Bug 595673 - Crash in kernel by running 'filecap /dev/watchdog'
Crash in kernel by running 'filecap /dev/watchdog'
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libcap-ng (Show other bugs)
6.0
x86_64 Linux
high Severity high
: rc
: ---
Assigned To: Steve Grubb
Eduard Benes
abrt_hash:2069189119
:
Depends On: 591813
Blocks: 519823 584207
  Show dependency treegraph
 
Reported: 2010-05-25 07:13 EDT by Eduard Benes
Modified: 2010-11-10 16:02 EST (History)
7 users (show)

See Also:
Fixed In Version: libcap-ng-0.6.4-3.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 591813
Environment:
Last Closed: 2010-11-10 16:02:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 1 Daniel Walsh 2010-06-15 16:25:58 EDT
Eric any update on this bug?
Comment 2 Eduard Benes 2010-06-16 05:11:16 EDT
Using Eric's program from the original bug (see comment 6) I was able to narrow
it down to just one file /dev/watchdog triggering the crash (and also a link in
/dev/char/10:130). 

Steps to reproduce:
1. Compile Eric's program from the original bug (comment #6) or use filecap
tool from libcap-ng-utils package.
2. Run it on /dev/watchdog:
  # ./bz591831 /dev/watchdog
  # filecap /dev/watchdog
3. Wait 20-30 seconds for the crash to occur 

Additional info:
Always reprducible on my system.
$ uname -a
Linux ****** 2.6.32-28.el6.x86_64 #1 SMP Thu May 20 14:03:38 EDT 2010 x86_64
x86_64 x86_64 GNU/Linux
Comment 3 Eric Paris 2010-06-16 16:17:22 EDT
This is expected behavior!  /dev/watchdog is backed by a hardware timer (if your system has it) which starts when the file is opened and panics if there is no write to the watchdog file in a short period of time.  The idea is that you an write a program in userspace that write to /dev/watchdog every second or two and the system will panic if userspace becomes unresponsive.

We might be able to report this against libcap-ng-utils and ask that its operation be changed from

open()
fgetxattr()
close()

to just use getxattr() without the open/close.

There is certainly no kernel bug here.  If you open /dev/watchdog and don't do anything else the system is supposed to panic.
Comment 4 Eric Paris 2010-06-16 16:30:21 EDT
I'm going to go ahead and reassign to libcap-ng-utils.   steve can decide if he wants to make changes or just say '"don't do that"   or what.....
Comment 5 Steve Grubb 2010-06-17 15:28:21 EDT
Found an easy fix for this problem. We can just use the stat mode that is handed to the file checker to make sure we are dealing with a regular file.
Comment 6 Steve Grubb 2010-06-17 17:16:50 EDT
Built libcap-ng-0.6.4-3.el6 to resolve this problem.
Comment 9 releng-rhel@redhat.com 2010-11-10 16:02:06 EST
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.