There's a race condition -- started can be set to true before channel is set due to the way mac80211 callbacks currently work (->start should probably pass the channel we would like to have initially). For now simply add a check to hwsim to avoid dereferencing the NULL channel pointer. Signed-off-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> --- drivers/net/wireless/mac80211_hwsim.c | 1 + 1 file changed, 1 insertion(+) --- wireless-testing.orig/drivers/net/wireless/mac80211_hwsim.c 2009-07-07 03:29:38.000000000 +0200 +++ wireless-testing/drivers/net/wireless/mac80211_hwsim.c 2009-07-07 03:37:02.000000000 +0200 @@ -427,6 +427,7 @@ static bool mac80211_hwsim_tx_frame(stru continue; if (!data2->started || !hwsim_ps_rx_ok(data2, skb) || + !data->channel || !data2->channel || data->channel->center_freq != data2->channel->center_freq || !(data->group & data2->group)) continue; -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
