On Fri, 2009-07-24 at 22:35 -0500, Larry Finger wrote: > I pulled from the wireless-testing (git describe yields > v2.6.31-rc4-29133-g1addf37) and get the following BUG: > > BUG: unable to handle kernel NULL pointer dereference at 000000000000000c > IP: [<ffffffffa0267fc1>] ieee80211_scan_work+0x18a/0x426 [mac80211] I got it too :-( > chan = local->scan_req->channels[local->scan_channel_idx]; > > in ieee80211_scan_state_set_channel(). The same thing here. The oops happens when local->scan_channel_idx reaches 14, which is local->scan_req->n_channels. I tried this patch: --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -588,6 +588,10 @@ static void ieee80211_scan_state_set_channel(struct ieee80211_local *local, struct ieee80211_sub_if_data *sdata = local->scan_sdata; skip = 0; + + if (local->scan_channel_idx >= local->scan_req->n_channels) + return; + chan = local->scan_req->channels[local->scan_channel_idx]; if (chan->flags & IEEE80211_CHAN_DISABLED || It prevents the oops, but now udev hangs on startup. Perhaps ieee80211_scan_state_set_channel() shouldn't set local->scan_channel_idx to an invalid value in the first place. Or maybe if it happens, something else should be done to stop the scan. -- Regards, Pavel Roskin -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
