Bug 595673 - Crash in kernel by running 'filecap /dev/watchdog'
Summary: Crash in kernel by running 'filecap /dev/watchdog'
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libcap-ng
Version: 6.0
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Steve Grubb
QA Contact: Eduard Benes
URL:
Whiteboard: abrt_hash:2069189119
Depends On: 591813
Blocks: 519823 584207
TreeView+ depends on / blocked
 
Reported: 2010-05-25 11:13 UTC by Eduard Benes
Modified: 2010-11-10 21:02 UTC (History)
7 users (show)

Fixed In Version: libcap-ng-0.6.4-3.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 591813
Environment:
Last Closed: 2010-11-10 21:02:06 UTC
Target Upstream Version:


Attachments (Terms of Use)

Comment 1 Daniel Walsh 2010-06-15 20:25:58 UTC
Eric any update on this bug?

Comment 2 Eduard Benes 2010-06-16 09:11:16 UTC
Using Eric's program from the original bug (see comment 6) I was able to narrow
it down to just one file /dev/watchdog triggering the crash (and also a link in
/dev/char/10:130). 

Steps to reproduce:
1. Compile Eric's program from the original bug (comment #6) or use filecap
tool from libcap-ng-utils package.
2. Run it on /dev/watchdog:
  # ./bz591831 /dev/watchdog
  # filecap /dev/watchdog
3. Wait 20-30 seconds for the crash to occur 

Additional info:
Always reprducible on my system.
$ uname -a
Linux ****** 2.6.32-28.el6.x86_64 #1 SMP Thu May 20 14:03:38 EDT 2010 x86_64
x86_64 x86_64 GNU/Linux

Comment 3 Eric Paris 2010-06-16 20:17:22 UTC
This is expected behavior!  /dev/watchdog is backed by a hardware timer (if your system has it) which starts when the file is opened and panics if there is no write to the watchdog file in a short period of time.  The idea is that you an write a program in userspace that write to /dev/watchdog every second or two and the system will panic if userspace becomes unresponsive.

We might be able to report this against libcap-ng-utils and ask that its operation be changed from

open()
fgetxattr()
close()

to just use getxattr() without the open/close.

There is certainly no kernel bug here.  If you open /dev/watchdog and don't do anything else the system is supposed to panic.

Comment 4 Eric Paris 2010-06-16 20:30:21 UTC
I'm going to go ahead and reassign to libcap-ng-utils.   steve can decide if he wants to make changes or just say '"don't do that"   or what.....

Comment 5 Steve Grubb 2010-06-17 19:28:21 UTC
Found an easy fix for this problem. We can just use the stat mode that is handed to the file checker to make sure we are dealing with a regular file.

Comment 6 Steve Grubb 2010-06-17 21:16:50 UTC
Built libcap-ng-0.6.4-3.el6 to resolve this problem.

Comment 9 releng-rhel@redhat.com 2010-11-10 21:02:06 UTC
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.