======================================================
WARNING: possible circular locking dependency detected
6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 Not tainted
------------------------------------------------------
syz.1.626/6260 is trying to acquire lock:
ff6000001ba1d688 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:122 [inline]
ff6000001ba1d688 (&mm->mmap_lock){++++}-{3:3}, at: upgrade_mmap_lock_carefully mm/memory.c:6132 [inline]
ff6000001ba1d688 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x24c/0x674 mm/memory.c:6185

but task is already holding lock:
ff6000002d904a48 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline]
ff6000002d904a48 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x78/0x136 mm/shmem.c:3211

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}:
       lock_acquire.part.0+0x2c6/0x81c kernel/locking/lockdep.c:5825
       lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5798
       down_write+0x9c/0x19c kernel/locking/rwsem.c:1577
       inode_lock include/linux/fs.h:815 [inline]
       process_measurement+0x362/0x2074 security/integrity/ima/ima_main.c:250
       ima_file_mmap+0x148/0x1de security/integrity/ima/ima_main.c:455
       security_mmap_file+0x782/0x854 security/security.c:2977
       __do_sys_remap_file_pages mm/mmap.c:1692 [inline]
       __se_sys_remap_file_pages mm/mmap.c:1624 [inline]
       __riscv_sys_remap_file_pages+0x36c/0x8d2 mm/mmap.c:1624
       syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
       do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
       _new_vmalloc_restore_context_a0+0xc2/0xce

-> #0 (&mm->mmap_lock){++++}-{3:3}:
       check_noncircular+0x2ba/0x354 kernel/locking/lockdep.c:2206
       check_prev_add kernel/locking/lockdep.c:3161 [inline]
       check_prevs_add kernel/locking/lockdep.c:3280 [inline]
       validate_chain kernel/locking/lockdep.c:3904 [inline]
       __lock_acquire+0x2d00/0x8320 kernel/locking/lockdep.c:5202
       lock_acquire.part.0+0x2c6/0x81c kernel/locking/lockdep.c:5825
       lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5798
       down_write_killable+0xa4/0x260 kernel/locking/rwsem.c:1588
       mmap_write_lock_killable include/linux/mmap_lock.h:122 [inline]
       upgrade_mmap_lock_carefully mm/memory.c:6132 [inline]
       lock_mm_and_find_vma+0x24c/0x674 mm/memory.c:6185
       handle_page_fault+0x3b4/0x1588 arch/riscv/mm/fault.c:322
       do_page_fault+0x20/0x56 arch/riscv/kernel/traps.c:362
       _new_vmalloc_restore_context_a0+0xc2/0xce
       fault_in_readable+0x13c/0x254 mm/gup.c:2235

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sb->s_type->i_mutex_key#12);
                               lock(&mm->mmap_lock);
                               lock(&sb->s_type->i_mutex_key#12);
  lock(&mm->mmap_lock);

 *** DEADLOCK ***

3 locks held by syz.1.626/6260:
 #0: ff6000001b2a5438 (&f->f_pos_lock){+.+.}-{3:3}, at: fdget_pos+0x24c/0x330 fs/file.c:1187
 #1: ff6000002cd96420 (sb_writers#5){.+.+}-{0:0}, at: __sb_start_write include/linux/fs.h:1716 [inline]
 #1: ff6000002cd96420 (sb_writers#5){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1852 [inline]
 #1: ff6000002cd96420 (sb_writers#5){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2931 [inline]
 #1: ff6000002cd96420 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x728/0x9b4 fs/read_write.c:679
 #2: ff6000002d904a48 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline]
 #2: ff6000002d904a48 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x78/0x136 mm/shmem.c:3211

stack backtrace:
CPU: 1 UID: 0 PID: 6260 Comm: syz.1.626 Not tainted 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff8023a050>] print_circular_bug+0x6be/0x748 kernel/locking/lockdep.c:2074
[<ffffffff8023a394>] check_noncircular+0x2ba/0x354 kernel/locking/lockdep.c:2206
[<ffffffff80242576>] check_prev_add kernel/locking/lockdep.c:3161 [inline]
[<ffffffff80242576>] check_prevs_add kernel/locking/lockdep.c:3280 [inline]
[<ffffffff80242576>] validate_chain kernel/locking/lockdep.c:3904 [inline]
[<ffffffff80242576>] __lock_acquire+0x2d00/0x8320 kernel/locking/lockdep.c:5202
[<ffffffff80249eb6>] lock_acquire.part.0+0x2c6/0x81c kernel/locking/lockdep.c:5825
[<ffffffff8024a480>] lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5798
[<ffffffff85fef5fa>] down_write_killable+0xa4/0x260 kernel/locking/rwsem.c:1588
[<ffffffff80824b6e>] mmap_write_lock_killable include/linux/mmap_lock.h:122 [inline]
[<ffffffff80824b6e>] upgrade_mmap_lock_carefully mm/memory.c:6132 [inline]
[<ffffffff80824b6e>] lock_mm_and_find_vma+0x24c/0x674 mm/memory.c:6185
[<ffffffff80023db8>] handle_page_fault+0x3b4/0x1588 arch/riscv/mm/fault.c:322
[<ffffffff85fd9cd6>] do_page_fault+0x20/0x56 arch/riscv/kernel/traps.c:362
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
[<ffffffff807f4472>] fault_in_readable+0x13c/0x254 mm/gup.c:2235