======================================================
WARNING: possible circular locking dependency detected
6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 Not tainted
------------------------------------------------------
syz.0.1886/19467 is trying to acquire lock:
ff60000029c09cc8 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline]
ff60000029c09cc8 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: process_measurement+0x362/0x2074 security/integrity/ima/ima_main.c:250

but task is already holding lock:
ff6000001b3df888 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:122 [inline]
ff6000001b3df888 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_remap_file_pages mm/mmap.c:1649 [inline]
ff6000001b3df888 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages mm/mmap.c:1624 [inline]
ff6000001b3df888 (&mm->mmap_lock){++++}-{3:3}, at: __riscv_sys_remap_file_pages+0x200/0x8d2 mm/mmap.c:1624

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&mm->mmap_lock){++++}-{3:3}:
       lock_acquire.part.0+0x2c6/0x81c kernel/locking/lockdep.c:5825
       lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5798
       down_read_killable+0xaa/0x5c0 kernel/locking/rwsem.c:1547
       mmap_read_lock_killable include/linux/mmap_lock.h:153 [inline]
       get_mmap_lock_carefully mm/memory.c:6108 [inline]
       lock_mm_and_find_vma+0x174/0x674 mm/memory.c:6159
       handle_page_fault+0x3b4/0x1588 arch/riscv/mm/fault.c:322
       do_page_fault+0x20/0x56 arch/riscv/kernel/traps.c:362
       _new_vmalloc_restore_context_a0+0xc2/0xce
       fault_in_readable+0x13c/0x254 mm/gup.c:2235

-> #0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}:
       check_noncircular+0x2ba/0x354 kernel/locking/lockdep.c:2206
       check_prev_add kernel/locking/lockdep.c:3161 [inline]
       check_prevs_add kernel/locking/lockdep.c:3280 [inline]
       validate_chain kernel/locking/lockdep.c:3904 [inline]
       __lock_acquire+0x2d00/0x8320 kernel/locking/lockdep.c:5202
       lock_acquire.part.0+0x2c6/0x81c kernel/locking/lockdep.c:5825
       lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5798
       down_write+0x9c/0x19c kernel/locking/rwsem.c:1577
       inode_lock include/linux/fs.h:815 [inline]
       process_measurement+0x362/0x2074 security/integrity/ima/ima_main.c:250
       ima_file_mmap+0x148/0x1de security/integrity/ima/ima_main.c:455
       security_mmap_file+0x782/0x854 security/security.c:2977
       __do_sys_remap_file_pages mm/mmap.c:1692 [inline]
       __se_sys_remap_file_pages mm/mmap.c:1624 [inline]
       __riscv_sys_remap_file_pages+0x36c/0x8d2 mm/mmap.c:1624
       syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
       do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
       _new_vmalloc_restore_context_a0+0xc2/0xce

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&mm->mmap_lock);
                               lock(&sb->s_type->i_mutex_key#12);
                               lock(&mm->mmap_lock);
  lock(&sb->s_type->i_mutex_key#12);

 *** DEADLOCK ***

1 lock held by syz.0.1886/19467:
 #0: ff6000001b3df888 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:122 [inline]
 #0: ff6000001b3df888 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_remap_file_pages mm/mmap.c:1649 [inline]
 #0: ff6000001b3df888 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages mm/mmap.c:1624 [inline]
 #0: ff6000001b3df888 (&mm->mmap_lock){++++}-{3:3}, at: __riscv_sys_remap_file_pages+0x200/0x8d2 mm/mmap.c:1624

stack backtrace:
CPU: 0 UID: 0 PID: 19467 Comm: syz.0.1886 Not tainted 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff8023a050>] print_circular_bug+0x6be/0x748 kernel/locking/lockdep.c:2074
[<ffffffff8023a394>] check_noncircular+0x2ba/0x354 kernel/locking/lockdep.c:2206
[<ffffffff80242576>] check_prev_add kernel/locking/lockdep.c:3161 [inline]
[<ffffffff80242576>] check_prevs_add kernel/locking/lockdep.c:3280 [inline]
[<ffffffff80242576>] validate_chain kernel/locking/lockdep.c:3904 [inline]
[<ffffffff80242576>] __lock_acquire+0x2d00/0x8320 kernel/locking/lockdep.c:5202
[<ffffffff80249eb6>] lock_acquire.part.0+0x2c6/0x81c kernel/locking/lockdep.c:5825
[<ffffffff8024a480>] lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5798
[<ffffffff85fef456>] down_write+0x9c/0x19c kernel/locking/rwsem.c:1577
[<ffffffff81124c94>] inode_lock include/linux/fs.h:815 [inline]
[<ffffffff81124c94>] process_measurement+0x362/0x2074 security/integrity/ima/ima_main.c:250
[<ffffffff81126ece>] ima_file_mmap+0x148/0x1de security/integrity/ima/ima_main.c:455
[<ffffffff8104cd2a>] security_mmap_file+0x782/0x854 security/security.c:2977
[<ffffffff8085368e>] __do_sys_remap_file_pages mm/mmap.c:1692 [inline]
[<ffffffff8085368e>] __se_sys_remap_file_pages mm/mmap.c:1624 [inline]
[<ffffffff8085368e>] __riscv_sys_remap_file_pages+0x36c/0x8d2 mm/mmap.c:1624
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce