On Mon, 2009-07-27 at 10:27 +0200, Johannes Berg wrote: > Thanks Pavel, > > > > while (!skb_queue_empty(&local->pending[i])) { > > > struct sk_buff *skb = __skb_dequeue(&local->pending[i]); > > > + struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); > > > + struct ieee80211_sub_if_data *sdata; > > > + > > > + sdata = vif_to_sdata(info->control.vif); > > > + dev_hold(sdata->dev); > > > > I'm getting a panic at this point if I run hostapd on ath9k and a > > Windows client tries to authenticate with a wrong WPA key. > > > > Debugging shows that sdata->dev is NULL. > > I suspect 'sdata' is already pointing to something bogus, since it's the > result of a container_of(). > > Can you try with the sanity checking patch I'm about to send? If you mean "verify info->control.vif is not NULL", it makes no difference for me. No BUG is triggered. info->control.vif is never NULL in ieee80211_tx_pending(), but sdata->dev is NULL the second time ieee80211_tx_pending() is called. Just skipping that case doesn't help, I still get a panic in that function after about 10 calls. -- Regards, Pavel Roskin -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html