174891 – [ieee80211] struct ieee80211_node is freed during active BA session

Bug 174891 - [ieee80211] struct ieee80211_node is freed during active BA session

Summary: [ieee80211] struct ieee80211_node is freed during active BA session

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	wireless (show other bugs)
Version:	9.1-PRERELEASE
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-wireless (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-01-02 04:10 UTC by PseudoCylon
Modified:	2018-05-28 19:48 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description PseudoCylon 2013-01-02 04:10:00 UTC

When ieee80211_find_rxnode() is called with a segregated ampdu frame, sometime the function returns NULL.

Currently, exact mechanism is unknown. Maybe, tearing down of BA session was failed or miscounting of ni_refcnt.

More detail will be submitted as soon as discovered.

Related thread:
http://lists.freebsd.org/pipermail/freebsd-wireless/2013-January/002718.html

Fix: 

not yet known
How-To-Repeat: setup a WiFi connection and patiently wait.

Comment 1 Mark Linimon freebsd_committer

2013-01-20 01:57:27 UTC

Responsible Changed
From-To: freebsd-bugs->freebsd-wireless

Over to maintainer(s).

Comment 2 Eitan Adler freebsd_committer

2018-05-28 19:48:45 UTC

batch change:

For bugs that match the following
-  Status Is In progress 
AND
- Untouched since 2018-01-01.
AND
- Affects Base System OR Documentation

DO:

Reset to open status.


Note:
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.