>Number:         27468
>Category:       kern
>Synopsis:       Kernel panic due to ath driver
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Oct 25 14:13:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     zul
>Release:        current x86
>Organization:
>Environment:
NetBSD Hermes.at.home 2.99.10 NetBSD 2.99.10 (HERMES) #0: Sun Oct 24 14:21:18 CEST 2004  zul@Hermes.at.home:/usr/build_tmp/objdir/sys/arch/i386/compile/HERMES i386

>Description:
When I play with ath into mode monitor, the kernel hangs. The problem seems to be under the function ath_rate_ctl_reset 

   /*
     * Reset local xmit state; this is really only meaningful
     * when operating in station or adhoc mode.
     */
    ni = ic->ic_bss;
    an = (struct ath_node *) ni;
    an->an_tx_ok = an->an_tx_err = an->an_tx_retr = an->an_tx_upper = 0;
    if (state == IEEE80211_S_RUN) {
        /* start with highest negotiated rate */
        KASSERT(ni->ni_rates.rs_nrates > 0,
            ("transition to RUN state w/ no rates!"));
        ni->ni_txrate = ni->ni_rates.rs_nrates - 1;
    } else {
        /* use lowest rate */
        ni->ni_txrate = 0;
    }

>How-To-Repeat:
ifconfig ath0 mediaopt monitor
ifconfig ath0 chan 10
ifconfig ath0 up
>Fix:
We probably can execute this code only in the case we are in BSS or IBSS mode
if  (ic->curmode & ( IEEE80211_C_IBSS|IEEE80211_C_HOSTAP))
{
..
}

I don't have test for moment
>Release-Note:
>Audit-Trail:
>Unformatted: