154733 – oops when catting /proc/net/ip_conntrack_expect

Bug 154733 - oops when catting /proc/net/ip_conntrack_expect

Summary: oops when catting /proc/net/ip_conntrack_expect

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Jason Baron
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	156322
TreeView+	depends on / blocked

Reported:	2005-04-13 21:03 UTC by Neil Horman
Modified:	2013-03-06 05:58 UTC (History)
CC List:	2 users (show)
Fixed In Version:	RHSA-2005-514
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-10-05 12:59:28 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
backport of upstream patch to remove conntrack proc files on rmmod (627 bytes, patch) 2005-04-13 21:03 UTC, Neil Horman	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2005:514	0	qe-ready	SHIPPED_LIVE	Important: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 2	2005-10-05 04:00:00 UTC

Description Neil Horman 2005-04-13 21:03:33 UTC

Description of problem:
the module cleanup code for ip_conntrack doesn't properly unregister some of its
proc files, and so they are left hanging around after the module is gone.  The
result is if you read these files after an rmmod, the system will oops

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. modprobe ip_conntrack.ko and ipt_conntrack.ko
2. rmmod both modules
3. cat /proc/net/ip_conntrack_expect
  
Actual results:
system will oops:
pr 13 14:22:12 dhcp-217 kernel: ip_tables: (C) 2000-2002 Netfilter core team
Apr 13 14:22:12 dhcp-217 kernel: Unable to handle kernel paging request at
virtual address dea5d780
Apr 13 14:22:12 dhcp-217 kernel:  printing eip:
Apr 13 14:22:12 dhcp-217 kernel: c019c5d1
Apr 13 14:22:12 dhcp-217 kernel: *pde = 1df0a067
Apr 13 14:22:12 dhcp-217 kernel: Oops: 0000 [#1]
Apr 13 14:22:12 dhcp-217 kernel: Modules linked in: iptable_filter ip_tables
parport_pc lp parport autofs4 i2c_dev i2c_core sunrpc dm_mod button battery ac
md5 ipv6 ohci_hcd ehci_hcd snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss
snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd
soundcore 8139too via_rhine mii floppy st ext3 jbd aic7xxx sd_mod scsi_mod
Apr 13 14:22:12 dhcp-217 kernel: CPU:    0
Apr 13 14:22:12 dhcp-217 kernel: EIP:    0060:[<c019c5d1>]    Not tainted VLI
Apr 13 14:22:12 dhcp-217 kernel: EFLAGS: 00010282   (2.6.9-5.EL) 
Apr 13 14:22:12 dhcp-217 kernel: EIP is at proc_get_inode+0xa9/0xdd
Apr 13 14:22:12 dhcp-217 kernel: eax: dea5d780   ebx: cc9ba480   ecx: 425c9e74 
 edx: 26824570
Apr 13 14:22:12 dhcp-217 kernel: esi: cca1a7c8   edi: ddf07c00   ebp: cc96be58 
 esp: cc96be34
Apr 13 14:22:12 dhcp-217 kernel: ds: 007b   es: 007b   ss: 0068
Apr 13 14:22:12 dhcp-217 kernel: Process du (pid: 5780, threadinfo=cc96b000
task=cc56ec50)
Apr 13 14:22:12 dhcp-217 kernel: Stack: cc9ba480 cc9e8cc0 cca1a98c c019fcee
00000000 ffffffea c0352bc0 cc9e8cc0 
Apr 13 14:22:12 dhcp-217 kernel:        cca1a98c cc9e8630 c0171121 cc96bf0c
cc96bec0 00000000 cc96bf0c 00000000 
Apr 13 14:22:12 dhcp-217 kernel:        cc96bec0 c0171451 c1437080 cc96beb8
4b1a54e6 cca1a98c 4b1a54e6 cc96bf0c 
Apr 13 14:22:12 dhcp-217 kernel: Call Trace:
Apr 13 14:22:12 dhcp-217 kernel:  [<c019fcee>] proc_lookup+0xa0/0x1aa
Apr 13 14:22:12 dhcp-217 kernel:  [<c0171121>] real_lookup+0x73/0xde
Apr 13 14:22:12 dhcp-217 kernel:  [<c0171451>] do_lookup+0x56/0x8f
Apr 13 14:22:12 dhcp-217 kernel:  [<c0171eb7>] link_path_walk+0xa2d/0xd8c
Apr 13 14:22:12 dhcp-217 kernel:  [<c0171451>] do_lookup+0x56/0x8f
Apr 13 14:22:12 dhcp-217 kernel:  [<c0172491>] path_lookup+0xff/0x12f
Apr 13 14:22:12 dhcp-217 kernel:  [<c01725d5>] __user_walk+0x21/0x51
Apr 13 14:22:12 dhcp-217 kernel:  [<c016cbcb>] vfs_lstat+0x11/0x37
Apr 13 14:22:12 dhcp-217 kernel:  [<c0176423>] filldir64+0xdd/0x11a
Apr 13 14:22:12 dhcp-217 kernel:  [<c019fffb>] proc_readdir+0x203/0x2b0
Apr 13 14:22:12 dhcp-217 kernel:  [<c016d1c0>] sys_lstat64+0xf/0x23
Apr 13 14:22:12 dhcp-217 kernel:  [<c0176091>] vfs_readdir+0x9d/0xb7
Apr 13 14:22:12 dhcp-217 kernel:  [<c01764f5>] sys_getdents64+0x95/0x9f
Apr 13 14:22:12 dhcp-217 kernel:  [<c0301bfb>] syscall_call+0x7/0xb
Apr 13 14:22:12 dhcp-217 kernel:  [<c030007b>]
interruptible_sleep_on_timeout+0x91/0x1da
Apr 13 14:22:12 dhcp-217 kernel: Code: 46 2c 83 7b 18 00 74 0d 8b 43 18 c7 46 38
00 00 00 00 89 46 34 0f b7 43 0e 66 85 c0 74 06 0f b7 c0 89 46 24 8b 43 28 85 c0
74 0b <83> 38 02 74 22 ff 80 00 01 00 00 8b 43 1c 85 c0 74 06 89 86 cc 


Expected results:
file should be removed, so oops is not possible

Additional info:
I've posted the patch for this to rhkernel-list already.

Comment 1 Neil Horman 2005-04-13 21:03:57 UTC

Created attachment 113120 [details]
backport of upstream patch to remove conntrack proc files on rmmod

Comment 2 Tim Burke 2005-04-18 02:11:44 UTC

Posted on rhkernel-list and ack'd.  Queued for U2. Subject is:
[rhel4 Patch] fix to ip_conntrack to remove proc files on module removal

Comment 8 Red Hat Bugzilla 2005-10-05 12:59:29 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-514.html

Note You need to log in before you can comment on or make changes to this bug.