Actually ... seems to be easy to fix. Can you reproduce this reliably? I suspect not. If you can, try the patch below to make sure -- I'm pretty certain it is a correct patch anyhow though. johannes --- net/mac80211/agg-tx.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) --- wireless-testing.orig/net/mac80211/agg-tx.c 2009-10-16 19:13:48.000000000 +0900 +++ wireless-testing/net/mac80211/agg-tx.c 2009-10-16 19:15:12.000000000 +0900 @@ -666,11 +666,13 @@ void ieee80211_process_addba_resp(struct state = &sta->ampdu_mlme.tid_state_tx[tid]; + del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); + spin_lock_bh(&sta->lock); if (!(*state & HT_ADDBA_REQUESTED_MSK)) { spin_unlock_bh(&sta->lock); - return; + goto timer_still_needed; } if (mgmt->u.action.u.addba_resp.dialog_token != @@ -679,13 +681,13 @@ void ieee80211_process_addba_resp(struct #ifdef CONFIG_MAC80211_HT_DEBUG printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); #endif /* CONFIG_MAC80211_HT_DEBUG */ - return; + goto timer_still_needed; } - del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); #ifdef CONFIG_MAC80211_HT_DEBUG printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid); #endif /* CONFIG_MAC80211_HT_DEBUG */ + if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) == WLAN_STATUS_SUCCESS) { u8 curstate = *state; @@ -700,4 +702,8 @@ void ieee80211_process_addba_resp(struct ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); } spin_unlock_bh(&sta->lock); + + return; + timer_still_needed: + add_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); } -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html