Bug 154733 - oops when catting /proc/net/ip_conntrack_expect
oops when catting /proc/net/ip_conntrack_expect
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Baron
Brian Brock
:
Depends On:
Blocks: 156322
  Show dependency treegraph
 
Reported: 2005-04-13 17:03 EDT by Neil Horman
Modified: 2013-03-06 00:58 EST (History)
2 users (show)

See Also:
Fixed In Version: RHSA-2005-514
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-05 08:59:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
backport of upstream patch to remove conntrack proc files on rmmod (627 bytes, patch)
2005-04-13 17:03 EDT, Neil Horman
no flags Details | Diff

  None (edit)
Description Neil Horman 2005-04-13 17:03:33 EDT
Description of problem:
the module cleanup code for ip_conntrack doesn't properly unregister some of its
proc files, and so they are left hanging around after the module is gone.  The
result is if you read these files after an rmmod, the system will oops

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. modprobe ip_conntrack.ko and ipt_conntrack.ko
2. rmmod both modules
3. cat /proc/net/ip_conntrack_expect
  
Actual results:
system will oops:
pr 13 14:22:12 dhcp-217 kernel: ip_tables: (C) 2000-2002 Netfilter core team
Apr 13 14:22:12 dhcp-217 kernel: Unable to handle kernel paging request at
virtual address dea5d780
Apr 13 14:22:12 dhcp-217 kernel:  printing eip:
Apr 13 14:22:12 dhcp-217 kernel: c019c5d1
Apr 13 14:22:12 dhcp-217 kernel: *pde = 1df0a067
Apr 13 14:22:12 dhcp-217 kernel: Oops: 0000 [#1]
Apr 13 14:22:12 dhcp-217 kernel: Modules linked in: iptable_filter ip_tables
parport_pc lp parport autofs4 i2c_dev i2c_core sunrpc dm_mod button battery ac
md5 ipv6 ohci_hcd ehci_hcd snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss
snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd
soundcore 8139too via_rhine mii floppy st ext3 jbd aic7xxx sd_mod scsi_mod
Apr 13 14:22:12 dhcp-217 kernel: CPU:    0
Apr 13 14:22:12 dhcp-217 kernel: EIP:    0060:[<c019c5d1>]    Not tainted VLI
Apr 13 14:22:12 dhcp-217 kernel: EFLAGS: 00010282   (2.6.9-5.EL) 
Apr 13 14:22:12 dhcp-217 kernel: EIP is at proc_get_inode+0xa9/0xdd
Apr 13 14:22:12 dhcp-217 kernel: eax: dea5d780   ebx: cc9ba480   ecx: 425c9e74 
 edx: 26824570
Apr 13 14:22:12 dhcp-217 kernel: esi: cca1a7c8   edi: ddf07c00   ebp: cc96be58 
 esp: cc96be34
Apr 13 14:22:12 dhcp-217 kernel: ds: 007b   es: 007b   ss: 0068
Apr 13 14:22:12 dhcp-217 kernel: Process du (pid: 5780, threadinfo=cc96b000
task=cc56ec50)
Apr 13 14:22:12 dhcp-217 kernel: Stack: cc9ba480 cc9e8cc0 cca1a98c c019fcee
00000000 ffffffea c0352bc0 cc9e8cc0 
Apr 13 14:22:12 dhcp-217 kernel:        cca1a98c cc9e8630 c0171121 cc96bf0c
cc96bec0 00000000 cc96bf0c 00000000 
Apr 13 14:22:12 dhcp-217 kernel:        cc96bec0 c0171451 c1437080 cc96beb8
4b1a54e6 cca1a98c 4b1a54e6 cc96bf0c 
Apr 13 14:22:12 dhcp-217 kernel: Call Trace:
Apr 13 14:22:12 dhcp-217 kernel:  [<c019fcee>] proc_lookup+0xa0/0x1aa
Apr 13 14:22:12 dhcp-217 kernel:  [<c0171121>] real_lookup+0x73/0xde
Apr 13 14:22:12 dhcp-217 kernel:  [<c0171451>] do_lookup+0x56/0x8f
Apr 13 14:22:12 dhcp-217 kernel:  [<c0171eb7>] link_path_walk+0xa2d/0xd8c
Apr 13 14:22:12 dhcp-217 kernel:  [<c0171451>] do_lookup+0x56/0x8f
Apr 13 14:22:12 dhcp-217 kernel:  [<c0172491>] path_lookup+0xff/0x12f
Apr 13 14:22:12 dhcp-217 kernel:  [<c01725d5>] __user_walk+0x21/0x51
Apr 13 14:22:12 dhcp-217 kernel:  [<c016cbcb>] vfs_lstat+0x11/0x37
Apr 13 14:22:12 dhcp-217 kernel:  [<c0176423>] filldir64+0xdd/0x11a
Apr 13 14:22:12 dhcp-217 kernel:  [<c019fffb>] proc_readdir+0x203/0x2b0
Apr 13 14:22:12 dhcp-217 kernel:  [<c016d1c0>] sys_lstat64+0xf/0x23
Apr 13 14:22:12 dhcp-217 kernel:  [<c0176091>] vfs_readdir+0x9d/0xb7
Apr 13 14:22:12 dhcp-217 kernel:  [<c01764f5>] sys_getdents64+0x95/0x9f
Apr 13 14:22:12 dhcp-217 kernel:  [<c0301bfb>] syscall_call+0x7/0xb
Apr 13 14:22:12 dhcp-217 kernel:  [<c030007b>]
interruptible_sleep_on_timeout+0x91/0x1da
Apr 13 14:22:12 dhcp-217 kernel: Code: 46 2c 83 7b 18 00 74 0d 8b 43 18 c7 46 38
00 00 00 00 89 46 34 0f b7 43 0e 66 85 c0 74 06 0f b7 c0 89 46 24 8b 43 28 85 c0
74 0b <83> 38 02 74 22 ff 80 00 01 00 00 8b 43 1c 85 c0 74 06 89 86 cc 


Expected results:
file should be removed, so oops is not possible

Additional info:
I've posted the patch for this to rhkernel-list already.
Comment 1 Neil Horman 2005-04-13 17:03:57 EDT
Created attachment 113120 [details]
backport of upstream patch to remove conntrack proc files on rmmod
Comment 2 Tim Burke 2005-04-17 22:11:44 EDT
Posted on rhkernel-list and ack'd.  Queued for U2. Subject is:
[rhel4 Patch] fix to ip_conntrack to remove proc files on module removal
Comment 8 Red Hat Bugzilla 2005-10-05 08:59:29 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-514.html

Note You need to log in before you can comment on or make changes to this bug.