kernel bugs out when the selinux context is unset for some files. http://bpaste.net/show/ahb6OvMXoWJzcBw4Oisy/ Dec 24 18:32:43 storage kernel: ------------[ cut here ]------------ Dec 24 18:32:43 storage kernel: kernel BUG at security/selinux/ss/services.c:653! Dec 24 18:32:43 storage kernel: invalid opcode: 0000 [#10] SMP Dec 24 18:32:43 storage kernel: Modules linked in: Dec 24 18:32:43 storage kernel: CPU: 1 PID: 28301 Comm: ls Tainted: G D I 3.12.6-hardened #1 Dec 24 18:32:43 storage kernel: Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0 07/29/10 Dec 24 18:32:43 storage kernel: task: ffff880600806840 ti: ffff880600806cc0 task.ti: ffff880600806cc0 Dec 24 18:32:43 storage kernel: RIP: 0010:[<ffffffff8145a3f4>] [<ffffffff8145a3f4>] context_struct_compute_av+0xce/0x300 Dec 24 18:32:43 storage kernel: RSP: 0018:ffff880586df7c38 EFLAGS: 00010246 Dec 24 18:32:43 storage kernel: RAX: 0000000000000000 RBX: ffff880586df7d94 RCX: 0000000000000500 Dec 24 18:32:43 storage kernel: RDX: ffff8805edd5e000 RSI: 00000000ffffffff RDI: ffff8805edd57000 Dec 24 18:32:43 storage kernel: RBP: ffff880586df7cb8 R08: 0000000000000010 R09: 0000000000000006 Dec 24 18:32:43 storage kernel: R10: 0000000000000000 R11: ffff880590bdf000 R12: 0000000000000006 Dec 24 18:32:43 storage kernel: R13: ffff8805c7e2ab48 R14: 0000000000000211 R15: 0000000000000000 Dec 24 18:32:43 storage kernel: FS: 00007fe35218c800(0000) GS:ffff88061fc20000(0000) knlGS:0000000000000000 Dec 24 18:32:43 storage kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Dec 24 18:32:43 storage kernel: CR2: 00007fe3521a6a20 CR3: 00000005a731e000 CR4: 00000000000207f0 Dec 24 18:32:43 storage kernel: Stack: Dec 24 18:32:43 storage kernel: ffff880586df7c88 ffffffff81446f75 ffff880586df7c78 ffff8805ee362f00 Dec 24 18:32:43 storage kernel: ffff880590be74c8 ffff8805c7e2ab48 000688058bf76c00 ffff8805edd5e4f0 Dec 24 18:32:43 storage kernel: ffff8805be8cb600 000700060012bb00 ffff880586df7cc8 ffff880586df7d94 Dec 24 18:32:43 storage kernel: Call Trace: Dec 24 18:32:43 storage kernel: [<ffffffff81446f75>] ? get_vfs_caps_from_disk+0x5a/0xd5 Dec 24 18:32:43 storage kernel: [<ffffffff8145aa49>] security_compute_av+0xf4/0x20b Dec 24 18:32:43 storage kernel: [<ffffffff81944ef5>] avc_compute_av+0x2a/0x179 Dec 24 18:32:43 storage kernel: [<ffffffff81449613>] avc_has_perm+0x45/0xf4 Dec 24 18:32:43 storage kernel: [<ffffffff811b487c>] ? user_path_at_empty+0x60/0x90 Dec 24 18:32:43 storage kernel: [<ffffffff8144a1a6>] inode_has_perm+0x2a/0x31 Dec 24 18:32:43 storage kernel: [<ffffffff8144a30e>] selinux_inode_getattr+0x3c/0x3e Dec 24 18:32:43 storage kernel: [<ffffffff810668a1>] ? __do_page_fault+0x3ad/0x445 Dec 24 18:32:43 storage kernel: [<ffffffff8144808e>] security_inode_getattr+0x1b/0x22 Dec 24 18:32:43 storage kernel: [<ffffffff811aae95>] vfs_getattr+0x19/0x2d Dec 24 18:32:43 storage kernel: [<ffffffff811aaefd>] vfs_fstatat+0x54/0x91 Dec 24 18:32:43 storage kernel: [<ffffffff8194a399>] ? mutex_unlock+0x9/0xb Dec 24 18:32:43 storage kernel: [<ffffffff811aaf53>] vfs_lstat+0x19/0x1b Dec 24 18:32:43 storage kernel: [<ffffffff811ab096>] SyS_newlstat+0x15/0x30 Dec 24 18:32:43 storage kernel: [<ffffffff8112c493>] ? __audit_syscall_entry+0xa1/0xc3 Dec 24 18:32:43 storage kernel: [<ffffffff8194d19e>] system_call_fastpath+0x16/0x1b Dec 24 18:32:43 storage kernel: Code: 00 48 85 c0 48 89 45 b8 75 02 0f 0b 48 8b 45 a0 48 8b 3d 58 9d b8 00 8b 40 08 89 c6 ff ce e8 48 80 06 00 48 85 c0 49 89 c7 75 02 <0f> 0b 48 8b 45 b8 4c 8b 28 eb 1c 49 8d 7d 08 be 80 00 00 00 e8 Dec 24 18:32:43 storage kernel: RIP [<ffffffff8145a3f4>] context_struct_compute_av+0xce/0x300 Dec 24 18:32:43 storage kernel: RSP <ffff880586df7c38> Dec 24 18:32:43 storage kernel: ---[ end trace 5c4074a8d4084c4b ]--- and here's a sysrq-w on after trying to unlink the file. http://bpaste.net/show/HNO3ghIP9QnrbSgxRSwV/ Dec 24 19:29:48 storage kernel: SysRq : Show Blocked State Dec 24 19:29:48 storage kernel: task PC stack pid father Dec 24 19:29:48 storage kernel: unlink D 000000000000000b 0 30952 29199 0x00000080 Dec 24 19:29:48 storage kernel: ffff8805743452e8 0000000000000086 ffff8805ea9f5080 ffff8805ea9f5500 Dec 24 19:29:48 storage kernel: ffff8805ea9f5500 000000000000e800 ffff880606cd7140 ffff8805ea9f5080 Dec 24 19:29:48 storage kernel: 000000000000002c 000000000000002c ffff880574345298 0000000000000246 Dec 24 19:29:48 storage kernel: Call Trace: Dec 24 19:29:48 storage kernel: [<ffffffff81940f31>] ? printk+0x5c/0x5e Dec 24 19:29:48 storage kernel: [<ffffffff8194b6ff>] schedule+0x60/0x62 Dec 24 19:29:48 storage kernel: [<ffffffff810ca3be>] do_exit+0xff/0x8c5 Dec 24 19:29:49 storage kernel: [<ffffffff81940f31>] ? printk+0x5c/0x5e Dec 24 19:29:49 storage kernel: [<ffffffff810cac8e>] do_group_exit+0x68/0x9b Dec 24 19:29:49 storage kernel: [<ffffffff8103b504>] oops_end+0xa9/0xb2 Dec 24 19:29:49 storage kernel: [<ffffffff8194062f>] no_context+0x283/0x2af Dec 24 19:29:49 storage kernel: [<ffffffff8194098a>] __bad_area_nosemaphore+0x1be/0x1df Dec 24 19:29:49 storage kernel: [<ffffffff81940a46>] bad_area+0x42/0x49 Dec 24 19:29:49 storage kernel: [<ffffffff814bbbc3>] ? put_dec+0x54/0x59 Dec 24 19:29:49 storage kernel: [<ffffffff81066711>] __do_page_fault+0x21d/0x445 Dec 24 19:29:49 storage kernel: [<ffffffff814bc300>] ? number.isra.1+0x128/0x238 Dec 24 19:29:49 storage kernel: [<ffffffff8117ca2a>] ? cache_alloc_refill+0x93/0x24c Dec 24 19:29:49 storage kernel: [<ffffffff814bbbc3>] ? put_dec+0x54/0x59 Dec 24 19:29:49 storage kernel: [<ffffffff814bc300>] ? number.isra.1+0x128/0x238 Dec 24 19:29:49 storage kernel: [<ffffffff81066961>] do_page_fault+0x9/0xb Dec 24 19:29:49 storage kernel: [<ffffffff8194ccc2>] page_fault+0x22/0x30 Dec 24 19:29:49 storage kernel: [<ffffffff814bb3c8>] ? strlen+0xc/0x16 Dec 24 19:29:49 storage kernel: [<ffffffff814c2498>] ? flex_array_get_ptr+0x9/0x17 Dec 24 19:29:49 storage kernel: [<ffffffff81459028>] context_struct_to_string+0x78/0x1dd Dec 24 19:29:49 storage kernel: [<ffffffff814597b1>] security_sid_to_context_core+0xf3/0x10e Dec 24 19:29:49 storage kernel: [<ffffffff8145ac8c>] security_sid_to_context+0xb/0xd Dec 24 19:29:49 storage kernel: [<ffffffff8144a78c>] selinux_secid_to_secctx+0x9/0xb Dec 24 19:29:49 storage kernel: [<ffffffff81447a12>] security_secid_to_secctx+0x11/0x13 Dec 24 19:29:49 storage kernel: [<ffffffff8112835c>] audit_log_name+0x183/0x24c Dec 24 19:29:49 storage kernel: [<ffffffff8112b076>] audit_log_exit+0xbe3/0xc9a Dec 24 19:29:49 storage kernel: [<ffffffff810ef21c>] ? sched_clock_cpu+0x43/0xcc Dec 24 19:29:49 storage kernel: [<ffffffff810ffed3>] ? log_store+0x181/0x1a5 Dec 24 19:29:49 storage kernel: [<ffffffff810e5b85>] ? lock_hrtimer_base.isra.30+0x22/0x46 Dec 24 19:29:49 storage kernel: [<ffffffff8112c2c2>] __audit_free+0x75/0x1a5 Dec 24 19:29:49 storage kernel: [<ffffffff810ca4d2>] do_exit+0x213/0x8c5 Dec 24 19:29:49 storage kernel: [<ffffffff81940f31>] ? printk+0x5c/0x5e Dec 24 19:29:49 storage kernel: [<ffffffff810cac8e>] do_group_exit+0x68/0x9b Dec 24 19:29:49 storage kernel: [<ffffffff8103b504>] oops_end+0xa9/0xb2 Dec 24 19:29:49 storage kernel: [<ffffffff8103b639>] die+0x55/0x60 Dec 24 19:29:49 storage kernel: [<ffffffff8103893e>] do_trap+0x69/0x135 Dec 24 19:29:49 storage kernel: [<ffffffff810e73fb>] ? __atomic_notifier_call_chain+0xd/0xf Dec 24 19:29:49 storage kernel: [<ffffffff81038bf9>] do_invalid_op+0x91/0x9a Dec 24 19:29:49 storage kernel: [<ffffffff8145a3f4>] ? context_struct_compute_av+0xce/0x300 Dec 24 19:29:49 storage kernel: [<ffffffff814bc44d>] ? string.isra.3+0x3d/0xa2 Dec 24 19:29:49 storage kernel: [<ffffffff814bd391>] ? vsnprintf+0x1d0/0x449 Dec 24 19:29:49 storage kernel: [<ffffffff8194e2a8>] invalid_op+0x18/0x20 Dec 24 19:29:49 storage kernel: [<ffffffff8145a3f4>] ? context_struct_compute_av+0xce/0x300 Dec 24 19:29:49 storage kernel: [<ffffffff8145a3ec>] ? context_struct_compute_av+0xc6/0x300 Dec 24 19:29:49 storage kernel: [<ffffffff814492e4>] ? avc_audit_pre_callback+0x106/0x106 Dec 24 19:29:49 storage kernel: [<ffffffff8145aa49>] security_compute_av+0xf4/0x20b Dec 24 19:29:49 storage kernel: [<ffffffff81944ef5>] avc_compute_av+0x2a/0x179 Dec 24 19:29:49 storage kernel: [<ffffffff814494b9>] ? slow_avc_audit+0x57/0x62 Dec 24 19:29:49 storage kernel: [<ffffffff81449613>] avc_has_perm+0x45/0xf4 Dec 24 19:29:49 storage kernel: [<ffffffff8144dc1f>] may_link.isra.29+0xbf/0xd2 Dec 24 19:29:49 storage kernel: [<ffffffff8144dc58>] selinux_inode_unlink+0x12/0x14 Dec 24 19:29:49 storage kernel: [<ffffffff81447f79>] security_inode_unlink+0x1b/0x22 Dec 24 19:29:49 storage kernel: [<ffffffff811b2888>] vfs_unlink+0x5b/0xdb Dec 24 19:29:49 storage kernel: [<ffffffff811b2a3e>] do_unlinkat+0x136/0x217 Dec 24 19:29:49 storage kernel: [<ffffffff811b4d8c>] SyS_unlink+0x11/0x13 Dec 24 19:29:49 storage kernel: [<ffffffff8194d19e>] system_call_fastpath+0x16/0x1b Dec 24 19:29:49 storage kernel: unlink D ffff8805e4acc100 0 30958 1 0x00000084 Dec 24 19:29:49 storage kernel: ffff880570e01d78 0000000000000082 ffff8805e4acc100 ffff8805e4acc580 Dec 24 19:29:49 storage kernel: ffff8805e4acc580 000000000000e800 ffffffff81d27900 ffff8805e4acc100 Dec 24 19:29:49 storage kernel: ffff880570e01cd8 ffffffff811c4a5e ffff880570e01d48 0000000000000014 Dec 24 19:29:49 storage kernel: Call Trace: Dec 24 19:29:49 storage kernel: [<ffffffff811c4a5e>] ? generic_getxattr+0x47/0x59 Dec 24 19:29:49 storage kernel: [<ffffffff81446f75>] ? get_vfs_caps_from_disk+0x5a/0xd5 Dec 24 19:29:49 storage kernel: [<ffffffff811c0efb>] ? mntput_no_expire+0x3b/0x12c Dec 24 19:29:49 storage kernel: [<ffffffff811281ab>] ? audit_copy_inode+0x58/0x86 Dec 24 19:29:49 storage kernel: [<ffffffff8194b6ff>] schedule+0x60/0x62 Dec 24 19:29:49 storage kernel: [<ffffffff8194b91c>] schedule_preempt_disabled+0x9/0xb Dec 24 19:29:49 storage kernel: [<ffffffff8194a504>] __mutex_lock_slowpath+0x169/0x27f Dec 24 19:29:49 storage kernel: [<ffffffff8194a629>] mutex_lock+0xf/0x21 Dec 24 19:29:49 storage kernel: [<ffffffff811b29b2>] do_unlinkat+0xaa/0x217 Dec 24 19:29:49 storage kernel: [<ffffffff811b4d8c>] SyS_unlink+0x11/0x13 Dec 24 19:29:49 storage kernel: [<ffffffff8194d19e>] system_call_fastpath+0x16/0x1b The fix for me was rebooting with selinux=0 and manually setting the context (or removing the files). I have since rebooted and can successfully run 'rlpkg -a -r (relabel all the things), I could not before.
I helped Matthew to debug this. What happened is that security.selinux on a file was set to an empty string. This caused the kernel to hit BUG_ON(!tattr); in context_struct_compute_av() whenever an ls was done on the file. It also prevented attempts to unlink the file or change the context until the system was booted with SELinux disabled. I believe that I can fix this by inserting a special case into inode_doinit_with_dentry(), but it is not clear to me that would be a complete fix. In specific, it is not clear to me whether this bug occurs because an invalid context and an empty context are treated the same or different. My intuition is that the upstream code already handles non-empty invalid context settings, but someone needs to test that. If that is the case, a trivial hack-fix can be done. However, it would be best to modify the logic that handles non-empty invalid contexts to also handle empty contexts correctly. Since I do not run SELinux, I cannot really go much further by eyeballing this without spending an inordinate amount of time on it.
Is this one related to bug 489598?
Empty security.selinux labels shouldn't exist. They might be missing (no label), or set to an invalid type. When a context is invalid, SELinux usually displays it as "system_u:object_r:file_t" (or "system_u:object_r:file_t:s0" for MLS enabled ones) which is the "default" type for files that should never be used (because it refers to an invalid/wrong context).
I think this may be fixed here. http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16335
not sure if it's the same bug because I am running sys-apps/coreutils-8.20
Created attachment 369504 [details, diff] the fix This is suposed to be upstreamed (into 3.14) and also backported.
this was merged into 3.14-rc2
this has been merged into the stable linux trees by greg, gonna close this as fixed upstream
