netbsd-bugs: port-i386/27124: ifconfig bge0/ifconfig wi0 causes hang

Subject: port-i386/27124: ifconfig bge0/ifconfig wi0 causes hang
To: None <gnats-bugs@gnats.NetBSD.org>
From: Alan Barrett <apb@cequrux.com>
List: netbsd-bugs
Date: 10/03/2004 19:26:58

>Number:         27124
>Category:       port-i386
>Synopsis:       ifconfig bge0/ifconfig wi0 causes hang
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    port-i386-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 03 17:29:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Alan Barrett
>Release:        NetBSD 2.0H
>Organization:
	Not much
>Environment:
System: NetBSD 2.0H i386
Architecture: i386
Machine: i386
>Description:
	Some sequences of ifconfig commands result in hangs.

>How-To-Repeat:

reboot to an environment with no configured network interfaces;
login as root on the console;
issue the following commands:

# /sbin/ifconfig -a
bge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
	capabilities=7<IP4CSUM,TCP4CSUM,UDP4CSUM>
	enabled=0
	address: 00:0b:db:dd:ad:6f
	media: Ethernet autoselect (none)
	status: no carrier
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 33196
	inet 127.0.0.1 netmask 0xff000000
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
pflog0: flags=0 mtu 33196
wi0: flags=8822<BROADCAST,NOTRAILERS,SIMPLEX,MULTICAST> mtu 1500
	ssid ""
	powersave off
	address: 00:02:2d:02:e0:8e
	media: IEEE802.11 autoselect (none)
# /sbin/ifconfig bge0 up
# /sbin/ifconfig bge0 down
# /sbin/ifconfig wi0 up

At this point, the machine hangs.  Pressing alt-control-escape in an
attempt to enter DDB does nothing.  Pressing alt-control-F2 in an
attempt to switch to a different wscons virtual console does nothing.

While I was trying to find the minimal set of commands necessary to
replicate this bug, I also observed a case in which the hang was
triggered by "ifconfig pflog0 down".  This makes me suspect that
the bge driver is corrupting memory in such a way that both the
pflog and wi driver sometimes crash.

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: