On Sat, Mar 05, 2016 at 03:29:13PM -0500, Bob Copeland wrote: > On Sat, Mar 05, 2016 at 10:12:33PM +0200, Jouni Malinen wrote: > > On Sat, Mar 05, 2016 at 10:05:05PM +0200, Jouni Malinen wrote: > > > So something is corrupting memory there.. > > > > Or well.. It's a call to a mesh function after vif type has changed: > > > > [ 8.195793] JKM:sdata->name='wlan2' vif.type=7 > > [ 11.370760] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready > > [ 11.400032] JKM:mesh_path_send_to_gates:tbl= (null) > > [ 11.403328] JKM:sdata->name='wlan2' vif.type=2 > > > > Did something forgot to cancel mesh_path_timer() calls? > > Not sure, but, mesh_pathtbl_unregister() should probably be coming after > del_timer_sync(&sdata->u.mesh.mesh_path_timer) instead of before it... I.e., does this patch help at all? diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index 1a2aaf461e98..890fcdb2cc9c 100644 --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c @@ -905,7 +905,6 @@ void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata) /* flush STAs and mpaths on this iface */ sta_info_flush(sdata); mesh_path_flush_by_iface(sdata); - mesh_pathtbl_unregister(sdata); /* free all potentially still buffered group-addressed frames */ local->total_ps_buffered -= skb_queue_len(&ifmsh->ps.bc_buf); @@ -915,6 +914,8 @@ void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata) del_timer_sync(&sdata->u.mesh.mesh_path_root_timer); del_timer_sync(&sdata->u.mesh.mesh_path_timer); + mesh_pathtbl_unregister(sdata); + /* clear any mesh work (for next join) we may have accrued */ ifmsh->wrkq_flags = 0; ifmsh->mbss_changed = 0; -- Bob Copeland %% http://bobcopeland.com/ _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap