program: r0 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xc4, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x2c}, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x60}, {0x0, 0x1000000000000401, 0xfffffffffffffffe, 0x40000000, 0x0, 0x1a, 0x1, 0xfffffffffffffffe}, {0x77, 0x5, 0x0, 0x7fff}, 0x8, 0x0, 0x1, 0x0, 0x3}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0) sendto$inet6(r2, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c) r4 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r4, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes128, 0x0, '\x00', @a}) chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00') ioctl$FS_IOC_MEASURE_VERITY(r1, 0xc0046686, &(0x7f0000000700)={0x2, 0xf5, "8ec87a8c383758eb2ad79de71acb3298f241218ba1992f791a8cef9be600bd9e0365cff2c0a68d193e44165101ad0fdfb6d72e8e8524ffcc1169f5da29fb6b9bf2a3a8e393501e5f941904749b4b02c1e6a27b258b14d2a9e85929be84f36a676213c17ccec169e1414c70da8525038d68e65d0561865eb526bf1724929e4f207823c95822537e55b2d07a5e0e871a8feceaff76144967a349e0b1004ead172cf1d329a4d871a951117118fbefc22853cd124bd56b19ba28bb39f48d89392e6829b76fcb69ba893fe02878d3f781476fd4885c85aaed1209b33c57711e06dbef16e5db44612f5265656b7e70f80592cd3ba0942b8c"}) sendmsg$IPCTNL_MSG_CT_DELETE(r1, 0x0, 0x20040000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r4, 0xc0406619, &(0x7f0000000080)={@id={0x2, 0x0, @a}}) open_tree(0xffffffffffffff9c, 0x0, 0x89901) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, &(0x7f0000000040)={@id={0x2, 0x0, @a}}) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r5, &(0x7f0000003980)={0x2020}, 0x2020) [ 75.752657][ T5314] Bluetooth: hci0: command tx timeout [ 75.786853][ T5335] loop0: detected capacity change from 0 to 128 [ 75.833759][ T5335] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 75.859163][ T5335] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 75.907617][ T5335] fscrypt: AES-128-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 76.155857][ T5335] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-lib)" [ 76.162217][ T5340] fscrypt: loop0: 2 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751 [ 76.171528][ T5336] fscrypt: loop0: 2 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751 [ 76.243014][ T74] [ 76.244057][ T74] ====================================================== [ 76.246787][ T74] WARNING: possible circular locking dependency detected [ 76.249799][ T74] syzkaller #0 Not tainted [ 76.251715][ T74] ------------------------------------------------------ [ 76.254914][ T74] kswapd0/74 is trying to acquire lock: [ 76.257820][ T74] ffff8880420f4098 (&type->lock_class){+.+.}-{4:4}, at: keyring_clear+0xaf/0x240 [ 76.262556][ T74] [ 76.262556][ T74] but task is already holding lock: [ 76.265662][ T74] ffffffff8de44f40 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x951/0x2800 [ 76.269064][ T74] [ 76.269064][ T74] which lock already depends on the new lock. [ 76.269064][ T74] [ 76.273383][ T74] [ 76.273383][ T74] the existing dependency chain (in reverse order) is: [ 76.277092][ T74] [ 76.277092][ T74] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 76.280149][ T74] lock_acquire+0x120/0x360 [ 76.282334][ T74] fs_reclaim_acquire+0x72/0x100 [ 76.284557][ T74] __kmalloc_cache_noprof+0x40/0x6f0 [ 76.286934][ T74] assoc_array_insert+0x92/0x2f90 [ 76.289325][ T74] __key_link_begin+0xd6/0x1f0 [ 76.291558][ T74] __key_create_or_update+0x41a/0xa30 [ 76.293998][ T74] key_create_or_update+0x42/0x60 [ 76.296371][ T74] x509_load_certificate_list+0x145/0x280 [ 76.299084][ T74] do_one_initcall+0x233/0x820 [ 76.301346][ T74] do_initcall_level+0x104/0x190 [ 76.303697][ T74] do_initcalls+0x59/0xa0 [ 76.305831][ T74] kernel_init_freeable+0x334/0x4b0 [ 76.308309][ T74] kernel_init+0x1d/0x1d0 [ 76.310480][ T74] ret_from_fork+0x436/0x7d0 [ 76.312801][ T74] ret_from_fork_asm+0x1a/0x30 [ 76.315096][ T74] [ 76.315096][ T74] -> #0 (&type->lock_class){+.+.}-{4:4}: [ 76.318432][ T74] validate_chain+0xb9b/0x2140 [ 76.320755][ T74] __lock_acquire+0xab9/0xd20 [ 76.322909][ T74] lock_acquire+0x120/0x360 [ 76.325017][ T74] down_write+0x96/0x1f0 [ 76.327117][ T74] keyring_clear+0xaf/0x240 [ 76.329347][ T74] fscrypt_put_master_key+0xca/0x190 [ 76.331797][ T74] put_crypt_info+0x26d/0x310 [ 76.334016][ T74] fscrypt_put_encryption_info+0xf6/0x140 [ 76.336701][ T74] ext4_clear_inode+0x170/0x2f0 [ 76.339068][ T74] ext4_evict_inode+0xa67/0xee0 [ 76.341410][ T74] evict+0x504/0x9c0 [ 76.343294][ T74] prune_icache_sb+0x21b/0x2c0 [ 76.345548][ T74] super_cache_scan+0x39b/0x4b0 [ 76.347856][ T74] do_shrink_slab+0x6ef/0x1110 [ 76.350103][ T74] shrink_slab+0x7ef/0x10d0 [ 76.352244][ T74] shrink_one+0x28a/0x7c0 [ 76.354386][ T74] shrink_node+0x315d/0x3780 [ 76.356569][ T74] kswapd+0x147c/0x2800 [ 76.358626][ T74] kthread+0x70e/0x8a0 [ 76.360554][ T74] ret_from_fork+0x436/0x7d0 [ 76.362820][ T74] ret_from_fork_asm+0x1a/0x30 [ 76.365103][ T74] [ 76.365103][ T74] other info that might help us debug this: [ 76.365103][ T74] [ 76.369471][ T74] Possible unsafe locking scenario: [ 76.369471][ T74] [ 76.372515][ T74] CPU0 CPU1 [ 76.374829][ T74] ---- ---- [ 76.377165][ T74] lock(fs_reclaim); [ 76.378958][ T74] lock(&type->lock_class); [ 76.382002][ T74] lock(fs_reclaim); [ 76.384859][ T74] lock(&type->lock_class); [ 76.386808][ T74] [ 76.386808][ T74] *** DEADLOCK *** [ 76.386808][ T74] [ 76.390408][ T74] 2 locks held by kswapd0/74: [ 76.392420][ T74] #0: ffffffff8de44f40 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x951/0x2800 [ 76.396093][ T74] #1: ffff8880115840e0 (&type->s_umount_key#31){++++}-{4:4}, at: super_cache_scan+0x91/0x4b0 [ 76.400484][ T74] [ 76.400484][ T74] stack backtrace: [ 76.403029][ T74] CPU: 0 UID: 0 PID: 74 Comm: kswapd0 Not tainted syzkaller #0 PREEMPT(full) [ 76.403044][ T74] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.403051][ T74] Call Trace: [ 76.403058][ T74] [ 76.403064][ T74] dump_stack_lvl+0x189/0x250 [ 76.403084][ T74] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.403097][ T74] ? __pfx__printk+0x10/0x10 [ 76.403113][ T74] ? print_lock_name+0xde/0x100 [ 76.403129][ T74] print_circular_bug+0x2ee/0x310 [ 76.403144][ T74] check_noncircular+0x134/0x160 [ 76.403160][ T74] validate_chain+0xb9b/0x2140 [ 76.403177][ T74] __lock_acquire+0xab9/0xd20 [ 76.403189][ T74] ? keyring_clear+0xaf/0x240 [ 76.403201][ T74] lock_acquire+0x120/0x360 [ 76.403211][ T74] ? keyring_clear+0xaf/0x240 [ 76.403224][ T74] down_write+0x96/0x1f0 [ 76.403235][ T74] ? keyring_clear+0xaf/0x240 [ 76.403247][ T74] ? __pfx_down_write+0x10/0x10 [ 76.403258][ T74] keyring_clear+0xaf/0x240 [ 76.403271][ T74] ? __pfx_keyring_clear+0x10/0x10 [ 76.403286][ T74] fscrypt_put_master_key+0xca/0x190 [ 76.403304][ T74] put_crypt_info+0x26d/0x310 [ 76.403317][ T74] fscrypt_put_encryption_info+0xf6/0x140 [ 76.403330][ T74] ext4_clear_inode+0x170/0x2f0 [ 76.403343][ T74] ext4_evict_inode+0xa67/0xee0 [ 76.403355][ T74] ? inode_wait_for_writeback+0xf9/0x290 [ 76.403372][ T74] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 76.403390][ T74] ? __pfx_ext4_evict_inode+0x10/0x10 [ 76.403402][ T74] ? do_raw_spin_unlock+0x4d/0x240 [ 76.403415][ T74] ? __pfx_ext4_evict_inode+0x10/0x10 [ 76.403425][ T74] evict+0x504/0x9c0 [ 76.403439][ T74] ? __pfx_evict+0x10/0x10 [ 76.403449][ T74] ? __pfx_inode_lru_isolate+0x10/0x10 [ 76.403464][ T74] ? __pfx_inode_lru_isolate+0x10/0x10 [ 76.403477][ T74] ? list_lru_walk_one+0x3c/0x50 [ 76.403492][ T74] prune_icache_sb+0x21b/0x2c0 [ 76.403507][ T74] ? __pfx_prune_icache_sb+0x10/0x10 [ 76.403521][ T74] ? list_lru_count_one+0x27/0x2c0 [ 76.403535][ T74] ? list_lru_count_one+0x264/0x2c0 [ 76.403549][ T74] super_cache_scan+0x39b/0x4b0 [ 76.403564][ T74] do_shrink_slab+0x6ef/0x1110 [ 76.403585][ T74] shrink_slab+0x7ef/0x10d0 [ 76.403601][ T74] ? shrink_slab+0x1e8/0x10d0 [ 76.403617][ T74] ? __pfx_shrink_slab+0x10/0x10 [ 76.403639][ T74] shrink_one+0x28a/0x7c0 [ 76.403656][ T74] ? shrink_node+0x2f1f/0x3780 [ 76.403672][ T74] shrink_node+0x315d/0x3780 [ 76.403690][ T74] ? shrink_node+0x2f1f/0x3780 [ 76.403707][ T74] ? __lock_acquire+0xab9/0xd20 [ 76.403720][ T74] ? percpu_ref_put+0x19/0x180 [ 76.403743][ T74] ? __pfx_shrink_node+0x10/0x10 [ 76.403757][ T74] ? percpu_ref_put+0x19/0x180 [ 76.403773][ T74] ? mem_cgroup_iter+0x420/0x460 [ 76.403783][ T74] ? mem_cgroup_iter+0x3b/0x460 [ 76.403794][ T74] kswapd+0x147c/0x2800 [ 76.403811][ T74] ? kswapd+0x951/0x2800 [ 76.403825][ T74] ? __pfx_kswapd+0x10/0x10 [ 76.403838][ T74] ? __lock_acquire+0xab9/0xd20 [ 76.403853][ T74] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 76.403868][ T74] ? _raw_spin_unlock+0x20/0x50 [ 76.403880][ T74] ? __pfx_autoremove_wake_function+0x10/0x10 [ 76.403896][ T74] ? __pfx_set_cpus_allowed_ptr+0x10/0x10 [ 76.403911][ T74] ? __kthread_parkme+0x7b/0x200 [ 76.403924][ T74] ? __kthread_parkme+0x1a1/0x200 [ 76.403937][ T74] kthread+0x70e/0x8a0 [ 76.403952][ T74] ? __pfx_kswapd+0x10/0x10 [ 76.403963][ T74] ? __pfx_kthread+0x10/0x10 [ 76.403979][ T74] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.403991][ T74] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.404006][ T74] ? __pfx_kthread+0x10/0x10 [ 76.404020][ T74] ret_from_fork+0x436/0x7d0 [ 76.404033][ T74] ? __pfx_ret_from_fork+0x10/0x10 [ 76.404045][ T74] ? __pfx_kthread+0x10/0x10 [ 76.404060][ T74] ret_from_fork_asm+0x1a/0x30 [ 76.404080][ T74]