Brume 2 reboots from memory issue? bug? exploit?

Had a GL-MT2500 Brume 2 reboot a few times today, seemingly aggravated by actively serving as an exit node through Tailscale while I was also SSH’d into the router and looking at logs and such.
Memory corruption? Some bug? Some exploit being attempted against it?

Wed Jan 17 16:12:23 2024 kern.alert kernel: [  627.040374] BUG: Bad page map in process login  pte:c483940e6303f7a6 pmd:7a3e7003
Wed Jan 17 16:12:23 2024 kern.alert kernel: [  627.048048] addr:0000007fa8800000 vm_flags:00000875 anon_vma:0000000000000000 mapping:ffffff803e716e28 index:8
Wed Jan 17 16:12:23 2024 kern.alert kernel: [  627.059525] file:libc.so fault:filemap_fault mmap:generic_file_readonly_mmap readpage:squashfs_readpage
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.070241] CPU: 0 PID: 5814 Comm: login Not tainted 5.4.211 #0
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.076367] Hardware name: GL.iNet GL-MT2500 (DT)
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.081056] Call trace:
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.083497]  dump_backtrace+0x0/0x198
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.087147]  show_stack+0x14/0x20
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.090451]  dump_stack+0xb4/0xf4
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.093754]  print_bad_pte+0x164/0x1b0
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.097490]  vm_normal_page+0x94/0xb0
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.101139]  unmap_page_range+0x434/0x840
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.105136]  unmap_single_vma+0x38/0x40
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.108958]  unmap_vmas+0x58/0x78
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.112260]  exit_mmap+0x90/0x138
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.115563]  mmput+0x48/0x120
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.118520]  do_exit+0x270/0x8f8
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.121736]  do_group_exit+0x40/0xa8
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.125299]  __arm64_sys_exit_group+0x14/0x18
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.129643]  el0_svc_common.constprop.2+0x7c/0x110
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.134420]  el0_svc_handler+0x20/0x80
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.138156]  el0_svc+0x8/0x680
Wed Jan 17 16:12:23 2024 kern.warn kernel: [  627.141237] Disabling lock debugging due to kernel taint
Wed Jan 17 16:12:23 2024 kern.alert kernel: [  627.146804] BUG: Bad page map in process login  pte:20000048c7da27 pmd:7a3e7003
Wed Jan 17 16:12:23 2024 kern.warn kernel: [  627.154185] page:ffffffff00031f40 refcount:0 mapcount:-1 mapping:0000000000000000 index:0x0
Wed Jan 17 16:12:23 2024 kern.warn kernel: [  627.162550] flags: 0x0()
Wed Jan 17 16:12:23 2024 kern.warn kernel: [  627.165098] raw: 0000000000000000 ffffffff00031f48 ffffffff00031f48 0000000000000000
Wed Jan 17 16:12:23 2024 kern.warn kernel: [  627.172972] raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000
Wed Jan 17 16:12:23 2024 kern.warn kernel: [  627.180732] page dumped because: bad pte
Wed Jan 17 16:12:23 2024 kern.alert kernel: [  627.184657] addr:0000007fa8801000 vm_flags:00000875 anon_vma:0000000000000000 mapping:ffffff803e716e28 index:9
Wed Jan 17 16:12:23 2024 kern.alert kernel: [  627.194654] file:libc.so fault:filemap_fault mmap:generic_file_readonly_mmap readpage:squashfs_readpage
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.204042] CPU: 0 PID: 5814 Comm: login Tainted: G    B             5.4.211 #0
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.211332] Hardware name: GL.iNet GL-MT2500 (DT)
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.216021] Call trace:
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.218458]  dump_backtrace+0x0/0x198
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.222109]  show_stack+0x14/0x20
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.225414]  dump_stack+0xb4/0xf4
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.228717]  print_bad_pte+0x164/0x1b0
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.232453]  unmap_page_range+0x658/0x840
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.236449]  unmap_single_vma+0x38/0x40
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.240271]  unmap_vmas+0x58/0x78
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.243573]  exit_mmap+0x90/0x138
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.246876]  mmput+0x48/0x120
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.249832]  do_exit+0x270/0x8f8
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.253048]  do_group_exit+0x40/0xa8
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.256611]  __arm64_sys_exit_group+0x14/0x18
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.260956]  el0_svc_common.constprop.2+0x7c/0x110
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.265734]  el0_svc_handler+0x20/0x80
Wed Jan 17 16:12:23 2024 kern.debug kernel: [  627.269469]  el0_svc+0x8/0x680
Wed Jan 17 16:12:23 2024 kern.alert kernel: [  627.273019] BUG: Bad rss-counter state mm:0000000089e0a993 type:MM_FILEPAGES val:1

another reboot:

Wed Jan 17 22:17:35 2024 kern.alert kernel: [19544.484921] Unable to handle kernel paging request at virtual address 18ffff803be69040
Wed Jan 17 22:17:35 2024 kern.alert kernel: [19544.492896] Mem abort info:
Wed Jan 17 22:17:35 2024 kern.alert kernel: [19544.495712]   ESR = 0x96000004
Wed Jan 17 22:17:35 2024 kern.alert kernel: [19544.498759]   EC = 0x25: DABT (current EL), IL = 32 bits
Wed Jan 17 22:17:35 2024 kern.alert kernel: [19544.504087]   SET = 0, FnV = 0
Wed Jan 17 22:17:35 2024 kern.alert kernel: [19544.507131]   EA = 0, S1PTW = 0
Wed Jan 17 22:17:35 2024 kern.alert kernel: [19544.510272] Data abort info:
Wed Jan 17 22:17:35 2024 kern.alert kernel: [19544.513167]   ISV = 0, ISS = 0x00000004
Wed Jan 17 22:17:35 2024 kern.alert kernel: [19544.517023]   CM = 0, WnR = 0
Wed Jan 17 22:17:35 2024 kern.alert kernel: [19544.520001] [18ffff803be69040] address between user and kernel address ranges
Wed Jan 17 22:17:35 2024 kern.emerg kernel: [19544.527144] Internal error: Oops: 96000004 [#1] SMP

Wild… & distrubing. Backup your confs. Reflash stable… hell; flash by U-boot if you think it needs to go that far. I know I would.

Unfortunately I won’t have physical access to it for a while, so I’ll just be doing some remote administration and tweaking. Nothing really needs to be backed up, the config is dead simple.

See, you say that… but I think we both know how these kind of things can grow to get outta hand, amirite?

Here; toss this into a bash alias:

sysupgrade -b "/root/backup-${HOSTNAME}-$(cat /sys/class/net/eth0/address | tr '[:lower:]' '[:upper:]' | tr -d ':')-$(date +'%Y-%m-%d-%H%M%S').tar.gz"

You can check/add files to the resulting tarball in /etc/sysupgrade.conf before you scp it down.