Bug 213142

Summary: rmmod xennet crashes domU
Product: [Fedora] Fedora Reporter: Itamar Reis Peixoto <itamar>
Component: kernel-xenAssignee: Herbert Xu <herbert.xu>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: bstein, xen-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-26 23:36:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 216249    

Description Itamar Reis Peixoto 2006-10-30 22:54:50 UTC 
Description of problem:

rmmod xennet crashes domU


Version-Release number of selected component (if applicable):
kernel 2.6.18-1.2798.fc6xen 


How reproducible:
rmmod xennet

WARNING: g.e. still in use!
WARNING: leaking g.e. and page still in use!
WARNING: g.e. still in use!
WARNING: leaking g.e. and page still in use!
------------[ cut here ]------------
kernel BUG at net/core/dev.c:3298!
invalid opcode: 0000 [#1]
SMP 
last sysfs file: /class/net/lo/type
Modules linked in: ipt_LOG xt_limit xt_state iptable_filter ip_conntrack_ftp
ip_conntrack nfnetlink ip_tables x_tables xennet ipv6 dm_mirror dm_mod lp
parport_pc parport pcspkr xenblk ext3 jbd ehci_hcd ohci_hcd uhci_hcd
CPU:    0
EIP:    0061:[<c05acc81>]    Not tainted VLI
EFLAGS: 00010293   (2.6.18-1.2798.fc6xen #1) 
EIP is at free_netdev+0x1e/0x3b
eax: 00000001   ebx: d6028400   ecx: ffffffff   edx: d6028000
esi: c0acd200   edi: d90ad524   ebp: cb796000   esp: cb796f10
ds: 007b   es: 007b   ss: 0069
Process rmmod (pid: 2193, ti=cb796000 task=c4282dd0 task.ti=cb796000)
Stack: d90a739f d90ad500 c054c4d6 c0acd2cc c0acd224 c05416a4 c0acd224 c0687728 
       d90ad524 c0541999 d90ad524 00000000 c0687550 c0540e3b d90ad524 00000020 
       00000000 c0541aac d90ad700 c0436a25 6e6e6578 d2007465 00000000 d2ffd754 
Call Trace:
 [<d90a739f>] netfront_remove+0x16/0x1a [xennet]
 [<c054c4d6>] xenbus_dev_remove+0x27/0x38
 [<c05416a4>] __device_release_driver+0x60/0x78
 [<c0541999>] driver_detach+0x99/0xc9
 [<c0540e3b>] bus_remove_driver+0x5a/0x78
 [<c0541aac>] driver_unregister+0x8/0x13
 [<c0436a25>] sys_delete_module+0x192/0x1b9
 [<c0404ea7>] syscall_call+0x7/0xb
DWARF2 unwinder stuck at syscall_call+0x7/0xb

Leftover inexact backtrace:

 =======================
Code: 97 e6 ff e8 34 a8 05 00 e9 19 f7 e7 ff 89 c2 8b 80 94 02 00 00 85 c0 75 0d
0f b7 42 64 29 c2 89 d0 e9 d7 50 eb ff 83 f8 03 74 08 <0f> 0b e2 0c 37 c6 64 c0
c7 82 94 02 00 00 04 00 00 00 8d 82 f0 
EIP: [<c05acc81>] free_netdev+0x1e/0x3b SS:ESP 0069:cb796f10
Comment 1 Herbert Xu 2006-10-31 02:12:50 UTC 
This is a deficiency in the grant table mechanism where it can't currently wait
on  live entries for their destruction.  If upstream's plan to use copying
instead of flipping gets extended to the domU=>dom0 direction this should no
longer be an issue.
Comment 2 Red Hat Bugzilla 2007-07-25 01:34:31 UTC 
change QA contact
Comment 3 Chris Lalancette 2008-02-26 23:36:14 UTC 
This report targets FC6, which is now end-of-life.

Please re-test against Fedora 7 or later, and if the issue persists, open a new bug.

Thanks