On Sat, Mar 05, 2016 at 10:12:33PM +0200, Jouni Malinen wrote: > On Sat, Mar 05, 2016 at 10:05:05PM +0200, Jouni Malinen wrote: > > So something is corrupting memory there.. > > Or well.. It's a call to a mesh function after vif type has changed: > > [ 8.195793] JKM:sdata->name='wlan2' vif.type=7 > [ 11.370760] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready > [ 11.400032] JKM:mesh_path_send_to_gates:tbl= (null) > [ 11.403328] JKM:sdata->name='wlan2' vif.type=2 > > Did something forgot to cancel mesh_path_timer() calls? Yeah, this is it: we don't cancel it until call_rcu() calls mesh_path_reclaim(), which is much too late now that the hashtable is part of the sdata->u.mesh. Although I guess it was a bug before that we may have tried to send frames to gates after a mesh device was gone... -- Bob Copeland %% http://bobcopeland.com/ _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
