DUID 00:04:d5:34:fd:2d:90:3b:7d:1f:5f:ef:10:3f:c1:8d:8b:e5
forked to background, child pid 3214
[   27.259364][ T3215] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.272983][ T3215] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   51.844435][ T3539] loop0: detected capacity change from 0 to 8192
[   51.854456][ T3539] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   51.867489][ T3539] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   51.877095][ T3539] REISERFS (device loop0): using ordered data mode
[   51.883625][ T3539] reiserfs: using flush barriers
[   51.891898][ T3539] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   51.908526][ T3539] REISERFS (device loop0): checking transaction log (loop0)
[   51.918253][ T3539] REISERFS (device loop0): Using tea hash to sort names
[   51.927135][ T3539] =======================================================
[   51.927135][ T3539] WARNING: The mand mount option has been deprecated and
[   51.927135][ T3539]          and is ignored by this kernel. Remove the mand
[   51.927135][ T3539]          option from the mount to silence this warning.
[   51.927135][ T3539] =======================================================
[   51.962357][ T3539] reiserfs: enabling write barrier flush mode
[   51.973054][ T3539] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[   51.982490][ T3539] 
[   51.984806][ T3539] ======================================================
[   51.991797][ T3539] WARNING: possible circular locking dependency detected
[   51.998787][ T3539] 6.1.34-syzkaller #0 Not tainted
[   52.003783][ T3539] ------------------------------------------------------
[   52.010771][ T3539] syz-executor235/3539 is trying to acquire lock:
[   52.017154][ T3539] ffff8880747802e0 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x7b6/0x2e60
[   52.026884][ T3539] 
[   52.026884][ T3539] but task is already holding lock:
[   52.034227][ T3539] ffff88807ce2e460 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80
[   52.042898][ T3539] 
[   52.042898][ T3539] which lock already depends on the new lock.
[   52.042898][ T3539] 
[   52.053271][ T3539] 
[   52.053271][ T3539] the existing dependency chain (in reverse order) is:
[   52.062260][ T3539] 
[   52.062260][ T3539] -> #2 (sb_writers#9){.+.+}-{0:0}:
[   52.069623][ T3539]        lock_acquire+0x1f8/0x5a0
[   52.074627][ T3539]        sb_start_write+0x4d/0x1c0
[   52.079723][ T3539]        mnt_want_write_file+0x5a/0x1f0
[   52.085395][ T3539]        reiserfs_ioctl+0x170/0x340
[   52.090584][ T3539]        __se_sys_ioctl+0xf1/0x160
[   52.095679][ T3539]        do_syscall_64+0x3d/0xb0
[   52.100611][ T3539]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.107014][ T3539] 
[   52.107014][ T3539] -> #1 (&sbi->lock){+.+.}-{3:3}:
[   52.114207][ T3539]        lock_acquire+0x1f8/0x5a0
[   52.119214][ T3539]        __mutex_lock_common+0x1d4/0x2520
[   52.124920][ T3539]        mutex_lock_nested+0x17/0x20
[   52.130190][ T3539]        reiserfs_write_lock+0x76/0xd0
[   52.135637][ T3539]        reiserfs_lookup+0x15c/0x4b0
[   52.140908][ T3539]        __lookup_slow+0x27e/0x3d0
[   52.146015][ T3539]        lookup_one_len+0x187/0x2d0
[   52.151196][ T3539]        reiserfs_lookup_privroot+0x85/0x1e0
[   52.157166][ T3539]        reiserfs_fill_super+0x1957/0x2620
[   52.162956][ T3539]        mount_bdev+0x2c9/0x3f0
[   52.167791][ T3539]        legacy_get_tree+0xeb/0x180
[   52.172976][ T3539]        vfs_get_tree+0x88/0x270
[   52.177906][ T3539]        do_new_mount+0x28b/0xae0
[   52.182915][ T3539]        __se_sys_mount+0x2d5/0x3c0
[   52.188100][ T3539]        do_syscall_64+0x3d/0xb0
[   52.193022][ T3539]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.199422][ T3539] 
[   52.199422][ T3539] -> #0 (&type->i_mutex_dir_key#6){+.+.}-{3:3}:
[   52.207836][ T3539]        validate_chain+0x1667/0x58e0
[   52.213192][ T3539]        __lock_acquire+0x125b/0x1f80
[   52.218545][ T3539]        lock_acquire+0x1f8/0x5a0
[   52.223552][ T3539]        down_write+0x36/0x60
[   52.228224][ T3539]        path_openat+0x7b6/0x2e60
[   52.233234][ T3539]        do_filp_open+0x230/0x480
[   52.238240][ T3539]        do_sys_openat2+0x13b/0x500
[   52.243423][ T3539]        __x64_sys_openat+0x243/0x290
[   52.248790][ T3539]        do_syscall_64+0x3d/0xb0
[   52.253709][ T3539]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.260111][ T3539] 
[   52.260111][ T3539] other info that might help us debug this:
[   52.260111][ T3539] 
[   52.270330][ T3539] Chain exists of:
[   52.270330][ T3539]   &type->i_mutex_dir_key#6 --> &sbi->lock --> sb_writers#9
[   52.270330][ T3539] 
[   52.283442][ T3539]  Possible unsafe locking scenario:
[   52.283442][ T3539] 
[   52.290874][ T3539]        CPU0                    CPU1
[   52.296220][ T3539]        ----                    ----
[   52.301566][ T3539]   lock(sb_writers#9);
[   52.305710][ T3539]                                lock(&sbi->lock);
[   52.312194][ T3539]                                lock(sb_writers#9);
[   52.318854][ T3539]   lock(&type->i_mutex_dir_key#6);
[   52.324041][ T3539] 
[   52.324041][ T3539]  *** DEADLOCK ***
[   52.324041][ T3539] 
[   52.332174][ T3539] 1 lock held by syz-executor235/3539:
[   52.337615][ T3539]  #0: ffff88807ce2e460 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80
[   52.346744][ T3539] 
[   52.346744][ T3539] stack backtrace:
[   52.352611][ T3539] CPU: 0 PID: 3539 Comm: syz-executor235 Not tainted 6.1.34-syzkaller #0
[   52.361007][ T3539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   52.371045][ T3539] Call Trace:
[   52.374312][ T3539]  <TASK>
[   52.377230][ T3539]  dump_stack_lvl+0x1e3/0x2cb
[   52.381901][ T3539]  ? nf_tcp_handle_invalid+0x642/0x642
[   52.387351][ T3539]  ? print_circular_bug+0x12b/0x1a0
[   52.392535][ T3539]  check_noncircular+0x2fa/0x3b0
[   52.397458][ T3539]  ? add_chain_block+0x850/0x850
[   52.402389][ T3539]  ? lockdep_lock+0x11f/0x2a0
[   52.407154][ T3539]  ? validate_chain+0x13d1/0x58e0
[   52.412163][ T3539]  ? _find_first_zero_bit+0xd0/0x100
[   52.417436][ T3539]  validate_chain+0x1667/0x58e0
[   52.422275][ T3539]  ? stack_trace_save+0x113/0x1c0
[   52.427285][ T3539]  ? reacquire_held_locks+0x660/0x660
[   52.432643][ T3539]  ? __lock_acquire+0x125b/0x1f80
[   52.437653][ T3539]  ? mark_lock+0x9a/0x340
[   52.441967][ T3539]  ? mark_lock+0x9a/0x340
[   52.446282][ T3539]  __lock_acquire+0x125b/0x1f80
[   52.451122][ T3539]  lock_acquire+0x1f8/0x5a0
[   52.455609][ T3539]  ? path_openat+0x7b6/0x2e60
[   52.460276][ T3539]  ? read_lock_is_recursive+0x10/0x10
[   52.465633][ T3539]  ? __might_sleep+0xb0/0xb0
[   52.470207][ T3539]  ? rcu_read_lock_any_held+0xb3/0x160
[   52.475652][ T3539]  ? rcu_read_lock_bh_held+0x110/0x110
[   52.481101][ T3539]  down_write+0x36/0x60
[   52.485249][ T3539]  ? path_openat+0x7b6/0x2e60
[   52.489910][ T3539]  path_openat+0x7b6/0x2e60
[   52.494404][ T3539]  ? slab_post_alloc_hook+0x50/0x370
[   52.499678][ T3539]  ? do_filp_open+0x480/0x480
[   52.504345][ T3539]  do_filp_open+0x230/0x480
[   52.508836][ T3539]  ? vfs_tmpfile+0x4a0/0x4a0
[   52.513417][ T3539]  ? _raw_spin_unlock+0x24/0x40
[   52.518253][ T3539]  ? alloc_fd+0x59c/0x640
[   52.522573][ T3539]  do_sys_openat2+0x13b/0x500
[   52.527247][ T3539]  ? do_sys_open+0x220/0x220
[   52.531822][ T3539]  ? do_raw_spin_unlock+0x137/0x8a0
[   52.537007][ T3539]  ? mntput+0xb0/0xb0
[   52.540977][ T3539]  __x64_sys_openat+0x243/0x290
[   52.545819][ T3539]  ? __ia32_sys_open+0x270/0x270
[   52.550745][ T3539]  ? syscall_enter_from_user_mode+0x2e/0x220
[   52.556714][ T3539]  ? lockdep_hardirqs_on+0x94/0x130
[   52.561899][ T3539]  ? syscall_enter_from_user_mode+0x2e/0x220
[   52.567869][ T3539]  do_syscall_64+0x3d/0xb0
[   52.572272][ T3539]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.578152][ T3539] RIP: 0033:0x7fe639720909
[   52.582549][ T3539] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   52.602143][ T3539] RSP: 002b:00007ffedd79f0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   52.610540][ T3539] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe639720909
[   52.618496][ T3539] RDX: 000000000000275a RSI: 0000000020000280 RDI: 00000000ffffff9c
[   52.626448][ T3539] RBP: 00007fe6396e01a0 R08: 00000000200000c0 R09: 0000000000000000
[   52.634403][ T3539] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe6396e0230
[   52.642359][ T3539] R13: 0000000000000000 R14: 0000000000000000