netbsd-bugs: kern/27144: panic: trap in wi(4)

Subject: kern/27144: panic: trap in wi(4)
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <andreas@planix.com>
List: netbsd-bugs
Date: 10/04/2004 19:56:47
>Number:         27144
>Category:       kern
>Synopsis:       panic: trap in wi(4)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Oct 04 23:57:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Andreas Wrede <andreas@planix.com>
>Release:        NetBSD 2.99.9
>Organization:
Planix, Inc.
>Environment:
	
	
System: NetBSD woffi.planix.com 2.99.9 NetBSD 2.99.9 (WOFFI) #6: Sun Oct 3 19:32:44 EDT 2004 root@woffi.planix.com:/m5/netbsd-current/obj.i386/sys/arch/i386/compile/WOFFI i386
Architecture: i386
Machine: i386
>Description:
The kernel will panic in the wi(4) driver within a minute of 'ifconfig 
wi0 up'. The wi0 interface is configured in hostap mode and it is bridged 
to the Ethernet.

Other (ir)relevant info: 
i386/current, sources from yesterday evening
Kernel was built with 'options BRIDGE_IPF'
crash dump is availble.

From the boot messages:
wi0 at pcmcia0 function 0: <D, Link DWL-650 11Mbps WLAN Card, Version 01.02, >
wi0: 802.11 address 00:05:5d:d7:00:12
wi0: using RF:PRISM2.5 MAC:ISL3873B(PCMCIA)
wi0: Intersil Firmware: Primary (1.0.5), Station (1.3.4)
wi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps

[..]
uvm_fault(0xcd7f2b64, 0, 0, 2) -> 0xe
fatal page fault in supervisor mode
trap type 6 code 2 eip c039987a cs 8 eflags 10202 cr2 10 ilevel 7
panic: trap
Begin traceback...
trap() at netbsd:trap+0x155
--- trap (number 6) ---
ieee80211_find_txnode(c1aaa038,cdabdaa4,f2,60,aa950a00) at netbsd:ieee80211_find_txnode+0xda
ieee80211_encap(c1aaa038,c1dcf400,cdabdb00,c1aaa038,c060ada0) at netbsd:ieee80211_encap+0x4b
wi_start(c1aaa038,0,3b9aca00,1,0) at netbsd:wi_start+0x4a4
bridge_enqueue(c1dc2000,c1aaa038,c1dcf400,0,1) at netbsd:bridge_enqueue+0xce
bridge_output(c1a53044,c1dcf400,0,0,f2e20210) at netbsd:bridge_output+0x113
ether_output(c1a53044,c1dcf400,c1f43ce0,c1dd65b0,c1dcf400) at netbsd:ether_output+0x329
ip_output(c1dcf400,0,c1f43cdc,400,0) at netbsd:ip_output+0x61e
tcp_output(c1f4cda0,c1dcda00,4,0,cd9c9660) at netbsd:tcp_output+0x98b
tcp_usrreq(c1f4accc,9,c1dcda00,0,0) at netbsd:tcp_usrreq+0x3cb
sosend(c1f4accc,0,cdabdec4,c1dcda00,0) at netbsd:sosend+0x33b
soo_write(cd979938,cd979960,cdabdec4,cba58000,1) at netbsd:soo_write+0x22
dofilewrite(cd9c9660,6,cd979938,8097000,b0) at netbsd:dofilewrite+0x81
sys_write(cd6afef8,cdabdf64,cdabdf5c,0,c1a53000) at netbsd:sys_write+0x59
syscall_plain() at netbsd:syscall_plain+0x18f
--- syscall (number 4) ---
0x4825e92b:
End traceback...
syncing disks... 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 giving up
Printing vnodes for busy buffers
tag 1 type VBLK, usecount 216, writecount 0, refcount 21,
        tag VT_UFS, ino 404017, on dev 0, 0 flags 0x0, effnlink 1, nlink 1
        mode 060640, owner 0, group 5, size 0 not locked
giving up

dumping to dev 0,1 offset 1049479

>How-To-Repeat:

ifconfig wi0 nwid Planix nwkey XXXXXXXXXXXX media autoselect mediaopt hostap chan 11 down
ifconfig bridge0 create
brconfig bridge0 add wi0 add fxp0 up
ifconfig wi0 up

generate some traffic on the wi0 interface.
>Fix:
unknown
>Release-Note:
>Audit-Trail:
>Unformatted: