netbsd-bugs: kern/25721: Pulling active wi card from sbus nell panics ss10

Subject: kern/25721: Pulling active wi card from sbus nell panics ss10
To: None <gnats-bugs@gnats.NetBSD.org>
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
List: netbsd-bugs
Date: 05/26/2004 23:16:00
>Number:         25721
>Category:       kern
>Synopsis:       Pulling active wi card from sbus nell panics ss10
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed May 26 21:58:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
>Release:        NetBSD 2.0_BETA, sources from 05-18 / 05-25
>Organization:
Mahlzeit!
>Environment:
	
	
System: NetBSD pizza.causeuse.org 2.0_BETA NetBSD 2.0_BETA (PIZZA) #13: Wed May 26 20:49:25 CEST 2004 hauke@pizza.causeuse.org:/var/obj/netbsd-builds/2_0/sparc/obj/sys/arch/sparc/compile/PIZZA sparc
Architecture: sparc
Machine: sparc

[hauke@pizza] ~ > ifconfig -a
le0: flags=8867<UP,BROADCAST,DEBUG,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 08:00:20:18:76:7e
        media: Ethernet autoselect (10baseT)
        status: active
wi0: flags=8963<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        ssid Forstquelle nwkey *****
        powersave off
        bssid 00:09:5b:54:f1:e5 chan 11
        address: 00:09:5b:54:f1:e5
        media: IEEE802.11 autoselect hostap (DS2 hostap)
        status: active
hme0: flags=8b63<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
        address: 08:00:20:18:76:7e
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 172.16.7.10 netmask 0xffffff00 broadcast 172.16.7.255
        atalk 339.3 range 339-342 phase 2 broadcast 339.3
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 33196
        inet 127.0.0.1 netmask 0xff000000
        atalk 0.0 range 0-0 phase 2
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
bridge0: flags=41<UP,RUNNING> mtu 1500
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
        inet 80.137.47.34 -> 217.5.98.163 netmask 0xff000000

From dmesg:

nell0 at sbus0 slot 0 offset 0x0 level 4 (ipl 7) level 7 (ipl 13): rev 1
pcmcia0 at nell0 socket 0
wi0 at pcmcia0 function 0: NETGEAR MA401RA Wireless PC, Card, ISL37300PEval-RevA
wi0: 802.11 address 00:09:5b:54:f1:e5
wi0: using RF:PRISM2.5 MAC:ISL3873B(PCMCIA)
wi0: Intersil Firmware: Primary (1.1.1), Station (1.7.4)
wi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
pcmcia1 at nell0 socket 1


>Description:

	Pulling an active PRISM2.5 wi card from an sbus nell bridge
	panics my ss10 reproducibly.

Stack trace 1:
==============

# sparc smp kernel from netbsd-2-0 sources of 2004-05-20, pull wi pcmcia card

wi0 detached
data fault: pc=0xf01738d4 addr=0xf0b62150 sfsr=326<PERR=0,LVL=3,AT=1,FT=1,FAV,OW
>
xcall(cpu1,0xf00088c0): couldn't ping cpus:0: xcall at lvl 15 from 0xf0137de8 cpu0
panic: kernel fault
Stopped in pid 1246.1 (xterm) at        netbsd:cpu_Debugger+0x4:        or   %o7, %g0, %g1
db{0}> t
cpu_Debugger(0xf025f3f0, 0xf01738d4, 0x100, 0xf0274268, 0x1e, 0xf027ec00) at netbsd:mem_access_fault4m+0x168
mem_access_fault4m(0x9, 0x326, 0xf0b62150, 0xf0274310, 0xf02747ec, 0xf01738d4) at 0xf000625c
0xf000625c(0xf0c04080, 0xf0ad673a, 0x6, 0x1, 0xf5e1ab14, 0xffff) at netbsd:bridge_input+0x28
bridge_input(0xf0ad6740, 0xf0ad6700, 0x0, 0x3c, 0x0, 0x51a2d4) at netbsd:ether_input+0x674
ether_input(0xf0b65c38, 0xf0ad6700, 0x0, 0x100, 0x0, 0xf0f99658) at netbsd:hme_read+0x70
hme_read(0xf0b65c00, 0x21, 0xf0ad6700, 0xf0d9e204, 0x0, 0x18) at netbsd:hme_rint+0x94
hme_rint(0xf0b65c00, 0x10001, 0x100, 0x6, 0x5, 0xf0f99644) at netbsd:hme_intr+0x64
hme_intr(0xf0b65c00, 0xf007604c, 0x700, 0x408000e0, 0x538, 0xf0274520) at netbsd:sparc_interrupt44c+0x150
sparc_interrupt44c(0x0, 0xf0f99644, 0xf0274680, 0x40000000, 0x17, 0x14) at netbsd:fr_check+0x1f0
fr_check(0xf0f99644, 0x14, 0xf02e1f08, 0x0, 0xf02747ec, 0x7f000001) at netbsd:fr_check_wrapper+0x60
fr_check_wrapper(0xf0f99644, 0xf02747ec, 0xf02e1f08, 0x1, 0xf5e1ab14, 0xffff) at netbsd:pfil_run_hooks+0x60
pfil_run_hooks(0xf02d184c, 0xf02748ac, 0xf02e1f08, 0x1, 0x0, 0xf0f99658) at netbsd:ip_input+0xbb8
ip_input(0xf0f99600, 0xff, 0x1000000, 0x100, 0x0, 0xf0f99658) at netbsd:ipintr+0x88
ipintr(0xf02dedfc, 0xf0243458, 0x356, 0xf0d9e204, 0x0, 0xf0f99644) at netbsd:softnet+0x7c
softnet(0xf0274998, 0xf01f3a28, 0x100, 0x408000e7, 0x538, 0x28) at 0xf00066c0
0xf00066c0(0x0, 0x9, 0x0, 0x0, 0xf0d83a18, 0x100) at netbsd:sosend+0x490
sosend(0x0, 0x0, 0xf5e1ae28, 0xf0ad6c00, 0x0, 0x0) at netbsd:soo_write+0x20
soo_write(0xf4ef02f8, 0xf4ef0320, 0xf5e1ae28, 0xf0cd3680, 0x1, 0x0) at netbsd:dofilewrite+0x80
dofilewrite(0x16, 0x3, 0xf4ef02f8, 0x74000, 0x258, 0x258) at netbsd:sys_write+0x84
sys_write(0x3, 0xf5e1af28, 0xf5e1af20, 0x0, 0xf5e1b000, 0xf5e1ae3c) at netbsd:syscall+0x1d0
syscall(0x4, 0xf5e1afb0, 0x1048ea34, 0xd2e, 0x400, 0xf5e1af28) at 0xf0006524
db{0}> reboot
syncing disks... xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf0007b9c): couldn't ping cpus: cpu1
xcall(cpu0,0xf0007b9c): couldn't ping cpus: cpu1
xcall(cpu0,0xf0007b9c): couldn't ping cpus: cpu1
xcall(cpu0,0xf0007b9c): couldn't ping cpus: cpu1
xcall(cpu0,0xf0007b9c): couldn't ping cpus: cpu1
xcall(cpu0,0xf0007b9c): couldn't ping cpus: cpu1
xcall(cpu0,0xf0007b9c): couldn't ping cpus: cpu1
xcall(cpu0,0xf0007b9c): couldn't ping cpus: cpu1
xcall(cpu0,0xf0007b9c): couldn't ping cpus: cpu1
xcall(cpu0,0xf0007b9c): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf01f9508): couldn't ping cpus: cpu1
xcall(cpu0,0xf0007b9c): couldn't ping cpus: cpu1
data fault: pc=0xf01738d4 addr=0xf0b62150 sfsr=326<PERR=0,LVL=3,AT=1,FT=1,FAV,OW
>
panic: kernel fault
Stopped in pid 7.1 (aiodoned) at        netbsd:cpu_Debugger+0x4:        or  %o7, %g0, %g1
db{0}> reboot
rebooting

Stack trace 2:
==============


wi0 detached
panic: lockmgr: no context
Stopped at      netbsd:cpu_Debugger+0x4:        or              %o7, %g0, %g1
db{0}> t
cpu_Debugger(0xf0243778, 0xf0243468, 0x100, 0x0, 0x8b63, 0xf027ec00) at netbsd:_lockmgr+0x2a4
_lockmgr(0xf029d144, 0x1, 00x0, 0xf024ecd0, 0x93, 0x2) at netbsd:uvmfault_lookup+0x21c
uvmfault_lookup(0xf0274588, 0x0, 0x356, 0x408000e7, 0x538, 0xf0274900) at netbsd:uvm_fault+0x58
uvm_fault(0xf029d140, 0xf0b62000, 0x0, 0x1, 0x538, 0x8) at netbsd:mem_access_fault4m+0x3d8
mem_access_fault4m(0x9, 0x326, 0xf0b62150, 0xf02746f0, 0xf48d6c48, 0xf01738e4) at 0xf000625c
0xf000625c(0xf0ba7e80, 0xf0c8b33a, 0x6, 0x0, 0x400, 0xf4974f28) at netbsd:bridge_input+0x28
bridge_input(0xf0c8b340, 0xf0c8b300, 0x0, 0x3c, 0x0, 0x20a8c) at netbsd:ether_input+0x674
ether_input(0xf0b65c38, 0xf0c8b300, 0x0, 0x40800be4, 0x200, 0x2b) at netbsd:hme_read+0x70
hme_read(0xf0b65c00, 0x51, 0xf0c8b300, 0x0, 0x8b63, 0x0) at netbsd:hme_rint+0x94
hme_rint(0xf0b65c00, 0x10001, 0x100, 0x0, 0x40100, 0x2) at netbsd:hme_intr+0x64
hme_intr(0xf0b65c00, 0xf007604c, 0x700, 0x408000e7, 0x538, 0xf0274900) at netbsd:sparc_interrupt44c+0x150
sparc_interrupt44c(0xf027e768, 0xf0245af0, 0x292, 0x0, 0x0, 0x8) at netbsd:switchexit+0xfc 
db{0}>


>How-To-Repeat:
	Set up a Sparcstation 10 as wlan access point, pull active wi
	card.

>Fix:
	No idea.
>Release-Note:
>Audit-Trail:
>Unformatted: