audit: type=1400 audit(1549216902.120:8): avc: denied { map } for pid=1799 comm="syz-executor992" path="/dev/ashmem" dev="devtmpfs" ino=5422 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 ====================================================== WARNING: possible circular locking dependency detected 4.14.97+ #1 Not tainted ------------------------------------------------------ syz-executor992/1812 is trying to acquire lock: (&mm->mmap_sem){++++}, at: [] __do_page_fault+0x871/0xb80 arch/x86/mm/fault.c:1361 but task is already holding lock: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] inode_lock include/linux/fs.h:715 [inline] (&sb->s_type->i_mutex_key#10){+.+.}, at: [] generic_file_write_iter+0x99/0x650 mm/filemap.c:3187 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&sb->s_type->i_mutex_key#10){+.+.}: -> #1 (ashmem_mutex){+.+.}: -> #0 (&mm->mmap_sem){++++}: other info that might help us debug this: Chain exists of: &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#10 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sb->s_type->i_mutex_key#10); lock(ashmem_mutex); lock(&sb->s_type->i_mutex_key#10); lock(&mm->mmap_sem); *** DEADLOCK *** 2 locks held by syz-executor992/1812: #0: (sb_writers#6){.+.+}, at: [] file_start_write include/linux/fs.h:2726 [inline] #0: (sb_writers#6){.+.+}, at: [] vfs_write+0x3d8/0x4d0 fs/read_write.c:545 #1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] inode_lock include/linux/fs.h:715 [inline] #1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] generic_file_write_iter+0x99/0x650 mm/filemap.c:3187 stack backtrace: CPU: 0 PID: 1812 Comm: syz-executor992 Not tainted 4.14.97+ #1 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x10e lib/dump_stack.c:53 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258