Bug 866558

Summary: [abrt] SIGSEGV with NULL avc at "sepol_policydb_free(avc->policydb)" in audit2why.c:finish
Product: [Fedora] Fedora Reporter: rtrcwby
Component: libselinuxAssignee: Daniel Walsh <dwalsh>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: bkabrda, dmalcolm, dwalsh, ivazqueznet, jonathansteffan, mgrepl, tomspur
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:7a57d9b2652a9fe09efe4655455c0f86cfaad2cb
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-01 18:42:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: core_backtrace
none
File: environ
none
File: limits
none
File: backtrace
none
File: cgroup
none
File: smolt_data
none
File: maps
none
File: dso_list
none
File: build_ids
none
File: var_log_messages
none
File: open_fds none

Description rtrcwby 2012-10-15 15:47:44 UTC 
Version-Release number of selected component:
python-2.7.3-6.fc17

Additional info:
libreport version: 2.0.13
abrt_version:   2.0.10
backtrace_rating: 4
cmdline:        /usr/bin/python -Es /usr/bin/audit2allow -w
crash_function: finish
kernel:         3.3.4-5.fc17.x86_64

truncated backtrace:
:Thread no. 1 (10 frames)
: #0 finish at audit2why.c
: #1 call_function at /usr/src/debug/Python-2.7.3/Python/ceval.c
: #2 PyEval_EvalFrameEx at /usr/src/debug/Python-2.7.3/Python/ceval.c
: #3 fast_function at /usr/src/debug/Python-2.7.3/Python/ceval.c
: #4 call_function at /usr/src/debug/Python-2.7.3/Python/ceval.c
: #5 PyEval_EvalFrameEx at /usr/src/debug/Python-2.7.3/Python/ceval.c
: #6 fast_function at /usr/src/debug/Python-2.7.3/Python/ceval.c
: #7 call_function at /usr/src/debug/Python-2.7.3/Python/ceval.c
: #8 PyEval_EvalFrameEx at /usr/src/debug/Python-2.7.3/Python/ceval.c
: #9 fast_function at /usr/src/debug/Python-2.7.3/Python/ceval.c
Comment 1 rtrcwby 2012-10-15 15:47:47 UTC 
Created attachment 627533 [details]
File: core_backtrace
Comment 2 rtrcwby 2012-10-15 15:47:49 UTC 
Created attachment 627534 [details]
File: environ
Comment 3 rtrcwby 2012-10-15 15:47:51 UTC 
Created attachment 627535 [details]
File: limits
Comment 4 rtrcwby 2012-10-15 15:47:53 UTC 
Created attachment 627536 [details]
File: backtrace
Comment 5 rtrcwby 2012-10-15 15:47:54 UTC 
Created attachment 627537 [details]
File: cgroup
Comment 6 rtrcwby 2012-10-15 15:47:56 UTC 
Created attachment 627538 [details]
File: smolt_data
Comment 7 rtrcwby 2012-10-15 15:47:58 UTC 
Created attachment 627539 [details]
File: maps
Comment 8 rtrcwby 2012-10-15 15:47:59 UTC 
Created attachment 627540 [details]
File: dso_list
Comment 9 rtrcwby 2012-10-15 15:48:01 UTC 
Created attachment 627541 [details]
File: build_ids
Comment 10 rtrcwby 2012-10-15 15:48:02 UTC 
Created attachment 627542 [details]
File: var_log_messages
Comment 11 rtrcwby 2012-10-15 15:48:05 UTC 
Created attachment 627543 [details]
File: open_fds
Comment 12 Dave Malcolm 2012-10-15 16:01:12 UTC 
Thanks for filing this bug report.

What is the output of running:

  rpm -q policycoreutils policycoreutils-python


Looking at attachment 627536 [details] I see that a segmentation fault happened in:

#0  0x00007f20085723dc in finish (self=<optimized out>, args=<optimized out>) at audit2why.c:174
174			sepol_policydb_free(avc->policydb);


   0x00007f20085723d5 <+133>:	mov    0x228b9c(%rip),%rax        # 0x7f200879af78 <avc>
=> 0x00007f20085723dc <+140>:	mov    0x8(%rax),%rdi
   0x00007f20085723e0 <+144>:	callq  0x7f2008571880 <sepol_policydb_free@plt>

and that rax was 0.

Hence this looks like a NULL pointer dereference, with avc == NULL at 

  174			sepol_policydb_free(avc->policydb);

within audit2why.c

Reassigning component to policycoreutils
Comment 13 Daniel Walsh 2012-10-15 19:14:20 UTC 
Could you attach the avc messages used to create this crash
Comment 14 Daniel Walsh 2012-10-15 19:28:51 UTC 
Actually I see the problem.
Comment 15 Daniel Walsh 2012-10-16 17:16:18 UTC 
Fixed in libselinux-2.1.10-5.fc17
Comment 16 Fedora End Of Life 2013-07-04 07:00:28 UTC 
This message is a reminder that Fedora 17 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 17. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '17'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 17's end of life.

Bug Reporter:  Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 17 is end of life. If you 
would still like  to see this bug fixed and are able to reproduce it 
against a later version  of Fedora, you are encouraged  change the 
'version' to a later Fedora version prior to Fedora 17's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 17 Fedora End Of Life 2013-08-01 18:42:47 UTC 
Fedora 17 changed to end-of-life (EOL) status on 2013-07-30. Fedora 17 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.