View Issue Details

IDProjectCategoryView StatusLast Update
0015158CentOS-7selinux-policypublic2018-08-10 21:30
Reporterparkson 
PrioritynormalSeveritycrashReproducibilityalways
Status newResolutionopen 
Product Version7.5.1804 
Target VersionFixed in Version 
Summary0015158: dbus crashed in libselinux
DescriptionDuring upgrade of 3rd party software, dbus crashed. This is the stack trace we collected while debugging the problem:

Program received signal SIGHUP, Hangup.
[Switching to Thread 0x7f2a47314700 (LWP 793)]
0x00007f2a4a24d54b in raise () from /lib64/libpthread.so.0
(gdb)
Continuing.

Program received signal SIGHUP, Hangup.
0x00007f2a4a24d54b in raise () from /lib64/libpthread.so.0
(gdb) where
#0 0x00007f2a4a24d54b in raise () from /lib64/libpthread.so.0
#1 0x00007f2a4a891093 in avc_reset () from /lib64/libselinux.so.1
#2 0x00007f2a4a891ced in avc_ss_reset () from /lib64/libselinux.so.1
#3 0x00007f2a4a891ebd in avc_netlink_process () from /lib64/libselinux.so.1
#4 0x00007f2a4a892537 in avc_netlink_loop () from /lib64/libselinux.so.1
#5 0x00007f2a4a245dd5 in start_thread () from /lib64/libpthread.so.0
#6 0x00007f2a49f6fb3d in clone () from /lib64/libc.so.6
(gdb) info threads
  Id Target Id Frame
* 2 Thread 0x7f2a47314700 (LWP 793) "dbus-daemon" 0x00007f2a4a24d54b in raise () from /lib64/libpthread.so.0
  1 Thread 0x7f2a4b35a880 (LWP 780) "dbus-daemon" 0x00007f2a49f70113 in epoll_wait () from /lib64/libc.so.6
(gdb) thread apply all bt full

Thread 2 (Thread 0x7f2a47314700 (LWP 793)):
#0 0x00007f2a4a24d54b in raise () from /lib64/libpthread.so.0
No symbol table info available.
#1 0x00007f2a4a891093 in avc_reset () from /lib64/libselinux.so.1
No symbol table info available.
#2 0x00007f2a4a891ced in avc_ss_reset () from /lib64/libselinux.so.1
No symbol table info available.
#3 0x00007f2a4a891ebd in avc_netlink_process () from /lib64/libselinux.so.1
No symbol table info available.
#4 0x00007f2a4a892537 in avc_netlink_loop () from /lib64/libselinux.so.1
No symbol table info available.
#5 0x00007f2a4a245dd5 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#6 0x00007f2a49f6fb3d in clone () from /lib64/libc.so.6
No symbol table info available.

Thread 1 (Thread 0x7f2a4b35a880 (LWP 780)):
#0 0x00007f2a49f70113 in epoll_wait () from /lib64/libc.so.6
No symbol table info available.
#1 0x000055b04b709414 in socket_set_epoll_poll ()
No symbol table info available.
#2 0x000055b04b705423 in _dbus_loop_iterate ()
No symbol table info available.
#3 0x000055b04b7058c5 in _dbus_loop_run ()
No symbol table info available.
#4 0x000055b04b6ecbcc in main ()
No symbol table info available.
(gdb)


We looked at the source code of libselinux, the problem is in avc_reset, it walks the link list abc_callbacks which is not protected by mutex. The list is changed while it walks the link list, causing it to crash.
TagsNo tags attached.
abrt_hash
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-08-10 21:30 parkson New Issue