program:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0)
recvfrom(r1, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x3e8, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
r5 = landlock_create_ruleset(&(0x7f00000002c0)={0x1}, 0x10, 0x0)
landlock_restrict_self(r5, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r4, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a})
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r6, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a})
chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00')
r7 = gettid()
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x1, &(0x7f0000000080)={0x77359400}, 0x0)
creat(&(0x7f0000000000)='mnt\x00', 0xb2)
setresuid(0x0, 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r3, 0xc0406619, &(0x7f0000000080)={@id={0x2, 0x0, @a}})
[ 75.387378][ T5308] Bluetooth: hci0: command tx timeout
[ 75.579473][ T5323] loop0: detected capacity change from 0 to 128
[ 75.623008][ T5323] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 75.632486][ T5323] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 75.753358][ T5323] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[ 75.757217][ C0]
[ 75.758164][ C0] =============================
[ 75.759839][ C0] [ BUG: Invalid wait context ]
[ 75.761631][ C0] 6.13.0-syzkaller-04541-gdf60eac9efe8 #0 Not tainted
[ 75.763965][ C0] -----------------------------
[ 75.765765][ C0] syz.0.0/5323 is trying to lock:
[ 75.767594][ C0] ffff88805ffd7298 (&zone->lock){..-.}-{3:3}, at: get_page_from_freelist+0xb3d/0x37a0
[ 75.771106][ C0] other info that might help us debug this:
[ 75.773184][ C0] context-{2:2}
[ 75.774459][ C0] 4 locks held by syz.0.0/5323:
[ 75.776247][ C0] #0: ffff888053548420 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90
[ 75.779466][ C0] #1: ffff888043ef5338 (&type->i_mutex_dir_key#3){++++}-{4:4}, at: path_openat+0x89a/0x3590
[ 75.783021][ C0] #2: ffff888052019080 (&mk->mk_sem){.+.+}-{4:4}, at: fscrypt_setup_encryption_info+0x573/0x1390
[ 75.787773][ C0] #3: ffff88801fc44ad8 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x7d3/0x37a0
[ 75.791984][ C0] stack backtrace:
[ 75.793524][ C0] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-04541-gdf60eac9efe8 #0
[ 75.793539][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 75.793545][ C0] Call Trace:
[ 75.793551][ C0]
[ 75.793556][ C0] dump_stack_lvl+0x241/0x360
[ 75.793575][ C0] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.793588][ C0] ? __pfx__printk+0x10/0x10
[ 75.793598][ C0] ? try_to_wake_up+0x959/0x1470
[ 75.793615][ C0] __lock_acquire+0x15a8/0x2100
[ 75.793630][ C0] lock_acquire+0x1ed/0x550
[ 75.793640][ C0] ? get_page_from_freelist+0xb3d/0x37a0
[ 75.793653][ C0] ? __pfx_validate_chain+0x10/0x10
[ 75.793666][ C0] ? __pfx_lock_acquire+0x10/0x10
[ 75.793676][ C0] ? validate_chain+0x11e/0x5920
[ 75.793689][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 75.793700][ C0] ? validate_chain+0x11e/0x5920
[ 75.793713][ C0] ? __pfx_validate_chain+0x10/0x10
[ 75.793725][ C0] ? __pfx_validate_chain+0x10/0x10
[ 75.793739][ C0] _raw_spin_lock_irqsave+0xd5/0x120
[ 75.793792][ C0] ? get_page_from_freelist+0xb3d/0x37a0
[ 75.793803][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 75.793816][ C0] get_page_from_freelist+0xb3d/0x37a0
[ 75.793837][ C0] __alloc_pages_noprof+0x292/0x710
[ 75.793848][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10
[ 75.793859][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 75.793870][ C0] ? __kernel_text_address+0xd/0x40
[ 75.793884][ C0] ? unwind_get_return_address+0x4d/0x90
[ 75.793896][ C0] alloc_pages_mpol_noprof+0x3e1/0x780
[ 75.793913][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[ 75.793927][ C0] ? stack_trace_save+0x118/0x1d0
[ 75.793937][ C0] ? alloc_pages_noprof+0x43/0x170
[ 75.793949][ C0] stack_depot_save_flags+0x72d/0x940
[ 75.794000][ C0] kasan_save_stack+0x4f/0x60
[ 75.794011][ C0] ? kasan_save_stack+0x3f/0x60
[ 75.794021][ C0] ? __kasan_record_aux_stack+0xac/0xc0
[ 75.794030][ C0] ? task_work_add+0xd9/0x490
[ 75.794041][ C0] ? run_posix_cpu_timers+0x6ac/0x810
[ 75.794054][ C0] ? tick_nohz_handler+0x37c/0x500
[ 75.794062][ C0] ? __hrtimer_run_queues+0x551/0xd30
[ 75.794075][ C0] ? hrtimer_interrupt+0x403/0xa40
[ 75.794086][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420
[ 75.794098][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0
[ 75.794109][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 75.794121][ C0] ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 75.794132][ C0] ? __rmqueue_pcplist+0x21fd/0x2a90
[ 75.794143][ C0] ? get_page_from_freelist+0x886/0x37a0
[ 75.794154][ C0] ? __alloc_pages_noprof+0x292/0x710
[ 75.794163][ C0] ? alloc_pages_mpol_noprof+0x3e1/0x780
[ 75.794176][ C0] ? stack_depot_save_flags+0x72d/0x940
[ 75.794184][ C0] ? kasan_save_track+0x51/0x80
[ 75.794194][ C0] ? __kasan_kmalloc+0x98/0xb0
[ 75.794204][ C0] ? __kmalloc_node_noprof+0x290/0x4d0
[ 75.794216][ C0] ? crypto_create_tfm_node+0x88/0x3d0
[ 75.794227][ C0] ? crypto_alloc_tfm_node+0x161/0x360
[ 75.794239][ C0] ? fscrypt_prepare_key+0x8d/0x370
[ 75.794253][ C0] ? fscrypt_setup_encryption_info+0xc16/0x1390
[ 75.794266][ C0] ? fscrypt_prepare_new_inode+0x247/0x350
[ 75.794278][ C0] ? __ext4_new_inode+0x824/0x4380
[ 75.794290][ C0] ? ext4_create+0x279/0x550
[ 75.794301][ C0] ? path_openat+0x1c03/0x3590
[ 75.794309][ C0] ? do_filp_open+0x27f/0x4e0
[ 75.794318][ C0] ? do_sys_openat2+0x13e/0x1d0
[ 75.794330][ C0] ? __x64_sys_creat+0x123/0x170
[ 75.794342][ C0] ? do_syscall_64+0xf3/0x230
[ 75.794350][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.794365][ C0] ? __phys_addr+0xba/0x170
[ 75.794377][ C0] __kasan_record_aux_stack+0xac/0xc0
[ 75.794387][ C0] task_work_add+0xd9/0x490
[ 75.794399][ C0] ? __pfx_lock_acquire+0x10/0x10
[ 75.794408][ C0] ? __pfx_task_work_add+0x10/0x10
[ 75.794419][ C0] run_posix_cpu_timers+0x6ac/0x810
[ 75.794433][ C0] ? __pfx_run_posix_cpu_timers+0x10/0x10
[ 75.794444][ C0] ? sched_balance_trigger+0x51/0x890
[ 75.794456][ C0] tick_nohz_handler+0x37c/0x500
[ 75.794465][ C0] ? __pfx_tick_nohz_handler+0x10/0x10
[ 75.794473][ C0] __hrtimer_run_queues+0x551/0xd30
[ 75.794492][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 75.794502][ C0] ? kvm_clock_get_cycles+0x52/0x70
[ 75.794517][ C0] ? ktime_get_update_offsets_now+0x38e/0x3b0
[ 75.794528][ C0] hrtimer_interrupt+0x403/0xa40
[ 75.794543][ C0] __sysvec_apic_timer_interrupt+0x110/0x420
[ 75.794555][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0
[ 75.794567][ C0]
[ 75.794570][ C0]
[ 75.794574][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 75.794584][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[ 75.794597][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 be 50 2f f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 73 00 97 f5 65 8b 05 e4 24 2d 74 85 c0 74 43 48 c7 04 24 0e 36
[ 75.794604][ C0] RSP: 0018:ffffc900019c6900 EFLAGS: 00000206
[ 75.794614][ C0] RAX: 76c72a3a8a90b700 RBX: 1ffff92000338d24 RCX: ffffffff817b5ada
[ 75.794620][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0a9420 RDI: 0000000000000001
[ 75.794626][ C0] RBP: ffffc900019c6998 R08: ffffffff942f5847 R09: 1ffffffff285eb08
[ 75.794632][ C0] R10: dffffc0000000000 R11: fffffbfff285eb09 R12: dffffc0000000000
[ 75.794638][ C0] R13: 1ffff92000338d20 R14: ffffc900019c6920 R15: 0000000000000246
[ 75.794646][ C0] ? mark_lock+0x9a/0x360
[ 75.794659][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 75.794673][ C0] __rmqueue_pcplist+0x21fd/0x2a90
[ 75.794691][ C0] get_page_from_freelist+0x886/0x37a0
[ 75.794706][ C0] ? __pfx___might_resched+0x10/0x10
[ 75.794724][ C0] __alloc_pages_noprof+0x292/0x710
[ 75.794736][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10
[ 75.794747][ C0] ? is_bpf_text_address+0x26/0x2a0
[ 75.794759][ C0] ? kernel_text_address+0xa7/0xe0
[ 75.794771][ C0] ? arch_stack_walk+0xfd/0x150
[ 75.794783][ C0] alloc_pages_mpol_noprof+0x3e1/0x780
[ 75.794795][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[ 75.794806][ C0] ? stack_trace_save+0x118/0x1d0
[ 75.794815][ C0] ? __pfx_stack_trace_save+0x10/0x10
[ 75.794824][ C0] ? alloc_pages_noprof+0xef/0x170
[ 75.794837][ C0] stack_depot_save_flags+0x72d/0x940
[ 75.794847][ C0] ? mark_lock+0x9a/0x360
[ 75.794859][ C0] kasan_save_track+0x51/0x80
[ 75.794868][ C0] ? kasan_save_track+0x3f/0x80
[ 75.794877][ C0] ? __kasan_kmalloc+0x98/0xb0
[ 75.794886][ C0] ? __kmalloc_node_noprof+0x290/0x4d0
[ 75.794896][ C0] ? crypto_create_tfm_node+0x88/0x3d0
[ 75.794905][ C0] ? crypto_alloc_tfm_node+0x161/0x360
[ 75.794914][ C0] ? fscrypt_prepare_key+0x8d/0x370
[ 75.794925][ C0] ? fscrypt_setup_encryption_info+0xc16/0x1390
[ 75.794937][ C0] ? fscrypt_prepare_new_inode+0x247/0x350
[ 75.794950][ C0] ? __ext4_new_inode+0x824/0x4380
[ 75.794969][ C0] ? ext4_create+0x279/0x550
[ 75.794978][ C0] ? path_openat+0x1c03/0x3590
[ 75.794987][ C0] ? do_filp_open+0x27f/0x4e0
[ 75.794995][ C0] ? do_sys_openat2+0x13e/0x1d0
[ 75.795006][ C0] ? __x64_sys_creat+0x123/0x170
[ 75.795017][ C0] ? do_syscall_64+0xf3/0x230
[ 75.795024][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.795041][ C0] __kasan_kmalloc+0x98/0xb0
[ 75.795051][ C0] __kmalloc_node_noprof+0x290/0x4d0
[ 75.795062][ C0] ? crypto_create_tfm_node+0x88/0x3d0
[ 75.795074][ C0] crypto_create_tfm_node+0x88/0x3d0
[ 75.795088][ C0] crypto_alloc_tfm_node+0x161/0x360
[ 75.795101][ C0] fscrypt_prepare_key+0x8d/0x370
[ 75.795114][ C0] fscrypt_setup_encryption_info+0xc16/0x1390
[ 75.795130][ C0] ? __pfx_fscrypt_setup_encryption_info+0x10/0x10
[ 75.795145][ C0] ? __pfx_lock_release+0x10/0x10
[ 75.795156][ C0] fscrypt_prepare_new_inode+0x247/0x350
[ 75.795168][ C0] ? __pfx_ext4_alloc_inode+0x10/0x10
[ 75.795177][ C0] ? __pfx_fscrypt_prepare_new_inode+0x10/0x10
[ 75.795192][ C0] __ext4_new_inode+0x824/0x4380
[ 75.795204][ C0] ? __d_add+0x4d7/0x800
[ 75.795216][ C0] ? __asan_memset+0x23/0x50
[ 75.795225][ C0] ? __dquot_initialize+0x24e/0xec0
[ 75.795238][ C0] ? __pfx___ext4_new_inode+0x10/0x10
[ 75.795252][ C0] ? d_splice_alias+0x110/0x330
[ 75.795262][ C0] ? ext4_lookup+0x26d/0x750
[ 75.795273][ C0] ext4_create+0x279/0x550
[ 75.795284][ C0] ? __pfx_ext4_create+0x10/0x10
[ 75.795295][ C0] ? inode_permission+0xff/0x460
[ 75.795308][ C0] ? bpf_lsm_path_mknod+0x9/0x10
[ 75.795318][ C0] ? bpf_lsm_inode_create+0x9/0x10
[ 75.795330][ C0] ? security_inode_create+0xbe/0x340
[ 75.795341][ C0] ? __pfx_ext4_create+0x10/0x10
[ 75.795352][ C0] path_openat+0x1c03/0x3590
[ 75.795367][ C0] ? __pfx_path_openat+0x10/0x10
[ 75.795380][ C0] do_filp_open+0x27f/0x4e0
[ 75.795390][ C0] ? __pfx_do_filp_open+0x10/0x10
[ 75.795399][ C0] ? do_raw_spin_lock+0x14f/0x370
[ 75.795416][ C0] do_sys_openat2+0x13e/0x1d0
[ 75.795429][ C0] ? __pfx_do_sys_openat2+0x10/0x10
[ 75.795440][ C0] ? __rseq_handle_notify_resume+0x34d/0x14e0
[ 75.795454][ C0] __x64_sys_creat+0x123/0x170
[ 75.795467][ C0] ? __pfx___x64_sys_creat+0x10/0x10
[ 75.795481][ C0] ? do_syscall_64+0x100/0x230
[ 75.795491][ C0] ? do_syscall_64+0xb6/0x230
[ 75.795500][ C0] do_syscall_64+0xf3/0x230
[ 75.795509][ C0] ? clear_bhb_loop+0x35/0x90
[ 75.795519][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.795529][ C0] RIP: 0033:0x7fe322b85d29
[ 75.795539][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 75.795546][ C0] RSP: 002b:00007fe31efd4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 75.795557][ C0] RAX: ffffffffffffffda RBX: 00007fe322d76080 RCX: 00007fe322b85d29
[ 75.795562][ C0] RDX: 0000000000000000 RSI: 00000000000000b2 RDI: 0000000020000000
[ 75.795568][ C0] RBP: 00007fe322c01b08 R08: 0000000000000000 R09: 0000000000000000
[ 75.795573][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 75.795578][ C0] R13: 0000000000000000 R14: 00007fe322d76080 R15: 00007ffc95619c78
[ 75.795588][ C0]
[ 76.195849][ T5323] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[ 76.200647][ T5334] fscrypt: loop0: 2 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751
[ 76.324797][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.327617][ T1309] ieee802154 phy1 wpan1: encryption failed: -22