> Date: Sat, 30 Nov 2013 17:42:21 +0100
> From: Stefan Sperling <s...@openbsd.org>
>
> I have already fixed a similar problem before:
>
> ----------------------------
> revision 1.72
> date: 2012/08/17 14:49:17; author: stsp; state: Exp; lines: +2 -1;
> Fix possible panic while switching from STA mode into hostap/ibss modes.
> ieee80211_create_ibss() resets the set of supported rates but failed
> to update the index into the rate set array accordingly. If the rate
> configured during STA operation didn't belong to the newly configured
> rate set the system ran into an assertion ("bogus xmit rate %u setup")
> while trying to create the IBSS.
> ok fgsch@
> ----------------------------
>
> I ran into this panic again with a cardbus ral (rt2560).
> This time it happened while in ibss mode in a mixed B/G network.
> There are additional cases where the rate set is changed but the
> index into the array is not. I hope the diff below fixes them.
ok kettenis@
> Index: ieee80211_node.c
> ===================================================================
> RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
> retrieving revision 1.79
> diff -u -p -r1.79 ieee80211_node.c
> --- ieee80211_node.c 21 Nov 2013 16:16:08 -0000 1.79
> +++ ieee80211_node.c 30 Nov 2013 15:28:20 -0000
> @@ -909,6 +909,7 @@ ieee80211_find_txnode(struct ieee80211co
> return NULL;
> /* XXX no rate negotiation; just dup */
> ni->ni_rates = ic->ic_bss->ni_rates;
> + ni->ni_txrate = 0;
> if (ic->ic_newassoc)
> (*ic->ic_newassoc)(ic, ni, 1);
> }
> @@ -1041,6 +1042,7 @@ ieee80211_find_rxnode(struct ieee80211co
> IEEE80211_ADDR_COPY(ni->ni_bssid, (bssid != NULL) ? bssid : zero);
>
> ni->ni_rates = ic->ic_bss->ni_rates;
> + ni->ni_txrate = 0;
> if (ic->ic_newassoc)
> (*ic->ic_newassoc)(ic, ni, 1);
