program: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000f4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) r3 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x4000) ioctl$NBD_DISCONNECT(r3, 0xab08) syz_open_dev$ndb(&(0x7f0000000880), 0x0, 0x40000) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r2, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r4, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00') syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r4, 0xc0406619, &(0x7f0000000140)={@id={0x2, 0x0, @a}}) chdir(&(0x7f0000000140)='./file0\x00') r5 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r5) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r5, r2, 0xc, 0x0, @val=@kprobe_multi=@addrs={0x1, 0x9, 0x0, &(0x7f0000000180)=[0x7, 0x9, 0x4, 0x84bf, 0x533, 0x4713, 0x5, 0x0, 0xebe], 0x7}}, 0x30) syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil) [ 84.129990][ T4655] Bluetooth: hci0: command tx timeout [ 84.223308][ T5330] loop0: detected capacity change from 0 to 128 [ 84.330947][ T5330] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 84.346780][ T5330] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 84.360229][ T5330] block nbd0: NBD_DISCONNECT [ 84.376822][ T5330] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 84.409598][ T5330] fscrypt: loop0: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12 [ 84.438389][ T75] [ 84.439450][ T75] ====================================================== [ 84.442681][ T75] WARNING: possible circular locking dependency detected [ 84.445676][ T75] syzkaller #0 Not tainted [ 84.447626][ T75] ------------------------------------------------------ [ 84.450676][ T75] kswapd0/75 is trying to acquire lock: [ 84.453088][ T75] ffff888000989090 (&type->lock_class){+.+.}-{4:4}, at: keyring_clear+0xaf/0x250 [ 84.457146][ T75] [ 84.457146][ T75] but task is already holding lock: [ 84.460308][ T75] ffffffff8ea87820 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x927/0x2de0 [ 84.463816][ T75] [ 84.463816][ T75] which lock already depends on the new lock. [ 84.463816][ T75] [ 84.468224][ T75] [ 84.468224][ T75] the existing dependency chain (in reverse order) is: [ 84.472110][ T75] [ 84.472110][ T75] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 84.475216][ T75] fs_reclaim_acquire+0x71/0x100 [ 84.477650][ T75] __kmalloc_cache_noprof+0x40/0x660 [ 84.480156][ T75] assoc_array_insert+0x92/0x2f60 [ 84.482562][ T75] __key_link_begin+0xd6/0x1f0 [ 84.484756][ T75] __key_create_or_update+0x449/0xa80 [ 84.487304][ T75] key_create_or_update+0x42/0x60 [ 84.489719][ T75] x509_load_certificate_list+0x145/0x280 [ 84.492386][ T75] do_one_initcall+0x250/0x870 [ 84.494677][ T75] do_initcall_level+0x104/0x190 [ 84.497124][ T75] do_initcalls+0x59/0xa0 [ 84.499229][ T75] kernel_init_freeable+0x2a6/0x3e0 [ 84.501476][ T75] kernel_init+0x1d/0x1d0 [ 84.503474][ T75] ret_from_fork+0x514/0xb70 [ 84.505569][ T75] ret_from_fork_asm+0x1a/0x30 [ 84.507640][ T75] [ 84.507640][ T75] -> #0 (&type->lock_class){+.+.}-{4:4}: [ 84.510817][ T75] __lock_acquire+0x15a5/0x2cf0 [ 84.513115][ T75] lock_acquire+0x106/0x350 [ 84.515412][ T75] down_write+0x96/0x200 [ 84.517549][ T75] keyring_clear+0xaf/0x250 [ 84.519655][ T75] fscrypt_put_master_key+0xca/0x190 [ 84.522128][ T75] put_crypt_info+0x26d/0x310 [ 84.524300][ T75] fscrypt_put_encryption_info+0xf6/0x140 [ 84.526842][ T75] ext4_evict_inode+0xbe0/0x10e0 [ 84.529178][ T75] evict+0x61e/0xb10 [ 84.531051][ T75] __dentry_kill+0x1a2/0x690 [ 84.533202][ T75] shrink_kill+0xa9/0x2c0 [ 84.535256][ T75] shrink_dentry_list+0x2e0/0x5e0 [ 84.537603][ T75] prune_dcache_sb+0x119/0x180 [ 84.539823][ T75] super_cache_scan+0x369/0x4b0 [ 84.542218][ T75] do_shrink_slab+0x6fb/0x1150 [ 84.544587][ T75] shrink_slab+0x835/0x11f0 [ 84.546773][ T75] shrink_one+0x2d9/0x710 [ 84.548897][ T75] shrink_node+0x31bf/0x3ae0 [ 84.550987][ T75] kswapd+0x1736/0x2de0 [ 84.552946][ T75] kthread+0x388/0x470 [ 84.554886][ T75] ret_from_fork+0x514/0xb70 [ 84.557210][ T75] ret_from_fork_asm+0x1a/0x30 [ 84.559465][ T75] [ 84.559465][ T75] other info that might help us debug this: [ 84.559465][ T75] [ 84.563917][ T75] Possible unsafe locking scenario: [ 84.563917][ T75] [ 84.567191][ T75] CPU0 CPU1 [ 84.569491][ T75] ---- ---- [ 84.571799][ T75] lock(fs_reclaim); [ 84.573571][ T75] lock(&type->lock_class); [ 84.576653][ T75] lock(fs_reclaim); [ 84.579397][ T75] lock(&type->lock_class); [ 84.581458][ T75] [ 84.581458][ T75] *** DEADLOCK *** [ 84.581458][ T75] [ 84.584942][ T75] 2 locks held by kswapd0/75: [ 84.586946][ T75] #0: ffffffff8ea87820 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x927/0x2de0 [ 84.589936][ T75] #1: ffff8880121e20d8 (&type->s_umount_key#33){++++}-{4:4}, at: super_cache_scan+0x91/0x4b0 [ 84.593885][ T75] [ 84.593885][ T75] stack backtrace: [ 84.596193][ T75] CPU: 0 UID: 0 PID: 75 Comm: kswapd0 Not tainted syzkaller #0 PREEMPT(full) [ 84.596204][ T75] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.596211][ T75] Call Trace: [ 84.596218][ T75] [ 84.596223][ T75] dump_stack_lvl+0xe8/0x150 [ 84.596238][ T75] print_circular_bug+0x2e1/0x300 [ 84.596255][ T75] check_noncircular+0x12e/0x150 [ 84.596268][ T75] __lock_acquire+0x15a5/0x2cf0 [ 84.596278][ T75] ? check_noncircular+0xda/0x150 [ 84.596286][ T75] ? keyring_clear+0xaf/0x250 [ 84.596295][ T75] lock_acquire+0x106/0x350 [ 84.596302][ T75] ? keyring_clear+0xaf/0x250 [ 84.596312][ T75] down_write+0x96/0x200 [ 84.596334][ T75] ? keyring_clear+0xaf/0x250 [ 84.596342][ T75] ? __pfx_down_write+0x10/0x10 [ 84.596352][ T75] keyring_clear+0xaf/0x250 [ 84.596361][ T75] ? __pfx_keyring_clear+0x10/0x10 [ 84.596369][ T75] ? crypto_destroy_tfm+0x36/0x320 [ 84.596378][ T75] fscrypt_put_master_key+0xca/0x190 [ 84.596388][ T75] put_crypt_info+0x26d/0x310 [ 84.596396][ T75] fscrypt_put_encryption_info+0xf6/0x140 [ 84.596403][ T75] ext4_evict_inode+0xbe0/0x10e0 [ 84.596413][ T75] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 84.596422][ T75] ? do_raw_spin_lock+0x12b/0x2f0 [ 84.596432][ T75] ? __pfx_ext4_evict_inode+0x10/0x10 [ 84.596440][ T75] ? do_raw_spin_unlock+0x4d/0x210 [ 84.596453][ T75] ? __pfx_ext4_evict_inode+0x10/0x10 [ 84.596464][ T75] evict+0x61e/0xb10 [ 84.596480][ T75] ? __pfx_evict+0x10/0x10 [ 84.596490][ T75] ? _raw_spin_unlock+0x28/0x50 [ 84.596497][ T75] ? iput+0xb25/0xe80 [ 84.596505][ T75] __dentry_kill+0x1a2/0x690 [ 84.596514][ T75] ? shrink_kill+0x8d/0x2c0 [ 84.596521][ T75] shrink_kill+0xa9/0x2c0 [ 84.596528][ T75] shrink_dentry_list+0x2e0/0x5e0 [ 84.596536][ T75] prune_dcache_sb+0x119/0x180 [ 84.596543][ T75] ? __pfx_prune_dcache_sb+0x10/0x10 [ 84.596572][ T75] ? list_lru_count_one+0x27/0x2c0 [ 84.596583][ T75] ? list_lru_count_one+0x264/0x2c0 [ 84.596592][ T75] super_cache_scan+0x369/0x4b0 [ 84.596607][ T75] do_shrink_slab+0x6fb/0x1150 [ 84.596624][ T75] shrink_slab+0x835/0x11f0 [ 84.596633][ T75] ? shrink_slab+0x1ef/0x11f0 [ 84.596643][ T75] ? __pfx_shrink_slab+0x10/0x10 [ 84.596652][ T75] ? __pfx_try_to_shrink_lruvec+0x10/0x10 [ 84.596661][ T75] ? mlock_drain_local+0x79/0x480 [ 84.596671][ T75] ? shrink_node+0x2d92/0x3ae0 [ 84.596680][ T75] shrink_one+0x2d9/0x710 [ 84.596690][ T75] ? shrink_node+0x2d92/0x3ae0 [ 84.596698][ T75] shrink_node+0x31bf/0x3ae0 [ 84.596708][ T75] ? shrink_node+0x2d92/0x3ae0 [ 84.596717][ T75] ? __lock_acquire+0x6b5/0x2cf0 [ 84.596725][ T75] ? percpu_ref_put+0x19/0x180 [ 84.596735][ T75] ? percpu_ref_put+0x19/0x180 [ 84.596747][ T75] ? __pfx_shrink_node+0x10/0x10 [ 84.596755][ T75] ? percpu_ref_put+0x19/0x180 [ 84.596764][ T75] ? percpu_ref_put+0x19/0x180 [ 84.596774][ T75] ? mem_cgroup_iter+0x420/0x450 [ 84.596789][ T75] ? mem_cgroup_iter+0x3b/0x450 [ 84.596803][ T75] kswapd+0x1736/0x2de0 [ 84.596816][ T75] ? kswapd+0x927/0x2de0 [ 84.596826][ T75] ? __pfx_kswapd+0x10/0x10 [ 84.596833][ T75] ? __lock_acquire+0x6b5/0x2cf0 [ 84.596845][ T75] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 84.596858][ T75] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 84.596870][ T75] ? __pfx_autoremove_wake_function+0x10/0x10 [ 84.596884][ T75] ? __kthread_parkme+0x7a/0x1f0 [ 84.596893][ T75] kthread+0x388/0x470 [ 84.596901][ T75] ? __pfx_kswapd+0x10/0x10 [ 84.596907][ T75] ? __pfx_kthread+0x10/0x10 [ 84.596915][ T75] ret_from_fork+0x514/0xb70 [ 84.596923][ T75] ? __pfx_ret_from_fork+0x10/0x10 [ 84.596930][ T75] ? __switch_to+0xc79/0x1410 [ 84.596939][ T75] ? __pfx_kthread+0x10/0x10 [ 84.596948][ T75] ret_from_fork_asm+0x1a/0x30 [ 84.596958][ T75]