Description of problem: the module cleanup code for ip_conntrack doesn't properly unregister some of its proc files, and so they are left hanging around after the module is gone. The result is if you read these files after an rmmod, the system will oops Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. modprobe ip_conntrack.ko and ipt_conntrack.ko 2. rmmod both modules 3. cat /proc/net/ip_conntrack_expect Actual results: system will oops: pr 13 14:22:12 dhcp-217 kernel: ip_tables: (C) 2000-2002 Netfilter core team Apr 13 14:22:12 dhcp-217 kernel: Unable to handle kernel paging request at virtual address dea5d780 Apr 13 14:22:12 dhcp-217 kernel: printing eip: Apr 13 14:22:12 dhcp-217 kernel: c019c5d1 Apr 13 14:22:12 dhcp-217 kernel: *pde = 1df0a067 Apr 13 14:22:12 dhcp-217 kernel: Oops: 0000 [#1] Apr 13 14:22:12 dhcp-217 kernel: Modules linked in: iptable_filter ip_tables parport_pc lp parport autofs4 i2c_dev i2c_core sunrpc dm_mod button battery ac md5 ipv6 ohci_hcd ehci_hcd snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore 8139too via_rhine mii floppy st ext3 jbd aic7xxx sd_mod scsi_mod Apr 13 14:22:12 dhcp-217 kernel: CPU: 0 Apr 13 14:22:12 dhcp-217 kernel: EIP: 0060:[<c019c5d1>] Not tainted VLI Apr 13 14:22:12 dhcp-217 kernel: EFLAGS: 00010282 (2.6.9-5.EL) Apr 13 14:22:12 dhcp-217 kernel: EIP is at proc_get_inode+0xa9/0xdd Apr 13 14:22:12 dhcp-217 kernel: eax: dea5d780 ebx: cc9ba480 ecx: 425c9e74 edx: 26824570 Apr 13 14:22:12 dhcp-217 kernel: esi: cca1a7c8 edi: ddf07c00 ebp: cc96be58 esp: cc96be34 Apr 13 14:22:12 dhcp-217 kernel: ds: 007b es: 007b ss: 0068 Apr 13 14:22:12 dhcp-217 kernel: Process du (pid: 5780, threadinfo=cc96b000 task=cc56ec50) Apr 13 14:22:12 dhcp-217 kernel: Stack: cc9ba480 cc9e8cc0 cca1a98c c019fcee 00000000 ffffffea c0352bc0 cc9e8cc0 Apr 13 14:22:12 dhcp-217 kernel: cca1a98c cc9e8630 c0171121 cc96bf0c cc96bec0 00000000 cc96bf0c 00000000 Apr 13 14:22:12 dhcp-217 kernel: cc96bec0 c0171451 c1437080 cc96beb8 4b1a54e6 cca1a98c 4b1a54e6 cc96bf0c Apr 13 14:22:12 dhcp-217 kernel: Call Trace: Apr 13 14:22:12 dhcp-217 kernel: [<c019fcee>] proc_lookup+0xa0/0x1aa Apr 13 14:22:12 dhcp-217 kernel: [<c0171121>] real_lookup+0x73/0xde Apr 13 14:22:12 dhcp-217 kernel: [<c0171451>] do_lookup+0x56/0x8f Apr 13 14:22:12 dhcp-217 kernel: [<c0171eb7>] link_path_walk+0xa2d/0xd8c Apr 13 14:22:12 dhcp-217 kernel: [<c0171451>] do_lookup+0x56/0x8f Apr 13 14:22:12 dhcp-217 kernel: [<c0172491>] path_lookup+0xff/0x12f Apr 13 14:22:12 dhcp-217 kernel: [<c01725d5>] __user_walk+0x21/0x51 Apr 13 14:22:12 dhcp-217 kernel: [<c016cbcb>] vfs_lstat+0x11/0x37 Apr 13 14:22:12 dhcp-217 kernel: [<c0176423>] filldir64+0xdd/0x11a Apr 13 14:22:12 dhcp-217 kernel: [<c019fffb>] proc_readdir+0x203/0x2b0 Apr 13 14:22:12 dhcp-217 kernel: [<c016d1c0>] sys_lstat64+0xf/0x23 Apr 13 14:22:12 dhcp-217 kernel: [<c0176091>] vfs_readdir+0x9d/0xb7 Apr 13 14:22:12 dhcp-217 kernel: [<c01764f5>] sys_getdents64+0x95/0x9f Apr 13 14:22:12 dhcp-217 kernel: [<c0301bfb>] syscall_call+0x7/0xb Apr 13 14:22:12 dhcp-217 kernel: [<c030007b>] interruptible_sleep_on_timeout+0x91/0x1da Apr 13 14:22:12 dhcp-217 kernel: Code: 46 2c 83 7b 18 00 74 0d 8b 43 18 c7 46 38 00 00 00 00 89 46 34 0f b7 43 0e 66 85 c0 74 06 0f b7 c0 89 46 24 8b 43 28 85 c0 74 0b <83> 38 02 74 22 ff 80 00 01 00 00 8b 43 1c 85 c0 74 06 89 86 cc Expected results: file should be removed, so oops is not possible Additional info: I've posted the patch for this to rhkernel-list already.
Created attachment 113120 [details] backport of upstream patch to remove conntrack proc files on rmmod
Posted on rhkernel-list and ack'd. Queued for U2. Subject is: [rhel4 Patch] fix to ip_conntrack to remove proc files on module removal
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-514.html