Ubuntu
linux package

rmmod segfaults with kernel BUG at /build/buildd/linux-2.6.31/mm/slub.c:2929

Bug #499238 reported by Slavius
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

Binary package hint: linux-generic

Running:
Description: Ubuntu 9.10
Release: 9.10

root@slavius-laptop:~# uname -a
Linux slavius-laptop 2.6.31-16-generic #53-Ubuntu SMP Tue Dec 8 04:02:15 UTC 2009 x86_64 GNU/Linux

karmic-backports enabled

Description:
rmmod segfaults with this in dmesg output:
[ 4488.050330] wl 0000:02:00.0: PCI INT A disabled
[ 4488.050730] wl 0000:02:00.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
[ 4488.050749] wl 0000:02:00.0: setting latency timer to 64
[ 4488.059951] eth1: Broadcom BCM4315 802.11 Wireless Controller 5.10.91.9
[ 4488.065381] udev: renamed network interface eth1 to eth2
[ 4499.250063] eth2: no IPv6 routers present
[ 4654.380564] wl 0000:02:00.0: PCI INT A disabled
[ 4680.261313] lib80211_crypt: unregistered algorithm 'TKIP'
[ 4680.262227] lib80211_crypt: unregistered algorithm 'NULL'
[ 4680.262274] ------------[ cut here ]------------
[ 4680.262278] kernel BUG at /build/buildd/linux-2.6.31/mm/slub.c:2929!
[ 4680.262280] invalid opcode: 0000 [#1] SMP
[ 4680.262283] last sysfs file: /sys/devices/system/cpu/cpu0/cpuidle/state2/time
[ 4680.262286] CPU 0
[ 4680.262288] Modules linked in: michael_mic arc4 ecb binfmt_misc ppdev iptable_filter ip_tables x_tables joydev snd_hda_codec_intelhdmi snd_hda_codec_analog snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm psmouse snd_seq_dummy serio_raw snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore snd_page_alloc hp_accel lis3lv02d input_polldev led_class lp parport fbcon tileblit font bitblit softcursor i915 drm i2c_algo_bit sky2 video output intel_agp [last unloaded: lib80211]
[ 4680.262326] Pid: 23899, comm: rmmod Tainted: P 2.6.31-16-generic #53-Ubuntu HP ProBook 4510s
[ 4680.262329] RIP: 0010:[<ffffffff8111483c>] [<ffffffff8111483c>] kfree+0x12c/0x140
[ 4680.262337] RSP: 0018:ffff88000d8fde78 EFLAGS: 00010246
[ 4680.262340] RAX: 0100000000000000 RBX: ffffffff8108e71e RCX: ffff880062cdeac8
[ 4680.262342] RDX: 00000000001b1ed0 RSI: ffffea0000bdd7b0 RDI: ffff8800363da000
[ 4680.262345] RBP: ffff88000d8fde98 R08: 0000000000000000 R09: 0000000000000000
[ 4680.262347] R10: 0000000000000000 R11: 00000000ffffffff R12: ffff8800363da000
[ 4680.262350] R13: 0000000000000000 R14: 00007fff88adc7f8 R15: 0000000000000001
[ 4680.262353] FS: 00007fc8a238a6f0(0000) GS:ffff8800019f7000(0000) knlGS:0000000000000000
[ 4680.262355] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 4680.262358] CR2: 0000000000815088 CR3: 00000000661a9000 CR4: 00000000000406f0
[ 4680.262360] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4680.262363] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 4680.262366] Process rmmod (pid: 23899, threadinfo ffff88000d8fc000, task ffff88003c008000)
[ 4680.262368] Stack:
[ 4680.262369] ffff880037eea690 000000000000000f ffff8800363da000 0000000000000000
[ 4680.262373] <0> ffff88000d8fdeb8 ffffffff8108e71e ffffffffa001dc40 ffffffffa001dc90
[ 4680.262378] <0> ffff88000d8fded8 ffffffff8108f083 0000000000000880 ffffffffa001dc40
[ 4680.262383] Call Trace:
[ 4680.262388] [<ffffffff8108e71e>] free_sect_attrs+0x3e/0x50
[ 4680.262393] [<ffffffff8108f083>] free_module+0x53/0x110
[ 4680.262397] [<ffffffff8108f36e>] sys_delete_module+0x1ee/0x280
[ 4680.262402] [<ffffffff812787a6>] ? __up_write+0xd6/0x140
[ 4680.262408] [<ffffffff8107cf19>] ? up_write+0x9/0x10
[ 4680.262412] [<ffffffff81012002>] system_call_fastpath+0x16/0x1b
[ 4680.262414] Code: 3b 5a 70 00 4d 85 ed 0f 84 1d ff ff ff 49 8b 45 00 49 83 c5 08 4c 89 e6 48 89 df ff d0 49 8b 45 00 48 85 c0 75 eb e9 ff fe ff ff <0f> 0b 66 90 eb fc 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55
[ 4680.262445] RIP [<ffffffff8111483c>] kfree+0x12c/0x140
[ 4680.262449] RSP <ffff88000d8fde78>
[ 4680.262452] ---[ end trace 29b3c9fe43d71cb9 ]---

How to reproduce:
I've installed Broadcom STA (a.k.a. proprietary) drivers using Hardware drivers tool. While Hardware drivers tool window was still opened (not sure if it's important or not) I did this in the console:

root@slavius-laptop:~# rmmod wl lib80211
ERROR: Module lib80211 is in use by lib80211_crypt_tkip
root@slavius-laptop:~# lsmod | grep 80211
lib80211_crypt_tkip 10016 0
lib80211 7812 1 lib80211_crypt_tkip
root@slavius-laptop:~# rmmod lib80211_crypt_tkip lib80211
Segmentation fault

Expected behaviour:
remove modules correctly from running kernel or deny it.

Revision history for this message
Andy Whitcroft (apw) wrote :

[This is an automated message. Apologies if it has reached you inappropriately.]

This bug was reported against the linux-meta package when it likely should have been reported against the linux package instead. We are automatically transitioning this to the linux kernel package so that the appropriate teams are notified and made aware of this issue.

If this bug really is a bug in the linux-meta package you can move it back to linux-meta and tag it kj-linux-meta, or contact us on the #ubuntu-kernel channel on the FreeNode IRC server. Thanks.

affects: linux-meta (Ubuntu) → linux (Ubuntu)
Andy Whitcroft (apw)
tags: added: kernel-series-unknown
^_Pepe_^ (jose-angel-fernandez-freire)
tags: added: karmic
removed: kernel-series-unknown
Brad Figg (brad-figg)
tags: added: kj-triage
Brad Figg (brad-figg)
tags: added: b73a1py79
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug was filed against a series that is no longer supported and so is being marked as Won't Fix. If this issue still exists in supported series, please file a new bug.

Changed in linux (Ubuntu):
status: New → Won't Fix
tags: removed: b73a1py79
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.