program: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newsa={0x1a8, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@remote}, {@in6=@remote, 0x4d3, 0x32}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, {}, {0x0, 0x0, 0x0, 0x8000000000000}, {}, 0x0, 0x0, 0xa, 0x0, 0x0, 0xa0}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @algo_auth_trunc={0x6d, 0x14, {{'cmac(aes)\x00'}, 0x108, 0x0, "e80c857b65087dea03da4c290569c738c39dac5defb806ba7783bf47e70ba40bb4"}}]}, 0x1a8}}, 0x0) r3 = dup(r1) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) write$FUSE_LK(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0x6, 0x4, 0x1}}}, 0x28) write$FUSE_INTERRUPT(r3, &(0x7f00000000c0)={0x10, 0x24}, 0x10) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@posixacl}]}}) pipe2$9p(&(0x7f0000000240), 0x0) (async) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newsa={0x1a8, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@remote}, {@in6=@remote, 0x4d3, 0x32}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, {}, {0x0, 0x0, 0x0, 0x8000000000000}, {}, 0x0, 0x0, 0xa, 0x0, 0x0, 0xa0}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @algo_auth_trunc={0x6d, 0x14, {{'cmac(aes)\x00'}, 0x108, 0x0, "e80c857b65087dea03da4c290569c738c39dac5defb806ba7783bf47e70ba40bb4"}}]}, 0x1a8}}, 0x0) (async) dup(r1) (async) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_DIRENTPLUS(r3, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) (async) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) write$FUSE_LK(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0x6, 0x4, 0x1}}}, 0x28) (async) write$FUSE_INTERRUPT(r3, &(0x7f00000000c0)={0x10, 0x24}, 0x10) (async) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8) (async) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@posixacl}]}}) (async) [ 93.411501][ T10] cfg80211: failed to load regulatory.db [ 93.422604][ T5340] Bluetooth: hci0: command tx timeout [ 93.520400][ T5366] ------------[ cut here ]------------ [ 93.523063][ T5366] WARNING: CPU: 0 PID: 5366 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 93.527511][ T5366] Modules linked in: [ 93.529373][ T5366] CPU: 0 UID: 0 PID: 5366 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 93.533264][ T5366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.537706][ T5366] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 93.540488][ T5366] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 9c 13 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 93.548716][ T5366] RSP: 0018:ffffc9000d3678c0 EFLAGS: 00010246 [ 93.551277][ T5366] RAX: ffffc9000d367900 RBX: 000000000000002f RCX: 0000000000000000 [ 93.554626][ T5366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d367928 [ 93.557881][ T5366] RBP: ffffc9000d3679c0 R08: ffffc9000d367927 R09: 0000000000000000 [ 93.561287][ T5366] R10: ffffc9000d367900 R11: fffff52001a6cf25 R12: 0000000000000000 [ 93.564754][ T5366] R13: 1ffff92001a6cf1c R14: 0000000000040d40 R15: dffffc0000000000 [ 93.568032][ T5366] FS: 00007fc116bf96c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000 [ 93.571765][ T5366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.574506][ T5366] CR2: 00007ffd80432f32 CR3: 0000000043bae000 CR4: 0000000000352ef0 [ 93.577875][ T5366] Call Trace: [ 93.579375][ T5366] [ 93.580735][ T5366] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 93.583578][ T5366] ? kfree+0x18e/0x440 [ 93.585411][ T5366] ? policy_nodemask+0x27c/0x720 [ 93.587847][ T5366] ? p9_client_clunk+0x1b6/0x250 [ 93.590013][ T5366] alloc_pages_mpol+0x232/0x4a0 [ 93.592516][ T5366] ___kmalloc_large_node+0x5f/0x1b0 [ 93.594603][ T5366] __kmalloc_large_node_noprof+0x18/0x90 [ 93.596888][ T5366] __kmalloc_noprof+0x36f/0x4f0 [ 93.598759][ T5366] ? v9fs_fid_get_acl+0x4f/0x100 [ 93.600797][ T5366] ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10 [ 93.603668][ T5366] v9fs_fid_get_acl+0x4f/0x100 [ 93.605679][ T5366] v9fs_get_acl+0x11b/0x360 [ 93.607552][ T5366] v9fs_inode_from_fid_dotl+0x221/0x2b0 [ 93.609848][ T5366] v9fs_mount+0x6eb/0xa50 [ 93.611731][ T5366] ? __pfx_v9fs_mount+0x10/0x10 [ 93.613549][ T5366] legacy_get_tree+0xfa/0x1a0 [ 93.615456][ T5366] ? __pfx_v9fs_mount+0x10/0x10 [ 93.617552][ T5366] vfs_get_tree+0x92/0x2b0 [ 93.619377][ T5366] do_new_mount+0x2a2/0x9e0 [ 93.621273][ T5366] ? ns_capable+0x8a/0xf0 [ 93.623280][ T5366] ? __pfx_do_new_mount+0x10/0x10 [ 93.625350][ T5366] ? path_mount+0x61c/0xfe0 [ 93.627312][ T5366] ? user_path_at+0x44/0x60 [ 93.629403][ T5366] __se_sys_mount+0x317/0x410 [ 93.631486][ T5366] ? __pfx___se_sys_mount+0x10/0x10 [ 93.633858][ T5366] ? rcu_is_watching+0x15/0xb0 [ 93.635887][ T5366] ? do_syscall_64+0xbe/0x3b0 [ 93.637853][ T5366] ? __x64_sys_mount+0x20/0xc0 [ 93.639800][ T5366] do_syscall_64+0xfa/0x3b0 [ 93.641876][ T5366] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.644102][ T5366] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.646645][ T5366] ? clear_bhb_loop+0x60/0xb0 [ 93.648546][ T5366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.651037][ T5366] RIP: 0033:0x7fc115d8eec9 [ 93.652983][ T5366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.660892][ T5366] RSP: 002b:00007fc116bf9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 93.664559][ T5366] RAX: ffffffffffffffda RBX: 00007fc115fe5fa0 RCX: 00007fc115d8eec9 [ 93.667896][ T5366] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000 [ 93.671191][ T5366] RBP: 00007fc115e11f91 R08: 0000200000000500 R09: 0000000000000000 [ 93.674558][ T5366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 93.677667][ T5366] R13: 00007fc115fe6038 R14: 00007fc115fe5fa0 R15: 00007ffc12cc86f8 [ 93.680903][ T5366] [ 93.682253][ T5366] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 93.685220][ T5366] CPU: 0 UID: 0 PID: 5366 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 93.688856][ T5366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.693202][ T5366] Call Trace: [ 93.694700][ T5366] [ 93.695949][ T5366] dump_stack_lvl+0x99/0x250 [ 93.697965][ T5366] ? __asan_memcpy+0x40/0x70 [ 93.699955][ T5366] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.702238][ T5366] ? __pfx__printk+0x10/0x10 [ 93.704314][ T5366] vpanic+0x281/0x750 [ 93.705874][ T5366] ? __pfx__printk+0x10/0x10 [ 93.707845][ T5366] ? __pfx_vpanic+0x10/0x10 [ 93.709950][ T5366] ? is_bpf_text_address+0x26/0x2b0 [ 93.712392][ T5366] panic+0xb9/0xc0 [ 93.714087][ T5366] ? __pfx_panic+0x10/0x10 [ 93.716069][ T5366] __warn+0x31b/0x4b0 [ 93.717808][ T5366] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 93.720485][ T5366] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 93.723079][ T5366] report_bug+0x2be/0x4f0 [ 93.724927][ T5366] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 93.727538][ T5366] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 93.730038][ T5366] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 93.732453][ T5366] handle_bug+0x84/0x160 [ 93.734263][ T5366] exc_invalid_op+0x1a/0x50 [ 93.736174][ T5366] asm_exc_invalid_op+0x1a/0x20 [ 93.738259][ T5366] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 93.740916][ T5366] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 9c 13 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 93.748578][ T5366] RSP: 0018:ffffc9000d3678c0 EFLAGS: 00010246 [ 93.751189][ T5366] RAX: ffffc9000d367900 RBX: 000000000000002f RCX: 0000000000000000 [ 93.754394][ T5366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d367928 [ 93.757767][ T5366] RBP: ffffc9000d3679c0 R08: ffffc9000d367927 R09: 0000000000000000 [ 93.760942][ T5366] R10: ffffc9000d367900 R11: fffff52001a6cf25 R12: 0000000000000000 [ 93.764069][ T5366] R13: 1ffff92001a6cf1c R14: 0000000000040d40 R15: dffffc0000000000 [ 93.767206][ T5366] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 93.769863][ T5366] ? kfree+0x18e/0x440 [ 93.771544][ T5366] ? policy_nodemask+0x27c/0x720 [ 93.773632][ T5366] ? p9_client_clunk+0x1b6/0x250 [ 93.775774][ T5366] alloc_pages_mpol+0x232/0x4a0 [ 93.777832][ T5366] ___kmalloc_large_node+0x5f/0x1b0 [ 93.780101][ T5366] __kmalloc_large_node_noprof+0x18/0x90 [ 93.782405][ T5366] __kmalloc_noprof+0x36f/0x4f0 [ 93.784468][ T5366] ? v9fs_fid_get_acl+0x4f/0x100 [ 93.786564][ T5366] ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10 [ 93.789198][ T5366] v9fs_fid_get_acl+0x4f/0x100 [ 93.791152][ T5366] v9fs_get_acl+0x11b/0x360 [ 93.793118][ T5366] v9fs_inode_from_fid_dotl+0x221/0x2b0 [ 93.795298][ T5366] v9fs_mount+0x6eb/0xa50 [ 93.797081][ T5366] ? __pfx_v9fs_mount+0x10/0x10 [ 93.799154][ T5366] legacy_get_tree+0xfa/0x1a0 [ 93.801206][ T5366] ? __pfx_v9fs_mount+0x10/0x10 [ 93.803258][ T5366] vfs_get_tree+0x92/0x2b0 [ 93.805224][ T5366] do_new_mount+0x2a2/0x9e0 [ 93.807235][ T5366] ? ns_capable+0x8a/0xf0 [ 93.809184][ T5366] ? __pfx_do_new_mount+0x10/0x10 [ 93.811280][ T5366] ? path_mount+0x61c/0xfe0 [ 93.813489][ T5366] ? user_path_at+0x44/0x60 [ 93.815362][ T5366] __se_sys_mount+0x317/0x410 [ 93.817481][ T5366] ? __pfx___se_sys_mount+0x10/0x10 [ 93.819606][ T5366] ? rcu_is_watching+0x15/0xb0 [ 93.821694][ T5366] ? do_syscall_64+0xbe/0x3b0 [ 93.823737][ T5366] ? __x64_sys_mount+0x20/0xc0 [ 93.825797][ T5366] do_syscall_64+0xfa/0x3b0 [ 93.827743][ T5366] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.829989][ T5366] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.832583][ T5366] ? clear_bhb_loop+0x60/0xb0 [ 93.834656][ T5366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.837119][ T5366] RIP: 0033:0x7fc115d8eec9 [ 93.839146][ T5366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.847161][ T5366] RSP: 002b:00007fc116bf9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 93.850924][ T5366] RAX: ffffffffffffffda RBX: 00007fc115fe5fa0 RCX: 00007fc115d8eec9 [ 93.854280][ T5366] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000 [ 93.857621][ T5366] RBP: 00007fc115e11f91 R08: 0000200000000500 R09: 0000000000000000 [ 93.860930][ T5366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 93.864165][ T5366] R13: 00007fc115fe6038 R14: 00007fc115fe5fa0 R15: 00007ffc12cc86f8 [ 93.867287][ T5366] [ 93.868987][ T5366] Kernel Offset: disabled [ 93.871100][ T5366] Rebooting in 86400 seconds..