On Tue, 2010-10-05 at 21:40 +0200, Johannes Berg wrote: > From: Johannes Berg <johannes.berg@xxxxxxxxx> > > We never delete the addBA response timer, which > is typically fine, but if the station it belongs > to is deleted very quickly after starting the BA > session, before the peer had a chance to reply, > the timer may fire after the station struct has > been freed already. Therefore, we need to delete > the timer in a suitable spot -- best when the > session is being stopped (which will happen even > then) in which case the delete will be a no-op > most of the time. > > I've reproduced the scenario and tested the fix. Ok, can you add: This fixes the crash reported at http://mid.gmane.org/4CAB6F96.6090701@xxxxxxxxxxxxxxx to the changelog? johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
