random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1546744502.281:7): avc:  denied  { map } for  pid=1783 comm="syz-executor242" path="/root/syz-executor242195828" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
audit: type=1400 audit(1546744502.301:8): avc:  denied  { map } for  pid=1784 comm="syz-executor242" path="/dev/ashmem" dev="devtmpfs" ino=5416 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
======================================================
WARNING: possible circular locking dependency detected
4.14.91+ #3 Not tainted
------------------------------------------------------
syz-executor242/1785 is trying to acquire lock:
 (&mm->mmap_sem){++++}, at: [<ffffffffa8cb4991>] __do_page_fault+0x871/0xb80 arch/x86/mm/fault.c:1361

but task is already holding lock:
 (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffffa9029249>] inode_lock include/linux/fs.h:715 [inline]
 (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffffa9029249>] generic_file_write_iter+0x99/0x650 mm/filemap.c:3187

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&sb->s_type->i_mutex_key#10){+.+.}:

-> #1 (ashmem_mutex){+.+.}:

-> #0 (&mm->mmap_sem){++++}:

other info that might help us debug this:

Chain exists of:
  &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#10

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sb->s_type->i_mutex_key#10);
                               lock(ashmem_mutex);
                               lock(&sb->s_type->i_mutex_key#10);
  lock(&mm->mmap_sem);

 *** DEADLOCK ***

2 locks held by syz-executor242/1785:
 #0:  (sb_writers#6){.+.+}, at: [<ffffffffa9157cc8>] file_start_write include/linux/fs.h:2726 [inline]
 #0:  (sb_writers#6){.+.+}, at: [<ffffffffa9157cc8>] vfs_write+0x3d8/0x4d0 fs/read_write.c:545
 #1:  (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffffa9029249>] inode_lock include/linux/fs.h:715 [inline]
 #1:  (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffffa9029249>] generic_file_write_iter+0x99/0x650 mm/filemap.c:3187

stack backtrace:
CPU: 0 PID: 1785 Comm: syz-executor242 Not tainted 4.14.91+ #3
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x10e lib/dump_stack.c:53
 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258
audit: type=1400 audit(1546744504.951:9): avc:  denied  { map } for  pid=2644 comm="syz-executor242" path=2F6D656D66643A5B27706F7369785F61636C5F616363657373202864656C6574656429 dev="tmpfs" ino=8240 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1
audit: type=1400 audit(1546744505.901:10): avc:  denied  { map } for  pid=2675 comm="syz-executor242" path="pipe:[7719]" dev="pipefs" ino=7719 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1
random: crng init done