>Number:         8381
>Category:       kern
>Synopsis:       reloading LKMs can crash an ELF system
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Sep 12 05:05:01 1999
>Last-Modified:
>Originator:     Matthias Scheler
>Organization:
Matthias Scheler                            http://www.sighardstrasse.de/~tron/
>Release:        19990909
>Environment:
System: NetBSD lyssa.zhadum.de 1.4K NetBSD 1.4K (LYSSA) #3: Fri Sep 10 16:13:26 CEST 1999 tron@lyssa.zhadum.de:/src/sys/compile/LYSSA i386


>Description:
An ELF system crashes with a page fault in "pool_init" if you load a few LKMs,
unload them and load them again afterwards. Here is a "gdb" back trace:

#0  0xf02ff15c in db_last_command ()
#1  0x51a4000 in ?? ()
#2  0xf025e6e3 in cpu_reboot ()
#3  0xf011d14e in db_reboot_cmd ()
#4  0xf011ce48 in db_command ()
#5  0xf011cfda in db_command_loop ()
#6  0xf011f67e in db_trap ()
#7  0xf025c6d2 in kdb_trap ()
#8  0xf026433c in trap ()
#9  0xf0100cc1 in calltrap ()
#10 0xfcd0ca41 in ?? ()
#11 0xf01bf344 in vfs_attach ()
#12 0xf0199e44 in _lkm_vfs ()
#13 0xf019a183 in lkmdispatch ()
#14 0xfcd0b056 in ?? ()
#15 0xf0199a43 in lkmioctl ()
#16 0xf01c72aa in spec_ioctl ()
#17 0xf01c4b36 in vn_ioctl ()
#18 0xf01a8821 in sys_ioctl ()
#19 0xf02649c5 in syscall ()
#20 0xf0100d6d in syscall1 ()

#10 is probably "pool_init". At least a "trace" in DDB looked like this:

pool_init
end
vfs_attach
lkm_vfs

>How-To-Repeat:
1.) Compile a kernel without ADOFS and CD9660.

2.) Boot to single user mode, mount "/" and "usr".

3.) Enter these commands:
    cd /usr/lkm
    modload adosfs.o
    modload cd9660.o
    modunload -i 0
    modunload -i 1
    modload adosfs.o

    This is not the only module combination to reproduce this problem but
    it is the most reliable.

>Fix:
None given.

>Audit-Trail:
>Unformatted: