Bug #138: batman-adv: kernel crashes on module unload, < 2.6.28 - batman-adv - Open Mesh

Actions

Copy link

Bug #138

closed

batman-adv: kernel crashes on module unload, < 2.6.28

Added by Linus Lüssing over 14 years ago. Updated almost 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

2011.0.0

Start date:

Due date:

% Done:

Estimated time:

Description

[  165.437307] B.A.T.M.A.N. advanced devel (compatibility version 12) loaded
[  523.427091] BUG: unable to handle kernel paging request at d0836dc8
[  523.428061] IP: [<d0836dc8>]
[  523.428061] *pde = 0f804067 *pte = 00000000
[  523.428061] Oops: 0010 [#1] SMP
[  523.428061] Modules linked in: [last unloaded: batman_adv]
[  523.428061]
[  523.428061] Pid: 2514, comm: udevd Not tainted (2.6.27.46 #1)
[  523.428061] EIP: 0060:[<d0836dc8>] EFLAGS: 00010202 CPU: 0
[  523.428061] EIP is at 0xd0836dc8
[  523.428061] EAX: cec3d140 EBX: cec3d540 ECX: c0289ab2 EDX: cec3d140
[  523.428061] ESI: c120612c EDI: 00000002 EBP: cee35d60 ESP: cee35d50
[  523.428061]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[  523.428061] Process udevd (pid: 2514, ti=cee34000 task=cf82bb40 task.ti=cee34000)
[  523.428061] Stack: c0256012 c07bbaa0 c081d168 00000001 cee35d68 c025607f cee35d8c c0225bde
[  523.428061]        c0820580 c0820580 0000000a 00000000 00000046 00000000 c11dbf20 cee35d98
[  523.428061]        c0225c78 c1205104 cee35da0 c0225d7d cee35db0 c020f941 000000d7 cedf9a70
[  523.428061] Call Trace:
[  523.428061]  [<c0256012>] ? +rcu_process_callbacks+0x151/0x1a4
[  523.428061]  [<c025607f>] ? rcu_process_callbacks+0x1a/0x33
[  523.428061]  [<c0225bde>] ? +do_softirq+0x70/0xd5
[  523.428061]  [<c0225c78>] ? do_softirq+0x35/0x3a
[  523.428061]  [<c0225d7d>] ? irq_exit+0x38/0x6d
[  523.428061]  [<c020f941>] ? smp_apic_timer_interrupt+0x6f/0x7d
[  523.428061]  [<c02043cc>] ? apic_timer_interrupt+0x28/0x30
[  523.428061]  [<c021007b>] ? assign_irq_vector+0x6/0x2e
[  523.428061]  [<c02664b0>] ? +do_fault+0x219/0x326
[  523.428061]  [<c02679ac>] ? handle_mm_fault+0x277/0x57b
[  523.428061]  [<c05c4a73>] ? do_page_fault+0x2ee/0x689
[  523.428061]  [<c05c4785>] ? do_page_fault+0x0/0x689
[  523.428061]  [<c05c31ca>] ? error_code+0x72/0x78
[  523.428061]  [<c02aa8c5>] ? dnotify_flush+0x28/0x80
[  523.428061]  [<c027942d>] ? filp_close+0x50/0x5a
[  523.428061]  [<c05c4785>] ? do_page_fault+0x0/0x689
[  523.428061]  [<c05c31ca>] ? error_code+0x72/0x78
[  523.428061]  [<c05c0000>] ? hrtimer_cpu_notify+0x128/0x234
[  523.428061]  =======================
[  523.428061] Code:  Bad EIP value.
[  523.428061] EIP: [<d0836dc8>] 0xd0836dc8 SS:ESP 0068:cee35d50
[  523.428061] Kernel panic - not syncing: Fatal exception in interrupt
[  523.428061] ------------[ cut here ]------------
[  523.428061] WARNING: at kernel/smp.c:332 smp_call_function_mask+0x28/0x174()
[  523.428061] Modules linked in: [last unloaded: batman_adv]
[  523.428061] Pid: 2514, comm: udevd Tainted: G      D   2.6.27.46 #1
[  523.428061]  [<c05c1095>] ? printk+0xf/0x12
[  523.428061]  [<c0221780>] warn_on_slowpath+0x41/0x65
[  523.428061]  [<c035880b>] ? vgacon_set_cursor_size+0xea/0xf1
[  523.428061]  [<c05c4e7a>] ? atomic_notifier_call_chain+0xf/0x11
[  523.428061]  [<c05c4e7a>] ? atomic_notifier_call_chain+0xf/0x11
[  523.428061]  [<c0391ee6>] ? vt_console_print+0x277/0x285
[  523.428061]  [<c0391c6f>] ? vt_console_print+0x0/0x285
[  523.428061]  [<c02219ff>] ? +call_console_drivers+0x56/0x63
[  523.428061]  [<c0235144>] ? up+0x2b/0x2f
[  523.428061]  [<c0221e36>] ? release_console_sem+0x177/0x1a4
[  523.428061]  [<c023d73a>] smp_call_function_mask+0x28/0x174
[  523.428061]  [<c020eac5>] ? stop_this_cpu+0x0/0x36
[  523.428061]  [<c0246896>] ? crash_kexec+0x9f/0xa7
[  523.428061]  [<c0246896>] ? crash_kexec+0x9f/0xa7
[  523.428061]  [<c023d898>] smp_call_function+0x12/0x14
[  523.428061]  [<c020eab8>] native_smp_send_stop+0x1b/0x28
[  523.428061]  [<c05c0ff8>] panic+0x48/0xd6
[  523.428061]  [<c05c34aa>] oops_end+0x73/0x87
[  523.428061]  [<c0204b77>] die+0x5b/0x63
[  523.428061]  [<c05c4d1c>] do_page_fault+0x597/0x689
[  523.428061]  [<c023819e>] ? clocksource_get_next+0x3c/0x43
[  523.428061]  [<c0237265>] ? update_wall_time+0x606/0x71f
[  523.428061]  [<c02374b9>] ? getnstimeofday+0x4f/0xd7
[  523.428061]  [<c0217d0d>] ? update_curr+0x8d/0xf0
[  523.428061]  [<c027652e>] ? add_partial+0x11/0x44
[  523.428061]  [<c05c4785>] ? do_page_fault+0x0/0x689
[  523.428061]  [<c05c31ca>] error_code+0x72/0x78
[  523.428061]  [<c0289ab2>] ? d_callback+0x24/0x27
[  523.428061]  [<c0256012>] ? +rcu_process_callbacks+0x151/0x1a4
[  523.428061]  [<c025607f>] rcu_process_callbacks+0x1a/0x33
[  523.428061]  [<c0225bde>] +do_softirq+0x70/0xd5
[  523.428061]  [<c0225c78>] do_softirq+0x35/0x3a
[  523.428061]  [<c0225d7d>] irq_exit+0x38/0x6d
[  523.428061]  [<c020f941>] smp_apic_timer_interrupt+0x6f/0x7d
[  523.428061]  [<c02043cc>] apic_timer_interrupt+0x28/0x30
[  523.428061]  [<c021007b>] ? assign_irq_vector+0x6/0x2e
[  523.428061]  [<c02664b0>] ? +do_fault+0x219/0x326
[  523.428061]  [<c02679ac>] handle_mm_fault+0x277/0x57b
[  523.428061]  [<c05c4a73>] do_page_fault+0x2ee/0x689
[  523.428061]  [<c05c4785>] ? do_page_fault+0x0/0x689
[  523.428061]  [<c05c31ca>] ? error_code+0x72/0x78
[  523.428061]  [<c02aa8c5>] ? dnotify_flush+0x28/0x80
[  523.428061]  [<c027942d>] ? filp_close+0x50/0x5a
[  523.428061]  [<c05c4785>] ? do_page_fault+0x0/0x689
[  523.428061]  [<c05c31ca>] error_code+0x72/0x78
[  523.428061]  [<c05c0000>] ? hrtimer_cpu_notify+0x128/0x234
[  523.428061]  =======================
[  523.428061] ---[ end trace 40b19cfc64e3ac65 ]---

Commit 1765 introduces this bug (checked with git bisect) for kernels < 2.6.28 (checked 2.6.29.6, 2.6.28.10, 2.6.27.46, 2.6.26-2-686 on a Debian stable; this backtrace has been produced on the 2.6.27.46 kernel). It can easily be reproduced: insmod batman-adv.ko; rmmod batman-adv.ko. The kernel hangs when removing the module again.