From nobody@FreeBSD.org  Fri Sep  2 11:09:59 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 36E6C106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  2 Sep 2011 11:09:59 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 2774A8FC08
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  2 Sep 2011 11:09:59 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p82B9wus096533
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 2 Sep 2011 11:09:58 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p82B9wR5096532;
	Fri, 2 Sep 2011 11:09:58 GMT
	(envelope-from nobody)
Message-Id: <201109021109.p82B9wR5096532@red.freebsd.org>
Date: Fri, 2 Sep 2011 11:09:58 GMT
From: Edgar Martinez <eviltwinke@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Panic in mesh mode
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         160391
>Category:       kern
>Synopsis:       [ieee80211] [patch] Panic in mesh mode
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-wireless
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 02 11:10:11 UTC 2011
>Closed-Date:    
>Last-Modified:  Tue Sep  6 16:50:03 UTC 2011
>Originator:     Edgar Martinez
>Release:        9.0-BETA2
>Organization:
>Environment:
FreeBSD chuckles.local 9.0-BETA2 FreeBSD 9.0-BETA2 #0: Mon Aug 29 09:38:20 PDT 2011     root@chuckles.local:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
Kernel Panic when in mesh mode
>How-To-Repeat:
create two mesh nodes, pass traffic
>Fix:
*** ieee80211_mesh.c    Tue May  3 19:23:59 2011
--- ieee80211_mesh.c.mod        Fri Sep  2 04:05:20 2011
***************
*** 1460,1470 ****
                                meshid = frm;
                                break;
                        }
                        frm += frm[1] + 2;
                }
!               IEEE80211_VERIFY_ELEMENT(ssid, IEEE80211_NWID_LEN, return);
                IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE, return);
                if (xrates != NULL)
                        IEEE80211_VERIFY_ELEMENT(xrates,
                            IEEE80211_RATE_MAXSIZE - rates[1], return);
                if (meshid != NULL) {
--- 1460,1470 ----
                                meshid = frm;
                                break;
                        }
                        frm += frm[1] + 2;
                }
!               IEEE80211_VERIFY_ELEMENT(meshid, IEEE80211_NWID_LEN, return);
                IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE, return);
                if (xrates != NULL)
                        IEEE80211_VERIFY_ELEMENT(xrates,
                            IEEE80211_RATE_MAXSIZE - rates[1], return);
                if (meshid != NULL) {


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Sep 2 19:54:11 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=160391 
Responsible-Changed-From-To: freebsd-net->freebsd-wireless 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Sep 3 19:26:43 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=160391 

From: Mark Linimon <linimon@lonesome.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/160391: [ieee80211] [patch] Panic in mesh mode
Date: Tue, 6 Sep 2011 11:43:12 -0500

 ----- Forwarded message from Adrian Chadd <adrian@freebsd.org> -----
 
 Date: Tue, 6 Sep 2011 18:07:41 +0800
 From: Adrian Chadd <adrian@freebsd.org>
 To: Edgar Martinez <emartinez@kbcnetworks.com>
 Cc: freebsd-net@freebsd.org, freebsd-bugs@freebsd.org
 Subject: Re: kern/160391: [ieee80211] [patch] Panic in mesh mode
 
 Hi Edgar,
 
 Can you please provide;
 
 * A dmesg, just so we can see what/how many radios;
 * what do you mean by "create two mesh nodes" - do you mean two mesh
 nodes on the same board, one on each radio?
 
 Thanks,
 
 Adrian
 
 ----- End forwarded message -----

From: Mark Linimon <linimon@lonesome.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/160391: [ieee80211] [patch] Panic in mesh mode
Date: Tue, 6 Sep 2011 11:44:06 -0500

 ----- Forwarded message from Edgar Martinez <emartinez@kbcnetworks.com> -----
 
 Date: Tue, 6 Sep 2011 08:39:56 -0700
 From: Edgar Martinez <emartinez@kbcnetworks.com>
 To: Adrian Chadd <adrian@freebsd.org>
 Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>,
 	"freebsd-bugs@freebsd.org" <freebsd-bugs@freebsd.org>
 Subject: RE: kern/160391: [ieee80211] [patch] Panic in mesh mode
 
 Will provide dumps soon.
 
 But yes, effectively, two physical radios on a single board.
 
 Each configured in mesh mode. 
 
 When they are both configured the same (channel/meshid/etc), and see
 each other, bad things happen. - Easy fix is to MAC filter.
 
 When they are both configured differently (channel/meshid/etc), and see
 each other, via the network, bad things happen. - Easy fix is to MAC
 filter.
 
 Interesting phenomena I am tracking down...sometimes the local and peer
 addresses are three characters vs four...and then of course its b0rkeD...
 a reboot sometimes cleans it right up, and things run...
 
 Finally, there's no mechanism to manually flush out the mesh info, yet,
 so I also noticed that it appears the routes just stop updating...
 
 I've been too busy to root cause many issues, and have only focused on
 the show-stoppers...but I really need to...
 
 ----- End forwarded message -----
>Unformatted:
