program: r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "90737f00002ab91c691e277fffffeb000200"}) r3 = dup(r2) ptrace$pokeuser(0x6, r1, 0x4, 0x7) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000140)={0x4, 0x80, 0x0, 0x21a, 0x3, '`\x00'}) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000000c0)=0x7f) wait4(r1, 0x0, 0x2, 0x0) ptrace$setregs(0xd, r1, 0x7, &(0x7f0000000040)="b60231c6b7af25338f7e6a1b697a5641f97318c063974528f19fc806afd9dbe480b6acc0e65e8e62631a2b69de966adb55d3676dc1736a6567e2db70") syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x3004000, &(0x7f0000000300)={[{@errors_remount}, {@resuid}, {@block_validity}, {@min_batch_time={'min_batch_time', 0x3d, 0x7}}, {@usrjquota}, {@noblock_validity}, {@dioread_nolock}]}, 0x1, 0x790, &(0x7f0000001740)="$eJzs3c9rHFUcAPDvTHaT/k4qClZRAx5aEPPLgj9QaMGjiKCevDQkaSnd/qCJYEOEFrEnjwXBiwiCF2+KF0FKT4p46UX6H0ilSBBaxUNkprPJttlNds1upnU/H5jkvXm7+95k+c6bHy/zAuhbo9mPNOJARFxMIoaL9UlEVPNUJeLI3dfdWV6a+Wt5aSaJlZW3/0jy19xeXpqJhvdkdhdv2xER168l8cjA+nrnLyyemq7V5s4X+fGF0+fG5y8sPn/y9PSJuRNzZ6ampl6eOjz54sRU17b1o6d+/uafy29+/Om+G1d+v/7dviSOxJ6irHE7umU0Rlf/Jo0qEfF6tysryUCxPWnDuqRSYoPoSNrwHT4ewzEQa1/ecFz7ttTGAQA9sZItAECfSfT/ANBn6tcBbi8vzdSXcq9IANvl1tHIb9RncX+nWO6WVOJI/ntHPg5g159JNN7WTepjB7Yo+4yv36t+ni3Ro/vwQHMXL+U3/pv0/0ke/yP5KJ718T8QUewftub+fYj4h+2zlfh/qwv1i38AAAAAAADonqtHI+KlZvf/0tXxP9Hk/t9QREx0of7N7/+lN7tQDdDEraMRrxbP9rl3/N/qE11GBorc3oh4LKrJ8ZO1uSz290XEoagOZfnJ5h+f7zLevTz5Q6v6G8f/ZUtWf30sYNGOm5Whe98zO70wvdXtBiJuXYp4otIs/pPV/j9pMf73WJt1fL/01dOtyjaPf6BXVr6IONi0/197cl2y8fP5xvPjgfH6UcF6i8de+7BV/W3F/9q/KQFdlPX/uzaO/5Gk8Xmd853X8cntic9alf3X4//B5J38qaKDxboPphcWzk9GDCZvrF/fvUeIwkOtHg/1eMni/9Czzc//Nzr+r0bEuTbr/PLH6q+tykbzSHX8D2XI4n+2o/6/88TfvzzZclfRXv9/OO/TDxVrXP+DjbUboGW3EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuimNiD2RpGOr6TQdG4vYHRGPxq60dnZ+4bnjZ98/M5uVRYxENT1+sjY3ERHDd/NJlp/M02v5qfvyL0TE/oi4MrQzz4/NnK3Nlr3xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDY3WL+/8xvQ2W3DgDomR1lNwAA2Hb6fwDoP/p/AOg/Hff/P+3tTUMAgG3j/B8A+o/+HwAAAAAAAAAAAAAAAAAAAAAAAAB6av8zV28kEXHxlZ35khksyqqltgzotbTsBgClGSi7AUBpKu28KElWzwmA/w/n+ECySXnrKUJcQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoH8cPNDu/P9tzRQKPETM3gf9y/z/0L8c1UP/Mv8/YP5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY3PyFxVPTtdrceYluJyoPRjMehMRQRDwAzZDoIFH2ngkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfBvwEAAP//snoPXw==") mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) chdir(&(0x7f00000000c0)='./file0\x00') newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0) ptrace$peeksig(0x4209, r0, &(0x7f0000000000)={0xdf, 0x1}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0xc8d0, &(0x7f0000000040)=ANY=[], 0x5, 0x2e3, &(0x7f0000000280)="$eJzs3M9LG2kYwPEnMYkxoslh2WUXFh92L7uXQbP3paEolAYq1pT+gNJRJ23INJFMsKSU2p56Lf0jehCP3oTWf8BLbz310puXQg/1UDol8yNGjdXGH/HH9wPyvvq8T+Z9Z1Sed2Bm4+bLh+WiYxTNukSTKhERkU2RjEQlFAnaqNdPSLtn8u/g5/d/Xr91+2ounx+fUp3ITf+XVdXhkTePngwEw1b7ZT1zd+NT9uP6r+u/b3ybflBytORopVpXU2eqH+rmjG3pXMkpG6qTtmU6lpYqjlXz41U/XrSr8/MNNStzQ6n5muU4alYaWrYaWq9qvdZQ875ZqqhhGDqUEuynsDQ1Zea6TJ494sngmNRqObNPRAZ2RQpLPZkQAADoqaD+b1X70WZJ3039H+tY/y//tVYfvLEyHNT/q4lm/S/SVv/f2/qsbfV/UkSOvf7fXRGdL6774/ih6n+cEc36PxX8/Xqe31ke9TrU/wAAAAAAAAAAAAAAAAAAAAAAnAWbrpt2XTcdtuFXv4gkvSdI/O97PU8cD67/xbb14o7YsIj9YqGwUPDbYMCaiNhiyaik5av3+xBo9hOi3iBtyshbezHIX1wo9HmRXFFKXv6YpCWzM991J67kx8fUtz0/Lqn2/Kyk5ZfO+dmd+fFmm5B//m7LNyQt72alKrbMBU/GhflPx1QvX8vvOP6ANw4AAAAAgPPA0JbW/r2/PW7sjvv7Yz/e2l93vD/g769HO+7vY/JHrFerBgAAAADgYnEaj8umbVu1c9cJV3jQrPC9xnuMiUhkr9ARdMKDn4JTFz/QGYt2NdWRxE9elI6d8LbRXmNksptPdtMihz2Hv716/eXorsX/K8l9VtptJ7HfSuMn9x8IAAAAwEnZKvrDn1zq7YQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiATuLFcr1eIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBafA8AAP//ohEIjg==") r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000940), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x44, r6, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4014) getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8) [ 68.872493][ T5313] Bluetooth: hci0: command tx timeout [ 69.063365][ T5329] loop0: detected capacity change from 0 to 2048 [ 69.079344][ T5329] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.099725][ T5329] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.122153][ T5329] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321 [ 69.127390][ T5329] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5329, name: syz.0.0 [ 69.130998][ T5329] preempt_count: 0, expected: 0 [ 69.132793][ T5329] RCU nest depth: 1, expected: 0 [ 69.141106][ T5329] 4 locks held by syz.0.0/5329: [ 69.143336][ T5329] #0: ffff88801e520ef8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310 [ 69.146678][ T5329] #1: ffff888044388148 (&type->i_mutex_dir_key#8){.+.+}-{4:4}, at: iterate_dir+0x4a6/0x760 [ 69.150191][ T5329] #2: ffffffff8ed3dfa0 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0 [ 69.165135][ T5329] #3: ffff88801e3b3de0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x2f0 [ 69.168789][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 69.168807][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.168816][ T5329] Call Trace: [ 69.168821][ T5329] [ 69.168828][ T5329] dump_stack_lvl+0x241/0x360 [ 69.168853][ T5329] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.168884][ T5329] __might_resched+0x558/0x6c0 [ 69.168902][ T5329] ? down_read_trylock+0xd5/0x3c0 [ 69.168918][ T5329] ? __pfx___might_resched+0x10/0x10 [ 69.168941][ T5329] ? __alloc_frozen_pages_noprof+0x162/0x5b0 [ 69.168959][ T5329] prepare_alloc_pages+0x1eb/0x610 [ 69.168978][ T5329] __alloc_frozen_pages_noprof+0x162/0x5b0 [ 69.168993][ T5329] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 69.169019][ T5329] alloc_pages_mpol+0x339/0x690 [ 69.169040][ T5329] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 69.169054][ T5329] ? cgroup_rstat_updated+0x144/0xc40 [ 69.169077][ T5329] vma_alloc_folio_noprof+0x12d/0x260 [ 69.169096][ T5329] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 69.169120][ T5329] folio_prealloc+0x2e/0x170 [ 69.169133][ T5329] handle_pte_fault+0x2e45/0x61c0 [ 69.169155][ T5329] ? sched_clock_cpu+0x77/0x4d0 [ 69.169173][ T5329] ? __pfx_handle_pte_fault+0x10/0x10 [ 69.169187][ T5329] ? rcu_is_watching+0x15/0xb0 [ 69.169212][ T5329] ? rcu_is_watching+0x15/0xb0 [ 69.169226][ T5329] ? lock_release+0x4e/0x3e0 [ 69.169237][ T5329] ? lock_release+0x4e/0x3e0 [ 69.169257][ T5329] ? mtree_range_walk+0x700/0x8e0 [ 69.169313][ T5329] handle_mm_fault+0x1129/0x1bf0 [ 69.169328][ T5329] ? mt_find+0x28a/0x8f0 [ 69.169356][ T5329] ? __pfx_handle_mm_fault+0x10/0x10 [ 69.169385][ T5329] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 69.169401][ T5329] exc_page_fault+0x2bb/0x920 [ 69.169419][ T5329] asm_exc_page_fault+0x26/0x30 [ 69.169429][ T5329] RIP: 0010:filldir+0x2c4/0x6a0 [ 69.169443][ T5329] Code: 87 55 02 00 00 0f 01 cb 0f ae e8 48 8b 44 24 30 49 89 46 08 48 8b 4c 24 10 48 8b 44 24 60 48 89 01 48 8b 44 24 18 8b 6c 24 3c <66> 89 41 10 48 98 40 88 6c 01 ff 48 89 44 24 30 4d 63 f5 42 c6 44 [ 69.169452][ T5329] RSP: 0018:ffffc9000fedfbe0 EFLAGS: 00050283 [ 69.169463][ T5329] RAX: 0000000000000020 RBX: 0000200000002010 RCX: 0000200000001ff0 [ 69.169470][ T5329] RDX: ffffc9000e633000 RSI: 0000200000001fd8 RDI: 0000200000002010 [ 69.169477][ T5329] RBP: 0000000000000004 R08: ffffffff824543ed R09: 1ffff11003a76488 [ 69.169484][ T5329] R10: dffffc0000000000 R11: ffffed1003a76489 R12: ffff888036d94241 [ 69.169491][ T5329] R13: 0000000000000005 R14: 0000200000001fd8 R15: 00007ffffffff000 [ 69.169502][ T5329] ? filldir+0x28d/0x6a0 [ 69.169528][ T5329] afs_dynroot_readdir+0x814/0xbe0 [ 69.169543][ T5329] ? __pfx___mutex_lock+0x10/0x10 [ 69.169554][ T5329] ? afs_dynroot_readdir+0x466/0xbe0 [ 69.169568][ T5329] ? __pfx_afs_dynroot_readdir+0x10/0x10 [ 69.169581][ T5329] ? common_file_perm+0x1a6/0x210 [ 69.169601][ T5329] iterate_dir+0x5a9/0x760 [ 69.169618][ T5329] __se_sys_getdents+0x1ff/0x4e0 [ 69.169642][ T5329] ? __pfx___se_sys_getdents+0x10/0x10 [ 69.169654][ T5329] ? __pfx_filldir+0x10/0x10 [ 69.169673][ T5329] ? do_syscall_64+0xb6/0x230 [ 69.169688][ T5329] do_syscall_64+0xf3/0x230 [ 69.169702][ T5329] ? clear_bhb_loop+0x45/0xa0 [ 69.169715][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.169725][ T5329] RIP: 0033:0x7ff88158d169 [ 69.169735][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.169744][ T5329] RSP: 002b:00007ff87d9d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 69.169754][ T5329] RAX: ffffffffffffffda RBX: 00007ff8817a6080 RCX: 00007ff88158d169 [ 69.169761][ T5329] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 0000000000000006 [ 69.169767][ T5329] RBP: 00007ff88160e990 R08: 0000000000000000 R09: 0000000000000000 [ 69.169773][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.169779][ T5329] R13: 0000000000000000 R14: 00007ff8817a6080 R15: 00007ffc40ca4ef8 [ 69.169796][ T5329]