Mariusz Kozlowski wrote:
Recent kernels (i.e. 2.6.30-rc1) will panic while doing rmmod of nf_conntrack_irc.
(gdb) l *(nf_conntrack_helper_unregister+0x158)
0x4f8 is in nf_conntrack_helper_unregister (/home/mako/linux/lkt/sources/linux-2.6/include/net/netfilter/nf_conntrack.h:133).
128 };
129
130 static inline struct nf_conn *
131 nf_ct_tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash)
132 {
133 return container_of(hash, struct nf_conn,
134 tuplehash[hash->tuple.dst.dir]);
135 }
136
137 static inline u_int16_t nf_ct_l3num(const struct nf_conn *ct)
I bisected it down to
netfilter: nf_conntrack: use SLAB_DESTROY_BY_RCU and get rid of call_rcu()
Thanks for the report. Does this patch fix it?
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 30b8e90..0fa5a42 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -176,7 +176,7 @@ static void __nf_conntrack_helper_unregister(struct nf_conntrack_helper *me,
}
/* Get rid of expecteds, set helpers to NULL. */
- hlist_for_each_entry(h, nn, &net->ct.unconfirmed, hnnode)
+ hlist_nulls_for_each_entry(h, nn, &net->ct.unconfirmed, hnnode)
unhelp(h, me);
for (i = 0; i < nf_conntrack_htable_size; i++) {
hlist_nulls_for_each_entry(h, nn, &net->ct.hash[i], hnnode)
