[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   39.426259] random: sshd: uninitialized urandom read (32 bytes read)
[   39.833094] kauditd_printk_skb: 4 callbacks suppressed
[   39.833103] audit: type=1400 audit(1561341646.518:35): avc:  denied  { map } for  pid=7081 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   39.889992] random: sshd: uninitialized urandom read (32 bytes read)
[   40.492970] random: sshd: uninitialized urandom read (32 bytes read)
[   40.689357] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts.
[   46.260103] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   46.388832] audit: type=1400 audit(1561341653.068:36): avc:  denied  { map } for  pid=7093 comm="syz-executor582" path="/root/syz-executor582239611" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   46.403206] 
[   46.416823] ======================================================
[   46.423121] WARNING: possible circular locking dependency detected
[   46.429420] 4.14.129 #23 Not tainted
[   46.433107] ------------------------------------------------------
[   46.439405] syz-executor582/7093 is trying to acquire lock:
[   46.445100]  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff81a6d906>] do_io_accounting+0x1d6/0x7b0
[   46.454251] 
[   46.454251] but task is already holding lock:
[   46.460211]  (&p->lock){+.+.}, at: [<ffffffff81952ba1>] seq_read+0xc1/0x1280
[   46.467413] 
[   46.467413] which lock already depends on the new lock.
[   46.467413] 
[   46.475724] 
[   46.475724] the existing dependency chain (in reverse order) is:
[   46.483344] 
[   46.483344] -> #3 (&p->lock){+.+.}:
[   46.488472]        lock_acquire+0x16f/0x430
[   46.492797]        __mutex_lock+0xe8/0x1470
[   46.497099]        mutex_lock_nested+0x16/0x20
[   46.501683]        seq_read+0xc1/0x1280
[   46.505637]        do_iter_read+0x3e2/0x5b0
[   46.509964]        vfs_readv+0xd3/0x130
[   46.513919]        default_file_splice_read+0x421/0x7b0
[   46.519279]        do_splice_to+0x105/0x170
[   46.523595]        splice_direct_to_actor+0x222/0x7b0
[   46.528761]        do_splice_direct+0x18d/0x230
[   46.533408]        do_sendfile+0x4db/0xbd0
[   46.537623]        SyS_sendfile64+0x102/0x110
[   46.542121]        do_syscall_64+0x1e8/0x640
[   46.546509]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   46.552473] 
[   46.552473] -> #2 (sb_writers#4){.+.+}:
[   46.557921]        lock_acquire+0x16f/0x430
[   46.562226]        __sb_start_write+0x1ae/0x2f0
[   46.566875]        mnt_want_write+0x3f/0xb0
[   46.571205]        ovl_want_write+0x76/0xa0
[   46.575533]        ovl_xattr_set+0x4f/0x270
[   46.579842]        ovl_posix_acl_xattr_set+0x3f9/0x830
[   46.585133]        __vfs_setxattr+0xd8/0x130
[   46.589571]        __vfs_setxattr_noperm+0x102/0x3c0
[   46.594672]        vfs_setxattr+0xc5/0xf0
[   46.598797]        setxattr+0x1de/0x350
[   46.602768]        path_setxattr+0x11f/0x140
[   46.607157]        SyS_setxattr+0x3b/0x50
[   46.611285]        do_syscall_64+0x1e8/0x640
[   46.615673]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   46.621358] 
[   46.621358] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}:
[   46.628105]        lock_acquire+0x16f/0x430
[   46.632407]        down_read+0x3b/0xb0
[   46.636285]        path_openat+0x191c/0x3f70
[   46.640668]        do_filp_open+0x18e/0x250
[   46.644966]        do_open_execat+0xe7/0x4a0
[   46.649384]        do_execveat_common.isra.0+0x6d2/0x1dd0
[   46.654921]        SyS_execveat+0x4f/0x60
[   46.659049]        do_syscall_64+0x1e8/0x640
[   46.663433]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   46.669118] 
[   46.669118] -> #0 (&sig->cred_guard_mutex){+.+.}:
[   46.675431]        __lock_acquire+0x2c89/0x45e0
[   46.680082]        lock_acquire+0x16f/0x430
[   46.684386]        __mutex_lock+0xe8/0x1470
[   46.688702]        mutex_lock_killable_nested+0x16/0x20
[   46.694066]        do_io_accounting+0x1d6/0x7b0
[   46.698736]        proc_tid_io_accounting+0x20/0x30
[   46.703765]        proc_single_show+0xf0/0x160
[   46.708340]        seq_read+0x51a/0x1280
[   46.712388]        do_iter_read+0x3e2/0x5b0
[   46.716702]        vfs_readv+0xd3/0x130
[   46.720656]        default_file_splice_read+0x421/0x7b0
[   46.726003]        do_splice_to+0x105/0x170
[   46.730310]        splice_direct_to_actor+0x222/0x7b0
[   46.735487]        do_splice_direct+0x18d/0x230
[   46.740160]        do_sendfile+0x4db/0xbd0
[   46.744378]        SyS_sendfile64+0x102/0x110
[   46.748859]        do_syscall_64+0x1e8/0x640
[   46.753277]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   46.758968] 
[   46.758968] other info that might help us debug this:
[   46.758968] 
[   46.767091] Chain exists of:
[   46.767091]   &sig->cred_guard_mutex --> sb_writers#4 --> &p->lock
[   46.767091] 
[   46.777763]  Possible unsafe locking scenario:
[   46.777763] 
[   46.783809]        CPU0                    CPU1
[   46.788463]        ----                    ----
[   46.793105]   lock(&p->lock);
[   46.796185]                                lock(sb_writers#4);
[   46.802132]                                lock(&p->lock);
[   46.807753]   lock(&sig->cred_guard_mutex);
[   46.812053] 
[   46.812053]  *** DEADLOCK ***
[   46.812053] 
[   46.819118] 2 locks held by syz-executor582/7093:
[   46.823934]  #0:  (sb_writers#4){.+.+}, at: [<ffffffff818d3212>] do_sendfile+0x912/0xbd0
[   46.832155]  #1:  (&p->lock){+.+.}, at: [<ffffffff81952ba1>] seq_read+0xc1/0x1280
[   46.839792] 
[   46.839792] stack backtrace:
[   46.844273] CPU: 1 PID: 7093 Comm: syz-executor582 Not tainted 4.14.129 #23
[   46.851613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.865311] Call Trace:
[   46.867888]  dump_stack+0x138/0x19c
[   46.871503]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   46.876878]  __lock_acquire+0x2c89/0x45e0
[   46.881007]  ? trace_hardirqs_on+0x10/0x10
[   46.885247]  ? trace_hardirqs_on+0x10/0x10
[   46.889470]  lock_acquire+0x16f/0x430
[   46.893253]  ? do_io_accounting+0x1d6/0x7b0
[   46.897578]  ? do_io_accounting+0x1d6/0x7b0
[   46.901886]  __mutex_lock+0xe8/0x1470
[   46.905690]  ? do_io_accounting+0x1d6/0x7b0
[   46.910010]  ? __lock_acquire+0x5f9/0x45e0
[   46.914263]  ? kvmalloc_node+0x4e/0xe0
[   46.918222]  ? seq_read+0x916/0x1280
[   46.921918]  ? do_iter_read+0x3e2/0x5b0
[   46.925895]  ? do_io_accounting+0x1d6/0x7b0
[   46.930201]  ? do_splice_to+0x105/0x170
[   46.934166]  ? splice_direct_to_actor+0x222/0x7b0
[   46.938993]  ? do_sendfile+0x4db/0xbd0
[   46.942889]  ? mutex_trylock+0x1c0/0x1c0
[   46.946931]  ? trace_hardirqs_on+0x10/0x10
[   46.951185]  ? save_trace+0x290/0x290
[   46.954978]  mutex_lock_killable_nested+0x16/0x20
[   46.959816]  ? find_held_lock+0x35/0x130
[   46.963883]  ? mutex_lock_killable_nested+0x16/0x20
[   46.968883]  do_io_accounting+0x1d6/0x7b0
[   46.973014]  ? get_pid_task+0x98/0x140
[   46.977039]  ? dname_to_vma_addr.isra.0+0x1f0/0x1f0
[   46.982040]  proc_tid_io_accounting+0x20/0x30
[   46.986518]  proc_single_show+0xf0/0x160
[   46.990562]  seq_read+0x51a/0x1280
[   46.994083]  ? seq_lseek+0x3c0/0x3c0
[   46.997805]  ? security_file_permission+0x89/0x1f0
[   47.002747]  ? rw_verify_area+0xea/0x2b0
[   47.006819]  do_iter_read+0x3e2/0x5b0
[   47.010609]  vfs_readv+0xd3/0x130
[   47.014041]  ? compat_rw_copy_check_uvector+0x310/0x310
[   47.019413]  ? push_pipe+0x3e6/0x780
[   47.023111]  ? iov_iter_get_pages_alloc+0x2c9/0xef0
[   47.028112]  ? iov_iter_revert+0x9c0/0x9c0
[   47.032329]  ? iov_iter_pipe+0x9f/0x2c0
[   47.036299]  default_file_splice_read+0x421/0x7b0
[   47.041157]  ? __kmalloc+0x15d/0x7a0
[   47.044860]  ? alloc_pipe_info+0x15c/0x380
[   47.049129]  ? splice_direct_to_actor+0x5d2/0x7b0
[   47.054002]  ? do_splice_direct+0x18d/0x230
[   47.058309]  ? do_splice_direct+0x230/0x230
[   47.062612]  ? trace_hardirqs_on+0x10/0x10
[   47.066826]  ? save_trace+0x290/0x290
[   47.070607]  ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300
[   47.077260]  ? fsnotify+0x11e0/0x11e0
[   47.081057]  ? __inode_security_revalidate+0xd6/0x130
[   47.086342]  ? avc_policy_seqno+0x9/0x20
[   47.090396]  ? selinux_file_permission+0x85/0x480
[   47.095225]  ? security_file_permission+0x89/0x1f0
[   47.100140]  ? rw_verify_area+0xea/0x2b0
[   47.104183]  ? do_splice_direct+0x230/0x230
[   47.108488]  do_splice_to+0x105/0x170
[   47.112282]  splice_direct_to_actor+0x222/0x7b0
[   47.117127]  ? generic_pipe_buf_nosteal+0x10/0x10
[   47.122149]  ? do_splice_to+0x170/0x170
[   47.126110]  ? rw_verify_area+0xea/0x2b0
[   47.130180]  do_splice_direct+0x18d/0x230
[   47.134365]  ? splice_direct_to_actor+0x7b0/0x7b0
[   47.139225]  ? rcu_sync_lockdep_assert+0x6d/0xb0
[   47.143973]  ? __sb_start_write+0x153/0x2f0
[   47.148302]  do_sendfile+0x4db/0xbd0
[   47.152097]  ? do_compat_pwritev64+0x140/0x140
[   47.156669]  ? do_sys_open+0x221/0x430
[   47.160541]  SyS_sendfile64+0x102/0x110
[   47.164494]  ? SyS_sendfile+0x130/0x130
[   47.168446]  ? do_syscall_64+0x53/0x640
[   47.172405]  ? SyS_sendfile+0x130/0x130
[   47.176360]  do_syscall_64+0x1e8/0x640
[   47.180229]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   47.185061]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   47.190256] RIP: 0033:0