Description of problem: rmmod xennet crashes domU Version-Release number of selected component (if applicable): kernel 2.6.18-1.2798.fc6xen How reproducible: rmmod xennet WARNING: g.e. still in use! WARNING: leaking g.e. and page still in use! WARNING: g.e. still in use! WARNING: leaking g.e. and page still in use! ------------[ cut here ]------------ kernel BUG at net/core/dev.c:3298! invalid opcode: 0000 [#1] SMP last sysfs file: /class/net/lo/type Modules linked in: ipt_LOG xt_limit xt_state iptable_filter ip_conntrack_ftp ip_conntrack nfnetlink ip_tables x_tables xennet ipv6 dm_mirror dm_mod lp parport_pc parport pcspkr xenblk ext3 jbd ehci_hcd ohci_hcd uhci_hcd CPU: 0 EIP: 0061:[<c05acc81>] Not tainted VLI EFLAGS: 00010293 (2.6.18-1.2798.fc6xen #1) EIP is at free_netdev+0x1e/0x3b eax: 00000001 ebx: d6028400 ecx: ffffffff edx: d6028000 esi: c0acd200 edi: d90ad524 ebp: cb796000 esp: cb796f10 ds: 007b es: 007b ss: 0069 Process rmmod (pid: 2193, ti=cb796000 task=c4282dd0 task.ti=cb796000) Stack: d90a739f d90ad500 c054c4d6 c0acd2cc c0acd224 c05416a4 c0acd224 c0687728 d90ad524 c0541999 d90ad524 00000000 c0687550 c0540e3b d90ad524 00000020 00000000 c0541aac d90ad700 c0436a25 6e6e6578 d2007465 00000000 d2ffd754 Call Trace: [<d90a739f>] netfront_remove+0x16/0x1a [xennet] [<c054c4d6>] xenbus_dev_remove+0x27/0x38 [<c05416a4>] __device_release_driver+0x60/0x78 [<c0541999>] driver_detach+0x99/0xc9 [<c0540e3b>] bus_remove_driver+0x5a/0x78 [<c0541aac>] driver_unregister+0x8/0x13 [<c0436a25>] sys_delete_module+0x192/0x1b9 [<c0404ea7>] syscall_call+0x7/0xb DWARF2 unwinder stuck at syscall_call+0x7/0xb Leftover inexact backtrace: ======================= Code: 97 e6 ff e8 34 a8 05 00 e9 19 f7 e7 ff 89 c2 8b 80 94 02 00 00 85 c0 75 0d 0f b7 42 64 29 c2 89 d0 e9 d7 50 eb ff 83 f8 03 74 08 <0f> 0b e2 0c 37 c6 64 c0 c7 82 94 02 00 00 04 00 00 00 8d 82 f0 EIP: [<c05acc81>] free_netdev+0x1e/0x3b SS:ESP 0069:cb796f10
I am sorry I have clicked 2 times on commit.
I can reproduce it, and right now, I have a fix for it that allows xennet to be removed without any crashes. However, I'm still unable to modprobe it back after it. I'm assuming you want the complete fix, so I'm expecting to patch and post it soon. This is just to let you know there's someone working on this ;-)
Created attachment 141328 [details] Solution proposal #1 Ok, mainly, the problem is that upon device removal, the interface devices were still connected. As the unregistering routines were not being called were they ought to be, voila: bugs triggered in lower layers. This patch (both to backend and frontend) fix this, but I'm not 100 % sure that it does so in the most elegant way. Let's see what upstream says.
change QA contact
This report targets FC6, which is now end-of-life. Please re-test against Fedora 7 or later, and if the issue persists, open a new bug. Thanks