[Bug 286063] net80211: isieee80211_sta_join() -> ieee80211_alloc_node() -> ieee80211_chan2mode() panic

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 286063] iflwifi: isieee80211_sta_join() -> ieee80211_alloc_node() -> ieee80211_chan2mode() panic"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 16 Apr 2025 19:24:54 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286063

Bjoern A. Zeeb <bz@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|wireless@FreeBSD.org        |bz@FreeBSD.org
             Status|New                         |Open

--- Comment #2 from Bjoern A. Zeeb <bz@FreeBSD.org> ---
ieee80211_sta_join() calls
  ieee80211_alloc_node() not passing the chan
    ni_chan gets initialized to IEEE80211_CHAN_ANYC
    the node gets inserted in the nt
  ni->ni_chan = chan  which was passed into ieee80211_sta_join()
  ieee80211_ies_init
    ieee80211_ies_expand    << one possible problem seen here already -- ???
unrelated? NO!
   ieee80211_setup_rates calls
    <<<< real problem for ni_chan happening here
    ieee80211_fix_rate
      ucastrate = vap->iv_txparms[ieee80211_chan2mode(ni->ni_chan)].ucastrate; 
<< kaboom with ni_nichan being kaputt

The problems that is common to both is that the se became invalid.

Please try the patch from this review:
https://reviews.freebsd.org/D49865

-- 
You are receiving this mail because:
You are the assignee for the bug.