Created attachment 1201426 [details]
File: backtrace

Created attachment 1201427 [details]
File: cgroup

Created attachment 1201428 [details]
File: core_backtrace

Created attachment 1201429 [details]
File: dso_list

Created attachment 1201430 [details]
File: environ

Created attachment 1201431 [details]
File: limits

Created attachment 1201432 [details]
File: maps

Created attachment 1201433 [details]
File: mountinfo

Created attachment 1201434 [details]
File: namespaces

Created attachment 1201435 [details]
File: open_fds

Created attachment 1201436 [details]
File: proc_pid_status

Created attachment 1201437 [details]
File: var_log_messages

Would you be able to provide more information about the issue? 
Specifically the following would be helpfull:
   What were you doing when the issue occured?
   Are you able to reproduce it?
   Is the rest of the system up to date (libselinux)?

I am trying to come up with more information. Every 4 hours or so I get a CPU halting. Things continue running on the single core that is left but any call to systemd hangs, so reboot or poweroff are not possible. In fact any diagnostics I have tried have failed to produce any output I could save.

I have been using docker to run services, currently I am playing around with samba, apache, postgres and jasperserver in an attempt to provide test service environments.

There are two things that could cause network configuration changes as appears to have been happening. The first is me restarting containers, with perhaps changes on the ports used and firewalls. The second is that I have two wireless networks I connect to that can access the server, so the laptop path changes (IPs should remain the same).

The system is a new system built about two months ago. It is updated about once or twice a week. The Docker images are also rebuilt on a regular basis.

On the particular question of libselinux I have set selinux mode to permissive due to the number of problems I am having with docker containers. With the intention of switching it back on and fixing when the services are presented to the world. 

I hope this helps. If you need more details and can tell me what you want then I will get back to you as soon as I can.

Thanks for the report. A reproducer for this issue is quite simple:

$ ln -s /etc/resolv.conf $HOME

$ matchpathcon /$HOME/resolv.conf
*** Error in `matchpathcon': free(): invalid pointer: 0x00000000008068b1 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7c503)[0x7fa9a19dc503]
/lib64/libselinux.so.1(realpath_not_final+0xc0)[0x7fa9a1d36d50]
/lib64/libselinux.so.1(matchpathcon+0xce)[0x7fa9a1d36eee]
matchpathcon[0x401215]
matchpathcon[0x400f68]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fa9a1981b35]
matchpathcon[0x4010f2]


or

$ restorecon /$HOME/resolv.conf  
*** Error in `restorecon': free(): invalid pointer: 0x00007f127c44b5f1 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7c503)[0x7f127abb6503]
/lib64/libselinux.so.1(realpath_not_final+0xc0)[0x7f127b3d0d50]
restorecon(+0x39fb)[0x7f127b8079fb]
restorecon(+0x3bab)[0x7f127b807bab]
restorecon(+0x2443)[0x7f127b806443]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f127ab5bb35]
restorecon(+0x264f)[0x7f127b80664f]

The problem is in realpath_not_final():

350 int realpath_not_final(const char *name, char *resolved_path)
351 {
...
357         tmp_path = strdup(name);
...
365         /* strip leading // */
366         while (tmp_path[len] && tmp_path[len] == '/' &&
367                tmp_path[len+1] && tmp_path[len+1] == '/') {
368                 tmp_path++;
369                 len++;
370         }

tmp_path pointer is moved forward.

405 out:
406         free(tmp_path);
407         return rc;
408 }

and here is an attempt to free() the moved pointer.

Pull request:
https://github.com/fedora-selinux/selinux/pull/30

Please use the following scratch build until fixed package is available.
http://koji.fedoraproject.org/koji/taskinfo?taskID=16196593

The fix appears to clear up a number of probelms I had with SELinux. I have been running with SELinux enabled for a few days without any problems.

Thanks

Thanks for the testing!

Upstream commit - https://github.com/SELinuxProject/selinux/commit/0776dca5758af7c64435c7cead44517e768e5a52

libselinux-2.5-13.fc25 policycoreutils-2.5-18.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-17b60ec8d1

secilc-2.5-6.fc24 checkpolicy-2.5-8.fc24 policycoreutils-2.5-15.fc24 libsemanage-2.5-6.fc24 libselinux-2.5-12.fc24 libsepol-2.5-10.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-e780970d04

libselinux-2.5-13.fc25, policycoreutils-2.5-18.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-17b60ec8d1

checkpolicy-2.5-8.fc24, libselinux-2.5-12.fc24, libsemanage-2.5-6.fc24, libsepol-2.5-10.fc24, policycoreutils-2.5-15.fc24, secilc-2.5-6.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-e780970d04

libselinux-2.5-13.fc25, policycoreutils-2.5-18.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

checkpolicy-2.5-8.fc24, libselinux-2.5-12.fc24, libsemanage-2.5-6.fc24, libsepol-2.5-10.fc24, policycoreutils-2.5-15.fc24, secilc-2.5-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.