program: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r0, 0x89e4) (async) r1 = socket$netlink(0x10, 0x3, 0x0) (async) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0000fdffffffffdbdf250b00000008000300", @ANYRES32=0x0, @ANYBLOB="4e60823556623413f11aed74745c75585d2a34674669fdfd4039b0961957d2721b8d4406a45e26861721896db6216ce32cd379b4fcba5102c35b96175b9bf51d9f5f0659332d76b867f682a272054bfe82e4472c61f49254791606728d58427b515ce348193b4437391ee4f14ced55a81f7eb621893c9193"], 0x1c}, 0x1, 0x0, 0x0, 0x8090}, 0x0) (async) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r2, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) (async) r3 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00') (async) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x10c) (async) link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r3, 0xc0406619, &(0x7f0000000080)={@id={0x2, 0x0, @a}}) (async) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0) (async) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) (async) r6 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) fcntl$setstatus(r5, 0x4, 0x40400) (async) ioctl$EVIOCGKEYCODE_V2(r6, 0x80284504, &(0x7f0000000040)=""/185) (async) ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00') (async) syz_emit_ethernet(0x32, &(0x7f00000003c0)={@link_local, @dev, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x3d, 0x24, 0x65, 0x0, 0x7, 0x2, 0x0, @rand_addr=0x64010102, @rand_addr=0x64010100}, {0x22, 0x1, 0x0, @broadcast, "8b4400003e51fdd2"}}}}}, 0x0) [ 141.198490][ T46] Bluetooth: hci0: command tx timeout [ 141.360183][ T5343] loop0: detected capacity change from 0 to 128 [ 141.495997][ T5343] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 141.570005][ T5343] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 141.594896][ T5342] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 141.602469][ T5342] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 141.624231][ T5343] fscrypt: loop0: 2 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 13 [ 141.847072][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 142.000883][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.005553][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.010505][ T9] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 142.014833][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.028108][ T9] usb 5-1: config 0 descriptor?? [ 142.488542][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 142.491089][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 142.502287][ T79] [ 142.503434][ T79] ====================================================== [ 142.506611][ T79] WARNING: possible circular locking dependency detected [ 142.509676][ T79] syzkaller #0 Not tainted [ 142.511778][ T79] ------------------------------------------------------ [ 142.514801][ T79] kswapd0/79 is trying to acquire lock: [ 142.517188][ T79] ffff888011709098 (&type->lock_class){+.+.}-{4:4}, at: keyring_clear+0xaf/0x240 [ 142.521215][ T79] [ 142.521215][ T79] but task is already holding lock: [ 142.524341][ T79] ffffffff8e0518a0 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x92a/0x2820 [ 142.527716][ T79] [ 142.527716][ T79] which lock already depends on the new lock. [ 142.527716][ T79] [ 142.532117][ T79] [ 142.532117][ T79] the existing dependency chain (in reverse order) is: [ 142.535829][ T79] [ 142.535829][ T79] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 142.539028][ T79] fs_reclaim_acquire+0x72/0x100 [ 142.541423][ T79] __kmalloc_cache_noprof+0x40/0x700 [ 142.543946][ T79] assoc_array_insert+0x92/0x2f90 [ 142.546250][ T79] __key_link_begin+0xd6/0x1f0 [ 142.548567][ T79] __key_create_or_update+0x41a/0xa30 [ 142.551231][ T79] key_create_or_update+0x42/0x60 [ 142.553663][ T79] x509_load_certificate_list+0x145/0x280 [ 142.556386][ T79] do_one_initcall+0x1f1/0x800 [ 142.558575][ T79] do_initcall_level+0x104/0x190 [ 142.560843][ T79] do_initcalls+0x59/0xa0 [ 142.562992][ T79] kernel_init_freeable+0x2a7/0x3d0 [ 142.565409][ T79] kernel_init+0x1d/0x1d0 [ 142.567560][ T79] ret_from_fork+0x510/0xa50 [ 142.569614][ T79] ret_from_fork_asm+0x1a/0x30 [ 142.572018][ T79] [ 142.572018][ T79] -> #0 (&type->lock_class){+.+.}-{4:4}: [ 142.575263][ T79] __lock_acquire+0x15a6/0x2cf0 [ 142.577447][ T79] lock_acquire+0x107/0x340 [ 142.579464][ T79] down_write+0x96/0x1f0 [ 142.581335][ T79] keyring_clear+0xaf/0x240 [ 142.583467][ T79] fscrypt_put_master_key+0xca/0x190 [ 142.585906][ T79] put_crypt_info+0x26d/0x310 [ 142.588242][ T79] fscrypt_put_encryption_info+0xf6/0x140 [ 142.590881][ T79] ext4_clear_inode+0x170/0x2f0 [ 142.593124][ T79] ext4_evict_inode+0x9f6/0xe60 [ 142.595320][ T79] evict+0x5f4/0xae0 [ 142.597162][ T79] __dentry_kill+0x209/0x660 [ 142.599209][ T79] shrink_kill+0xa9/0x2c0 [ 142.601223][ T79] shrink_dentry_list+0x2e0/0x5e0 [ 142.603557][ T79] prune_dcache_sb+0x10e/0x180 [ 142.605758][ T79] super_cache_scan+0x369/0x4b0 [ 142.607951][ T79] do_shrink_slab+0x6df/0x10d0 [ 142.610162][ T79] shrink_slab+0x7ef/0x10d0 [ 142.612322][ T79] shrink_one+0x2d9/0x720 [ 142.614336][ T79] shrink_node+0x2f7d/0x35b0 [ 142.616534][ T79] kswapd+0x145a/0x2820 [ 142.618499][ T79] kthread+0x711/0x8a0 [ 142.620569][ T79] ret_from_fork+0x510/0xa50 [ 142.622716][ T79] ret_from_fork_asm+0x1a/0x30 [ 142.624942][ T79] [ 142.624942][ T79] other info that might help us debug this: [ 142.624942][ T79] [ 142.629365][ T79] Possible unsafe locking scenario: [ 142.629365][ T79] [ 142.632454][ T79] CPU0 CPU1 [ 142.634785][ T79] ---- ---- [ 142.637194][ T79] lock(fs_reclaim); [ 142.638989][ T79] lock(&type->lock_class); [ 142.642149][ T79] lock(fs_reclaim); [ 142.644862][ T79] lock(&type->lock_class); [ 142.646709][ T79] [ 142.646709][ T79] *** DEADLOCK *** [ 142.646709][ T79] [ 142.650077][ T79] 2 locks held by kswapd0/79: [ 142.651998][ T79] #0: ffffffff8e0518a0 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x92a/0x2820 [ 142.655677][ T79] #1: ffff888000e2e0e0 (&type->s_umount_key#32){++++}-{4:4}, at: super_cache_scan+0x91/0x4b0 [ 142.660286][ T79] [ 142.660286][ T79] stack backtrace: [ 142.663108][ T79] CPU: 0 UID: 0 PID: 79 Comm: kswapd0 Not tainted syzkaller #0 PREEMPT(full) [ 142.663124][ T79] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 142.663131][ T79] Call Trace: [ 142.663138][ T79] [ 142.663144][ T79] dump_stack_lvl+0xe8/0x150 [ 142.663162][ T79] print_circular_bug+0x2e2/0x300 [ 142.663176][ T79] check_noncircular+0x12e/0x150 [ 142.663189][ T79] __lock_acquire+0x15a6/0x2cf0 [ 142.663200][ T79] ? stack_trace_save+0x9c/0xe0 [ 142.663219][ T79] ? keyring_clear+0xaf/0x240 [ 142.663231][ T79] lock_acquire+0x107/0x340 [ 142.663240][ T79] ? keyring_clear+0xaf/0x240 [ 142.663253][ T79] down_write+0x96/0x1f0 [ 142.663264][ T79] ? keyring_clear+0xaf/0x240 [ 142.663275][ T79] ? __pfx_down_write+0x10/0x10 [ 142.663287][ T79] keyring_clear+0xaf/0x240 [ 142.663299][ T79] ? __pfx_keyring_clear+0x10/0x10 [ 142.663313][ T79] fscrypt_put_master_key+0xca/0x190 [ 142.663328][ T79] put_crypt_info+0x26d/0x310 [ 142.663338][ T79] fscrypt_put_encryption_info+0xf6/0x140 [ 142.663348][ T79] ext4_clear_inode+0x170/0x2f0 [ 142.663359][ T79] ext4_evict_inode+0x9f6/0xe60 [ 142.663368][ T79] ? inode_wait_for_writeback+0x14d/0x370 [ 142.663383][ T79] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 142.663394][ T79] ? do_raw_spin_lock+0x121/0x290 [ 142.663408][ T79] ? __pfx_ext4_evict_inode+0x10/0x10 [ 142.663418][ T79] ? do_raw_spin_unlock+0x4d/0x240 [ 142.663430][ T79] ? __pfx_ext4_evict_inode+0x10/0x10 [ 142.663439][ T79] evict+0x5f4/0xae0 [ 142.663455][ T79] ? __pfx_evict+0x10/0x10 [ 142.663468][ T79] ? _raw_spin_unlock+0x28/0x50 [ 142.663480][ T79] ? iput+0xcc6/0x1030 [ 142.663492][ T79] __dentry_kill+0x209/0x660 [ 142.663506][ T79] ? shrink_kill+0x8d/0x2c0 [ 142.663516][ T79] shrink_kill+0xa9/0x2c0 [ 142.663526][ T79] shrink_dentry_list+0x2e0/0x5e0 [ 142.663538][ T79] prune_dcache_sb+0x10e/0x180 [ 142.663549][ T79] ? __pfx_prune_dcache_sb+0x10/0x10 [ 142.663561][ T79] ? list_lru_count_one+0x27/0x2c0 [ 142.663577][ T79] ? list_lru_count_one+0x264/0x2c0 [ 142.663592][ T79] super_cache_scan+0x369/0x4b0 [ 142.663608][ T79] do_shrink_slab+0x6df/0x10d0 [ 142.663623][ T79] shrink_slab+0x7ef/0x10d0 [ 142.663633][ T79] ? shrink_slab+0x1e8/0x10d0 [ 142.663643][ T79] ? __pfx_shrink_slab+0x10/0x10 [ 142.663656][ T79] shrink_one+0x2d9/0x720 [ 142.663672][ T79] ? shrink_node+0x2d3f/0x35b0 [ 142.663687][ T79] shrink_node+0x2f7d/0x35b0 [ 142.663704][ T79] ? shrink_node+0x2d3f/0x35b0 [ 142.663719][ T79] ? __lock_acquire+0x6b6/0x2cf0 [ 142.663732][ T79] ? percpu_ref_put+0x19/0x180 [ 142.663741][ T79] ? percpu_ref_put+0x19/0x180 [ 142.663752][ T79] ? __pfx_shrink_node+0x10/0x10 [ 142.663765][ T79] ? percpu_ref_put+0x19/0x180 [ 142.663775][ T79] ? mem_cgroup_iter+0x420/0x460 [ 142.663788][ T79] ? mem_cgroup_iter+0x3b/0x460 [ 142.663799][ T79] kswapd+0x145a/0x2820 [ 142.663813][ T79] ? kswapd+0x92a/0x2820 [ 142.663824][ T79] ? __pfx_kswapd+0x10/0x10 [ 142.663833][ T79] ? __lock_acquire+0x6b6/0x2cf0 [ 142.663842][ T79] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 142.663854][ T79] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 142.663870][ T79] ? __pfx_autoremove_wake_function+0x10/0x10 [ 142.663883][ T79] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 142.663898][ T79] ? __kthread_parkme+0x7b/0x200 [ 142.663910][ T79] ? __kthread_parkme+0x1a1/0x200 [ 142.663920][ T79] kthread+0x711/0x8a0 [ 142.663932][ T79] ? __pfx_kswapd+0x10/0x10 [ 142.663941][ T79] ? __pfx_kthread+0x10/0x10 [ 142.663951][ T79] ? _raw_spin_unlock_irq+0x23/0x50 [ 142.663963][ T79] ? __pfx_kthread+0x10/0x10 [ 142.663988][ T79] ret_from_fork+0x510/0xa50 [ 142.663999][ T79] ? __pfx_ret_from_fork+0x10/0x10 [ 142.664013][ T79] ? __switch_to+0xc9e/0x1480 [ 142.664026][ T79] ? __pfx_kthread+0x10/0x10 [ 142.664038][ T79] ret_from_fork_asm+0x1a/0x30 [ 142.664055][ T79]