program: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0x5}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_MPU={0x8}]}}]}, 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x40000) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r2, &(0x7f0000000780)=[{{&(0x7f0000000200)={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x5}, 0x1c, &(0x7f0000000a00)=[{&(0x7f0000000080)=':', 0x1}], 0x1}}], 0x1, 0x40088d5) shutdown(r2, 0x1) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x83, &(0x7f0000000100)={0x0, 0x0, 0x10, 0x8, 0x4}, &(0x7f0000000140)=0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="cc00000002060101000000000000200001000000120003056269746d61703a69702c6d616300000005000400000000000900020073797a31000000002000078005001400060000000c00018008000140000000000800064000000004050005000200000005000100060000000900020073797a320000000044000780050014000000000008001340000000060800174000000100080009400000d52f080009400000000008000840000000c8080017400000000305001500f500000005000100070000000500050003000000"], 0xcc}}, 0x40000) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x64, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x1f}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file1\x00', 0x3210050, &(0x7f00000000c0)=ANY=[], 0x0, 0x1af, &(0x7f0000000580)="$eJzs282O0lAYxvGnlALi99fGlYkL3QiKbtzJBXgD7ghUQixqxA3ExHgpcyfcydwAJDO7WU0nLWUCpMBpOzOF4f9LgDc5fc45JD1wzqICcLAehe+WLDlh5fv+v5eSvn6RVMx5cgCula9zH8Chsk/yngGAfEybdrgPGFvS8enf9iR6OYb7h2mzMCsqkhbyJdP8fyv8fFGUJgv5ctTl1v3L0Sz/Wsv5OwnHr67kq1ty1mV+9v3fvFrO35V0T9J9SQ8kPYzOWo8lPYkZv7My/nPD+QNZBHdfLWs+QwfB6vnW89x3cY329rwT5d/HNy/8hIxjLyhF+YbhfNflP6TMl6N8rf3T68S0F1L2C5go5Lz+benMX13/n83zxc3rH8AGg+Hoe8vz3N8JCicsylEPCeLB5QnHosijqMQ0OSnvlp0ugr+vHZiGaTFftTc5FoDbqv6n/6s+GI7e9vqtrtt1fzQ+fpofu8NzeX3t6RzAnlvenAMAAAAAAAAAAAAAgH30VNKzNEHTB/wAAAAA7IyrfWbIkRT/2B8AAAAAAAAAAAAAAAAAAACA7C4CAAD//3Y4Qng=") creat(&(0x7f0000000380)='./bus\x00', 0x0) r5 = open(&(0x7f0000000180)='./bus\x00', 0x16d43e, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) ftruncate(r5, 0x7fff) io_setup(0x7, &(0x7f00000000c0)=0x0) io_submit(r7, 0x1, &(0x7f0000000500)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000080)='f', 0x1}]) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0) r8 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r8, &(0x7f0000001fc0)=""/184, 0xb8) write$binfmt_misc(r0, &(0x7f0000000000), 0xfffffecc) [ 58.724427][ T5305] Bluetooth: hci0: command tx timeout [ 58.782511][ T5320] loop0: detected capacity change from 0 to 64 [ 58.792315][ T5320] ======================================================= [ 58.792315][ T5320] WARNING: The mand mount option has been deprecated and [ 58.792315][ T5320] and is ignored by this kernel. Remove the mand [ 58.792315][ T5320] option from the mount to silence this warning. [ 58.792315][ T5320] ======================================================= [ 58.824845][ T25] audit: type=1800 audit(1742993325.638:2): pid=5320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="tmpfs" ino=20 res=0 errno=0 [ 58.862343][ T5320] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321 [ 58.868034][ T5320] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5320, name: syz.0.0 [ 58.871514][ T5320] preempt_count: 0, expected: 0 [ 58.874624][ T5320] RCU nest depth: 1, expected: 0 [ 58.876685][ T5320] 4 locks held by syz.0.0/5320: [ 58.878762][ T5320] #0: ffff88803f3e2b78 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310 [ 58.882631][ T5320] #1: ffff888040510148 (&type->i_mutex_dir_key#8){.+.+}-{4:4}, at: iterate_dir+0x4a6/0x760 [ 58.887405][ T5320] #2: ffffffff8eb3a860 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0 [ 58.891141][ T5320] #3: ffff888012771fe0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x2f0 [ 58.896178][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-02665-g1e26c5e28ca5 #0 PREEMPT(full) [ 58.896200][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.896209][ T5320] Call Trace: [ 58.896213][ T5320] [ 58.896218][ T5320] dump_stack_lvl+0x241/0x360 [ 58.896238][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.896289][ T5320] __might_resched+0x558/0x6c0 [ 58.896303][ T5320] ? down_read_trylock+0xd5/0x3c0 [ 58.896317][ T5320] ? __pfx___might_resched+0x10/0x10 [ 58.896333][ T5320] ? __alloc_frozen_pages_noprof+0x181/0x7b0 [ 58.896347][ T5320] prepare_alloc_pages+0x1cc/0x5c0 [ 58.896362][ T5320] __alloc_frozen_pages_noprof+0x181/0x7b0 [ 58.896377][ T5320] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 58.896400][ T5320] alloc_pages_mpol+0x339/0x690 [ 58.896419][ T5320] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 58.896439][ T5320] folio_alloc_mpol_noprof+0x36/0x70 [ 58.896456][ T5320] shmem_alloc_and_add_folio+0x490/0x1070 [ 58.896477][ T5320] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 58.896491][ T5320] ? shmem_allowable_huge_orders+0x1a2/0x420 [ 58.896511][ T5320] shmem_get_folio_gfp+0x655/0x1800 [ 58.896521][ T5320] ? tomoyo_check_open_permission+0x361/0x4f0 [ 58.896535][ T5320] ? security_file_open+0xac/0x250 [ 58.896555][ T5320] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 58.896571][ T5320] shmem_fault+0x223/0x5c0 [ 58.896585][ T5320] ? __pfx_shmem_fault+0x10/0x10 [ 58.896596][ T5320] ? __pfx____pte_offset_map+0x10/0x10 [ 58.896612][ T5320] __do_fault+0x135/0x390 [ 58.896624][ T5320] __handle_mm_fault+0x2043/0x6ef0 [ 58.896660][ T5320] ? __pfx___handle_mm_fault+0x10/0x10 [ 58.896682][ T5320] ? mtree_range_walk+0x700/0x8e0 [ 58.896745][ T5320] ? mt_find+0x28a/0x8f0 [ 58.896759][ T5320] ? mt_find+0x28a/0x8f0 [ 58.896776][ T5320] ? mt_find+0x699/0x8f0 [ 58.896790][ T5320] ? mt_find+0x28a/0x8f0 [ 58.896803][ T5320] ? __pfx_mt_find+0x10/0x10 [ 58.896826][ T5320] ? find_vma+0xfa/0x170 [ 58.896839][ T5320] ? __pfx_find_vma+0x10/0x10 [ 58.896854][ T5320] handle_mm_fault+0x3e5/0x8d0 [ 58.896871][ T5320] exc_page_fault+0x2bb/0x8b0 [ 58.896887][ T5320] asm_exc_page_fault+0x26/0x30 [ 58.896896][ T5320] RIP: 0010:filldir+0x2c4/0x6a0 [ 58.896910][ T5320] Code: 87 55 02 00 00 0f 01 cb 0f ae e8 48 8b 44 24 30 49 89 46 08 48 8b 4c 24 10 48 8b 44 24 60 48 89 01 48 8b 44 24 18 8b 6c 24 3c <66> 89 41 10 48 98 40 88 6c 01 ff 48 89 44 24 30 4d 63 f5 42 c6 44 [ 58.896919][ T5320] RSP: 0018:ffffc9000d407be0 EFLAGS: 00050283 [ 58.896930][ T5320] RAX: 0000000000000018 RBX: 0000200000002008 RCX: 0000200000001ff0 [ 58.896937][ T5320] RDX: ffffc9000e41a000 RSI: 0000200000001fd8 RDI: 0000200000002008 [ 58.896944][ T5320] RBP: 0000000000000004 R08: ffffffff82433a5d R09: 1ffff11000132910 [ 58.896950][ T5320] R10: dffffc0000000000 R11: ffffed1000132911 R12: ffff88803671eca1 [ 58.896958][ T5320] R13: 0000000000000003 R14: 0000200000001fd8 R15: 00007ffffffff000 [ 58.896968][ T5320] ? filldir+0x28d/0x6a0 [ 58.896988][ T5320] afs_dynroot_readdir+0x814/0xbe0 [ 58.897000][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 58.897015][ T5320] ? afs_dynroot_readdir+0x466/0xbe0 [ 58.897025][ T5320] ? __pfx_afs_dynroot_readdir+0x10/0x10 [ 58.897036][ T5320] ? common_file_perm+0x1a6/0x210 [ 58.897053][ T5320] iterate_dir+0x5a9/0x760 [ 58.897067][ T5320] __se_sys_getdents+0x1ff/0x4e0 [ 58.897082][ T5320] ? __pfx___se_sys_getdents+0x10/0x10 [ 58.897094][ T5320] ? __pfx_filldir+0x10/0x10 [ 58.897111][ T5320] ? do_syscall_64+0xb6/0x230 [ 58.897126][ T5320] do_syscall_64+0xf3/0x230 [ 58.897140][ T5320] ? clear_bhb_loop+0x45/0xa0 [ 58.897152][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.897161][ T5320] RIP: 0033:0x7fd7cc78d169 [ 58.897172][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.897181][ T5320] RSP: 002b:00007fd7c8bf5038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 58.897193][ T5320] RAX: ffffffffffffffda RBX: 00007fd7cc9a5fa0 RCX: 00007fd7cc78d169 [ 58.897202][ T5320] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 000000000000000d [ 58.897209][ T5320] RBP: 00007fd7cc80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 58.897216][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.897222][ T5320] R13: 0000000000000000 R14: 00007fd7cc9a5fa0 R15: 00007ffc1dbebb28 [ 58.897236][ T5320]