mt76: kernel panic when using mkfs.ext2 on usb drive.
Username: Vadzim Dambrouski
Origin: https://bugs.openwrt.org/index.php?do=details&task_id=2305
Device: MT7621 Xiaomi Mi Router 3G
Version: OpenWrt SNAPSHOT, r10114+2-a1210f88
Steps to reproduce:
Run
mkfs.ext2 -L data /dev/sda2
Can reproduce consistently. The hard drive is powered from an external power supply so it’s not an electrical issue.
<0>[ 608.342771] usercopy: kernel memory exposure attempt detected from c0d173c1 (kmalloc-256) (71 bytes)
<4>[ 608.352010] Kernel bug detected[#1]:
<4>[ 608.355602] CPU: 0 PID: 2505 Comm: dropbear Not tainted 4.14.121 #0
<4>[ 608.361842] task: 8fdeea40 task.stack: 8b21a000
<4>[ 608.366346] $ 0 : 00000000 00000001 00000058 00000000
<4>[ 608.371558] $ 4 : 8121133c 8121133c 81215e78 00006990
<4>[ 608.376766] $ 8 : 00000000 0000015b 00000007 00000000
<4>[ 608.381975] $12 : 00000000 80590000 00053af3 00000000
<4>[ 608.387183] $16 : c0d173c1 00000047 00000001 c0d17408
<4>[ 608.392392] $20 : 8dbbfe00 8b21be3c 8b21bdf0 c0d17000
<4>[ 608.397601] $24 : 00000003 802a2780
<4>[ 608.402810] $28 : 8b21a000 8b21bd38 006b1029 80115df0
<4>[ 608.408019] Hi : 00000124
<4>[ 608.410880] Lo : 74e58000
<4>[ 608.413763] epc : 80115df0 __check_object_size+0x1b0/0x1e0
<4>[ 608.419395] ra : 80115df0 __check_object_size+0x1b0/0x1e0
<4>[ 608.425022] Status: 11008403 KERNEL EXL IE
<4>[ 608.429192] Cause : 50800024 (ExcCode 09)
<4>[ 608.433179] PrId : 0001992f (MIPS 1004Kc)
<4>[ 608.437250] Modules linked in: pppoe ppp_async pppox ppp_generic nf_conntrack_ipv6 mt76x2e mt76x2_common mt76x02_lib mt7603e mt76 mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_state xt_nat xt_multiport xt_mark xt_mac xt_limit xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_FLOWOFFLOAD slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack iptable_mangle iptable_filter ip_tables crc_ccitt compat fuse ledtrig_usbport nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 nfsv4 nfsd nfs rpcsec_gss_krb5 auth_rpcgss oid_registry tun loop vfat fat lockd sunrpc grace dns_resolver
<4>[ 608.508454] dm_mirror dm_region_hash dm_log dm_crypt dm_mod dax nls_utf8 nls_iso8859_1 nls_cp437 sha1_generic md5 hmac ecb des_generic cts cbc usb_storage leds_gpio xhci_plat_hcd xhci_pci xhci_mtk xhci_hcd sd_mod scsi_mod gpio_button_hotplug ext4 mbcache jbd2 usbcore nls_base usb_common crc32c_generic
<4>[ 608.535207] Process dropbear (pid: 2505, threadinfo=8b21a000, task=8fdeea40, tls=77fd2eb8)
<4>[ 608.543426] Stack : 00000000 80522e50 80517aa4 c0d173c1 80521640 00000047 00000000 00000047
<4>[ 608.551758] c0d173c1 c0d17000 000013c6 80292008 7fa9f4fc 7fa9f47c 00000000 00000000
<4>[ 608.560089] 8dbbfe00 c0d17000 7fffffff 006b1029 00010000 00000000 00000000 c0d17000
<4>[ 608.568421] 8dbbfe68 80294e84 8b21bdb8 8b21bdbc 8b21bdc0 8b21bdc4 00000001 00000000
<4>[ 608.576752] 006b102b 006b102a 8dbbff74 0000137f c0d19258 00000000 00000000 8b21bea0
<4>[ 608.585084] ...
<4>[ 608.587519] Call Trace:
<4>[ 608.589961] [<80115df0>] __check_object_size+0x1b0/0x1e0
<4>[ 608.595268] [<80292008>] copy_from_read_buf+0x90/0x1b0
<4>[ 608.600384] [<80294e84>] n_tty_read+0x6f4/0x8b4
<4>[ 608.604895] [<8028dd78>] tty_read+0xac/0x11c
<4>[ 608.609153] [<8011a89c>] __vfs_read+0x28/0x158
<4>[ 608.613576] [<8011aa9c>] vfs_read+0xd0/0x17c
<4>[ 608.617828] [<8011b01c>] SyS_read+0x58/0xc4
<4>[ 608.622004] [<80019578>] syscall_common+0x34/0x58
<4>[ 608.626690] Code: 02003825 0c01d530 24842e5c <000c000d> 8fb30028 8fb20024 8fb10020 8fb0001c 03e00008
<4>[ 608.636415]
<4>[ 608.638435] ---[ end trace 1fd93e66459e17ad ]---