Bug 595673

Summary: Crash in kernel by running 'filecap /dev/watchdog'
Product: Red Hat Enterprise Linux 6 Reporter: Eduard Benes <ebenes>
Component: libcap-ngAssignee: Steve Grubb <sgrubb>
Status: CLOSED CURRENTRELEASE QA Contact: Eduard Benes <ebenes>
Severity: high Docs Contact:
Priority: high    
Version: 6.0CC: dwalsh, ebenes, eparis, jtluka, pbenas, sgrubb, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: abrt_hash:2069189119
Fixed In Version: libcap-ng-0.6.4-3.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 591813 Environment:
Last Closed: 2010-11-10 21:02:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 591813    
Bug Blocks: 519823, 584207    

Comment 1 Daniel Walsh 2010-06-15 20:25:58 UTC 
Eric any update on this bug?
Comment 2 Eduard Benes 2010-06-16 09:11:16 UTC 
Using Eric's program from the original bug (see comment 6) I was able to narrow
it down to just one file /dev/watchdog triggering the crash (and also a link in
/dev/char/10:130). 

Steps to reproduce:
1. Compile Eric's program from the original bug (comment #6) or use filecap
tool from libcap-ng-utils package.
2. Run it on /dev/watchdog:
  # ./bz591831 /dev/watchdog
  # filecap /dev/watchdog
3. Wait 20-30 seconds for the crash to occur 

Additional info:
Always reprducible on my system.
$ uname -a
Linux ****** 2.6.32-28.el6.x86_64 #1 SMP Thu May 20 14:03:38 EDT 2010 x86_64
x86_64 x86_64 GNU/Linux
Comment 3 Eric Paris 2010-06-16 20:17:22 UTC 
This is expected behavior!  /dev/watchdog is backed by a hardware timer (if your system has it) which starts when the file is opened and panics if there is no write to the watchdog file in a short period of time.  The idea is that you an write a program in userspace that write to /dev/watchdog every second or two and the system will panic if userspace becomes unresponsive.

We might be able to report this against libcap-ng-utils and ask that its operation be changed from

open()
fgetxattr()
close()

to just use getxattr() without the open/close.

There is certainly no kernel bug here.  If you open /dev/watchdog and don't do anything else the system is supposed to panic.
Comment 4 Eric Paris 2010-06-16 20:30:21 UTC 
I'm going to go ahead and reassign to libcap-ng-utils.   steve can decide if he wants to make changes or just say '"don't do that"   or what.....
Comment 5 Steve Grubb 2010-06-17 19:28:21 UTC 
Found an easy fix for this problem. We can just use the stat mode that is handed to the file checker to make sure we are dealing with a regular file.
Comment 6 Steve Grubb 2010-06-17 21:16:50 UTC 
Built libcap-ng-0.6.4-3.el6 to resolve this problem.
Comment 9 releng-rhel@redhat.com 2010-11-10 21:02:06 UTC 
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.