program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000180))
ioctl$VHOST_SET_VRING_ERR(r5, 0x4008af22, &(0x7f00000002c0)={0x1, r6})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486"], 0x66)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_LK(r4, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0x6, 0x4, 0x1}}}, 0x28)
write$FUSE_INTERRUPT(r4, &(0x7f00000000c0)={0x10, 0x24}, 0x10)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@posixacl}]}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r7=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r7, @ANYBLOB="1400350064756d79793000"/20], 0x3c}}, 0x0)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r8, 0x8922, &(0x7f0000000080)={'dummy0\x00'})
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

[  287.115131][   T45] Bluetooth: hci0: command tx timeout
[  287.285471][ T5398] ------------[ cut here ]------------
[  287.294480][ T5398] WARNING: CPU: 0 PID: 5398 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2c8/0x370
[  287.298827][ T5398] Modules linked in:
[  287.302985][ T5398] CPU: 0 UID: 0 PID: 5398 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  287.308869][ T5398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  287.315282][ T5398] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[  287.319178][ T5398] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 1d 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 d0 09 76 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  287.335865][ T5398] RSP: 0018:ffffc9000d38f8c0 EFLAGS: 00010246
[  287.340005][ T5398] RAX: ffffc9000d38f900 RBX: 000000000000002a RCX: 0000000000000000
[  287.372125][ T5398] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d38f928
[  287.376346][ T5398] RBP: ffffc9000d38f9c0 R08: ffffc9000d38f927 R09: 0000000000000000
[  287.381176][ T5398] R10: ffffc9000d38f900 R11: fffff52001a71f25 R12: 0000000000000000
[  287.394256][ T5398] R13: 1ffff92001a71f1c R14: 0000000000040d40 R15: dffffc0000000000
[  287.398737][ T5398] FS:  00007f465c2c46c0(0000) GS:ffff88808d20f000(0000) knlGS:0000000000000000
[  287.413504][ T5398] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  287.418606][ T5398] CR2: 00007f465c0ed9b8 CR3: 0000000043f45000 CR4: 0000000000352ef0
[  287.425428][ T5398] Call Trace:
[  287.444504][ T5398]  <TASK>
[  287.445792][ T5398]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  287.448672][ T5398]  ? kfree+0x18e/0x440
[  287.450899][ T5398]  ? policy_nodemask+0x27c/0x720
[  287.457384][ T5398]  ? p9_client_clunk+0x1b6/0x250
[  287.459635][ T5398]  alloc_pages_mpol+0x232/0x4a0
[  287.461782][ T5398]  ___kmalloc_large_node+0x5f/0x1b0
[  287.466164][ T5398]  __kmalloc_large_node_noprof+0x18/0x90
[  287.469864][ T5398]  __kmalloc_noprof+0x36f/0x4f0
[  287.481205][ T5398]  ? v9fs_fid_get_acl+0x4f/0x100
[  287.487078][ T5398]  ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10
[  287.489823][ T5398]  v9fs_fid_get_acl+0x4f/0x100
[  287.505799][ T5398]  v9fs_get_acl+0x11b/0x360
[  287.510630][ T5398]  v9fs_inode_from_fid_dotl+0x221/0x2b0
[  287.519108][ T5398]  v9fs_mount+0x6eb/0xa50
[  287.527270][ T5398]  ? __pfx_v9fs_mount+0x10/0x10
[  287.530973][ T5398]  legacy_get_tree+0xfa/0x1a0
[  287.539380][ T5398]  ? __pfx_v9fs_mount+0x10/0x10
[  287.541564][ T5398]  vfs_get_tree+0x92/0x2b0
[  287.555957][ T5398]  do_new_mount+0x2a2/0x9e0
[  287.557974][ T5398]  ? ns_capable+0x8a/0xf0
[  287.559878][ T5398]  ? __pfx_do_new_mount+0x10/0x10
[  287.573380][ T5398]  ? path_mount+0x61c/0xfe0
[  287.577840][ T5398]  ? user_path_at+0x44/0x60
[  287.579792][ T5398]  __se_sys_mount+0x317/0x410
[  287.581714][ T5398]  ? __pfx___se_sys_mount+0x10/0x10
[  287.591588][ T5398]  ? rcu_is_watching+0x15/0xb0
[  287.595957][ T5398]  ? do_syscall_64+0xbe/0x3b0
[  287.597921][ T5398]  ? __x64_sys_mount+0x20/0xc0
[  287.607661][ T5398]  do_syscall_64+0xfa/0x3b0
[  287.613123][ T5398]  ? lockdep_hardirqs_on+0x9c/0x150
[  287.620851][ T5398]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.629391][ T5398]  ? clear_bhb_loop+0x60/0xb0
[  287.635066][ T5398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.644222][ T5398] RIP: 0033:0x7f465b38ebe9
[  287.646264][ T5398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.661518][ T5398] RSP: 002b:00007f465c2c4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  287.677246][ T5398] RAX: ffffffffffffffda RBX: 00007f465b5b5fa0 RCX: 00007f465b38ebe9
[  287.688325][ T5398] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[  287.691622][ T5398] RBP: 00007f465b411e19 R08: 0000200000000500 R09: 0000000000000000
[  287.707200][ T5398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  287.715382][ T5398] R13: 00007f465b5b6038 R14: 00007f465b5b5fa0 R15: 00007ffd75684fd8
[  287.727951][ T5398]  </TASK>
[  287.731212][ T5398] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  287.740313][ T5398] CPU: 0 UID: 0 PID: 5398 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  287.752448][ T5398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  287.757482][ T5398] Call Trace:
[  287.758952][ T5398]  <TASK>
[  287.760234][ T5398]  dump_stack_lvl+0x99/0x250
[  287.777384][ T5398]  ? __asan_memcpy+0x40/0x70
[  287.779773][ T5398]  ? __pfx_dump_stack_lvl+0x10/0x10
[  287.792837][ T5398]  ? __pfx__printk+0x10/0x10
[  287.798404][ T5398]  vpanic+0x281/0x750
[  287.800281][ T5398]  ? __pfx__printk+0x10/0x10
[  287.810796][ T5398]  ? __pfx_vpanic+0x10/0x10
[  287.815476][ T5398]  ? is_bpf_text_address+0x26/0x2b0
[  287.817701][ T5398]  panic+0xb9/0xc0
[  287.819606][ T5398]  ? __pfx_panic+0x10/0x10
[  287.821798][ T5398]  __warn+0x31b/0x4b0
[  287.839650][ T5398]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  287.842592][ T5398]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  287.845445][ T5398]  report_bug+0x2be/0x4f0
[  287.847528][ T5398]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  287.850307][ T5398]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  287.853191][ T5398]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[  287.865984][ T5398]  handle_bug+0x84/0x160
[  287.879434][ T5398]  exc_invalid_op+0x1a/0x50
[  287.882557][ T5398]  asm_exc_invalid_op+0x1a/0x20
[  287.884588][ T5398] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[  287.889068][ T5398] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 1d 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 d0 09 76 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  287.902043][ T5398] RSP: 0018:ffffc9000d38f8c0 EFLAGS: 00010246
[  287.906082][ T5398] RAX: ffffc9000d38f900 RBX: 000000000000002a RCX: 0000000000000000
[  287.916686][ T5398] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d38f928
[  287.924066][ T5398] RBP: ffffc9000d38f9c0 R08: ffffc9000d38f927 R09: 0000000000000000
[  287.929682][ T5398] R10: ffffc9000d38f900 R11: fffff52001a71f25 R12: 0000000000000000
[  287.962362][ T5398] R13: 1ffff92001a71f1c R14: 0000000000040d40 R15: dffffc0000000000
[  287.966626][ T5398]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  287.973710][ T5398]  ? kfree+0x18e/0x440
[  287.976384][ T5398]  ? policy_nodemask+0x27c/0x720
[  287.981318][ T5398]  ? p9_client_clunk+0x1b6/0x250
[  287.993654][ T5398]  alloc_pages_mpol+0x232/0x4a0
[  287.995981][ T5398]  ___kmalloc_large_node+0x5f/0x1b0
[  287.998397][ T5398]  __kmalloc_large_node_noprof+0x18/0x90
[  288.001029][ T5398]  __kmalloc_noprof+0x36f/0x4f0
[  288.024043][ T5398]  ? v9fs_fid_get_acl+0x4f/0x100
[  288.026588][ T5398]  ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10
[  288.034378][ T5398]  v9fs_fid_get_acl+0x4f/0x100
[  288.042408][ T5398]  v9fs_get_acl+0x11b/0x360
[  288.045277][ T5398]  v9fs_inode_from_fid_dotl+0x221/0x2b0
[  288.053545][ T5398]  v9fs_mount+0x6eb/0xa50
[  288.056083][ T5398]  ? __pfx_v9fs_mount+0x10/0x10
[  288.064606][ T5398]  legacy_get_tree+0xfa/0x1a0
[  288.068352][ T5398]  ? __pfx_v9fs_mount+0x10/0x10
[  288.071096][ T5398]  vfs_get_tree+0x92/0x2b0
[  288.085847][ T5398]  do_new_mount+0x2a2/0x9e0
[  288.088316][ T5398]  ? ns_capable+0x8a/0xf0
[  288.091028][ T5398]  ? __pfx_do_new_mount+0x10/0x10
[  288.104221][ T5398]  ? path_mount+0x61c/0xfe0
[  288.106978][ T5398]  ? user_path_at+0x44/0x60
[  288.109992][ T5398]  __se_sys_mount+0x317/0x410
[  288.114251][ T5398]  ? __pfx___se_sys_mount+0x10/0x10
[  288.121472][ T5398]  ? rcu_is_watching+0x15/0xb0
[  288.136094][ T5398]  ? do_syscall_64+0xbe/0x3b0
[  288.138370][ T5398]  ? __x64_sys_mount+0x20/0xc0
[  288.141699][ T5398]  do_syscall_64+0xfa/0x3b0
[  288.144244][ T5398]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.146825][ T5398]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.149635][ T5398]  ? clear_bhb_loop+0x60/0xb0
[  288.151849][ T5398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.157632][ T5398] RIP: 0033:0x7f465b38ebe9
[  288.160830][ T5398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.171554][ T5398] RSP: 002b:00007f465c2c4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  288.175395][ T5398] RAX: ffffffffffffffda RBX: 00007f465b5b5fa0 RCX: 00007f465b38ebe9
[  288.178730][ T5398] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[  288.182799][ T5398] RBP: 00007f465b411e19 R08: 0000200000000500 R09: 0000000000000000
[  288.186846][ T5398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  288.191815][ T5398] R13: 00007f465b5b6038 R14: 00007f465b5b5fa0 R15: 00007ffd75684fd8
[  288.196116][ T5398]  </TASK>
[  288.216749][ T5398] Kernel Offset: disabled
[  288.221409][ T5398] Rebooting in 86400 seconds..