On Thu, Apr 5, 2012 at 5:37 AM, Larry Finger <Larry.Finger@xxxxxxxxxxxx> wrote: > In https://bugzilla.kernel.org/show_bug.cgi?id=43044, driver rtl8192ce is > getting an oops due to a NULL pointer dereference due to NULL being returned > by ieee80211_get_tx_rate. For reference, the code in question is > > static inline struct ieee80211_rate * > ieee80211_get_tx_rate(const struct ieee80211_hw *hw, > const struct ieee80211_tx_info *c) > { > if (WARN_ON(c->control.rates[0].idx < 0)) > return NULL; > return &hw->wiphy->bands[c->band]->bitrates[c->control.rates[0].idx]; For MCS rates c->control.rates[0].idx contains the MCS rate itself. So, calling ieee80211_get_tx_rate for an MCS rate might actually cause this ... Helmut -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html