netbsd-bugs: kern/24175: wi: conflicting options triggers kernel panic

Subject: kern/24175: wi: conflicting options triggers kernel panic
To: None <gnats-bugs@gnats.netbsd.org>
From: None <stix@stix.homeunix.net>
List: netbsd-bugs
Date: 01/21/2004 09:44:26
>Number:         24175
>Category:       kern
>Synopsis:       wi: conflicting options triggers kernel panic
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jan 20 22:45:01 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Paul Ripke
>Release:        NetBSD 1.6ZH 20040120
>Organization:
>Environment:
	sys/dev/ic/wi.c: $NetBSD: wi.c,v 1.148 2003/12/07 05:44:49 dyoung Exp $
System: NetBSD stix-pc.stix.org.au 1.6ZH NetBSD 1.6ZH (STIX-PC) #2: Tue Jan 20 22:29:43 EST 2004 stix@stix-pc.stix.org.au:/export/build/obj.i386/export/build/src/sys/arch/i386/compile/STIX-PC i386
Architecture: i386
Machine: i386
>Description:
When upgrading from NetBSD 1.6R, /etc/ifconfig.wi0 had contained:

inet host.domain.org.au netmask 255.255.255.128 up media DS11 mediaopt hostap nwid myid

With 1.6ZH, this caused an instant panic. Fix was to remove "media DS11"
from the ifconfig line. Core and full symbol netbsd.gdb available.

Panic is:
uvm_fault(0xc6c3e44c, 0x10000, 0, 1) -> 0xe
(gdb) bt                 
#0  0x00000001 in ?? ()
#1  0xc02bcfbf in cpu_reboot (howto=27770880, bootstr=0x0) at /export/build/src/sys/arch/i386/i386/machdep.c:731
#2  0xc0206ce9 in db_reboot_cmd (addr=1, have_addr=0, count=-1070614578, modif=0xc6cd9ad8 "\200ֶ?ְן\232ֶֽ\001")
    at /export/build/src/sys/ddb/db_command.c:689
#3  0xc0206833 in db_command (last_cmdp=0xc03c2c70, cmd_table=0x0) at /export/build/src/sys/ddb/db_command.c:464
#4  0xc020654e in db_command_loop () at /export/build/src/sys/ddb/db_command.c:255
#5  0xc020960c in db_trap (type=0, code=0) at /export/build/src/sys/ddb/db_trap.c:101
#6  0xc02ba8de in kdb_trap (type=6, code=0, regs=0x0) at /export/build/src/sys/arch/i386/i386/db_interface.c:225
#7  0xc02c6c46 in trap (frame=0xc6cd9d1c) at /export/build/src/sys/arch/i386/i386/trap.c:284
#8  0xc0102ba3 in calltrap ()
#9  0xc018a83e in wi_media_change (ifp=0xc0968034) at /export/build/src/sys/dev/ic/wi.c:1283
#10 0xc02798a2 in ifmedia_ioctl (ifp=0xc0968034, ifr=0xc6cd9ea4, ifm=0xc0968ae0, cmd=0)
    at /export/build/src/sys/net/if_media.c:304
#11 0xc018a72a in wi_ioctl (ifp=0xc0968034, cmd=3223349557, data=0xc6cd9ea4 "wi0")
    at /export/build/src/sys/dev/ic/wi.c:1219
#12 0xc02719de in ifioctl (so=0xc0a0e000, cmd=3223349557, data=0xc6cd9ea4 "wi0", p=0xc6c72e5c)
    at /export/build/src/sys/net/if.c:1523
#13 0xc0242ce6 in sys_ioctl (l=0x0, v=0xc6cd9f64, retval=0xc6cd9f5c) at /export/build/src/sys/kern/sys_generic.c:612
#14 0xc02c6632 in syscall_plain (frame=0xc6cd9fa8) at /export/build/src/sys/arch/i386/i386/syscall.c:156
(gdb) f 9
#9  0xc018a83e in wi_media_change (ifp=0xc0968034) at /export/build/src/sys/dev/ic/wi.c:1283
1283                    struct ieee80211_rateset *rs =
(gdb) l
1278
1279            ime = ic->ic_media.ifm_cur;
1280            if (IFM_SUBTYPE(ime->ifm_media) == IFM_AUTO) {
1281                    i = -1;
1282            } else {
1283                    struct ieee80211_rateset *rs =
1284                        &ic->ic_sup_rates[ieee80211_chan2mode(ic,
1285                            ic->ic_bss->ni_chan)];
1286                    rate = ieee80211_media2rate(ime->ifm_media);
1287                    if (rate == 0)

Card is a DWL-520:

wi0 at pci0 dev 8 function 0: Intersil Prism2.5 Wireless Lan
wi0: interrupting at irq 11
wi0: 802.11 address 00:05:5d:5b:c5:f5
wi0: using RF:PRISM2.5 MAC:ISL3874A(Mini-PCI)
wi0: Intersil Firmware: Primary (1.0.5), Station (1.3.4)
wi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps

>How-To-Repeat:
As above, attempt to configure both "media DS11" and "mediaopt hostap".

>Fix:
Workaround:
Remove "media" option.

>Release-Note:
>Audit-Trail:
>Unformatted: