program: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioprio_get$pid(0x2, r0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0) unlink(&(0x7f0000000000)='./file0\x00') r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r2 = gettid() rt_tgsigqueueinfo(r2, r2, 0x1e, &(0x7f0000001540)={0x24, 0x7217, 0x4}) getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8) [ 68.440776][ T4664] Bluetooth: hci0: command tx timeout [ 68.562534][ T5317] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321 [ 68.566354][ T5317] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5317, name: syz.0.0 [ 68.570163][ T5317] preempt_count: 0, expected: 0 [ 68.574700][ T5317] RCU nest depth: 1, expected: 0 [ 68.576997][ T5317] 4 locks held by syz.0.0/5317: [ 68.579297][ T5317] #0: ffff888000aa99b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310 [ 68.584221][ T5317] #1: ffff888033ec0148 (&type->i_mutex_dir_key#8){.+.+}-{4:4}, at: iterate_dir+0x4a6/0x760 [ 68.587912][ T5317] #2: ffffffff8eb3a860 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0 [ 68.592724][ T5317] #3: ffff88801ac6efe0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x2f0 [ 68.596310][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-02665-g1e26c5e28ca5 #0 PREEMPT(full) [ 68.596327][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.596334][ T5317] Call Trace: [ 68.596340][ T5317] [ 68.596345][ T5317] dump_stack_lvl+0x241/0x360 [ 68.596361][ T5317] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.596379][ T5317] __might_resched+0x558/0x6c0 [ 68.596390][ T5317] ? __pfx___might_resched+0x10/0x10 [ 68.596403][ T5317] ? __alloc_frozen_pages_noprof+0x181/0x7b0 [ 68.596415][ T5317] prepare_alloc_pages+0x1cc/0x5c0 [ 68.596428][ T5317] __alloc_frozen_pages_noprof+0x181/0x7b0 [ 68.596439][ T5317] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 68.596451][ T5317] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 68.596463][ T5317] ? __kernel_text_address+0xd/0x40 [ 68.596475][ T5317] ? unwind_get_return_address+0x4d/0x90 [ 68.596487][ T5317] alloc_pages_mpol+0x339/0x690 [ 68.596501][ T5317] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 68.596514][ T5317] vma_alloc_folio_noprof+0x12d/0x260 [ 68.596525][ T5317] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 68.596539][ T5317] folio_prealloc+0x2e/0x170 [ 68.596548][ T5317] do_wp_page+0x1255/0x49b0 [ 68.596564][ T5317] ? __pfx_do_wp_page+0x10/0x10 [ 68.596577][ T5317] ? __lock_acquire+0xad5/0xd80 [ 68.596590][ T5317] ? do_raw_spin_lock+0x151/0x370 [ 68.596606][ T5317] __handle_mm_fault+0x2305/0x6ef0 [ 68.596627][ T5317] ? __pfx___handle_mm_fault+0x10/0x10 [ 68.596644][ T5317] ? mtree_range_walk+0x700/0x8e0 [ 68.597236][ T5317] ? mt_find+0x28a/0x8f0 [ 68.597258][ T5317] ? mt_find+0x28a/0x8f0 [ 68.597272][ T5317] ? mt_find+0x699/0x8f0 [ 68.597285][ T5317] ? mt_find+0x28a/0x8f0 [ 68.597299][ T5317] ? __pfx_mt_find+0x10/0x10 [ 68.597318][ T5317] ? find_vma+0xfa/0x170 [ 68.597333][ T5317] ? __pfx_find_vma+0x10/0x10 [ 68.597347][ T5317] handle_mm_fault+0x3e5/0x8d0 [ 68.597368][ T5317] exc_page_fault+0x2bb/0x8b0 [ 68.597385][ T5317] asm_exc_page_fault+0x26/0x30 [ 68.597395][ T5317] RIP: 0010:filldir+0x2c4/0x6a0 [ 68.597410][ T5317] Code: 87 55 02 00 00 0f 01 cb 0f ae e8 48 8b 44 24 30 49 89 46 08 48 8b 4c 24 10 48 8b 44 24 60 48 89 01 48 8b 44 24 18 8b 6c 24 3c <66> 89 41 10 48 98 40 88 6c 01 ff 48 89 44 24 30 4d 63 f5 42 c6 44 [ 68.597419][ T5317] RSP: 0018:ffffc9000d50fbe0 EFLAGS: 00050283 [ 68.597429][ T5317] RAX: 0000000000000020 RBX: 0000200000002010 RCX: 0000200000001ff0 [ 68.597438][ T5317] RDX: ffffc9000e6a2000 RSI: 0000200000001fd8 RDI: 0000200000002010 [ 68.597445][ T5317] RBP: 0000000000000004 R08: ffffffff82433a5d R09: 1ffff11003d31910 [ 68.597452][ T5317] R10: dffffc0000000000 R11: ffffed1003d31911 R12: ffff888032cf71c1 [ 68.597460][ T5317] R13: 0000000000000005 R14: 0000200000001fd8 R15: 00007ffffffff000 [ 68.597470][ T5317] ? filldir+0x28d/0x6a0 [ 68.597492][ T5317] afs_dynroot_readdir+0x814/0xbe0 [ 68.597503][ T5317] ? __pfx___mutex_lock+0x10/0x10 [ 68.597520][ T5317] ? afs_dynroot_readdir+0x466/0xbe0 [ 68.597531][ T5317] ? __pfx_afs_dynroot_readdir+0x10/0x10 [ 68.597544][ T5317] ? common_file_perm+0x1a6/0x210 [ 68.597562][ T5317] iterate_dir+0x5a9/0x760 [ 68.597576][ T5317] __se_sys_getdents+0x1ff/0x4e0 [ 68.597592][ T5317] ? __pfx___se_sys_getdents+0x10/0x10 [ 68.597604][ T5317] ? __pfx_filldir+0x10/0x10 [ 68.597619][ T5317] ? do_syscall_64+0xb6/0x230 [ 68.597635][ T5317] do_syscall_64+0xf3/0x230 [ 68.597647][ T5317] ? clear_bhb_loop+0x45/0xa0 [ 68.597660][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.597669][ T5317] RIP: 0033:0x7f5098d8d169 [ 68.597679][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.597687][ T5317] RSP: 002b:00007f5099b83038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 68.597697][ T5317] RAX: ffffffffffffffda RBX: 00007f5098fa5fa0 RCX: 00007f5098d8d169 [ 68.597703][ T5317] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 0000000000000003 [ 68.597709][ T5317] RBP: 00007f5098e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 68.597716][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.597722][ T5317] R13: 0000000000000000 R14: 00007f5098fa5fa0 R15: 00007ffd7205e378 [ 68.597736][ T5317]