[   18.804296][ T3637] 8021q: adding VLAN 0 to HW filter on device bond0
[   18.809107][ T3637] eql: remember to turn off Van-Jacobson compression on your slave devices
[   18.851958][  T790] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   18.856898][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.10.54' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   37.430956][ T3962] loop0: detected capacity change from 0 to 8192
[   37.436449][ T3962] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   37.438857][ T3962] REISERFS (device loop0): using ordered data mode
[   37.440183][ T3962] reiserfs: using flush barriers
[   37.444838][ T3962] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   37.448526][ T3962] REISERFS (device loop0): checking transaction log (loop0)
[   37.452094][ T3962] REISERFS (device loop0): Using tea hash to sort names
[   37.455401][ T3962] =======================================================
[   37.455401][ T3962] WARNING: The mand mount option has been deprecated and
[   37.455401][ T3962]          and is ignored by this kernel. Remove the mand
[   37.455401][ T3962]          option from the mount to silence this warning.
[   37.455401][ T3962] =======================================================
[   37.462589][ T3962] reiserfs: enabling write barrier flush mode
[   37.469724][ T3962] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[   37.471931][ T3962] 
[   37.472413][ T3962] ======================================================
[   37.473911][ T3962] WARNING: possible circular locking dependency detected
[   37.475358][ T3962] 5.15.111-syzkaller #0 Not tainted
[   37.476409][ T3962] ------------------------------------------------------
[   37.477865][ T3962] syz-executor105/3962 is trying to acquire lock:
[   37.479096][ T3962] ffff0000dc7e02e0 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x63c/0x26f0
[   37.481064][ T3962] 
[   37.481064][ T3962] but task is already holding lock:
[   37.482519][ T3962] ffff0000c2dea460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c
[   37.484329][ T3962] 
[   37.484329][ T3962] which lock already depends on the new lock.
[   37.484329][ T3962] 
[   37.486517][ T3962] 
[   37.486517][ T3962] the existing dependency chain (in reverse order) is:
[   37.488470][ T3962] 
[   37.488470][ T3962] -> #2 (sb_writers#8){.+.+}-{0:0}:
[   37.489944][ T3962]        sb_start_write+0xf0/0x3ac
[   37.491033][ T3962]        mnt_want_write_file+0x64/0x1e8
[   37.492282][ T3962]        reiserfs_ioctl+0x188/0x4b8
[   37.493349][ T3962]        __arm64_sys_ioctl+0x14c/0x1c8
[   37.494484][ T3962]        invoke_syscall+0x98/0x2b8
[   37.495635][ T3962]        el0_svc_common+0x138/0x258
[   37.496671][ T3962]        do_el0_svc+0x58/0x14c
[   37.497646][ T3962]        el0_svc+0x7c/0x1f0
[   37.498572][ T3962]        el0t_64_sync_handler+0x84/0xe4
[   37.499813][ T3962]        el0t_64_sync+0x1a0/0x1a4
[   37.500789][ T3962] 
[   37.500789][ T3962] -> #1 (&sbi->lock){+.+.}-{3:3}:
[   37.502318][ T3962]        __mutex_lock_common+0x194/0x2154
[   37.503512][ T3962]        mutex_lock_nested+0xa4/0xf8
[   37.504608][ T3962]        reiserfs_write_lock+0x7c/0xe8
[   37.505780][ T3962]        reiserfs_lookup+0x130/0x3c4
[   37.506864][ T3962]        __lookup_slow+0x250/0x388
[   37.507965][ T3962]        lookup_one_len+0x178/0x28c
[   37.509126][ T3962]        reiserfs_lookup_privroot+0x8c/0x204
[   37.510402][ T3962]        reiserfs_fill_super+0x1494/0x1e8c
[   37.511651][ T3962]        mount_bdev+0x26c/0x368
[   37.512731][ T3962]        get_super_block+0x44/0x58
[   37.513835][ T3962]        legacy_get_tree+0xd4/0x16c
[   37.514944][ T3962]        vfs_get_tree+0x90/0x274
[   37.515951][ T3962]        do_new_mount+0x25c/0x8c8
[   37.517044][ T3962]        path_mount+0x590/0x104c
[   37.518034][ T3962]        __arm64_sys_mount+0x510/0x5e0
[   37.519180][ T3962]        invoke_syscall+0x98/0x2b8
[   37.520176][ T3962]        el0_svc_common+0x138/0x258
[   37.521226][ T3962]        do_el0_svc+0x58/0x14c
[   37.522214][ T3962]        el0_svc+0x7c/0x1f0
[   37.523153][ T3962]        el0t_64_sync_handler+0x84/0xe4
[   37.524270][ T3962]        el0t_64_sync+0x1a0/0x1a4
[   37.525355][ T3962] 
[   37.525355][ T3962] -> #0 (&type->i_mutex_dir_key#6){+.+.}-{3:3}:
[   37.527181][ T3962]        __lock_acquire+0x32cc/0x7620
[   37.528401][ T3962]        lock_acquire+0x240/0x77c
[   37.529528][ T3962]        down_write+0x110/0x260
[   37.530646][ T3962]        path_openat+0x63c/0x26f0
[   37.531710][ T3962]        do_filp_open+0x1a8/0x3b4
[   37.532762][ T3962]        do_sys_openat2+0x128/0x3d8
[   37.533874][ T3962]        __arm64_sys_openat+0x1f0/0x240
[   37.535051][ T3962]        invoke_syscall+0x98/0x2b8
[   37.536149][ T3962]        el0_svc_common+0x138/0x258
[   37.537232][ T3962]        do_el0_svc+0x58/0x14c
[   37.538264][ T3962]        el0_svc+0x7c/0x1f0
[   37.539155][ T3962]        el0t_64_sync_handler+0x84/0xe4
[   37.540283][ T3962]        el0t_64_sync+0x1a0/0x1a4
[   37.541274][ T3962] 
[   37.541274][ T3962] other info that might help us debug this:
[   37.541274][ T3962] 
[   37.543333][ T3962] Chain exists of:
[   37.543333][ T3962]   &type->i_mutex_dir_key#6 --> &sbi->lock --> sb_writers#8
[   37.543333][ T3962] 
[   37.546164][ T3962]  Possible unsafe locking scenario:
[   37.546164][ T3962] 
[   37.547668][ T3962]        CPU0                    CPU1
[   37.548763][ T3962]        ----                    ----
[   37.549977][ T3962]   lock(sb_writers#8);
[   37.550792][ T3962]                                lock(&sbi->lock);
[   37.552133][ T3962]                                lock(sb_writers#8);
[   37.553529][ T3962]   lock(&type->i_mutex_dir_key#6);
[   37.554605][ T3962] 
[   37.554605][ T3962]  *** DEADLOCK ***
[   37.554605][ T3962] 
[   37.556244][ T3962] 1 lock held by syz-executor105/3962:
[   37.557404][ T3962]  #0: ffff0000c2dea460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c
[   37.559271][ T3962] 
[   37.559271][ T3962] stack backtrace:
[   37.560497][ T3962] CPU: 1 PID: 3962 Comm: syz-executor105 Not tainted 5.15.111-syzkaller #0
[   37.562320][ T3962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   37.564448][ T3962] Call trace:
[   37.565153][ T3962]  dump_backtrace+0x0/0x530
[   37.566107][ T3962]  show_stack+0x2c/0x3c
[   37.566978][ T3962]  dump_stack_lvl+0x108/0x170
[   37.567893][ T3962]  dump_stack+0x1c/0x58
[   37.568809][ T3962]  print_circular_bug+0x150/0x1b8
[   37.569841][ T3962]  check_noncircular+0x2cc/0x378
[   37.570827][ T3962]  __lock_acquire+0x32cc/0x7620
[   37.571781][ T3962]  lock_acquire+0x240/0x77c
[   37.572712][ T3962]  down_write+0x110/0x260
[   37.573596][ T3962]  path_openat+0x63c/0x26f0
[   37.574593][ T3962]  do_filp_open+0x1a8/0x3b4
[   37.575576][ T3962]  do_sys_openat2+0x128/0x3d8
[   37.576519][ T3962]  __arm64_sys_openat+0x1f0/0x240
[   37.577659][ T3962]  invoke_syscall+0x98/0x2b8
[   37.578616][ T3962]  el0_svc_common+0x138/0x258
[   37.579536][ T3962]  do_el0_svc+0x58/0x14c
[   37.580488][ T3962]  el0_svc+0x7c/0x1f0
[   37.581326][ T3962]  el0t_64_sync_handler+0x84/0xe4
[   37.582345][ T3962]  el0t_64_sync+0x1a0/0x1a4