I think I've found the origin of the problem, and this is related to a change made within libcryptsetup during January 2017, in the function device_internal_prepare(). This now checks that both getuid() and geteuid() return zero before attempting to configure a loopback device. Other areas of libcryptsetup will check getuid() and geteuid() after an operation fails in order to provide a warning message about lack of root privileges. I'm not convinced that checking getuid() is necessary, if geteuid() already returns zero.
I have a provisional fix for cryptmount, which I intend to roll into the forthcoming release 5.3.
