kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 19167 Comm: syz-executor.0 Not tainted 4.9.141+ #23
task: ffff88019aaf0000 task.stack: ffff8801a8e30000
RIP: 0010:[<ffffffff81a17f12>]  [<ffffffff81a17f12>] ebitmap_destroy+0x32/0x100 security/selinux/ss/ebitmap.c:331
RSP: 0018:ffff8801a8e373d8  EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff88019e7a6100 RCX: ffffc90000b58000
RDX: 0000000000000001 RSI: ffffffff81a17f01 RDI: 0000000000000008
RBP: ffff8801a8e373f8 R08: ffff88019aaf0920 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801cd574780
R13: 1ffff100351c6e87 R14: 0000000000000008 R15: ffff8801a8e37498
FS:  0000000000000000(0000) GS:ffff8801db600000(0063) knlGS:00000000f557fb40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000200e0000 CR3: 00000001cbfb1000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff88019e7a6100 ffff8801cd574780 1ffff100351c6e87 00000000ffffffea
 ffff8801a8e37418 ffffffff81a20997 ffff8801a8e378f8 ffff88019e7a6100
 ffff8801a8e374c0 ffffffff81a2124e ffff8801d25fc630 000000000000005a
Call Trace:
 [<ffffffff81a20997>] sens_destroy+0x47/0x90 security/selinux/ss/policydb.c:729
 [<ffffffff81a2124e>] sens_read+0x1de/0x360 security/selinux/ss/policydb.c:1630
 [<ffffffff81a2b1ea>] policydb_read+0xdba/0x2390 security/selinux/ss/policydb.c:2367
 [<ffffffff81a3ba84>] security_load_policy+0x264/0x9b0 security/selinux/ss/services.c:2067
 [<ffffffff81a1233b>] sel_write_load+0x19b/0xfa0 security/selinux/selinuxfs.c:522
 [<ffffffff81508085>] __vfs_write+0x115/0x580 fs/read_write.c:507
 [<ffffffff8150ab97>] vfs_write+0x187/0x520 fs/read_write.c:557
 [<ffffffff8150e9c9>] SYSC_write fs/read_write.c:604 [inline]
 [<ffffffff8150e9c9>] SyS_write+0xd9/0x1c0 fs/read_write.c:596
 [<ffffffff81006311>] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline]
 [<ffffffff81006311>] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390
 [<ffffffff82818de0>] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137
Code: 89 fe 41 55 41 54 53 e8 6d 3b 90 ff 4d 85 f6 0f 84 a6 00 00 00 e8 5f 3b 90 ff 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 a5 00 00 00 49 8b 1e 48 85 db 74 32 49 bd 00 
RIP  [<ffffffff81a17f12>] ebitmap_destroy+0x32/0x100 security/selinux/ss/ebitmap.c:331
 RSP <ffff8801a8e373d8>
audit_printk_skb: 1311 callbacks suppressed
audit: type=1400 audit(1574438612.573:48848): avc:  denied  { create } for  pid=19175 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574438612.573:48849): avc:  denied  { sys_admin } for  pid=2080 comm="syz-executor.5" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574438612.583:48850): avc:  denied  { sys_admin } for  pid=2080 comm="syz-executor.5" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574438612.583:48851): avc:  denied  { sys_admin } for  pid=2080 comm="syz-executor.5" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574438612.593:48852): avc:  denied  { sys_admin } for  pid=2080 comm="syz-executor.5" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574438612.623:48853): avc:  denied  { sys_admin } for  pid=2081 comm="syz-executor.3" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574438612.623:48854): avc:  denied  { sys_admin } for  pid=2081 comm="syz-executor.3" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574438612.623:48855): avc:  denied  { net_admin } for  pid=2080 comm="syz-executor.5" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574438612.623:48856): avc:  denied  { dac_override } for  pid=2081 comm="syz-executor.3" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574438612.623:48857): avc:  denied  { sys_admin } for  pid=2081 comm="syz-executor.3" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
netlink: 184 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 184 bytes leftover after parsing attributes in process `syz-executor.4'.
---[ end trace af2faaa05129a9d5 ]---