program:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000003702000020febfff7a0af0fff8ff00f869a4f0ff00000000b70600001218d1fe2d640500000000001404000000ffffffdc04000040000000b7040000100000206a0700fe00000000850000002f000000b70000000a00000095000000000000006458c2c62fca868f0399d909a63396c113940c19aab9d607000000cb3924b611f5969f62c28b22edf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa8a23f1740637c48468766af54043000000ec44631ac2622cdcae18c3d14bfbe96dd87235b44174f7c034318508f49f09781dc7a2cfbb9a0f119e31975f551558055dc2dc2739e2e735d0ab961dac07f4f6d8aa1c3f16765d427c0e01000000fe4c16737d50d2a4bfc463450d524eacf2b734b0289c7a3a16eeca71296746681d61af491e4fa734318e0d72b8dbbc2b2b869af2f87903000000b6ecc7de09a2257e908cd92e664fa7aba7f07474863333c460e34caf0806a7e2575a56972b1bf8c4e872bba38160be9e92b6ddb90fc51b894917b50876b570ce9bc019084873ed07c0c59c4ba053fe77e0d37ccc3318da2e9fefaf025527e734ed1de5d12b4c56ca3b03dc121086071d1f26821a428d28eefa22ead6a3dab9388da53263b81ebe6be197a48a63440000a356240c4e2df57457000100000000000000000000008d2516510b29804b3cc034c19cef0d773f01064709edd63a185cbab8456c25283b9514b220fe401503ff536478088eb9fd932a0703a7bf9ea40429b2d49177824f210a69f8e5227fd32e7d5a2c7ecf57ac64509224b52e746d631637e596e5a55d2c805bf725b9d14756c8cfa292aae0872866cf9fe063317741a0db9081d4393a7f9bcc0917d60a11b4a9ece831660ce625de441cef915eba31255d163f7033045ceb97f8ea006efc5b84f75ca1fb74c9faef444eb12f46b435de87feb2f7f2d7fb659395e4b38178b5c67e6ac100000000000000001b2e77bd5de136fa1bec1a26c622bb9662d9ee70147acc5605aa2318855cb8b918000000c5f265dcb5dce05f94ea051c4e8dcdf37d01ad7aff64f84ce32b841c799f47c2949725285fc50f1dd3f5e264023082eec752704c1f598151aa"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
write$FUSE_NOTIFY_RETRIEVE(r2, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl'])

[  166.809674][ T4675] Bluetooth: hci0: command tx timeout
[  167.001795][ T5353] ------------[ cut here ]------------
[  167.017012][ T5353] WARNING: CPU: 0 PID: 5353 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x2c8/0x370
[  167.022066][ T5353] Modules linked in:
[  167.024322][ T5353] CPU: 0 UID: 0 PID: 5353 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  167.050425][ T5353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  167.073169][ T5353] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[  167.077199][ T5353] Code: 74 10 4c 89 e7 89 54 24 0c e8 74 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 2a 36 74 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  167.110278][ T5353] RSP: 0018:ffffc90001a9f9c0 EFLAGS: 00010246
[  167.113315][ T5353] RAX: ffffc90001a9fa00 RBX: 000000000000002a RCX: 0000000000000000
[  167.132406][ T5353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90001a9fa28
[  167.136241][ T5353] RBP: ffffc90001a9faa8 R08: ffffc90001a9fa27 R09: 0000000000000000
[  167.157985][ T5353] R10: ffffc90001a9fa00 R11: fffff52000353f45 R12: 0000000000000000
[  167.161788][ T5353] R13: 1ffff92000353f3c R14: 0000000000040d40 R15: dffffc0000000000
[  167.165768][ T5353] FS:  00007fc7fe5db6c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000
[  167.184739][ T5353] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  167.188434][ T5353] CR2: 00007fc7fd985538 CR3: 0000000043055000 CR4: 0000000000352ef0
[  167.193156][ T5353] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  167.213854][ T5353] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  167.218537][ T5353] Call Trace:
[  167.220470][ T5353]  <TASK>
[  167.222246][ T5353]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  167.240875][ T5353]  ? v9fs_fid_xattr_get+0x237/0x2e0
[  167.244587][ T5353]  __alloc_pages_noprof+0xa/0x30
[  167.247222][ T5353]  ___kmalloc_large_node+0x85/0x210
[  167.250124][ T5353]  __kmalloc_large_node_noprof+0x18/0x90
[  167.253022][ T5353]  __kmalloc_noprof+0x36f/0x4f0
[  167.255761][ T5353]  ? v9fs_fid_get_acl+0x4f/0x100
[  167.274809][ T5353]  ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10
[  167.278540][ T5353]  v9fs_fid_get_acl+0x4f/0x100
[  167.281623][ T5353]  v9fs_get_acl+0x9a/0x360
[  167.284993][ T5353]  v9fs_inode_from_fid_dotl+0x221/0x2b0
[  167.289139][ T5353]  v9fs_mount+0x6cb/0xa10
[  167.291607][ T5353]  ? __pfx_v9fs_mount+0x10/0x10
[  167.310441][ T5353]  ? rcu_is_watching+0x15/0xb0
[  167.314574][ T5353]  legacy_get_tree+0xfd/0x1a0
[  167.317553][ T5353]  ? __pfx_v9fs_mount+0x10/0x10
[  167.320634][ T5353]  vfs_get_tree+0x92/0x2b0
[  167.339050][ T5353]  do_new_mount+0x24a/0xa40
[  167.341739][ T5353]  __se_sys_mount+0x317/0x410
[  167.344410][ T5353]  ? __pfx___se_sys_mount+0x10/0x10
[  167.360913][ T5353]  ? rcu_is_watching+0x15/0xb0
[  167.363448][ T5353]  ? do_syscall_64+0xbe/0x3b0
[  167.366273][ T5353]  ? __x64_sys_mount+0x20/0xc0
[  167.369233][ T5353]  do_syscall_64+0xfa/0x3b0
[  167.371943][ T5353]  ? lockdep_hardirqs_on+0x9c/0x150
[  167.375603][ T5353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.395282][ T5353]  ? clear_bhb_loop+0x60/0xb0
[  167.398110][ T5353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.401288][ T5353] RIP: 0033:0x7fc7fd78e929
[  167.405176][ T5353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.429792][ T5353] RSP: 002b:00007fc7fe5db038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  167.433875][ T5353] RAX: ffffffffffffffda RBX: 00007fc7fd9b5fa0 RCX: 00007fc7fd78e929
[  167.454082][ T5353] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[  167.459111][ T5353] RBP: 00007fc7fd810b39 R08: 0000200000000580 R09: 0000000000000000
[  167.464434][ T5353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  167.483681][ T5353] R13: 0000000000000000 R14: 00007fc7fd9b5fa0 R15: 00007ffdd3e28ef8
[  167.491287][ T5353]  </TASK>
[  167.492980][ T5353] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  167.512935][ T5353] CPU: 0 UID: 0 PID: 5353 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  167.518393][ T5353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  167.525446][ T5353] Call Trace:
[  167.530866][ T5353]  <TASK>
[  167.533282][ T5353]  dump_stack_lvl+0x99/0x250
[  167.536156][ T5353]  ? __asan_memcpy+0x40/0x70
[  167.555373][ T5353]  ? __pfx_dump_stack_lvl+0x10/0x10
[  167.558630][ T5353]  ? __pfx__printk+0x10/0x10
[  167.561200][ T5353]  panic+0x2db/0x790
[  167.563224][ T5353]  ? __pfx_panic+0x10/0x10
[  167.566261][ T5353]  ? show_trace_log_lvl+0x4fb/0x550
[  167.584374][ T5353]  __warn+0x31b/0x4b0
[  167.589443][ T5353]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  167.594329][ T5353]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  167.607483][ T5353]  report_bug+0x2be/0x4f0
[  167.609662][ T5353]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  167.612613][ T5353]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  167.615910][ T5353]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[  167.632185][ T5353]  handle_bug+0x84/0x160
[  167.635444][ T5353]  exc_invalid_op+0x1a/0x50
[  167.638923][ T5353]  asm_exc_invalid_op+0x1a/0x20
[  167.642746][ T5353] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[  167.654109][ T5353] Code: 74 10 4c 89 e7 89 54 24 0c e8 74 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 2a 36 74 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  167.679346][ T5353] RSP: 0018:ffffc90001a9f9c0 EFLAGS: 00010246
[  167.685605][ T5353] RAX: ffffc90001a9fa00 RBX: 000000000000002a RCX: 0000000000000000
[  167.700241][ T5353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90001a9fa28
[  167.704098][ T5353] RBP: ffffc90001a9faa8 R08: ffffc90001a9fa27 R09: 0000000000000000
[  167.727691][ T5353] R10: ffffc90001a9fa00 R11: fffff52000353f45 R12: 0000000000000000
[  167.731135][ T5353] R13: 1ffff92000353f3c R14: 0000000000040d40 R15: dffffc0000000000
[  167.734977][ T5353]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  167.743399][ T5353]  ? v9fs_fid_xattr_get+0x237/0x2e0
[  167.747600][ T5353]  __alloc_pages_noprof+0xa/0x30
[  167.750396][ T5353]  ___kmalloc_large_node+0x85/0x210
[  167.752671][ T5353]  __kmalloc_large_node_noprof+0x18/0x90
[  167.754847][ T5353]  __kmalloc_noprof+0x36f/0x4f0
[  167.756805][ T5353]  ? v9fs_fid_get_acl+0x4f/0x100
[  167.758681][ T5353]  ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10
[  167.762733][ T5353]  v9fs_fid_get_acl+0x4f/0x100
[  167.766100][ T5353]  v9fs_get_acl+0x9a/0x360
[  167.769307][ T5353]  v9fs_inode_from_fid_dotl+0x221/0x2b0
[  167.773166][ T5353]  v9fs_mount+0x6cb/0xa10
[  167.776585][ T5353]  ? __pfx_v9fs_mount+0x10/0x10
[  167.781928][ T5353]  ? rcu_is_watching+0x15/0xb0
[  167.787625][ T5353]  legacy_get_tree+0xfd/0x1a0
[  167.794550][ T5353]  ? __pfx_v9fs_mount+0x10/0x10
[  167.801261][ T5353]  vfs_get_tree+0x92/0x2b0
[  167.803441][ T5353]  do_new_mount+0x24a/0xa40
[  167.807534][ T5353]  __se_sys_mount+0x317/0x410
[  167.811484][ T5353]  ? __pfx___se_sys_mount+0x10/0x10
[  167.815106][ T5353]  ? rcu_is_watching+0x15/0xb0
[  167.825768][ T5353]  ? do_syscall_64+0xbe/0x3b0
[  167.828100][ T5353]  ? __x64_sys_mount+0x20/0xc0
[  167.831936][ T5353]  do_syscall_64+0xfa/0x3b0
[  167.834065][ T5353]  ? lockdep_hardirqs_on+0x9c/0x150
[  167.837701][ T5353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.842236][ T5353]  ? clear_bhb_loop+0x60/0xb0
[  167.846996][ T5353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.851875][ T5353] RIP: 0033:0x7fc7fd78e929
[  167.860675][ T5353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.884038][ T5353] RSP: 002b:00007fc7fe5db038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  167.898201][ T5353] RAX: ffffffffffffffda RBX: 00007fc7fd9b5fa0 RCX: 00007fc7fd78e929
[  167.907346][ T5353] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[  167.910922][ T5353] RBP: 00007fc7fd810b39 R08: 0000200000000580 R09: 0000000000000000
[  167.942807][ T5353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  167.949481][ T5353] R13: 0000000000000000 R14: 00007fc7fd9b5fa0 R15: 00007ffdd3e28ef8
[  167.957159][ T5353]  </TASK>
[  167.960349][ T5353] Kernel Offset: disabled
[  167.964393][ T5353] Rebooting in 86400 seconds..