Hi All,
I am seeing kernel panic in
selinux code sometime during boot up and on random scenarios. Has anyone
encountered similar issue. Any help in this is highly appreciated.
Case 1:
Device crashes during boot
time. The crash happened at task_has_perm() as the real_cred->security was
0x7(freed) . so I think this is a race condition between calling task_has_perm
and switching credential data of the task.
Case 2:
kernel panic at
security_cred_free->kfree
Code snippet
static void selinux_cred_free(struct cred
*cred)
{
struct task_security_struct
*tsec = cred->security;
/*
* cred->security == NULL if
security_cred_alloc_blank() or
* security_prepare_creds()
returned an error.
*/
BUG_ON(cred->security
&& (unsigned long) cred->security < PAGE_SIZE);
cred->security = (void *)
0x7UL;
kfree(tsec);
}
Case 1 logs:
16.406699:
<6> chmod (1290): undefined instruction: pc=b6e675a8
16.406741:
<6> Code: ea000002 00000000 f26ee1fe e12fff1e (ee190f1d)
16.865789:
<6> binder: 307:307 BC_REQUEST_DEATH_NOTIFICATION death
notification already set
16.911807:
<6> usb_notifier: usb: usbgadget_ready,gadget_state:2
16.913535:
<6> RKP RO CRED ALLOC -> order 0, c1542000
17.001396:
<6> Unable to handle kernel NULL pointer dereference at virtual
address 0000000b
17.001444:
<6> pgd = c0004000
17.001469:
<2> [0000000b] *pgd=00000000
17.001538:
<6> Internal error: Oops: 5 [#1] PREEMPT SMP ARM
17.001575:
<2> Modules linked in: mhi(O)
17.001611:
<6> CPU: 1 PID: 1320 Comm: kworker/u8:5 Tainted: G
W O 3.10.40-3767095 #1
17.001650:
<6> task: f5661a40 ti: f3aa0000 task.ti: f3aa0000
17.001684:
<2> PC is at task_has_perm+0x1c/0x58
17.001711:
<2> LR is at task_has_perm+0x14/0x58
17.001744:
<2> pc : [<c0376504>] lr : [<c03764fc>]
psr: 600f0013
sp : f3aa1eb8 ip :
c1514480 fp : f3aa0000
17.001801:
<2> r10: fffffff6 r9 : f3aa1f68 r8 : f3aa0000
17.001831:
<2> r7 : f3e1de80 r6 : f5661a40 r5 : f44fc440 r4
: 00000004
17.001863:
<2> r3 : 00000007 r2 : 00000001 r1 : f5661a40 r0
: f44fc440
17.001897:
<2> Flags: nZCv IRQs on FIQs on Mode SVC_32
ISA ARM Segment kernel
17.001932:
<2> Control: 10c5787d Table: 3456406a DAC: 00000015
17.001965:
<2>
PC: 0xc0376484:
....
....
17.008257:
<2> [<c0376504>] (task_has_perm+0x1c/0x58) from
[<c0374770>] (security_task_wait+0x14/0x1c)
17.008313:
<2> [<c0374770>] (security_task_wait+0x14/0x1c) from
[<c0179364>] (wait_consider_task+0x74/0xaa0)
17.008367:
<2> [<c0179364>] (wait_consider_task+0x74/0xaa0) from
[<c0179ee8>] (do_wait+0x158/0x268)
17.008422:
<2> [<c0179ee8>] (do_wait+0x158/0x268) from
[<c017a3e8>] (SyS_wait4+0xa0/0xc0)
17.008469:
<2> [<c017a3e8>] (SyS_wait4+0xa0/0xc0) from
[<c018b9f0>] (wait_for_helper+0x7c/0xa0)
17.008521:
<2> [<c018b9f0>] (wait_for_helper+0x7c/0xa0) from
[<c0105fd8>] (ret_from_fork+0x14/0x3c)
17.008567:
<6> Code: e1a04002 ebf86d6c e5953350 e593305c (e5937004)
17.008628:
<6> ---[ end trace dec6997083161641 ]---
17.008660:
<6> Kernel panic - not syncing: Fatal exception
Case 2 logs :
210667.169453:
<6> Unable to handle kernel paging request at virtual address 1c314076
210667.169468:
<6> pgd = c0004000
210667.169477:
<2> [1c314076] *pgd=00000000
210667.169491:
<6> Internal error: Oops: 5 [#1] PREEMPT SMP ARM
210667.169500:
<2> Modules linked in: touchx [last unloaded: wlan]
210667.169523:
<6> CPU: 3 PID: 24 Comm: ksoftirqd/3 Tainted: G
W O 3.10.40-eng-g3951ac3 #1
210667.169532:
<6> task: e76a0a80 ti: e76aa000 task.ti: e76aa000
210667.169546:
<2> PC is at kfree+0xdc/0x220
210667.169562:
<2> LR is at security_cred_free+0x14/0x1c
210667.169571:
<2> pc : [<c02395f0>] lr : [<c035e7a4>]
psr: 000f0013
sp : e76abe60 ip :
c0191a68 fp : 00000fff
210667.169581:
<2> r10: 00000001 r9 : 00000008 r8 : c119b440
210667.169589:
<2> r7 : c124fc40 r6 : e76aa000 r5 : 90520440 r4 :
1c314076
210667.169597:
<2> r3 : 50f1f241 r2 : c5000000 r1 : 1c314076 r0 :
90520440
210667.169606:
<2> Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA
ARM Segment kernel
210667.169615:
<2> Control: 10c5787d Table: 2357c06a DAC: 00000015
210667.169624:
<2>
....
....
210667.172236:
<2> [<c02395f0>] (kfree+0xdc/0x220) from [<c035e7a4>]
(security_cred_free+0x14/0x1c)
210667.172255:
<2> [<c035e7a4>] (security_cred_free+0x14/0x1c) from [<c0191a98>]
(put_cred_rcu+0x30/0xac)
210667.172274:
<2> [<c0191a98>] (put_cred_rcu+0x30/0xac) from [<c01da6cc>]
(rcu_process_callbacks+0x338/0x590)
210667.172294:
<2> [<c01da6cc>] (rcu_process_callbacks+0x338/0x590) from
[<c0174598>] (__do_softirq+0x150/0x2b4)
210667.172311:
<2> [<c0174598>] (__do_softirq+0x150/0x2b4) from [<c0174720>]
(run_ksoftirqd+0x24/0x58)
210667.172327:
<2> [<c0174720>] (run_ksoftirqd+0x24/0x58) from [<c0193708>]
(smpboot_thread_fn+0x20c/0x224)
210667.172343:
<2> [<c0193708>] (smpboot_thread_fn+0x20c/0x224) from
[<c018c3b0>] (kthread+0xa0/0xac)
210667.172360:
<2> [<c018c3b0>] (kthread+0xa0/0xac) from [<c0105f18>]
(ret_from_fork+0x14/0x3c)
210667.172372:
<6> Code: f57ff05f e7923003 e3130902 11a04001 (e5943000)
210667.172382: <6>
---[ end trace e99c3ffdc45a06ec ]---
210667.186836:
<6> Kernel panic - not syncing: Fatal exception in interrupt
Thanks,
Avijit
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
