kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 19167 Comm: syz-executor.0 Not tainted 4.9.141+ #23 task: ffff88019aaf0000 task.stack: ffff8801a8e30000 RIP: 0010:[] [] ebitmap_destroy+0x32/0x100 security/selinux/ss/ebitmap.c:331 RSP: 0018:ffff8801a8e373d8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff88019e7a6100 RCX: ffffc90000b58000 RDX: 0000000000000001 RSI: ffffffff81a17f01 RDI: 0000000000000008 RBP: ffff8801a8e373f8 R08: ffff88019aaf0920 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801cd574780 R13: 1ffff100351c6e87 R14: 0000000000000008 R15: ffff8801a8e37498 FS: 0000000000000000(0000) GS:ffff8801db600000(0063) knlGS:00000000f557fb40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00000000200e0000 CR3: 00000001cbfb1000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff88019e7a6100 ffff8801cd574780 1ffff100351c6e87 00000000ffffffea ffff8801a8e37418 ffffffff81a20997 ffff8801a8e378f8 ffff88019e7a6100 ffff8801a8e374c0 ffffffff81a2124e ffff8801d25fc630 000000000000005a Call Trace: [] sens_destroy+0x47/0x90 security/selinux/ss/policydb.c:729 [] sens_read+0x1de/0x360 security/selinux/ss/policydb.c:1630 [] policydb_read+0xdba/0x2390 security/selinux/ss/policydb.c:2367 [] security_load_policy+0x264/0x9b0 security/selinux/ss/services.c:2067 [] sel_write_load+0x19b/0xfa0 security/selinux/selinuxfs.c:522 [] __vfs_write+0x115/0x580 fs/read_write.c:507 [] vfs_write+0x187/0x520 fs/read_write.c:557 [] SYSC_write fs/read_write.c:604 [inline] [] SyS_write+0xd9/0x1c0 fs/read_write.c:596 [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 Code: 89 fe 41 55 41 54 53 e8 6d 3b 90 ff 4d 85 f6 0f 84 a6 00 00 00 e8 5f 3b 90 ff 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 a5 00 00 00 49 8b 1e 48 85 db 74 32 49 bd 00 RIP [] ebitmap_destroy+0x32/0x100 security/selinux/ss/ebitmap.c:331 RSP audit_printk_skb: 1311 callbacks suppressed audit: type=1400 audit(1574438612.573:48848): avc: denied { create } for pid=19175 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574438612.573:48849): avc: denied { sys_admin } for pid=2080 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574438612.583:48850): avc: denied { sys_admin } for pid=2080 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574438612.583:48851): avc: denied { sys_admin } for pid=2080 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574438612.593:48852): avc: denied { sys_admin } for pid=2080 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574438612.623:48853): avc: denied { sys_admin } for pid=2081 comm="syz-executor.3" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574438612.623:48854): avc: denied { sys_admin } for pid=2081 comm="syz-executor.3" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574438612.623:48855): avc: denied { net_admin } for pid=2080 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574438612.623:48856): avc: denied { dac_override } for pid=2081 comm="syz-executor.3" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574438612.623:48857): avc: denied { sys_admin } for pid=2081 comm="syz-executor.3" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 netlink: 184 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 184 bytes leftover after parsing attributes in process `syz-executor.4'. ---[ end trace af2faaa05129a9d5 ]---