program: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioprio_get$pid(0x2, r0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0) unlink(&(0x7f0000000000)='./file0\x00') r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r2 = gettid() rt_tgsigqueueinfo(r2, r2, 0x1e, &(0x7f0000001540)={0x24, 0x7217, 0x4}) getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8) [ 72.078372][ T4669] Bluetooth: hci0: command tx timeout [ 72.229868][ T5323] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321 [ 72.234810][ T5323] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5323, name: syz.0.0 [ 72.238376][ T5323] preempt_count: 0, expected: 0 [ 72.240438][ T5323] RCU nest depth: 1, expected: 0 [ 72.243909][ T5323] 4 locks held by syz.0.0/5323: [ 72.245832][ T5323] #0: ffff888000a017f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310 [ 72.249219][ T5323] #1: ffff888052f68148 (&type->i_mutex_dir_key#8){.+.+}-{4:4}, at: iterate_dir+0x4a6/0x760 [ 72.253479][ T5323] #2: ffffffff8eb3a860 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0 [ 72.257031][ T5323] #3: ffff8880442329e0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x2f0 [ 72.260531][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-02665-g1e26c5e28ca5 #0 PREEMPT(full) [ 72.260547][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.260555][ T5323] Call Trace: [ 72.260562][ T5323] [ 72.260569][ T5323] dump_stack_lvl+0x241/0x360 [ 72.260588][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.260609][ T5323] __might_resched+0x558/0x6c0 [ 72.260623][ T5323] ? __pfx___might_resched+0x10/0x10 [ 72.260637][ T5323] ? __alloc_frozen_pages_noprof+0x181/0x7b0 [ 72.260650][ T5323] prepare_alloc_pages+0x1cc/0x5c0 [ 72.260664][ T5323] __alloc_frozen_pages_noprof+0x181/0x7b0 [ 72.260684][ T5323] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 72.260698][ T5323] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 72.260713][ T5323] ? __kernel_text_address+0xd/0x40 [ 72.260727][ T5323] ? unwind_get_return_address+0x4d/0x90 [ 72.260740][ T5323] alloc_pages_mpol+0x339/0x690 [ 72.260756][ T5323] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 72.260772][ T5323] vma_alloc_folio_noprof+0x12d/0x260 [ 72.260786][ T5323] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 72.260803][ T5323] folio_prealloc+0x2e/0x170 [ 72.260814][ T5323] do_wp_page+0x1255/0x49b0 [ 72.260834][ T5323] ? __pfx_do_wp_page+0x10/0x10 [ 72.260866][ T5323] ? __lock_acquire+0xad5/0xd80 [ 72.260883][ T5323] ? do_raw_spin_lock+0x151/0x370 [ 72.260902][ T5323] __handle_mm_fault+0x2305/0x6ef0 [ 72.260930][ T5323] ? __pfx___handle_mm_fault+0x10/0x10 [ 72.260951][ T5323] ? mtree_range_walk+0x700/0x8e0 [ 72.261015][ T5323] ? mt_find+0x28a/0x8f0 [ 72.261029][ T5323] ? mt_find+0x28a/0x8f0 [ 72.261042][ T5323] ? mt_find+0x699/0x8f0 [ 72.261056][ T5323] ? mt_find+0x28a/0x8f0 [ 72.261071][ T5323] ? __pfx_mt_find+0x10/0x10 [ 72.261093][ T5323] ? find_vma+0xfa/0x170 [ 72.261105][ T5323] ? __pfx_find_vma+0x10/0x10 [ 72.261119][ T5323] handle_mm_fault+0x3e5/0x8d0 [ 72.261136][ T5323] exc_page_fault+0x2bb/0x8b0 [ 72.261152][ T5323] asm_exc_page_fault+0x26/0x30 [ 72.261163][ T5323] RIP: 0010:filldir+0x2c4/0x6a0 [ 72.261175][ T5323] Code: 87 55 02 00 00 0f 01 cb 0f ae e8 48 8b 44 24 30 49 89 46 08 48 8b 4c 24 10 48 8b 44 24 60 48 89 01 48 8b 44 24 18 8b 6c 24 3c <66> 89 41 10 48 98 40 88 6c 01 ff 48 89 44 24 30 4d 63 f5 42 c6 44 [ 72.261185][ T5323] RSP: 0018:ffffc9000d467be0 EFLAGS: 00050283 [ 72.261196][ T5323] RAX: 0000000000000018 RBX: 0000200000002008 RCX: 0000200000001ff0 [ 72.261204][ T5323] RDX: ffffc9000e4ba000 RSI: 0000200000001fd8 RDI: 0000200000002008 [ 72.261211][ T5323] RBP: 0000000000000004 R08: ffffffff82433a5d R09: 1ffff110001a0910 [ 72.261218][ T5323] R10: dffffc0000000000 R11: ffffed10001a0911 R12: ffff88801cdc2ce1 [ 72.261226][ T5323] R13: 0000000000000003 R14: 0000200000001fd8 R15: 00007ffffffff000 [ 72.261235][ T5323] ? filldir+0x28d/0x6a0 [ 72.261255][ T5323] afs_dynroot_readdir+0x814/0xbe0 [ 72.261268][ T5323] ? __pfx___mutex_lock+0x10/0x10 [ 72.261282][ T5323] ? afs_dynroot_readdir+0x466/0xbe0 [ 72.261294][ T5323] ? __pfx_afs_dynroot_readdir+0x10/0x10 [ 72.261304][ T5323] ? common_file_perm+0x1a6/0x210 [ 72.261323][ T5323] iterate_dir+0x5a9/0x760 [ 72.261336][ T5323] __se_sys_getdents+0x1ff/0x4e0 [ 72.261352][ T5323] ? __pfx___se_sys_getdents+0x10/0x10 [ 72.261364][ T5323] ? __pfx_filldir+0x10/0x10 [ 72.261381][ T5323] ? do_syscall_64+0xb6/0x230 [ 72.261397][ T5323] do_syscall_64+0xf3/0x230 [ 72.261410][ T5323] ? clear_bhb_loop+0x45/0xa0 [ 72.261422][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.261433][ T5323] RIP: 0033:0x7f0f5698d169 [ 72.261442][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.261450][ T5323] RSP: 002b:00007f0f578a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 72.261461][ T5323] RAX: ffffffffffffffda RBX: 00007f0f56ba5fa0 RCX: 00007f0f5698d169 [ 72.261468][ T5323] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 0000000000000003 [ 72.261474][ T5323] RBP: 00007f0f56a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 72.261480][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 72.261487][ T5323] R13: 0000000000000000 R14: 00007f0f56ba5fa0 R15: 00007fffae43f798 [ 72.261502][ T5323]