Bug 174891

Summary: [ieee80211] struct ieee80211_node is freed during active BA session
Product: Base System Reporter: PseudoCylon <moonlightakkiy>
Component: wirelessAssignee: freebsd-wireless (Nobody) <wireless>
Status: Open ---    
Severity: Affects Only Me    
Priority: Normal    
Version: 9.1-PRERELEASE   
Hardware: Any   
OS: Any   

Description PseudoCylon 2013-01-02 04:10:00 UTC 
When ieee80211_find_rxnode() is called with a segregated ampdu frame, sometime the function returns NULL.

Currently, exact mechanism is unknown. Maybe, tearing down of BA session was failed or miscounting of ni_refcnt.

More detail will be submitted as soon as discovered.

Related thread:
http://lists.freebsd.org/pipermail/freebsd-wireless/2013-January/002718.html

Fix: 

not yet known
How-To-Repeat: setup a WiFi connection and patiently wait.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2013-01-20 01:57:27 UTC 
Responsible Changed
From-To: freebsd-bugs->freebsd-wireless

Over to maintainer(s).
Comment 2 Eitan Adler freebsd_committer freebsd_triage 2018-05-28 19:48:45 UTC 
batch change:

For bugs that match the following
-  Status Is In progress 
AND
- Untouched since 2018-01-01.
AND
- Affects Base System OR Documentation

DO:

Reset to open status.


Note:
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.