I have already fixed a similar problem before:
----------------------------
revision 1.72
date: 2012/08/17 14:49:17; author: stsp; state: Exp; lines: +2 -1;
Fix possible panic while switching from STA mode into hostap/ibss modes.
ieee80211_create_ibss() resets the set of supported rates but failed
to update the index into the rate set array accordingly. If the rate
configured during STA operation didn't belong to the newly configured
rate set the system ran into an assertion ("bogus xmit rate %u setup")
while trying to create the IBSS.
ok fgsch@
----------------------------
I ran into this panic again with a cardbus ral (rt2560).
This time it happened while in ibss mode in a mixed B/G network.
There are additional cases where the rate set is changed but the
index into the array is not. I hope the diff below fixes them.
Index: ieee80211_node.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.79
diff -u -p -r1.79 ieee80211_node.c
--- ieee80211_node.c 21 Nov 2013 16:16:08 -0000 1.79
+++ ieee80211_node.c 30 Nov 2013 15:28:20 -0000
@@ -909,6 +909,7 @@ ieee80211_find_txnode(struct ieee80211co
return NULL;
/* XXX no rate negotiation; just dup */
ni->ni_rates = ic->ic_bss->ni_rates;
+ ni->ni_txrate = 0;
if (ic->ic_newassoc)
(*ic->ic_newassoc)(ic, ni, 1);
}
@@ -1041,6 +1042,7 @@ ieee80211_find_rxnode(struct ieee80211co
IEEE80211_ADDR_COPY(ni->ni_bssid, (bssid != NULL) ? bssid : zero);
ni->ni_rates = ic->ic_bss->ni_rates;
+ ni->ni_txrate = 0;
if (ic->ic_newassoc)
(*ic->ic_newassoc)(ic, ni, 1);
