See my previous post at:
http://mail-index.netbsd.org/current-users/2005/11/29/0011.html

Briefly, "ifconfig atu0 inet <whatever>" produces a kernel page fault (even
with the latest binary kernel snapshot (200512180000Z)). It doesn't crash
under NetBSD 3.0RC5.

I took a closer look at it today, so here are the results. The fault occurs
in atu_initial_config(), at:
switch (ic->ic_nw_keys[ic->ic_def_txkey].wk_keylen)

At this time, ic->ic_def_txkey = 65535 (= IEEE80211_KEYIX_NONE, most
probably initialized by ieee80211_crypto_attach()), which is far beyond the
end of the array (size: IEEE80211_WEP_NKID = 4).

Should I send a PR or does somebody have a fix ?

S.W.