program: mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$afs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') llistxattr(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r0, 0x7fff, 0x0) getdents(r0, 0x0, 0x58) [ 81.609323][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 81.612124][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 81.622906][ T5312] Bluetooth: hci0: command tx timeout [ 81.746762][ T5328] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 81.769705][ T5328] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321 [ 81.775085][ T5328] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5328, name: syz.0.0 [ 81.778556][ T5328] preempt_count: 0, expected: 0 [ 81.780513][ T5328] RCU nest depth: 1, expected: 0 [ 81.783449][ T5328] 4 locks held by syz.0.0/5328: [ 81.785544][ T5328] #0: ffff88801f992b78 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310 [ 81.789252][ T5328] #1: ffff88804464d888 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: wrap_directory_iterator+0x5a/0xd0 [ 81.794522][ T5328] #2: ffff888052098148 (&type->i_mutex_dir_key#8){.+.+}-{4:4}, at: iterate_dir+0x4a6/0x760 [ 81.798674][ T5328] #3: ffffffff8ed3dfe0 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0 [ 81.802335][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller-00025-gbec7dcbc242c #0 PREEMPT(full) [ 81.802350][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.802357][ T5328] Call Trace: [ 81.802364][ T5328] [ 81.802370][ T5328] dump_stack_lvl+0x241/0x360 [ 81.802392][ T5328] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.802417][ T5328] __might_resched+0x558/0x6c0 [ 81.802435][ T5328] ? down_read_killable+0xd9/0xcb0 [ 81.802527][ T5328] ? __pfx___might_resched+0x10/0x10 [ 81.802548][ T5328] ? __kmalloc_noprof+0xb7/0x4d0 [ 81.802567][ T5328] __kmalloc_noprof+0xd0/0x4d0 [ 81.802583][ T5328] ? ovl_cache_entry_new+0x39/0x7b0 [ 81.802600][ T5328] ovl_cache_entry_new+0x39/0x7b0 [ 81.802621][ T5328] ? __pfx_idr_get_next+0x10/0x10 [ 81.802637][ T5328] ovl_fill_merge+0x2b8/0x830 [ 81.802654][ T5328] afs_dynroot_readdir+0x814/0xbe0 [ 81.802671][ T5328] ? afs_dynroot_readdir+0x466/0xbe0 [ 81.802686][ T5328] ? __pfx_afs_dynroot_readdir+0x10/0x10 [ 81.802700][ T5328] ? common_file_perm+0x1a6/0x210 [ 81.802719][ T5328] iterate_dir+0x5a9/0x760 [ 81.802738][ T5328] ovl_dir_read+0xfe/0x570 [ 81.802753][ T5328] ? ovl_path_next+0x23e/0x470 [ 81.802775][ T5328] ovl_dir_read_merged+0x4ae/0x5e0 [ 81.802792][ T5328] ? __pfx_ovl_dir_read_merged+0x10/0x10 [ 81.802801][ T5328] ? __pfx_ovl_fill_merge+0x10/0x10 [ 81.802816][ T5328] ? __kmalloc_cache_noprof+0x236/0x370 [ 81.802829][ T5328] ? ovl_iterate+0x10d6/0x21c0 [ 81.802844][ T5328] ovl_iterate+0x1196/0x21c0 [ 81.802869][ T5328] ? __pfx_ovl_iterate+0x10/0x10 [ 81.802883][ T5328] ? __lock_acquire+0xad5/0xd80 [ 81.802901][ T5328] ? __lock_acquire+0xad5/0xd80 [ 81.802929][ T5328] ? down_write+0x18d/0x220 [ 81.802942][ T5328] ? __pfx_down_write+0x10/0x10 [ 81.802956][ T5328] ? wrap_directory_iterator+0x52/0xd0 [ 81.802970][ T5328] ? __pfx_ovl_iterate+0x10/0x10 [ 81.802981][ T5328] wrap_directory_iterator+0x91/0xd0 [ 81.802995][ T5328] iterate_dir+0x5a9/0x760 [ 81.803011][ T5328] __se_sys_getdents+0x1ff/0x4e0 [ 81.803029][ T5328] ? __pfx___se_sys_getdents+0x10/0x10 [ 81.803041][ T5328] ? __pfx_filldir+0x10/0x10 [ 81.803060][ T5328] ? do_syscall_64+0xb6/0x230 [ 81.803075][ T5328] do_syscall_64+0xf3/0x230 [ 81.803089][ T5328] ? clear_bhb_loop+0x45/0xa0 [ 81.803103][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.803115][ T5328] RIP: 0033:0x7f198c38d169 [ 81.803126][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.803135][ T5328] RSP: 002b:00007f198d155038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 81.803148][ T5328] RAX: ffffffffffffffda RBX: 00007f198c5a5fa0 RCX: 00007f198c38d169 [ 81.803157][ T5328] RDX: 0000000000000058 RSI: 0000000000000000 RDI: 0000000000000003 [ 81.803163][ T5328] RBP: 00007f198c40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 81.803170][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.803177][ T5328] R13: 0000000000000000 R14: 00007f198c5a5fa0 R15: 00007fff76176168 [ 81.803195][ T5328]