program: syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x4) (async) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000180)=@gcm_128={{0x304}, "d56d9847bfcb49e2", "16549f18408d640d012ebcc31bd9870b", "bcd58d40", "4f5b22bc20c62b22"}, 0x28) socket$inet_sctp(0x2, 0x1, 0x84) (async) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @private=0xa010102, 0x4e23, 0x3, 'sh\x00', 0x1, 0x7, 0x49}, 0x2c) setsockopt$IP_VS_SO_SET_EDITDEST(r3, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e20, 0x3, 'sh\x00', 0x0, 0x60000000, 0xc}, {@dev={0xac, 0x14, 0x14, 0x1a}, 0x4e21, 0x12002, 0xf, 0xe1b2, 0x1}}, 0x44) sendto$inet6(r2, &(0x7f0000000340)="d1", 0x1, 0x8000, 0x0, 0x0) write$binfmt_aout(r2, 0x0, 0xfdef) sendto$inet6(r2, &(0x7f0000000080)="c62ef5d642787b4ea89f2287cb40935313b6", 0x12, 0x8040, 0x0, 0x0) write$binfmt_elf64(r2, 0x0, 0x78) (async) write$binfmt_elf64(r2, 0x0, 0x78) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00') syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x42) (async) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x42) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}}) (async) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}}) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r1, 0xc0406619, &(0x7f0000000080)={@id={0x2, 0x0, @a}}) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', 0x0, 0x700, 0x0) (async) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', 0x0, 0x700, 0x0) [ 85.335542][ T5322] Bluetooth: hci0: command tx timeout [ 85.438132][ T5347] loop0: detected capacity change from 0 to 128 [ 85.502623][ T5347] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 85.565848][ T5347] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 85.607288][ T5337] IPVS: starting estimator thread 0... [ 85.621157][ T5348] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 85.657556][ T5355] EXT4-fs (loop0): shut down requested (1) [ 85.662497][ T5355] fscrypt: loop0: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12 [ 85.688248][ T5347] fscrypt (loop0, inode 13): Error -5 getting encryption context [ 85.691982][ T5347] EXT4-fs warning (device loop0): ext4_lookup:1797: Inconsistent encryption contexts: 12/13 [ 85.715963][ T5356] IPVS: using max 67 ests per chain, 160800 per kthread [ 85.720355][ T5348] fscrypt (loop0, inode 13): Error -5 getting encryption context [ 85.723789][ T5348] EXT4-fs warning (device loop0): ext4_lookup:1797: Inconsistent encryption contexts: 12/13 [ 85.767522][ T77] [ 85.768692][ T77] ====================================================== [ 85.771864][ T77] WARNING: possible circular locking dependency detected [ 85.775042][ T77] syzkaller #0 Not tainted [ 85.777038][ T77] ------------------------------------------------------ [ 85.780055][ T77] kswapd0/77 is trying to acquire lock: [ 85.782439][ T77] ffff888011f6c098 (&type->lock_class){+.+.}-{4:4}, at: keyring_clear+0xaf/0x240 [ 85.785975][ T77] [ 85.785975][ T77] but task is already holding lock: [ 85.788674][ T77] ffffffff8e051900 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x92a/0x2820 [ 85.791878][ T77] [ 85.791878][ T77] which lock already depends on the new lock. [ 85.791878][ T77] [ 85.795766][ T77] [ 85.795766][ T77] the existing dependency chain (in reverse order) is: [ 85.799230][ T77] [ 85.799230][ T77] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 85.802379][ T77] fs_reclaim_acquire+0x72/0x100 [ 85.804691][ T77] __kmalloc_cache_noprof+0x40/0x700 [ 85.807180][ T77] assoc_array_insert+0x92/0x2f90 [ 85.809550][ T77] __key_link_begin+0xd6/0x1f0 [ 85.811836][ T77] __key_create_or_update+0x41a/0xa30 [ 85.814417][ T77] key_create_or_update+0x42/0x60 [ 85.816846][ T77] x509_load_certificate_list+0x145/0x280 [ 85.819578][ T77] do_one_initcall+0x1f1/0x800 [ 85.821823][ T77] do_initcall_level+0x104/0x190 [ 85.824015][ T77] do_initcalls+0x59/0xa0 [ 85.826184][ T77] kernel_init_freeable+0x2a7/0x3d0 [ 85.828693][ T77] kernel_init+0x1d/0x1d0 [ 85.831094][ T77] ret_from_fork+0x510/0xa50 [ 85.833694][ T77] ret_from_fork_asm+0x1a/0x30 [ 85.836162][ T77] [ 85.836162][ T77] -> #0 (&type->lock_class){+.+.}-{4:4}: [ 85.839284][ T77] __lock_acquire+0x15a6/0x2cf0 [ 85.841540][ T77] lock_acquire+0x107/0x340 [ 85.843983][ T77] down_write+0x96/0x1f0 [ 85.846434][ T77] keyring_clear+0xaf/0x240 [ 85.849034][ T77] fscrypt_put_master_key+0xca/0x190 [ 85.851929][ T77] put_crypt_info+0x26d/0x310 [ 85.854243][ T77] fscrypt_put_encryption_info+0xf6/0x140 [ 85.856880][ T77] ext4_clear_inode+0x170/0x2f0 [ 85.859181][ T77] ext4_evict_inode+0x9f6/0xe60 [ 85.861557][ T77] evict+0x5f4/0xae0 [ 85.863583][ T77] __dentry_kill+0x209/0x660 [ 85.865930][ T77] shrink_kill+0xa9/0x2c0 [ 85.867900][ T77] shrink_dentry_list+0x2e0/0x5e0 [ 85.870114][ T77] prune_dcache_sb+0x10e/0x180 [ 85.872232][ T77] super_cache_scan+0x369/0x4b0 [ 85.874479][ T77] do_shrink_slab+0x6df/0x10d0 [ 85.876648][ T77] shrink_slab+0x7ef/0x10d0 [ 85.878754][ T77] shrink_one+0x2d9/0x720 [ 85.880705][ T77] shrink_node+0x2f7d/0x35b0 [ 85.882988][ T77] kswapd+0x145a/0x2820 [ 85.885117][ T77] kthread+0x711/0x8a0 [ 85.887084][ T77] ret_from_fork+0x510/0xa50 [ 85.889490][ T77] ret_from_fork_asm+0x1a/0x30 [ 85.891672][ T77] [ 85.891672][ T77] other info that might help us debug this: [ 85.891672][ T77] [ 85.896053][ T77] Possible unsafe locking scenario: [ 85.896053][ T77] [ 85.899607][ T77] CPU0 CPU1 [ 85.902185][ T77] ---- ---- [ 85.904624][ T77] lock(fs_reclaim); [ 85.906494][ T77] lock(&type->lock_class); [ 85.909783][ T77] lock(fs_reclaim); [ 85.913192][ T77] lock(&type->lock_class); [ 85.915293][ T77] [ 85.915293][ T77] *** DEADLOCK *** [ 85.915293][ T77] [ 85.918801][ T77] 2 locks held by kswapd0/77: [ 85.920691][ T77] #0: ffffffff8e051900 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x92a/0x2820 [ 85.924435][ T77] #1: ffff88801c7020e0 (&type->s_umount_key#32){++++}-{4:4}, at: super_cache_scan+0x91/0x4b0 [ 85.929175][ T77] [ 85.929175][ T77] stack backtrace: [ 85.932230][ T77] CPU: 0 UID: 0 PID: 77 Comm: kswapd0 Not tainted syzkaller #0 PREEMPT(full) [ 85.932245][ T77] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.932252][ T77] Call Trace: [ 85.932259][ T77] [ 85.932265][ T77] dump_stack_lvl+0xe8/0x150 [ 85.932283][ T77] print_circular_bug+0x2e2/0x300 [ 85.932298][ T77] check_noncircular+0x12e/0x150 [ 85.932311][ T77] __lock_acquire+0x15a6/0x2cf0 [ 85.932322][ T77] ? stack_trace_save+0x9c/0xe0 [ 85.932340][ T77] ? keyring_clear+0xaf/0x240 [ 85.932352][ T77] lock_acquire+0x107/0x340 [ 85.932362][ T77] ? keyring_clear+0xaf/0x240 [ 85.932376][ T77] down_write+0x96/0x1f0 [ 85.932388][ T77] ? keyring_clear+0xaf/0x240 [ 85.932399][ T77] ? __pfx_down_write+0x10/0x10 [ 85.932411][ T77] keyring_clear+0xaf/0x240 [ 85.932436][ T77] ? __pfx_keyring_clear+0x10/0x10 [ 85.932450][ T77] fscrypt_put_master_key+0xca/0x190 [ 85.932467][ T77] put_crypt_info+0x26d/0x310 [ 85.932477][ T77] fscrypt_put_encryption_info+0xf6/0x140 [ 85.932486][ T77] ext4_clear_inode+0x170/0x2f0 [ 85.932504][ T77] ext4_evict_inode+0x9f6/0xe60 [ 85.932514][ T77] ? inode_wait_for_writeback+0x14d/0x370 [ 85.932530][ T77] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 85.932543][ T77] ? do_raw_spin_lock+0x121/0x290 [ 85.932556][ T77] ? __pfx_ext4_evict_inode+0x10/0x10 [ 85.932566][ T77] ? do_raw_spin_unlock+0x4d/0x240 [ 85.932579][ T77] ? __pfx_ext4_evict_inode+0x10/0x10 [ 85.932589][ T77] evict+0x5f4/0xae0 [ 85.932604][ T77] ? __pfx_evict+0x10/0x10 [ 85.932618][ T77] ? _raw_spin_unlock+0x28/0x50 [ 85.932631][ T77] ? iput+0xcc6/0x1030 [ 85.932643][ T77] __dentry_kill+0x209/0x660 [ 85.932659][ T77] ? shrink_kill+0x8d/0x2c0 [ 85.932669][ T77] shrink_kill+0xa9/0x2c0 [ 85.932679][ T77] shrink_dentry_list+0x2e0/0x5e0 [ 85.932692][ T77] prune_dcache_sb+0x10e/0x180 [ 85.932702][ T77] ? __pfx_prune_dcache_sb+0x10/0x10 [ 85.932714][ T77] ? list_lru_count_one+0x27/0x2c0 [ 85.932731][ T77] ? list_lru_count_one+0x264/0x2c0 [ 85.932747][ T77] super_cache_scan+0x369/0x4b0 [ 85.932764][ T77] do_shrink_slab+0x6df/0x10d0 [ 85.932776][ T77] shrink_slab+0x7ef/0x10d0 [ 85.932785][ T77] ? shrink_slab+0x1e8/0x10d0 [ 85.932794][ T77] ? __pfx_shrink_slab+0x10/0x10 [ 85.932807][ T77] shrink_one+0x2d9/0x720 [ 85.932864][ T77] ? shrink_node+0x2d3f/0x35b0 [ 85.932878][ T77] shrink_node+0x2f7d/0x35b0 [ 85.932895][ T77] ? shrink_node+0x2d3f/0x35b0 [ 85.932909][ T77] ? __lock_acquire+0x6b6/0x2cf0 [ 85.932920][ T77] ? percpu_ref_put+0x19/0x180 [ 85.932930][ T77] ? percpu_ref_put+0x19/0x180 [ 85.932941][ T77] ? __pfx_shrink_node+0x10/0x10 [ 85.932953][ T77] ? percpu_ref_put+0x19/0x180 [ 85.932964][ T77] ? mem_cgroup_iter+0x420/0x460 [ 85.932976][ T77] ? mem_cgroup_iter+0x3b/0x460 [ 85.932987][ T77] kswapd+0x145a/0x2820 [ 85.933002][ T77] ? kswapd+0x92a/0x2820 [ 85.933015][ T77] ? __pfx_kswapd+0x10/0x10 [ 85.933025][ T77] ? __lock_acquire+0x6b6/0x2cf0 [ 85.933035][ T77] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 85.933048][ T77] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 85.933066][ T77] ? __pfx_autoremove_wake_function+0x10/0x10 [ 85.933080][ T77] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 85.933096][ T77] ? __kthread_parkme+0x7b/0x200 [ 85.933107][ T77] ? __kthread_parkme+0x1a1/0x200 [ 85.933119][ T77] kthread+0x711/0x8a0 [ 85.933131][ T77] ? __pfx_kswapd+0x10/0x10 [ 85.933143][ T77] ? __pfx_kthread+0x10/0x10 [ 85.933156][ T77] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.933169][ T77] ? __pfx_kthread+0x10/0x10 [ 85.933181][ T77] ret_from_fork+0x510/0xa50 [ 85.933192][ T77] ? __pfx_ret_from_fork+0x10/0x10 [ 85.933201][ T77] ? __switch_to+0xc9e/0x1480 [ 85.933217][ T77] ? __pfx_kthread+0x10/0x10 [ 85.933229][ T77] ret_from_fork_asm+0x1a/0x30 [ 85.933247][ T77]