213142 – rmmod xennet crashes domU

Bug 213142 - rmmod xennet crashes domU

Summary: rmmod xennet crashes domU

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel-xen
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Herbert Xu
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	216249
TreeView+	depends on / blocked

Reported:	2006-10-30 22:54 UTC by Itamar Reis Peixoto
Modified:	2009-12-14 20:38 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-02-26 23:36:14 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Itamar Reis Peixoto 2006-10-30 22:54:50 UTC

Description of problem:

rmmod xennet crashes domU


Version-Release number of selected component (if applicable):
kernel 2.6.18-1.2798.fc6xen 


How reproducible:
rmmod xennet

WARNING: g.e. still in use!
WARNING: leaking g.e. and page still in use!
WARNING: g.e. still in use!
WARNING: leaking g.e. and page still in use!
------------[ cut here ]------------
kernel BUG at net/core/dev.c:3298!
invalid opcode: 0000 [#1]
SMP 
last sysfs file: /class/net/lo/type
Modules linked in: ipt_LOG xt_limit xt_state iptable_filter ip_conntrack_ftp
ip_conntrack nfnetlink ip_tables x_tables xennet ipv6 dm_mirror dm_mod lp
parport_pc parport pcspkr xenblk ext3 jbd ehci_hcd ohci_hcd uhci_hcd
CPU:    0
EIP:    0061:[<c05acc81>]    Not tainted VLI
EFLAGS: 00010293   (2.6.18-1.2798.fc6xen #1) 
EIP is at free_netdev+0x1e/0x3b
eax: 00000001   ebx: d6028400   ecx: ffffffff   edx: d6028000
esi: c0acd200   edi: d90ad524   ebp: cb796000   esp: cb796f10
ds: 007b   es: 007b   ss: 0069
Process rmmod (pid: 2193, ti=cb796000 task=c4282dd0 task.ti=cb796000)
Stack: d90a739f d90ad500 c054c4d6 c0acd2cc c0acd224 c05416a4 c0acd224 c0687728 
       d90ad524 c0541999 d90ad524 00000000 c0687550 c0540e3b d90ad524 00000020 
       00000000 c0541aac d90ad700 c0436a25 6e6e6578 d2007465 00000000 d2ffd754 
Call Trace:
 [<d90a739f>] netfront_remove+0x16/0x1a [xennet]
 [<c054c4d6>] xenbus_dev_remove+0x27/0x38
 [<c05416a4>] __device_release_driver+0x60/0x78
 [<c0541999>] driver_detach+0x99/0xc9
 [<c0540e3b>] bus_remove_driver+0x5a/0x78
 [<c0541aac>] driver_unregister+0x8/0x13
 [<c0436a25>] sys_delete_module+0x192/0x1b9
 [<c0404ea7>] syscall_call+0x7/0xb
DWARF2 unwinder stuck at syscall_call+0x7/0xb

Leftover inexact backtrace:

 =======================
Code: 97 e6 ff e8 34 a8 05 00 e9 19 f7 e7 ff 89 c2 8b 80 94 02 00 00 85 c0 75 0d
0f b7 42 64 29 c2 89 d0 e9 d7 50 eb ff 83 f8 03 74 08 <0f> 0b e2 0c 37 c6 64 c0
c7 82 94 02 00 00 04 00 00 00 8d 82 f0 
EIP: [<c05acc81>] free_netdev+0x1e/0x3b SS:ESP 0069:cb796f10

Comment 1 Herbert Xu 2006-10-31 02:12:50 UTC

This is a deficiency in the grant table mechanism where it can't currently wait
on  live entries for their destruction.  If upstream's plan to use copying
instead of flipping gets extended to the domU=>dom0 direction this should no
longer be an issue.

Comment 2 Red Hat Bugzilla 2007-07-25 01:34:31 UTC

change QA contact

Comment 3 Chris Lalancette 2008-02-26 23:36:14 UTC

This report targets FC6, which is now end-of-life.

Please re-test against Fedora 7 or later, and if the issue persists, open a new bug.

Thanks

Note You need to log in before you can comment on or make changes to this bug.