program:
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0xd2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x90580, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a3, 0x2, @perf_config_ext={0x44df, 0x1}, 0x0, 0x0, 0xffffffff, 0x0, 0x6, 0x87c, 0x1, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f00000000c0)="435b6d840ccf497fd61f831b4d9f7eae3ea8a7088fc0df3682070b51658e6556ace5a6404f6310c3f69f4541a90abc68a5ba462ee7b7884a83f2be3fe079b0f445fd3c44a864f74361d01cc991c992ad506b0677341e4101e9b330e5d8c453a0ef549fc3792ebb532092bc97a0be357988bf443ce7de241898b623b7a084bec7d8baddb3e1911a51b68d7663abd3828392c4c5a688221aa8a0c1a9c9b21484b257ceaabdffd87784fc70e163743a4890cd74a52b0cf76ade3555f9310f1eeeaf9bd7aeb921014bd9cd836fddce33185a87b459b2a520ceee97", 0xd9}, {&(0x7f00000001c0)="385f1d120d960c93ce466d8dc44482872835dff4ecd5a4de84289bebbd4ea1679f2ec556b69a7dff5a931f8a434d98b06f06e5e50cabe4bece598752a4b2d53349d1e2088452e7756ac87bfce7a57cf851bf9d253baf3ec24e6f100a8530b64e59071f3694c86dc75e72670c7d71285fc8a4536b1ea0a3251dd23c0a64f8ddc9995bc88fc318e1992a5baf6b29a93cd9b7f3dd8b9e978a4d1b170fbe340ea80d4804e18a12dad5418435bf977de74c88e0", 0xb1}, {&(0x7f0000000280)="b7fd72b34e8d7c11705540c20949e122ac19c93c75e69caa4f6ffd41a9b8e47ba853a9874dfb274aadff9aa33372d8d8c90cd63e005d018d22a98ab309e72348303a0b4d3a6c84bca8ae45d1881c4d6de23be3f731ebc561a2d4174769aa97d78392fab77918f634b709fa5060f81689c0ac94626e433c4a74d42000cc0bd1", 0x7f}], 0x3, 0xb)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r1, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x1}, 0x8)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x2)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0)
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r4, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000014c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x5, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {}, {0x6}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0x0, 0xfffb}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008884}, 0x0)
r9 = openat(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r12=>0x0})
r13 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r13, 0x8933, &(0x7f0000000240)={'wg2\x00', <r14=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=@newlink={0x50, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r14}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r12}, @IFLA_HSR_PROTOCOL={0x5}]}}}]}, 0x50}}, 0x0)
ioctl$UI_SET_SWBIT(r9, 0x4004556d, 0x5)

[   79.363224][ T4674] Bluetooth: hci0: command tx timeout
[   79.366572][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[   79.368978][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[   79.543991][ T5330] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[   79.547872][ T5330] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5330, name: syz.0.0
[   79.557456][ T5330] preempt_count: 0, expected: 0
[   79.559332][ T5330] RCU nest depth: 1, expected: 0
[   79.561233][ T5330] 4 locks held by syz.0.0/5330:
[   79.565323][ T5330]  #0: ffff888000e809b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[   79.569524][ T5330]  #1: ffff888052178148 (&type->i_mutex_dir_key#8){.+.+}-{4:4}, at: iterate_dir+0x4a6/0x760
[   79.574132][ T5330]  #2: ffffffff8ed3dfe0 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[   79.577722][ T5330]  #3: ffff88801b06dbe0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x2f0
[   79.581446][ T5330] CPU: 0 UID: 0 PID: 5330 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[   79.581460][ T5330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   79.581468][ T5330] Call Trace:
[   79.581474][ T5330]  <TASK>
[   79.581483][ T5330]  dump_stack_lvl+0x241/0x360
[   79.581508][ T5330]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.581534][ T5330]  __might_resched+0x558/0x6c0
[   79.581549][ T5330]  ? down_read_trylock+0xd5/0x3c0
[   79.581567][ T5330]  ? __pfx___might_resched+0x10/0x10
[   79.581587][ T5330]  ? __alloc_frozen_pages_noprof+0x162/0x5b0
[   79.581602][ T5330]  prepare_alloc_pages+0x1eb/0x610
[   79.581620][ T5330]  __alloc_frozen_pages_noprof+0x162/0x5b0
[   79.581637][ T5330]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   79.581653][ T5330]  ? stack_depot_save_flags+0x43f/0x940
[   79.581675][ T5330]  alloc_pages_mpol+0x339/0x690
[   79.581693][ T5330]  ? __pfx_alloc_pages_mpol+0x10/0x10
[   79.581704][ T5330]  ? cgroup_rstat_updated+0x144/0xc40
[   79.581725][ T5330]  vma_alloc_folio_noprof+0x12d/0x260
[   79.581743][ T5330]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[   79.581763][ T5330]  folio_prealloc+0x2e/0x170
[   79.581775][ T5330]  handle_pte_fault+0x2e45/0x61c0
[   79.581792][ T5330]  ? sched_clock_cpu+0x77/0x4d0
[   79.581807][ T5330]  ? __pfx_handle_pte_fault+0x10/0x10
[   79.581819][ T5330]  ? rcu_is_watching+0x15/0xb0
[   79.581840][ T5330]  ? rcu_is_watching+0x15/0xb0
[   79.581852][ T5330]  ? lock_release+0x4e/0x3e0
[   79.581861][ T5330]  ? lock_release+0x4e/0x3e0
[   79.581881][ T5330]  ? mtree_range_walk+0x700/0x8e0
[   79.581961][ T5330]  handle_mm_fault+0x1129/0x1bf0
[   79.581978][ T5330]  ? mt_find+0x28a/0x8f0
[   79.582008][ T5330]  ? __pfx_handle_mm_fault+0x10/0x10
[   79.582038][ T5330]  ? lock_mm_and_find_vma+0x9c/0x2f0
[   79.582055][ T5330]  exc_page_fault+0x2bb/0x920
[   79.582073][ T5330]  asm_exc_page_fault+0x26/0x30
[   79.582084][ T5330] RIP: 0010:filldir+0x2c4/0x6a0
[   79.582097][ T5330] Code: 87 55 02 00 00 0f 01 cb 0f ae e8 48 8b 44 24 30 49 89 46 08 48 8b 4c 24 10 48 8b 44 24 60 48 89 01 48 8b 44 24 18 8b 6c 24 3c <66> 89 41 10 48 98 40 88 6c 01 ff 48 89 44 24 30 4d 63 f5 42 c6 44
[   79.582106][ T5330] RSP: 0018:ffffc9000d4efbe0 EFLAGS: 00050283
[   79.582115][ T5330] RAX: 0000000000000018 RBX: 0000200000002008 RCX: 0000200000001ff0
[   79.582122][ T5330] RDX: ffffc9000e723000 RSI: 0000200000001fd8 RDI: 0000200000002008
[   79.582129][ T5330] RBP: 0000000000000004 R08: ffffffff8245358d R09: 1ffff11003eac910
[   79.582136][ T5330] R10: dffffc0000000000 R11: ffffed1003eac911 R12: ffff888037bd5b41
[   79.582143][ T5330] R13: 0000000000000003 R14: 0000200000001fd8 R15: 00007ffffffff000
[   79.582154][ T5330]  ? filldir+0x28d/0x6a0
[   79.582180][ T5330]  afs_dynroot_readdir+0x814/0xbe0
[   79.582193][ T5330]  ? __pfx___mutex_lock+0x10/0x10
[   79.582205][ T5330]  ? afs_dynroot_readdir+0x466/0xbe0
[   79.582218][ T5330]  ? __pfx_afs_dynroot_readdir+0x10/0x10
[   79.582230][ T5330]  ? common_file_perm+0x1a6/0x210
[   79.582249][ T5330]  iterate_dir+0x5a9/0x760
[   79.582267][ T5330]  __se_sys_getdents+0x1ff/0x4e0
[   79.582286][ T5330]  ? __pfx___se_sys_getdents+0x10/0x10
[   79.582297][ T5330]  ? __pfx_filldir+0x10/0x10
[   79.582316][ T5330]  ? do_syscall_64+0xb6/0x230
[   79.582330][ T5330]  do_syscall_64+0xf3/0x230
[   79.582342][ T5330]  ? clear_bhb_loop+0x45/0xa0
[   79.582354][ T5330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.582363][ T5330] RIP: 0033:0x7f9d2e98d169
[   79.582373][ T5330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   79.582380][ T5330] RSP: 002b:00007f9d2f750038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[   79.582389][ T5330] RAX: ffffffffffffffda RBX: 00007f9d2eba6080 RCX: 00007f9d2e98d169
[   79.582396][ T5330] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 0000000000000004
[   79.582402][ T5330] RBP: 00007f9d2ea0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   79.582409][ T5330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   79.582414][ T5330] R13: 0000000000000000 R14: 00007f9d2eba6080 R15: 00007fffa0ca4a28
[   79.582431][ T5330]  </TASK>
[   79.750116][ T5329] mmap: syz.0.0 (5329) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   79.761986][ T5329] macvtap0: entered promiscuous mode
[   79.765451][ T5329] macvtap0: left promiscuous mode