Bug 694737

Summary: bnx2 panic kernel when load/unload module
Product: Red Hat Enterprise Linux 6 Reporter: Hushan Jia <hjia>
Component: kernelAssignee: Neil Horman <nhorman>
Status: CLOSED DUPLICATE QA Contact: Network QE <network-qe>
Severity: high Docs Contact:
Priority: high    
Version: 6.1CC: nhorman
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-06 17:19:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
patch to survive preempt count leaks
none
patch to prevent arming timer in bnx2 none

Description Hushan Jia 2011-04-08 07:51:20 UTC 
Description of problem:
when doing module load/unload testing for bnx2 driver on ibm-ls21-7972-01.rhts.eng.bos.redhat.com, kernel evently get panic.

Version-Release number of selected component (if applicable):
snap3, -130.el6

How reproducible:
always

Steps to Reproduce:
1. 	i=0
 	while [ "$i" -lt 100 ]; do
		modprobe -r bnx2
		modprobe bnx2
	done
2.
3.
  
Actual results:
panic

Expected results:
driver should init well, no panic

Additional info:
console log:
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
bnx2 0000:02:05.0: eth1: Broadcom NetXtreme II BCM5706 1000Base-SX (A2) PCI-X 64-bit 100MHz found at mem e4000000, IRQ 18, node addr 00:14:5e:b3:00:fc
bnx2 0000:02:05.0: PCI INT A disabled
bnx2 0000:02:04.0: PCI INT A disabled
bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.1.6 (Mar 7, 2011)
bnx2 0000:02:04.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
invalid opcode: 0000 [#1] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:01.0/0000:01:0d.0/0000:02:05.0/device
CPU 1 
Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4 shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mod [last unloaded: bnx2]

Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4 shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mod [last unloaded: bnx2]
Pid: 23900, comm: pidof Not tainted 2.6.32-130.el6.x86_64 #1 BladeCenter LS21 -[797251Z]-
RIP: 0010:[<ffffffffa058b270>]  [<ffffffffa058b270>] 0xffffffffa058b270
RSP: 0018:ffff880002083e48  EFLAGS: 00010246
RAX: ffff880002083e90 RBX: ffff88007ccd4000 RCX: 0000000000000000
RDX: 0000000000000100 RSI: dead000000200200 RDI: ffff8800007b8700
RBP: ffff880002083ed0 R08: ffff88000208db40 R09: 0000022d191d27c8
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800007b9bc8
R13: ffff880002083e90 R14: ffff8800007b8700 R15: ffffffffa058b270
FS:  00007fbb3bcf7700(0000) GS:ffff880002080000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001664a98 CR3: 0000000060395000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process pidof (pid: 23900, threadinfo ffff8800007e8000, task ffff8800091c0040)
Stack:
 ffffffff81079f77 ffffffff8109e010 ffff88007ccd5c20 ffff88007ccd5820
<0> ffff88007ccd5420 ffff8800007e9fd8 ffff8800007e9fd8 0000010000000000
<0> ffff88007ccd5020 ffff880002083e90 ffff880002083e90 ffffffff8102a00d
Call Trace:
 <IRQ> 
 [<ffffffff81079f77>] ? run_timer_softirq+0x197/0x340
 [<ffffffff8109e010>] ? tick_sched_timer+0x0/0xc0
 [<ffffffff8102a00d>] ? lapic_next_event+0x1d/0x30
 [<ffffffff8106f737>] __do_softirq+0xb7/0x1e0
 [<ffffffff81092cc0>] ? hrtimer_interrupt+0x140/0x250
 [<ffffffff81185f90>] ? filldir+0x0/0xe0
 [<ffffffff8100c2cc>] call_softirq+0x1c/0x30
 [<ffffffff8100df05>] do_softirq+0x65/0xa0
 [<ffffffff8106f525>] irq_exit+0x85/0x90
 [<ffffffff814e3340>] smp_apic_timer_interrupt+0x70/0x9b
 [<ffffffff8100bc93>] apic_timer_interrupt+0x13/0x20
 <EOI> 
 [<ffffffff81211ba5>] ? selinux_file_permission+0x45/0x150
 [<ffffffff81262a75>] ? _atomic_dec_and_lock+0x55/0x80
 [<ffffffff812050c6>] security_file_permission+0x16/0x20
 [<ffffffff811861c1>] vfs_readdir+0x71/0xe0
 [<ffffffff81186399>] sys_getdents+0x89/0xf0
 [<ffffffff8100b172>] system_call_fastpath+0x16/0x1b
Code: ff ff ff 85 52 00 00 00 00 00 00 02 00 00 00 19 01 00 00 fc ff ff ff ff ff ff ff 96 52 00 00 00 00 00 00 0b 00 00 00 17 00 00 00 <60> 07 00 00 00 00 00 00 e6 52 00 00 00 00 00 00 0b 00 00 00 17 
RIP  [<ffffffffa058b270>] 0xffffffffa058b270
 RSP <ffff880002083e48>
---[ end trace 9c4d2fc151c686f1 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Pid: 23900, comm: pidof Tainted: G      D    ----------------   2.6.32-130.el6.x86_64 #1
Call Trace:
 <IRQ>  [<ffffffff814da981>] ? panic+0x78/0x143
 [<ffffffff814de9d2>] ? oops_end+0xf2/0x100
 [<ffffffff8100f2fb>] ? die+0x5b/0x90
 [<ffffffff814de294>] ? do_trap+0xc4/0x160
 [<ffffffff8100ceb5>] ? do_invalid_op+0x95/0xb0
 [<ffffffff81050955>] ? select_idle_sibling+0x95/0x150
 [<ffffffff8101ad16>] ? x86_pmu_enable_all+0x66/0x80
 [<ffffffff8101c1d4>] ? x86_pmu_enable+0x114/0x280
 [<ffffffff8100bf5b>] ? invalid_op+0x1b/0x20
 [<ffffffff81079f77>] ? run_timer_softirq+0x197/0x340
 [<ffffffff8109e010>] ? tick_sched_timer+0x0/0xc0
 [<ffffffff8102a00d>] ? lapic_next_event+0x1d/0x30
 [<ffffffff8106f737>] ? __do_softirq+0xb7/0x1e0
bnx2 0000:02:04.0: firmware: requesting bnx2/bnx2-mips-06-6.2.1.fw

Message from  [<ffffffff81092cc0>] ? hrtimer_interrupt+0x140/0x250
syslogd@dhcp70-1 [<ffffffff81185f90>] ? filldir+0x0/0xe0
73 at Apr  8 03: [<ffffffff8100c2cc>] ? call_softirq+0x1c/0x30
19:10 ...
 ker [<ffffffff8100df05>] ? do_softirq+0x65/0xa0
nel:invalid opco [<ffffffff8106f525>] ? irq_exit+0x85/0x90
bnx2 0000:02:04.0: firmware: requesting bnx2/bnx2-rv2p-06-6.0.15.fw
de: 0000 [#1] SM [<ffffffff814e3340>] ? smp_apic_timer_interrupt+0x70/0x9b
P 

Message [<ffffffff8100bc93>] ? apic_timer_interrupt+0x13/0x20
 from syslogd@dh <EOI> cp70-173 at Apr  [<ffffffff81211ba5>] ? selinux_file_permission+0x45/0x150
 [<ffffffff81262a75>] ? _atomic_dec_and_lock+0x55/0x80

 kernel:last s [<ffffffff812050c6>] ? security_file_permission+0x16/0x20
ysfs file: /sys/ [<ffffffff811861c1>] ? vfs_readdir+0x71/0xe0
devices/pci0000: [<ffffffff81186399>] ? sys_getdents+0x89/0xf0
00/0000:00:01.0/ [<ffffffff8100b172>] ? system_call_fastpath+0x16/0x1b
0000:01:0d.0/000panic occurred, switching back to text console
BUG: scheduling while atomic: pidof/23900/0x10000100
Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4 shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mod [last unloaded: bnx2]
CPU 1:
Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4 shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mod [last unloaded: bnx2]
Pid: 23900, comm: pidof Tainted: G      D    ----------------   2.6.32-130.el6.x86_64 #1 BladeCenter LS21 -[797251Z]-
RIP: 0010:[<ffffffff81211ba5>]  [<ffffffff81211ba5>] selinux_file_permission+0x45/0x150
RSP: 0018:ffff8800007e9ea8  EFLAGS: 00000246
RAX: 0000000000000086 RBX: ffff8800007e9ec8 RCX: ffff880065661c60
RDX: ffff88007d003cf8 RSI: 0000000000000004 RDI: ffff880055d89c80
RBP: ffffffff8100bc8e R08: 0000000001143038 R09: 0000000000000010
R10: 0000000000001000 R11: 0000000000000246 R12: ffff8800379c4890
R13: ffff8800007e9e68 R14: 0000000000000297 R15: ffff8800007e9e58
FS:  00007fbb3bcf7700(0000) GS:ffff880002080000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001664a98 CR3: 0000000060395000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 [<ffffffff81262a75>] ? _atomic_dec_and_lock+0x55/0x80
 [<ffffffff812050c6>] ? security_file_permission+0x16/0x20
 [<ffffffff811861c1>] ? vfs_readdir+0x71/0xe0
 [<ffffffff81186399>] ? sys_getdents+0x89/0xf0
 [<ffffffff8100b172>] ? system_call_fastpath+0x16/0x1b
Comment 1 Neil Horman 2011-04-11 13:28:42 UTC 
Its a BUG halt in __run_timers that stems from the pre-empt count changing before and after a timer is run.  Unfortunately the way its coded up makes it all but impossible to tell which timer it is thats changing the pre-empt count.  Ostensibly it would be bnx2, but thats not guaranteed, as there are lots of in-flight timers, and the bnx2 timer should be cancelled before its removed.  The fact that we bug halt in the calling function makes it very tough to determine who is doing this.  For that reason upstream changed the bug halt to a WARN_ON so we could try to determine what else might be going on.  I'll backport that patch in a sec and hopefully it will allow us more insight to the problem.
Comment 2 Neil Horman 2011-04-11 13:37:55 UTC 
Created attachment 491240 [details]
patch to survive preempt count leaks

Hey, heres a backport of 802702e0c2618465b813242d4dfee6a233ba0beb and 576da126a6c7364d70dfd58d0bbe43d05cf5859f.  It will prevent the oops from being fatal and give us a chance to see where the preempt leak is really comming from.  Could you please build a kernel with it and run your test again?  Thanks!
Comment 3 Neil Horman 2011-04-11 13:39:53 UTC 
Also, I'm going to move this to 6.2.  Given the reproducer, it appears it takes a significant amount of stress by the local root user in a very specific sort of way to cause this to happen.  I think it can wait for 6.2.
Comment 4 Hushan Jia 2011-04-13 03:35:54 UTC 
Hi Neil, on the patched kernel, it oops, but with a different trace:

# uname -r
2.6.32-130.el6.bz694737.x86_64

general protection fault: 0000 [#1] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:01.0/0000:01:0d.0/0000:02:04.0/device
CPU 3 
Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg microcode serio_raw k8temp amd64_edac_mod edac_core edac_mce_amd i2c_piix4 shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit
bnx2 0000:02:04.0: firmware: requesting bnx2/bnx2-mips-06-6.2.1.fw
bnx2 0000:02:04.0: firmware: requesting bnx2/bnx2-rv2p-06-6.0.15.fw
bnx2 0000:02:04.0: eth0: Broadcom NetXtreme II BCM5706 1000Base-SX (A2) PCI-X 64-bit 100MHz found at mem e2000000, IRQ 17, node addr 00:14:5e:6d:30:fc
bnx2 0000:02:05.0: PCI INT A -> GSI 18 (level, low) -> IRQ 18
 i2c_core dm_mod [last unloaded: bnx2]

Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg microcode serio_raw k8temp amd64_edac_mod edac_core edac_mce_amd i2c_piix4 shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit
bnx2 0000:02:05.0: firmware: requesting bnx2/bnx2-mips-06-6.2.1.fw
bnx2 0000:02:05.0: firmware: requesting bnx2/bnx2-rv2p-06-6.0.15.fw
bnx2 0000:02:05.0: eth1: Broadcom NetXtreme II BCM5706 1000Base-SX (A2) PCI-X 64-bit 100MHz found at mem e4000000, IRQ 18, node addr 00:14:5e:b3:00:fc
 i2c_core dm_mod [last unloaded: bnx2]
Pid: 0, comm: swapper Not tainted 2.6.32-130.el6.bz694737.x86_64 #1 BladeCenter LS21 -[797251Z]-
RIP: 0010:[<ffffffffa0dca009>]  [<ffffffffa0dca009>] 0xffffffffa0dca009
RSP: 0018:ffff880002183e38  EFLAGS: 00010a07
RAX: ffff880002183e90 RBX: ffff88007cd18000 RCX: 0000000000000001
RDX: ffff880002183e90 RSI: 0000000000000000 RDI: ffff880029648700
RBP: ffff880002183ed0 R08: 0000000000000000 R09: 000005a32eb44818
R10: ffff880029648700 R11: 0000000000000000 R12: ffff880029649bc8
R13: ffff880002183e90 R14: 0000000000000100 R15: ffff88007cd41fd8
FS:  00007f2e18813700(0000) GS:ffff880002180000(0000) knlGS:0000000000000000
CS:  0010 DS:  DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 00007f09d4608140 CR3: 000000007ace5000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 [<ffffffff814e0a66>] ? notifier_call_chain+0x16/0x80
 [<ffffffff810142fd>] ? default_idle+0x4d/0xb0
 [<ffffffff810143c3>] ? c1e_idle+0x63/0x120
 [<ffffffff81009e96>] ? cpu_idle+0xb6/0x110
 [<ffffffff814d4664>] ? start_secondary+0x202/0x245
BUG: scheduling while atomic: swapper/0/0x10000100
Modules linked in: bnx2(-) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg microcode serio_raw k8temp amd64_edac_mod edac_core edac_mce_amd i2c_piix4 shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mod [last unloaded: bnx2]
CPU 3:
Modules linked in: bnx2(-) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg microcode serio_raw k8temp amd64_edac_mod edac_core edac_mce_amd i2c_piix4 shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mod [last unloaded: bnx2]
Pid: 0, comm: swapper Not tainted 2.6.32-130.el6.bz694737.x86_64 #1 BladeCenter LS21 -[797251Z]-
RIP: 0010:[<ffffffff810362ab>]  [<ffffffff810362ab>] native_safe_halt+0xb/0x10
RSP: 0018:ffff88007cd41ea8  EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff88007cd41ea8 RCX: 0000000003000000
RDX: 0000000000000000 RSI: ffff88007cd41ee4 RDI: 0000000003000000
RBP: ffffffff8100bc8e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8160b060
R13: 0000000000000000 R14: ffff880002195f80 R15: ffff88007cd41e38
FS:  00007f2e18813700(0000) GS:ffff880002180000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 00007f09d4560448 CR3: 000000007ace5000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 [<ffffffff814e0a66>] ? notifier_call_chain+0x16/0x80
 [<ffffffff810142fd>] ? default_idle+0x4d/0xb0
 [<ffffffff810143c3>] ? c1e_idle+0x63/0x120
 [<ffffffff81009e96>] ? cpu_idle+0xb6/0x110
 [<ffffffff814d4664>] ? start_secondary+0x202/0x245
---[ end trace 996e3d14436bb5c5 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Pid: 0, comm: swapper Tainted: G      D    ----------------   2.6.32-130.el6.bz694737.x86_64 #1
Call Trace:
 <IRQ>  [<ffffffff814da9e1>] ? panic+0x78/0x143
 [<ffffffff814dea32>] ? oops_end+0xf2/0x100
 [<ffffffff8100f2fb>] ? die+0x5b/0x90
 [<ffffffff814de592>] ? do_general_protection+0x152/0x160
 [<ffffffff814ddd65>] ? general_protection+0x25/0x30
 [<ffffffff81079f53>] ? run_timer_softirq+0x173/0x3a0
 [<ffffffff8109e070>] ? tick_sched_timer+0x0/0xc0
 [<ffffffff8102a00d>] ? lapic_next_event+0x1d/0x30
 [<ffffffff8106f737>] ? __do_softirq+0xb7/0x1e0
 [<ffffffff81092d20>] ? hrtimer_interrupt+0x140/0x250
 [<ffffffff8100c2cc>] ? call_softirq+0x1c/0x30
 [<ffffffff8100df05>] ? do_softirq+0x65/0xa0
 [<ffffffff8106f525>] ? irq_exit+0x85/0x90
 [<ffffffff814e33a0>] ? smp_apic_timer_interrupt+0x70/0x9b
 [<ffffffff8100bc93>] ? apic_timer_interrupt+0x13/0x20
 <EOI>  [<ffffffff810362ab>] ? native_safe_halt+0xb/0x10
 [<ffffffff814e0a66>] ? notifier_call_chain+0x16/0x80
 [<ffffffff810142fd>] ? default_idle+0x4d/0xb0
 [<ffffffff810143c3>] ? c1e_idle+0x63/0x120
 [<ffffffff81009e96>] ? cpu_idle+0xb6/0x110
 [<ffffffff814d4664>] ? start_secondary+0x202/0x245
panic occurred, switching back to text console
BUG: scheduling while atomic: swapper/0/0x10000100
Modules linked in: bnx2(-) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg microcode serio_raw k8temp amd64_edac_mod edac_core edac_mce_amd i2c_piix4 shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mod [last unloaded: bnx2]
CPU 3:
Modules linked in: bnx2(-) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg microcode serio_raw k8temp amd64_edac_mod edac_core edac_mce_amd i2c_piix4 shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mod [last unloaded: bnx2]
Pid: 0, comm: swapper Tainted: G      D    ----------------   2.6.32-130.el6.bz694737.x86_64 #1 BladeCenter LS21 -[797251Z]-
RIP: 0010:[<ffffffff810362ab>]  [<ffffffff810362ab>] native_safe_halt+0xb/0x10
RSP: 0018:ffff88007cd41ea8  EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff88007cd41ea8 RCX: 0000000003000000
RDX: 0000000000000000 RSI: ffff88007cd41ee4 RDI: 0000000003000000
RBP: ffffffff8100bc8e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8160b060
R13: 0000000000000000 R14: ffff880002195f80 R15: ffff88007cd41e38
FS:  00007f09d2f1c7a0(0000) GS:ffff880002180000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 00007f09d4652bb0 CR3: 0000000001a25000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 [<ffffffff814e0a66>] ? notifier_call_chain+0x16/0x80
 [<ffffffff810142fd>] ? default_idle+0x4d/0xb0
 [<ffffffff810143c3>] ? c1e_idle+0x63/0x120
 [<ffffffff81009e96>] ? cpu_idle+0xb6/0x110
 [<ffffffff814d4664>] ? start_secondary+0x202/0x245
Comment 5 Neil Horman 2011-04-14 15:30:02 UTC 
Created attachment 492150 [details]
patch to prevent arming timer in bnx2

Its a bit difficult to be sure, but I think we have a situation here in which the bnx2_timer function is running after the module has been removed.  Please test the above patch (in addition to the previous patch) on your reproducer.   Its not a final fix, but it will confirm if this is the problem for us.  Thanks!
Comment 7 Hushan Jia 2011-04-25 09:49:08 UTC 
With the second patch, kernel does not panic, but the interface is down, driver cant detect its link, so there is no network.

Settings for eth1:
	Supported ports: [ FIBRE ]
	Supported link modes:   1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Speed: Unknown!
	Duplex: Unknown! (255)
	Port: FIBRE
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: on
	Supports Wake-on: g
	Wake-on: g
	Link detected: no
Comment 8 Neil Horman 2011-04-26 20:38:43 UTC 
Ok, I've sent a patch for this upstream:
http://marc.info/?l=linux-netdev&m=130384983429440&w=2
Comment 9 Neil Horman 2011-04-29 19:39:54 UTC 
looks like it was accepted upstream, This will get pulled back during the 6.1 update cycle
Comment 10 Neil Horman 2011-05-06 17:19:08 UTC 
I just merged this commit in with my branch for the bnx2 6.2 update, so I'm going to close this as a dup of the omnibus update tracking bug for bnx2

*** This bug has been marked as a duplicate of bug 696756 ***