program: syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x1000) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}]}]}, 0x5c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'batadv0\x00', &(0x7f00000000c0)=@ethtool_stats}) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="6c000000090601020000000000000000030000000900020073797a31000000000500010007000000440007801800018014000240fe8000000000000000aa1800148014fffffeffffffffff0000000000000000000000060004404e1f00000500070084000000"], 0x6c}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r0, 0x80045017, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x4000) r4 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r4, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000210001000000000000000000020000000000000000000001"], 0x1c}}, 0x0) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000040)={0x84, @remote, 0x0, 0x0, 'lblc\x00'}, 0x2c) r8 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r8, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10) sendmmsg$inet(r8, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0) chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00') openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x10c) link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r5, 0xc0406619, &(0x7f0000000080)={@id={0x2, 0x0, @a}}) [ 144.016189][ T5315] Bluetooth: hci0: command tx timeout [ 144.176119][ T5336] loop0: detected capacity change from 0 to 128 [ 144.325946][ T5336] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 144.347608][ T5336] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 144.455701][ T5337] netlink: 40 bytes leftover after parsing attributes in process `syz.0.0'. [ 144.522765][ T4492] IPVS: starting estimator thread 0... [ 144.540545][ T5337] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 144.545376][ T5337] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 144.600127][ T5337] fscrypt: loop0: 2 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 13 [ 144.628162][ T5349] IPVS: using max 107 ests per chain, 256800 per kthread [ 145.022332][ T80] [ 145.023475][ T80] ====================================================== [ 145.026543][ T80] WARNING: possible circular locking dependency detected [ 145.029523][ T80] syzkaller #0 Not tainted [ 145.031505][ T80] ------------------------------------------------------ [ 145.034359][ T80] kswapd0/80 is trying to acquire lock: [ 145.036756][ T80] ffff888044449098 (&type->lock_class){+.+.}-{4:4}, at: keyring_clear+0xaf/0x240 [ 145.041238][ T80] [ 145.041238][ T80] but task is already holding lock: [ 145.045225][ T80] ffffffff8e0518a0 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x92a/0x2820 [ 145.049245][ T80] [ 145.049245][ T80] which lock already depends on the new lock. [ 145.049245][ T80] [ 145.053467][ T80] [ 145.053467][ T80] the existing dependency chain (in reverse order) is: [ 145.057312][ T80] [ 145.057312][ T80] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 145.060366][ T80] fs_reclaim_acquire+0x72/0x100 [ 145.062754][ T80] __kmalloc_cache_noprof+0x40/0x700 [ 145.065349][ T80] assoc_array_insert+0x92/0x2f90 [ 145.067729][ T80] __key_link_begin+0xd6/0x1f0 [ 145.070058][ T80] __key_create_or_update+0x41a/0xa30 [ 145.072613][ T80] key_create_or_update+0x42/0x60 [ 145.074933][ T80] x509_load_certificate_list+0x145/0x280 [ 145.077453][ T80] do_one_initcall+0x1f1/0x800 [ 145.079885][ T80] do_initcall_level+0x104/0x190 [ 145.082198][ T80] do_initcalls+0x59/0xa0 [ 145.084212][ T80] kernel_init_freeable+0x2a7/0x3d0 [ 145.086394][ T80] kernel_init+0x1d/0x1d0 [ 145.088319][ T80] ret_from_fork+0x510/0xa50 [ 145.090440][ T80] ret_from_fork_asm+0x1a/0x30 [ 145.092505][ T80] [ 145.092505][ T80] -> #0 (&type->lock_class){+.+.}-{4:4}: [ 145.095933][ T80] __lock_acquire+0x15a6/0x2cf0 [ 145.098286][ T80] lock_acquire+0x107/0x340 [ 145.100494][ T80] down_write+0x96/0x1f0 [ 145.102648][ T80] keyring_clear+0xaf/0x240 [ 145.104788][ T80] fscrypt_put_master_key+0xca/0x190 [ 145.107264][ T80] put_crypt_info+0x26d/0x310 [ 145.109547][ T80] fscrypt_put_encryption_info+0xf6/0x140 [ 145.112360][ T80] ext4_clear_inode+0x170/0x2f0 [ 145.114906][ T80] ext4_evict_inode+0x9f6/0xe60 [ 145.117368][ T80] evict+0x5f4/0xae0 [ 145.119413][ T80] __dentry_kill+0x209/0x660 [ 145.121530][ T80] shrink_kill+0xa9/0x2c0 [ 145.123806][ T80] shrink_dentry_list+0x2e0/0x5e0 [ 145.126456][ T80] prune_dcache_sb+0x10e/0x180 [ 145.128706][ T80] super_cache_scan+0x369/0x4b0 [ 145.130983][ T80] do_shrink_slab+0x6df/0x10d0 [ 145.133180][ T80] shrink_slab+0x7ef/0x10d0 [ 145.135345][ T80] shrink_one+0x2d9/0x720 [ 145.137401][ T80] shrink_node+0x2f7d/0x35b0 [ 145.139585][ T80] kswapd+0x145a/0x2820 [ 145.141648][ T80] kthread+0x711/0x8a0 [ 145.143673][ T80] ret_from_fork+0x510/0xa50 [ 145.145893][ T80] ret_from_fork_asm+0x1a/0x30 [ 145.148110][ T80] [ 145.148110][ T80] other info that might help us debug this: [ 145.148110][ T80] [ 145.152520][ T80] Possible unsafe locking scenario: [ 145.152520][ T80] [ 145.155744][ T80] CPU0 CPU1 [ 145.158392][ T80] ---- ---- [ 145.161052][ T80] lock(fs_reclaim); [ 145.163230][ T80] lock(&type->lock_class); [ 145.166441][ T80] lock(fs_reclaim); [ 145.169288][ T80] lock(&type->lock_class); [ 145.171332][ T80] [ 145.171332][ T80] *** DEADLOCK *** [ 145.171332][ T80] [ 145.174867][ T80] 2 locks held by kswapd0/80: [ 145.176945][ T80] #0: ffffffff8e0518a0 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x92a/0x2820 [ 145.180718][ T80] #1: ffff88801c5600e0 (&type->s_umount_key#32){++++}-{4:4}, at: super_cache_scan+0x91/0x4b0 [ 145.185241][ T80] [ 145.185241][ T80] stack backtrace: [ 145.187946][ T80] CPU: 0 UID: 0 PID: 80 Comm: kswapd0 Not tainted syzkaller #0 PREEMPT(full) [ 145.187963][ T80] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 145.187969][ T80] Call Trace: [ 145.187977][ T80] [ 145.187984][ T80] dump_stack_lvl+0xe8/0x150 [ 145.188004][ T80] print_circular_bug+0x2e2/0x300 [ 145.188019][ T80] check_noncircular+0x12e/0x150 [ 145.188033][ T80] __lock_acquire+0x15a6/0x2cf0 [ 145.188044][ T80] ? stack_trace_save+0x9c/0xe0 [ 145.188063][ T80] ? keyring_clear+0xaf/0x240 [ 145.188075][ T80] lock_acquire+0x107/0x340 [ 145.188085][ T80] ? keyring_clear+0xaf/0x240 [ 145.188100][ T80] down_write+0x96/0x1f0 [ 145.188111][ T80] ? keyring_clear+0xaf/0x240 [ 145.188122][ T80] ? __pfx_down_write+0x10/0x10 [ 145.188137][ T80] keyring_clear+0xaf/0x240 [ 145.188149][ T80] ? __pfx_keyring_clear+0x10/0x10 [ 145.188163][ T80] fscrypt_put_master_key+0xca/0x190 [ 145.188181][ T80] put_crypt_info+0x26d/0x310 [ 145.188192][ T80] fscrypt_put_encryption_info+0xf6/0x140 [ 145.188202][ T80] ext4_clear_inode+0x170/0x2f0 [ 145.188214][ T80] ext4_evict_inode+0x9f6/0xe60 [ 145.188225][ T80] ? inode_wait_for_writeback+0x14d/0x370 [ 145.188241][ T80] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 145.188254][ T80] ? do_raw_spin_lock+0x121/0x290 [ 145.188268][ T80] ? __pfx_ext4_evict_inode+0x10/0x10 [ 145.188277][ T80] ? do_raw_spin_unlock+0x4d/0x240 [ 145.188290][ T80] ? __pfx_ext4_evict_inode+0x10/0x10 [ 145.188300][ T80] evict+0x5f4/0xae0 [ 145.188314][ T80] ? __pfx_evict+0x10/0x10 [ 145.188326][ T80] ? _raw_spin_unlock+0x28/0x50 [ 145.188339][ T80] ? iput+0xcc6/0x1030 [ 145.188351][ T80] __dentry_kill+0x209/0x660 [ 145.188366][ T80] ? shrink_kill+0x8d/0x2c0 [ 145.188382][ T80] shrink_kill+0xa9/0x2c0 [ 145.188393][ T80] shrink_dentry_list+0x2e0/0x5e0 [ 145.188406][ T80] prune_dcache_sb+0x10e/0x180 [ 145.188417][ T80] ? __pfx_prune_dcache_sb+0x10/0x10 [ 145.188429][ T80] ? list_lru_count_one+0x27/0x2c0 [ 145.188444][ T80] ? list_lru_count_one+0x264/0x2c0 [ 145.188455][ T80] super_cache_scan+0x369/0x4b0 [ 145.188466][ T80] do_shrink_slab+0x6df/0x10d0 [ 145.188475][ T80] shrink_slab+0x7ef/0x10d0 [ 145.188481][ T80] ? shrink_slab+0x1e8/0x10d0 [ 145.188488][ T80] ? __pfx_shrink_slab+0x10/0x10 [ 145.188497][ T80] shrink_one+0x2d9/0x720 [ 145.188507][ T80] ? shrink_node+0x2d3f/0x35b0 [ 145.188516][ T80] shrink_node+0x2f7d/0x35b0 [ 145.188527][ T80] ? shrink_node+0x2d3f/0x35b0 [ 145.188535][ T80] ? __lock_acquire+0x6b6/0x2cf0 [ 145.188542][ T80] ? percpu_ref_put+0x19/0x180 [ 145.188550][ T80] ? percpu_ref_put+0x19/0x180 [ 145.188556][ T80] ? __pfx_shrink_node+0x10/0x10 [ 145.188565][ T80] ? percpu_ref_put+0x19/0x180 [ 145.188571][ T80] ? mem_cgroup_iter+0x420/0x460 [ 145.188579][ T80] ? mem_cgroup_iter+0x3b/0x460 [ 145.188587][ T80] kswapd+0x145a/0x2820 [ 145.188596][ T80] ? kswapd+0x92a/0x2820 [ 145.188604][ T80] ? __pfx_kswapd+0x10/0x10 [ 145.188611][ T80] ? __lock_acquire+0x6b6/0x2cf0 [ 145.188618][ T80] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 145.188626][ T80] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 145.188637][ T80] ? __pfx_autoremove_wake_function+0x10/0x10 [ 145.188646][ T80] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 145.188655][ T80] ? __kthread_parkme+0x7b/0x200 [ 145.188663][ T80] ? __kthread_parkme+0x1a1/0x200 [ 145.188670][ T80] kthread+0x711/0x8a0 [ 145.188679][ T80] ? __pfx_kswapd+0x10/0x10 [ 145.188685][ T80] ? __pfx_kthread+0x10/0x10 [ 145.188693][ T80] ? _raw_spin_unlock_irq+0x23/0x50 [ 145.188701][ T80] ? __pfx_kthread+0x10/0x10 [ 145.188708][ T80] ret_from_fork+0x510/0xa50 [ 145.188716][ T80] ? __pfx_ret_from_fork+0x10/0x10 [ 145.188721][ T80] ? __switch_to+0xc9e/0x1480 [ 145.188735][ T80] ? __pfx_kthread+0x10/0x10 [ 145.188746][ T80] ret_from_fork_asm+0x1a/0x30 [ 145.188762][ T80]