [ 12.393177] struct ieee80211_if_mesh: ffff88001dd9ee18: 10 ee d9 1d 00 88 ff ff 10 5a 43 81 ff ff ff ff .........ZC..... [ 12.394705] struct ieee80211_if_mesh: ffff88001dd9ee28: e0 ff ff ff 0f 00 00 00 30 ee d9 1d 00 88 ff ff ........0....... [ 12.396133] struct ieee80211_if_mesh: ffff88001dd9ee38: 30 ee d9 1d 00 88 ff ff a0 eb 42 81 ff ff ff ff 0.........B..... [ 12.398001] struct ieee80211_if_mesh: ffff88001dd9ee48: e0 ff ff ff 0f 00 00 00 50 ee d9 1d 00 88 ff ff ........P....... [ 12.399748] struct ieee80211_if_mesh: ffff88001dd9ee58: 50 ee d9 1d 00 88 ff ff a0 59 43 81 ff ff ff ff P........YC..... [ 12.401561] struct ieee80211_if_mesh: ffff88001dd9ee68: e0 ff ff ff 0f 00 00 00 70 ee d9 1d 00 88 ff ff ........p....... [ 12.403333] struct ieee80211_if_mesh: ffff88001dd9ee78: 70 ee d9 1d 00 88 ff ff b0 f8 42 81 ff ff ff ff p.........B..... [ 12.404712] struct ieee80211_if_mesh: ffff88001dd9ee88: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.405594] struct ieee80211_if_mesh: ffff88001dd9ee98: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.406465] struct ieee80211_if_mesh: ffff88001dd9eea8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.407314] struct ieee80211_if_mesh: ffff88001dd9eeb8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.408165] struct ieee80211_if_mesh: ffff88001dd9eec8: 00 00 00 00 00 00 00 00 e0 ff ff ff 0f 00 00 00 ................ [ 12.409040] struct ieee80211_if_mesh: ffff88001dd9eed8: d8 ee d9 1d 00 88 ff ff d8 ee d9 1d 00 88 ff ff ................ [ 12.409868] struct ieee80211_if_mesh: ffff88001dd9eee8: b0 41 3f 81 ff ff ff ff 00 00 00 00 00 00 00 00 .A?............. [ 12.410763] struct ieee80211_if_mesh: ffff88001dd9eef8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.411601] struct ieee80211_if_mesh: ffff88001dd9ef08: 00 00 00 00 00 00 00 00 00 00 ff ff 00 00 00 00 ................ [ 12.412477] struct ieee80211_if_mesh: ffff88001dd9ef18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.413349] struct ieee80211_if_mesh: ffff88001dd9ef28: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.414207] struct ieee80211_if_mesh: ffff88001dd9ef38: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.415080] struct ieee80211_if_mesh: ffff88001dd9ef48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.415948] struct ieee80211_if_mesh: ffff88001dd9ef58: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.416830] struct ieee80211_if_mesh: ffff88001dd9ef68: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.417700] struct ieee80211_if_mesh: ffff88001dd9ef78: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.418548] struct ieee80211_if_mesh: ffff88001dd9ef88: 00 00 00 00 00 00 00 00 e0 ff ff ff 0f 00 00 00 ................ [ 12.419418] struct ieee80211_if_mesh: ffff88001dd9ef98: 98 ef d9 1d 00 88 ff ff 98 ef d9 1d 00 88 ff ff ................ [ 12.420311] struct ieee80211_if_mesh: ffff88001dd9efa8: 70 7c 43 81 ff ff ff ff 00 00 00 00 00 00 00 00 p|C............. [ 12.421176] struct ieee80211_if_mesh: ffff88001dd9efb8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.422028] struct ieee80211_if_mesh: ffff88001dd9efc8: 40 a0 05 81 ff ff ff ff 90 ef d9 1d 00 88 ff ff @............... [ 12.422855] struct ieee80211_if_mesh: ffff88001dd9efd8: 00 00 20 00 ff ff ff ff 00 00 00 00 00 00 00 00 .. ............. [ 12.423713] struct ieee80211_if_mesh: ffff88001dd9efe8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.424602] struct ieee80211_if_mesh: ffff88001dd9eff8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.425456] struct ieee80211_if_mesh: ffff88001dd9f008: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.426230] struct ieee80211_if_mesh: ffff88001dd9f018: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.427078] struct ieee80211_if_mesh: ffff88001dd9f028: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.427943] struct ieee80211_if_mesh: ffff88001dd9f038: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.428787] struct ieee80211_if_mesh: ffff88001dd9f048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.429650] struct ieee80211_if_mesh: ffff88001dd9f058: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.430477] struct ieee80211_if_mesh: ffff88001dd9f068: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 12.431327] struct ieee80211_if_mesh: ffff88001dd9f078: 00 00 00 00 00 00 00 00 ........ [ 12.432128] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 12.432813] IP: [<ffffffff814419cf>] mesh_path_send_to_gates+0xdf/0x530 -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap