Bug 213147 - rmmod xennet crashes domU
Summary: rmmod xennet crashes domU
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel-xen (Show other bugs)
(Show other bugs)
Version: 6
Hardware: All Linux
Target Milestone: ---
Assignee: Glauber Costa
QA Contact: Virtualization Bugs
Depends On:
TreeView+ depends on / blocked
Reported: 2006-10-30 23:05 UTC by Itamar Reis Peixoto
Modified: 2009-12-14 20:38 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-02-26 23:36:33 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Solution proposal #1 (1.70 KB, patch)
2006-11-16 01:39 UTC, Glauber Costa
no flags Details | Diff

Description Itamar Reis Peixoto 2006-10-30 23:05:48 UTC
Description of problem:

rmmod xennet crashes domU

Version-Release number of selected component (if applicable):
kernel 2.6.18-1.2798.fc6xen 

How reproducible:
rmmod xennet

WARNING: g.e. still in use!
WARNING: leaking g.e. and page still in use!
WARNING: g.e. still in use!
WARNING: leaking g.e. and page still in use!
------------[ cut here ]------------
kernel BUG at net/core/dev.c:3298!
invalid opcode: 0000 [#1]
last sysfs file: /class/net/lo/type
Modules linked in: ipt_LOG xt_limit xt_state iptable_filter ip_conntrack_ftp
ip_conntrack nfnetlink ip_tables x_tables xennet ipv6 dm_mirror dm_mod lp
parport_pc parport pcspkr xenblk ext3 jbd ehci_hcd ohci_hcd uhci_hcd
CPU:    0
EIP:    0061:[<c05acc81>]    Not tainted VLI
EFLAGS: 00010293   (2.6.18-1.2798.fc6xen #1) 
EIP is at free_netdev+0x1e/0x3b
eax: 00000001   ebx: d6028400   ecx: ffffffff   edx: d6028000
esi: c0acd200   edi: d90ad524   ebp: cb796000   esp: cb796f10
ds: 007b   es: 007b   ss: 0069
Process rmmod (pid: 2193, ti=cb796000 task=c4282dd0 task.ti=cb796000)
Stack: d90a739f d90ad500 c054c4d6 c0acd2cc c0acd224 c05416a4 c0acd224 c0687728 
       d90ad524 c0541999 d90ad524 00000000 c0687550 c0540e3b d90ad524 00000020 
       00000000 c0541aac d90ad700 c0436a25 6e6e6578 d2007465 00000000 d2ffd754 
Call Trace:
 [<d90a739f>] netfront_remove+0x16/0x1a [xennet]
 [<c054c4d6>] xenbus_dev_remove+0x27/0x38
 [<c05416a4>] __device_release_driver+0x60/0x78
 [<c0541999>] driver_detach+0x99/0xc9
 [<c0540e3b>] bus_remove_driver+0x5a/0x78
 [<c0541aac>] driver_unregister+0x8/0x13
 [<c0436a25>] sys_delete_module+0x192/0x1b9
 [<c0404ea7>] syscall_call+0x7/0xb
DWARF2 unwinder stuck at syscall_call+0x7/0xb

Leftover inexact backtrace:

Code: 97 e6 ff e8 34 a8 05 00 e9 19 f7 e7 ff 89 c2 8b 80 94 02 00 00 85 c0 75 0d
0f b7 42 64 29 c2 89 d0 e9 d7 50 eb ff 83 f8 03 74 08 <0f> 0b e2 0c 37 c6 64 c0
c7 82 94 02 00 00 04 00 00 00 8d 82 f0 
EIP: [<c05acc81>] free_netdev+0x1e/0x3b SS:ESP 0069:cb796f10

Comment 1 Itamar Reis Peixoto 2006-10-30 23:16:00 UTC
I am sorry I have clicked 2 times on commit.

Comment 2 Glauber Costa 2006-11-15 14:49:39 UTC
I can reproduce it, and right now, I have a fix for it that allows xennet to be
removed without any crashes. However, I'm still unable to modprobe it back after
it. I'm assuming you want the complete fix, so I'm expecting to patch and post
it soon.

This is just to let you know there's someone working on this ;-)

Comment 3 Glauber Costa 2006-11-16 01:39:38 UTC
Created attachment 141328 [details]
Solution proposal #1

Ok, mainly, the problem is that upon device removal, the interface devices were
still connected. As the unregistering routines were not being called were they
ought to be, voila: bugs triggered in lower layers. 

This patch (both to backend and frontend) fix this, but I'm not 100 % sure that
it does so in the most elegant way. Let's see what upstream says.

Comment 4 Red Hat Bugzilla 2007-07-25 01:34:41 UTC
change QA contact

Comment 5 Chris Lalancette 2008-02-26 23:36:33 UTC
This report targets FC6, which is now end-of-life.

Please re-test against Fedora 7 or later, and if the issue persists, open a new bug.


Note You need to log in before you can comment on or make changes to this bug.