On Mon, 2009-08-03 at 00:28 +0200, Joerg Albert wrote:
> On 08/02/2009 03:23 PM, Joerg Albert wrote:
> > After
> >     ifconfig wlan1 down
> >     iwconfig wlan1 mode managed essid huhu
> >     ifconfig wlan1 up
> >     ifconfig wlan1 down
> >     iwconfig wlan1 mode ad-hoc essid huhu_a channel 1
> > 
> > ar9170 crashes (see below for the syslog).
> > 
> > It seems like ar9170_op_bss_info_changed() is called with ar->vif == NULL
> > (i.e. ((struct ar9170 *)hw->priv)->vif == NULL), while parameter vif != 
> > NULL and
> > changed & (BSS_CHANGED_BEACON | BSS_CHANGED_BEACON_ENABLED) is non-zero.
> > ar->vif is passed unchecked to ieee80211_beacon_get().
> > 
> > Is this something ar9170 is supposed to handle or a bug in 
> > cfg80211/mac80211?
> > Is a driver's *bss_info_changed proc called while the netdev is closed?
> 
> It looks like ar->vif is set to NULL by ar9170_remove_interface() and the one call
> of ar9170_op_bss_info_changed() when ad-hoc is configured has changed==BSS_CHANGED_BEACON_ENABLED
> with bss_info->enable_beacon == 0.
> So it's a bug in the ar9170. I'll try to post a patch.

No, it's a bug in cfg80211 :)

johannes