IPv6 module panic

Andrew J. Anderson (andrew@db.erau.edu)
Fri, 14 Nov 1997 15:46:21 -0500 (EST)

When I built IPv6 as a module under 2.1.63, inserted the module and
removed it, here's what I got:

[root@orion net]# rmmod ipv6
kmem_free: Bad obj addr (objp=c1a9bc30, name=size-32)
<00000000/00000000>
Unable to handle kernel NULL pointer dereference at virtual address
00000000
current->tss.cr3 = 018e4000, %cr3 = 018e4000
*pde = 00000000
Oops: 0002
CPU: 0
EIP: 0010:[<c01201f1>]
EFLAGS: 00010202
eax: 00000039 ebx: c028f080 ecx: c01d3328 edx: c2616000
esi: c1a9bc30 edi: 00000202 ebp: 00000020 esp: c1a1df5c
ds: 0018 es: 0018 ss: 0018
Process rmmod (pid: 1716, process nr: 19, stackpage=c1a1d000)
Stack: 00000000 00000000 c1966005 c305a000 c1a9bc5c c1966005 c305d6f3
c1a9bc30
c262e000 fffffff0 c305a000 c3060988 c306b168 c306b17c c305ab6a
c0115427
fffffff0 0804e851 c0114660 c305a000 c1a1c000 00000000 00000000
bffffd3c
Call Trace: [<c305a000>] [<c305d6f3>] [<c305a000>] [<c3060988>]
[<c306b168>] [<c306b17c>] [<c305ab6a>]
[<c0115427>] [<c0114660>] [<c305a000>] [<c010956a>]
Code: c7 05 00 00 00 00 00 00 00 00 5b 5e 5f 5d 83 c4 08 c3 8d b6
Segmentation fault

Here's the ksymsoops output:

Using `../System.map' to map addresses to symbols.

>>EIP: c01201f1 <kfree+1b1/1f0>
Trace: c305a000
Trace: c305d6f3
Trace: c305a000
Trace: c3060988
Trace: c306b168
Trace: c306b17c
Trace: c305ab6a
Trace: c0115427 <free_module+17/90>
Trace: c0114660 <sys_delete_module+190/220>
Trace: c305a000
Trace: c010956a <system_call+3a/40>
Code: c01201f1 <kfree+1b1/1f0>
Code: c01201f1 <kfree+1b1/1f0> c7 05 00 00 00 movl $0x0,0x0
Code: c01201f6 <kfree+1b6/1f0> 00 00 00 00 00
Code: c0120201 <kfree+1c1/1f0> 5b popl %ebx
Code: c0120202 <kfree+1c2/1f0> 5e popl %esi
Code: c0120203 <kfree+1c3/1f0> 5f popl %edi
Code: c0120204 <kfree+1c4/1f0> 5d popl %ebp
Code: c0120205 <kfree+1c5/1f0> 83 c4 08 addl $0x8,%esp
Code: c0120208 <kfree+1c8/1f0> c3 ret
Code: c0120209 <kfree+1c9/1f0> 8d b6 00 90 90 leal
0x90909000(%esi),%esi

Also, I noticed that while the module was loaded, it had a -1
reference count in lsmod. This is on a mostly stock redhat 4.2 system
with all of the packages mentioned in the Changes file updated to current
versions.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Andrew Anderson http://amelia.db.erau.edu/~andrew/
I don't speak for ERAU, and God knows I don't want them to speak for me!
if(!(family_tree=fork())){redneck=TRUE;}